def test_jwt(self):
user = User(id=55, user_name='kulich', email='*****@*****.**')
secret = 'ZZigIKCHuSNeSHwfU+TAbyNX4nwyMUDRXnv0aZgBlOM'
token = create_token(user, secret)
claim = verify_token(token, secret)
self.assertEqual(user.id, claim['id'])
self.assertEqual(user.user_name, claim['user_name'])
self.assertEqual(user.email, claim['email'])
self.assertTrue(verify_token(token, 'bad secret') is None)
token2 = create_token(user, secret, -30)
self.assertTrue(verify_token(token2, secret) is None)
def reading_modify():
token_data = utils.verify_token(request.headers['Authorization'])
user_id = uuid.UUID(token_data['userId'])
book_name = request.values.get('bookName')
chapter_id = request.values.get('chapterId')
collections = app.mongo.db.mark
condition = {
"userId": user_id,
"bookName": book_name,
"chapterId": chapter_id
}
result = collections.find_one(condition)
if result is not None:
return {"message": "不可重复记录阅读进度"}, utils.http_code["Conflict"]
collections.delete_one({
"userId": user_id,
"bookName": book_name,
})
collections.insert_one({
"userId": user_id,
"bookName": book_name,
"chapterId": chapter_id
})
return {"message": "已记录阅读进度"}
def is_token_valid():
body = request.get_json(force=True)
is_valid = verify_token(body["token"])
if is_valid:
return jsonify(is_token_valid=True)
else:
return jsonify(is_token_valid=False), 403
def authenticate(realm, user_id, details):
log.debug('Got auth request for %s')
token = details.get('ticket')
payload = verify_token(token, settings.SECRET_KEY)
if payload and user_id == payload['email']:
if 'user' in payload['roles']:
log.debug('Authenticaticated user %s to role user', user_id)
return 'user'
return 'anonymous'
def book_del():
token_data = utils.verify_token(request.headers['Authorization'])
user_id = uuid.UUID(token_data['userId'])
book_name = request.values.get("bookName")
collections = app.mongo.db.collections
condition = {"userId": user_id, "bookName": book_name}
collections.delete_one(condition)
return {"message": "已取消收藏"}
def book_fetch():
token_data = utils.verify_token(request.headers['Authorization'])
user_id = uuid.UUID(token_data['userId'])
book_name = request.values.get("bookName", "")
collections = app.mongo.db.collections
condition = {
"userId": user_id,
"bookName": book_name
} if book_name != "" else {
"userId": user_id
}
result = collections.find(condition, {'_id': False, 'userId': False})
return fetch_data(result)
def reading_fetch():
token_data = utils.verify_token(request.headers['Authorization'])
user_id = uuid.UUID(token_data["userId"])
book_name = request.values.get("bookName", "")
collections = app.mongo.db.mark
condition = {
'userId': user_id,
'bookName': book_name
} if book_name != "" else {
'userId': user_id
}
result = collections.find(condition, {'_id': False})
result = [x for x in result]
return fetch_data(result[::-1])
def info():
token = request.headers['Authorization']
user_data = utils.verify_token(token)
users = app.mongo.db.users
result = users.find_one({'userId': uuid.UUID(user_data['userId'])})
if result is None:
return {"message": "用户不存在"}, utils.http_code['BadRequest']
return {
'message': '请求成功',
'data': {
'username': result['username'],
'userId': result['userId']
}
}
def book_add():
token_data = utils.verify_token(request.headers['Authorization'])
user_id = uuid.UUID(token_data['userId'])
book_name = request.values.get("bookName")
collections = app.mongo.db.collections
condition = {"userId": user_id, "bookName": book_name}
result = collections.find_one(condition)
if result is not None:
return {"message": "不可重复收藏"}, utils.http_code["Conflict"]
collections.insert_one({"userId": user_id, "bookName": book_name})
return {
"message": "收藏成功",
}
def load_user_from_request(request):
user_token = request.args.get('bearer_token')
if not user_token:
token=request.headers.get('Authorization')
if token and token.lower().startswith('bearer '):
user_token=token[7:].strip()
if not user_token:
return
claim=verify_token(user_token, SECRET_KEY)
if claim:
user=model.User.query.get(claim['id']) # @UndefinedVariable
if user and user.is_active:
return user
# finally, return None if both methods did not login the user
return None