def identify(request): """ 用户鉴权 :return: list """ auth_header = request.headers.get('Authorization') if auth_header: auth_tokenArr = auth_header.split(" ") if not auth_tokenArr or auth_tokenArr[0] != 'JWT' or len( auth_tokenArr) != 2: result = false_return(msg='请传递正确的验证头信息') else: auth_token = auth_tokenArr[1] payload = Auth.decode_auth_token(auth_token) if isinstance(payload, str): result = false_return(msg=payload) else: user = session.query(admin_db).filter_by( uid=payload['data']['uid']).first() if user is None: result = false_return(msg='找不到该用户信息') else: if user.login_time == payload['data']['login_time']: result = true_return(data=user, msg='请求成功') else: result = false_return(msg='Token已过期') else: result = false_return(msg='未提供token') return result
def post(self): username = self.get_argument('username') password = self.get_argument('password') if username and password: self.write(Auth.authenticate(username, password)) else: self.write(false_return(msg='用户名或密码错误'))
def authenticate(self, username, password): """ 用户登录,登录成功返回token, 登录失败返回失败原因 :param username: :param password: :return: """ user_info = Users.query.filter_by(username=username).first() if user_info is None: return jsonify(common.false_return('', '找不到用户')) else: if Users.check_password(user_info.password, password): login_time = int(time.time()) Users.update(Users, user_info.id, login_time) token = self.encode_auth_token(user_info.id, login_time) return jsonify(common.true_return(token.decode(), '登录成功')) else: return jsonify(common.false_return('', '密码不正确'))
def login(): """ 用户登录 :return: json """ username = request.form.get('username') passowrd = request.form.get('password') if not username or not passowrd: return jsonify(common.false_return('', '用户名和密码不能为空')) else: return auth.authenticate(username, passowrd)
def post(self): old_pwd = self.get_argument('old_pwd') new_pwd1 = self.get_argument('new_pwd1') new_pwd2 = self.get_argument('new_pwd2') if not old_pwd or not new_pwd1 or not new_pwd2: self.write(false_return(msg='含空项')) return if new_pwd1 != new_pwd2: self.write(false_return(msg='密码不一致')) return admin = session.query(admin_db).filter_by( uid=self.current_user.uid).first() if admin.update_password(old_pwd, new_pwd1): self.write(true_return(msg='修改密码成功!')) else: self.write(false_return(msg='密码错误'))
def authenticate(username, password): """ 用户登录,登录成功返回token,写将登录时间写入数据库;登录失败返回失败原因 :param username :param password :return: true_return(data=token.decode(), msg='登录成功') """ user = session.query(admin_db).filter_by(username=username).first() if user is None: return false_return(msg='找不到用户') else: if user.check_password(password): login_time = int(time.time()) user.login_time = login_time session.commit() user_info = {"login_time": login_time, "uid": user.uid} token = Auth.encode_auth_token(user_info) return true_return(data=token.decode(), msg='登录成功') else: return false_return(msg='密码不正确')
def post(self): ip = self.get_argument('ip', None) todo = self.get_argument('todo', None) if not ip or not todo: return print(todo, ip) if todo == 'alive': md_server.blacklist.remove(ip) blacklist_db.pop(ip) self.write(true_return(msg='解封成功')) else: self.write(false_return(msg='解封失败'))
def wrapper(): auth_token = request.headers.get('Authorization') if auth_token: auth_token_arr = auth_token.split(".") if not auth_token_arr or len(auth_token_arr) == 3: auth_header = json.loads( base64.b64decode(str(auth_token_arr[0]).encode()).decode()) if auth_header['typ'] != 'JWT': result = common.false_return('', '请传递正确的验证头信息') else: payload = Auth.decode_auth_token(auth_token) if not isinstance(payload, str): users = user.Users.get_by_id(payload['data']['id']) if users is None: result = common.false_return('', '找不到该用户') else: if users.login_time == payload['data'][ 'login_time']: return_user = { 'id': users.id, 'username': users.username } result = common.true_return( return_user, '请求成功') else: result = common.false_return( '', 'Token已更改,请重新登录获取') else: result = common.false_return('', payload, 301) else: result = common.false_return('', '请传递正确的验证头信息') else: result = common.false_return('', '没有提供认证Token') return func(result)
def post(self): ip = self.get_argument('ip', None) todo = self.get_argument('todo', None) if not ip or not todo: return print(todo, ip) if todo == 'kill': md_server.global_connection.pop(ip).close() self.write(true_return(msg='封禁成功')) elif todo == 'pull_black': md_server.global_connection.pop(ip).close() md_server.blacklist.add(ip) blacklist_db.push(ip) self.write(true_return(msg='拉黑成功')) else: self.write(false_return(msg='操作失败'))
def register(): """ 用户注册 :return:json """ username = request.form.get('username') password = request.form.get('password') password = user.Users.set_password(password) users = user.Users(username=username, password=password) result = user.Users.add(users) if users.id: return_user = { 'id': users.id, 'username': users.username, } return jsonify(common.true_return(return_user, '用户注册成功')) else: return jsonify(common.false_return('', '用户注册失败'))
async def post(self): code = self.get_argument('code') start = self.get_argument('start', None) end = self.get_argument('end', None) filename = '' data_csv = '' """ 检查参数,转换参数,设定文件名""" if not code: return code = code.split('+') try: if start: filename += start + "_" start = datetime.strptime(start, '%Y-%m-%d') if end: filename += end + "_" end = datetime.strptime(end, '%Y-%m-%d') except ValueError: self.write(false_return(msg='日期参数格式错误')) return filename = '{}{}.csv'.format(filename, code[0] if len(code) == 1 else 'Many') echo(type(code), code) """ 过滤查询 """ results = await filter(code, start, end, download=True) """ 处理 """ for item in results: if isinstance(item, dict): try: item['datetime'] = datetime.strftime( item['datetime'], '%Y-%m-%d %H:%M:%S') except KeyError: item['datetime'] = datetime.strftime( item['datetime'], '%Y-%m-%d %H:%M:%S.%f') item = str(item).replace('{', '').replace('}', '') data_csv += '{},\r\n'.format(item, ) """写入""" self.set_header('Content-Type', 'application/octet-stream') self.set_header( 'Content-Disposition', 'filename={}'.format( filename.encode('utf-8').decode('ISO-8859-1'))) self.write(data_csv) self.finish()
def post(self): ip = self.get_argument('ip', None) todo = self.get_argument('todo', None) if not ip or not todo: return log.info(todo, ip) if ip in md_server.global_connection: md_server.global_connection.pop(ip).close() # 断开连接 if ip in md_server.tick_origin: md_server.tick_origin.remove(ip) # 源服务器弹出 if todo == 'kill': self.write(true_return(msg='封禁成功')) if todo == 'pull_black': md_server.blacklist.add(ip) # 拉黑 blacklist_db.add(ip) # 存入数据库 self.write(true_return(msg='拉黑成功')) else: self.write(false_return(msg='操作失败'))