def __permArr(self, perm: str):
permAll = {}
arr = [] if not perm else Util.Explode(' ', perm)
for val in arr:
s = Util.Explode(':', val)
permAll[s[0]] = int(s[1])
return permAll
def Perm(token: str):
permAll = {}
# Token
tData = Safety.Decode(token)
if not tData: return permAll
# 权限
redis = Redis()
permStr = redis.Get(Env.api_token_prefix + '_perm_' + tData['uid'])
redis.Close()
# 拆分
arr = [] if not permStr else Util.Explode(' ', permStr)
for val in arr:
s = Util.Explode(':', val)
permAll[s[0]] = int(s[1])
return permAll
def Base64(params={}):
# 参数
param = Util.ArrayMerge(
{
'path': 'upload/', #上传目录
'base64': '', #文件内容
'filename': '', #文件名
'ext': 'png', #后缀
},
params)
# 内容
base64 = param['base64']
# 否有类型
ct = Util.Explode(',', param['base64'])
if len(ct) > 1:
param['ext'] = Base64.GetExt(ct[0])
base64 = ct[1]
# 创建目录
FileEo.Root = Env.root_dir
if not FileEo.Mkdir(param['path']):
print('[Upload] Mkdir:', '创建目录失败!')
return ''
# 文件名
filename = Upload.GetFileName(
) + '.' + param['ext'] if not param['filename'] else param['filename']
if not FileEo.Writer(param['path'] + filename, Base64.Decode(base64)):
print('[Upload] Writer:', '保存文件失败!')
return ''
return filename
def Verify(token: str, urlPerm: str):
# Token
if token == '': return 'Token不能为空!'
tData = Safety.Decode(token)
if not tData: return 'Token验证失败!'
# 是否过期
uid = str(tData['uid'])
redis = Redis()
time = redis.Ttl(Env.api_token_prefix + '_token_' + uid)
redis.Close()
if time < 1: return 'Token已过期!'
# 续期
if Env.api_token_auto:
redis = Redis()
redis.Expire(Env.api_token_prefix + '_token_' + uid,
Env.api_token_time)
redis.Expire(Env.api_token_prefix + '_perm_' + uid,
Env.api_token_time)
redis.Close()
# URL权限
if urlPerm == '': return ''
arr = Util.Explode('/', urlPerm)
action = arr[-1:][0]
controller = Util.Implode('/', arr[:-1])
# 菜单
menu = ApiMenu()
menu.Columns('id', 'action')
menu.Where('controller=%s', controller)
menuData = menu.FindFirst()
if not menuData: return '菜单验证无效!'
# 验证-菜单
id = str(menuData['id'])
permData = ApiToken.Perm(token)
if id not in permData.keys(): return '无权访问菜单!'
# 验证-动作
actionVal = permData[id]
permArr = Util.JsonDecode(menuData['action'])
permVal = 0
for val in permArr:
if action == val['action']:
permVal = int(val['perm'])
break
if actionVal & permVal == 0: return '无权访问动作!'
return ''
