def delete(self, item_id):
"""delete item"""
item = Item.query.get_or_404(item_id)
if g.current_user != item.author:
return api_abort(403)
db.session.delete(item)
db.session.commit()
return '', 204
def put(self, item_id):
"""Edit item"""
item = Item.query.get_or_404(item_id)
if g.current_user != item.author:
return api_abort(403)
item.body = get_item_body()
db.session.commit()
return '', 204
def patch(self, item_id):
"""Toggle item"""
item = Item.query.get_or_404(item_id)
if g.current_user != item.author:
return api_abort(403)
item.done = not item.done
db.session.commit()
return '', 204
def post(self):
username = request.json.get('username')
password = request.json.get('password')
user = User.query.filter_by(username=username).first()
if user is None:
return api_abort(400, '该用户不存在。')
elif not user.check_password(password):
return api_abort(400, '密码错误。')
token, expiration = generate_token(user)
response = jsonify({
'access_token': token,
'token_type': 'Bearer',
'expires_in': expiration
})
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def decrated(*args, **kwargs):
token_type, token = get_token()
if request.method != 'OPTIONS':
if token_type is None or token_type.lower() != 'bearer':
return api_abort(400, 'The token type must be bearer.')
if token is None:
return token_missing()
if not validate_token(token):
return invalid_token()
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
token_type, token = get_token()
if request.method != 'OPTIONS':
if token is None:
return token_missing()
if not validate_token(token):
return invalid_token()
if token_type is None or token_type.lower() != 'bearer':
return api_abort(400, 'token_type必须是bearer')
return f(*args, **kwargs)
def post(self):
grant_type = request.form.get('grant_type')
username = request.form.get('username')
password = request.form.get('password')
if grant_type is None or grant_type.lower() != 'password':
return api_abort(400, message='The grant type must be password.')
user = User.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(
400, messages='Either the username or password was invalid.')
token, expiration = generate_token(user)
response = jsonify({
'access_token': token,
'token_type': 'Bearer',
'expires_in': expiration
})
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def post(self):
grand_type = request.form.get("grant_type")
username = request.form.get("username")
password = request.form.get("password")
if grand_type is None or grand_type.lower != "password":
return api_abort(400, "The grant type has to be password.")
user = User.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(400, "The username and password is invalid")
token, expiration = generate_token(user)
response = jsonify({
"access_token":token,
"token_type":"Bearer",
"expire_in": expiration
})
response.headers['Cache-Control'] = "no-store"
response.headers["Pragma"] = "no-cache"
return response
def decorated(*args, **kwargs):
token_type, token = get_token()
# Flask normally handles OPTIONS requests on its own, but in the
# case it is configured to forward those to the app, we
# need to ignore authentication headers and let the request through
# to avoid unwanted interactions with CORS.
if request.method != "OPTIONS":
if token_type is None or token_type.lower() != "bearer":
return api_abort(400, "The token type has to be bearer")
if token is None:
return token_missing()
if not validate_token(token):
return invalid_token()
return f(*args, **kwargs)
def get(self, item_id):
"""Get item"""
item = Item.query.get_or_404(item_id)
if g.current_user != item.author:
return api_abort(403)
return jsonify(item_schema(item))