def post(self):
args = lr_parser.parse_args()
phone = args.get('mobile')
code = args.get('code')
cache_code = cache.get(phone)
if cache_code and code == cache_code:
user = User.query.filter(User.phone == phone).first()
if not user:
user = User()
user.phone = phone
s = ''
for i in range(13):
ran = random.randint(0, 9)
s += str(ran)
user.username = '******' + s
db.session.add(user)
db.session.commit()
token = str(uuid.uuid4()).replace('-', '') + str(
random.randint(100, 999))
cache.set(token, phone)
return jsonify(status=200, msg='登录成功', token=token)
else:
return jsonify(status=400, errmsg='验证码错误')
def post(self):
'''
登录
'''
args_login = parse_login.parse_args()
password = args_login.get('password')
username = args_login.get('username').lower()
captcha = args_login.get('captcha')
text = cache.get('image_code_%s'%args_login.get('image_code'))
if not text:
abort(RET.Forbidden,msg='验证码错误')
if captcha.lower() != text.lower():
abort(RET.Forbidden,msg='验证码错误')
cache.delete('image_code_%s'%args_login.get('image_code'))
admin = Admin.query.filter_by(username = username,is_del='0').first()
if not admin:
abort(RET.BadRequest,msg='用户名或密码错误')
if not admin.check_pwd(password):
abort(RET.Unauthorized,msg='用户名或密码错误')
token = Auth.encode_auth_token(admin.id)
cache.set(admin.id,token,timeout=60*60*8)
# 记录登陆日志
admin_log = AdminLog()
admin_log.username = admin.username
admin_log.ip = request.remote_addr
admin_log.add()
data = {
'status':RET.OK,
'msg':'登录成功',
'token':token
}
return data
def _verify():
token = get_token()
if not token:
abort(RET.Forbidden, msg='请登录', status=RET.REENTRY)
token_data = Auth.decode_auth_token(token)
token_id = token_data['data']['id']
token_time = token_data['data']['login_time']
# cache 记录的token,如果cache中没有这个token
cache_token = cache.get(token_id)
if not cache_token:
abort(RET.Forbidden, msg='请重新登录!', status=RET.REENTRY)
# 用户是否存在
admin = get_admin(token_id)
if not admin:
abort(RET.Forbidden, msg='请重新登录', status=RET.REENTRY)
# 超时生成新的token
now_time = datetime.datetime.now()
g.admin = admin
# g.auth = token
# 超过30分钟就要重新获取token
if (datetime.datetime.strptime(token_time, "%Y-%m-%d %H:%M:%S") +
datetime.timedelta(minutes=60 * 8)) < now_time:
cache.delete(token)
new_token = Auth.encode_auth_token(admin.id)
cache.set(admin.id, new_token, timeout=60 * 60 * 8)
data = {'status': RET.RESETOKEN, 'token': new_token}
return data
# 其他用户异地登录
if cache_token != token:
abort(RET.Forbidden, msg='当前账户在其他地方登录,您已被强制下线!', status=RET.REENTRY)
def post(self):
parse = parser.parse_args()
token = parse.get('token')
parsecode = parse.get('parsecode')
newpassword = parse.get('newpassword')
phone = parse.get('phone')
responseData = {}
#根据手机号唯一约束来找到用户
user = User.query.filter(User.phone == phone).first()
print(user.name)
#从缓存中拿到验证码
temp_random = cache.get(phone)
print(phone, type(phone), temp_random)
if not temp_random:
responseData['status'] = 400
responseData['msg'] = '验证码超时,请重新获取验证码'
elif str(temp_random) == str(parsecode):
user.password = generate_password_hash(newpassword)
save_db(user)
responseData['status'] = 200
responseData['msg'] = '修改密码成功'
else:
responseData['status'] = 400
responseData['msg'] = '验证码错误,请重新输入'
return responseData
def index():
token = session.get('token')
try:
userid = cache.get(token)
user = User.query.get(userid)
except:
user = None
return render_template('index.html', user=user)
def active(str):
u_id = cache.get(str)
user = User.query.get(u_id)
if user:
user.is_active = True
db.session.add(user)
db.session.commit()
return redirect('/index/')
else:
return redirect('/register/')
def beforeview():
token = session.get('token')
if token:
userid = cache.get(token)
users = User.query.filter(User.id == userid)
if users.count():
g.user = users.first()
else:
g.user = None
else:
g.user = None
def _verify():
token = request.args.get('token')
if not token:
abort(401, msg='请登录')
user_id = cache.get(token)
if not user_id:
abort(401, msg='请重新登录')
user = get_user(user_id)
if not user:
abort(401, msg='请重新登录')
g.user = user
g.auth = token
def active():
if request.method == 'GET':
token = request.args.get('token')
userid = cache.get(token)
try:
user = User.query.get(userid)
user.isactive = True
db.session.add(user)
db.session.commit()
return render_template('active.html')
except:
return '激活失败,已超时!'
def post(self):
parse = parser.parse_args()
phone = parse.get('phone')
# 短信应用SDK AppID
appid = 1400112809 # SDK AppID是1400开头
# 短信应用SDK AppKey
appkey = "8d8b808cb9073023631d241951f49fb4"
# 需要发送短信的手机号码
phone_numbers = [phone]
# 短信模板ID,需要在短信应用中申请
template_id = 166915 # NOTE: 这里的模板ID`7839`只是一个示例,真实的模板ID需要在短信控制台中申请
# templateId 7839 对应的内容是"您的验证码是: {1}"
# 签名
sms_sign = "钟远智工作经验分享" # NOTE: 这里的签名"腾讯云"只是一个示例,真实的签名需要在短信控制台中申请,另外签名参数使用的是`签名内容`,而不是`签名ID`
ssender = SmsSingleSender(appid, appkey)
# 模板需要的参数
# 短信验证码: {1},请于{2}分钟内填写。如非本人操作,请忽略本短信。
temp_random = random.randrange(10000, 100000)
# 缓存验证码(后续过期处理,以及验证处理)
cache.set(phone, temp_random, timeout=30)
print(phone, cache.get(phone), type(phone))
params = [
temp_random, 10
] # 当模板没有参数时,`params = []`,数组具体的元素个数和模板中变量个数必须一致,例如事例中templateId:5678对应一个变量,参数数组中元素个数也必须是一个
try:
result = ssender.send_with_param(
86,
phone_numbers[0],
template_id,
params,
sign=sms_sign,
extend="",
ext="") # 签名参数未提供或者为空时,会使用默认签名发送短信
except HTTPError as e:
print(e)
except Exception as e:
print(e)
responseData = {'msg': '发送短信成功'}
return responseData
def my_cache():
#先获取ip,拼接我们的key
ip = request.remote_addr
key = ip + 'day04'
#去缓存尝试拿数据
data = cache.get(key)
if data:
print('有数据')
return jsonify(data)
else:
# 一顿查数据
new_data = {'code': 1, 'msg': 'ok', 'data': '呵呵哒'}
print('查数据')
cache.set(key, new_data, 30)
return jsonify(new_data)
def heheda():
#反爬虫 首先检查有没有user-agent 再看ip如果在30s内访问10次 就搞他
user_agent = request.user_agent
if not user_agent:
return jsonify({'code': 10000, 'msg': 'h换个网站吧'}), 500
ip = request.remote_addr
key = ip + 'fanpa'
times = cache.get(key)
if not times:
cache.set(key, 1, 30)
else:
if int(times) >= 3:
return '搞你M啊', 404
else:
cache.set(key, times + 1, 30)
def activate_account():
result = {}
username = request.values.get('uname')
if username == cache.get('username'): #rds.get('username')
user = User.query.filter(User.username == username).first()
if user:
user.is_active = True
db.session.add(user)
db.session.commit()
result.update(status=200, msg='激活成功')
else:
result.update(status=-4, msg='激活用户不存在')
else:
result.update(status=-3, msg='激活链接失效,请重新激活')
return jsonify(result)
def _verify():
token = request.args.get('token')
if not token:
abort(401, msg='not login')
if not token.startswith(MOVIE_USER):
abort(403, msg='no access')
user_id = cache.get(token)
if not user_id:
abort(401, msg='user not avaliable')
user = get_movie_user(user_id)
if not user:
abort(401, msg='user not avaliable')
g.user = user
g.auth = token
def sortGoods():
page = int(request.args.get("page") or 1)
type = request.args.get("type")
try:
type = type.split("/")[0]
cache.set("type", type)
except:
type = cache.get("type")
pass
print(type)
per = 12
paginates = Goods.query.filter(Goods.type == type).paginate(page, per)
if g.user:
return render_template('market.html',
type=type,
paginates=paginates,
name=g.user.name,
img=g.user.img)
return render_template("sort.html", paginates=paginates, type=type)
def put(self):
args = update_parser.parse_args()
code = args.get('code')
mobile = args.get('mobile')
cache_code = cache.get(mobile)
# 判断验证码是否输入正确
if cache_code and cache_code == code:
user = User.query.filter(User.phone == mobile).first()
password = args.get('password')
repassword = args.get('repassword')
# 判断密码是否输入一致
if password == repassword:
user.password = generate_password_hash(password)
db.session.commit()
return {'status': 200, 'msg': '设置密码成功'}
else:
return {'status': 400, 'msg': '两次密码不一致'}
else:
return {'status': 400, 'msg': '验证码有误'}
def get(self):
parse = parser.parse_args()
#不使用缓存,直接获取token
#获取token
# token = parse.get('token')
#
# user = User.query.filter(User.token==token).first()
# user.is_active = True
# save_db(user)
# responseData = {
# 'status': 201,
# 'msg': '用户激活成功',
# 'data': user
# }
#
# return responseData
#使用缓存超时处理
token = parse.get('token')
value = cache.get(token)
if value:
user = User.query.filter(User.token == token).first()
user.is_active = True
save_db(user)
responseData = {
'status': 200,
'msg': '用户激活成功',
'data': user
}
return responseData
else:
responseData ={
'status': 201,
'msg': '用户激活超时,请联系管理员',
}
return responseData
def get(self):
parse = parser.parse_args()
token = parse.get('token')
userid = cache.get(token)
if not userid:
responsedata = {
'msg': '激活失败!',
'status': 401,
'time': str(int(time.time())),
'err': '链接已失效!'
}
return responsedata
user = User.query.get(userid)
user.isactive = True
user.token = get_token()
db.session.add(user)
db.session.commit()
responsedata = {
'msg': '激活成功!',
'status': 200,
'time': str(int(time.time())),
'data': user
}
return responsedata