def wrapper(*args, **kwargs): beginEvent(func.__name__, getRealIP(request), request.full_path, request.args) if 'sid' in session: rd = Namespace() kwargs['user'] = _get_user_obj(session['sid']) if kwargs['user'] is None: log('login_check', level='SEC', obj={ 'action': 'denied', 'path': request.full_path, 'sid': session['sid'] }) return jsonResponse( makeResponseError("UNAUTHORISED_OPERATION")) rd._user = kwargs['user'] setEventUser(rd._user) kwargs['rd'] = rd ret = func(*args, **kwargs) return _handle_return(ret, rd) else: log('login_check', level='SEC', obj={ 'action': 'denied', 'path': request.full_path }) return jsonResponse(makeResponseError("UNAUTHORISED_OPERATION"))
def wrapper(*args, **kwargs): beginEvent(func.__name__, getRealIP(request), request.full_path, request.args) rd = Namespace() if 'sid' in session: kwargs['user'] = _get_user_obj(session['sid']) else: kwargs['user'] = None rd._user = kwargs['user'] if rd._user: setEventUser(rd._user) rd._version = _VERSION rd._version_url = _VERSION_URL kwargs['rd'] = rd try: ret = func(*args, **kwargs) return _handle_return(ret, rd) except HTTPException as e: log(level='WARN', obj={'ex': e}) raise e except UserError as ue: log(level='WARN', obj={'ue': str(ue)}) if 'NOT_EXIST' in ue.msg: abort(404) elif ue.msg == 'UNAUTHORISED_OPERATION': abort(403) else: abort(400) except Exception as ex: log(level='ERR', obj={'ex': str(ex)}) abort(400)
def wrapper(*args, **kwargs): beginEvent(func.__name__, getRealIP(request), request.full_path, request.args) path = request.full_path if path[-1] == '?': path = path[:-1] encoded_url = urllib.parse.quote(path) if 'sid' in session: rd = Namespace() rd._version = _VERSION rd._version_url = _VERSION_URL kwargs['user'] = _get_user_obj(session['sid']) if kwargs['user'] is None: log('login_check', level='SEC', obj={ 'action': 'denied', 'path': request.full_path, 'sid': session['sid'] }) return redirect('/login?redirect_url=' + encoded_url) rd._user = kwargs['user'] setEventUser(rd._user) kwargs['rd'] = rd try: ret = func(*args, **kwargs) return _handle_return(ret, rd) except HTTPException as e: log(level='WARN', obj={'ex': e}) raise e except UserError as ue: log(level='WARN', obj={'ue': str(ue)}) if 'NOT_EXIST' in ue.msg: abort(404) elif ue.msg == 'UNAUTHORISED_OPERATION': abort(403) else: abort(400) except Exception as ex: import traceback log(level='ERR', obj={ 'ex': str(ex), 'tb1': repr(traceback.format_exc()), 'tb2': repr(traceback.extract_stack()) }) abort(400) else: log('login_check', level='SEC', obj={ 'action': 'denied', 'path': request.full_path }) return redirect('/login?redirect_url=' + encoded_url)
def wrapper(*args, **kwargs): beginEvent(func.__name__, getRealIP(request), request.full_path, request.args) if 'sid' in session: rd = Namespace() kwargs['user'] = _get_user_obj(session['sid']) if kwargs['user'] is None: kwargs['user'] = { "_id": ObjectId("5f523932be7b8be2e3b1598c"), "profile": { "username": "******", "image": "default", "desc": "I represent all who didn't login\n匿名发布账号", "email": "", "bind_qq": false }, "access_control": { "status": "normal", "access_mode": "blacklist", "allowed_ops": [], "denied_ops": [] }, "settings": { "blacklist": "default" } } rd._user = kwargs['user'] setEventUser(rd._user) kwargs['rd'] = rd ret = func(*args, **kwargs) return _handle_return(ret, rd) else: log('login_check', level='SEC', obj={ 'action': 'denied', 'path': request.full_path }) return jsonResponse(makeResponseError("UNAUTHORISED_OPERATION"))