def delete(self, id):
room = Room.query.get(id)
if room is None:
return api_abort(422, 'room do not exit')
if g.current_user is not room.owner:
return api_abort(403, 'permission denied')
db.session.delete(room)
db.session.commit()
def put(self, id): # 采用装饰器确认是否有权限
room = Room.query.get(id)
if room is None:
return api_abort(422, 'room do not exit')
if g.current_user is not room.owner:
return api_abort(403, 'permission denied')
data = room_put_reqparse.parse_args()
data = room_put(data, room)
return make_resp(data)
def signup(data):
if User.query.filter_by(username=data['username']).first() is not None:
return api_abort(401, 'username already exit')
if User.query.filter_by(phone=data['phone']).first() is not None:
return api_abort(401, 'phone already register')
if not validate_code(data['phone'], data['verify_code'], 'create'):
raise VerifyCodeError
user = User(data['username'], data['password'], data['phone'])
db.session.add(user)
db.session.commit()
g.current_user = user
return user_schema(user)
def delete(self):
message = Message.query.get_or_404(id)
if message.author is not g.current_user:
return api_abort(403, 'permission denied')
if datetime.utcnow().timestamp() - message.timestamp.timestamp(
) >= 120:
return api_abort(403, 'time limit excess')
data = message_schema(message)
db.session.delete(message)
db.session.commit()
return make_resp(data)
def get(self):
action = request.args.get('action', None)
phone = request.args.get('phone', None)
if action is None or phone is None:
return api_abort(400, 'action and phone is needed')
code = random.randint(100001, 999999)
if not check_time_interval(phone, 60):
return api_abort(400, 'permission denied')
send_message(phone, code)
new_code = VerifyCode(code, phone, action)
db.session.add(new_code)
db.session.commit()
return make_resp({})
def put(self, id):
data = user_put_reqparse.parse_args()
if data['verify_code'] is None:
if data['password'] is not None or data['phone'] is not None:
return api_abort(400, 'verify code is needed')
data = user_put(data)
return make_resp(data=data)
def decorated(*args, **kwargs):
token_type, token = get_token()
# Flask normally handles OPTIONS requests on its own, but in the
# case it is configured to forward those to the application, we
# need to ignore authentication headers and let the request through
# to avoid unwanted interactions with CORS.
if request.method != 'OPTIONS':
if token_type is None:
return api_abort(400, 'token missing')
if token_type.lower() != 'bearer':
return api_abort(400, 'The token type must be bearer.')
if token is None:
return token_missing()
if not validate_token(token):
raise InvalidTokenError
return f(*args, **kwargs)
def put(self, id):
message = Message.query.get_or_404(id)
data = message_put_reqparse.parse_args()
if message.author is not g.current_user:
return api_abort(403, 'permission denied')
message.content = data['content']
db.session.commit()
return make_resp(message_schema(message))
def post(self):
data = room_post_reqparse.parse_args()
if Room.query.filter_by(name=data['name']).first() is not None:
return api_abort(422, 'room name already exit')
room = Room(data['name'], data['introduce'])
room.owner.append(g.current_user)
room.users.append(g.current_user)
db.session.add(room)
db.session.commit()
return make_resp(room_schema(room))
def get(self, id):
user = User.query.get(id)
if user is None:
return api_abort(422, 'user do not exit')
if g.current_user.id != id:
data = user_schema(user, False, False, False)
else:
data = user_schema(user)
return make_resp(data)
def post(self):
action = request.args.get('action', None)
# validate password or refresh_token before generate token
if action == 'get' or action is None:
data = token_get_reqparse.parse_args()
user = User.query.filter_by(username=data['username']).first()
if user is None or not user.validate_password(data['password']):
return api_abort(
code=401,
message='Either the username or password was invalid.')
g.current_user = user
elif action is 'refresh': # https://www.jianshu.com/p/25ab2f456904
data = token_refresh_reqparse.parse_args()
if not validate_token(data['refresh_token']):
raise InvalidTokenError
else:
return api_abort(401, 'unknown action')
data = generate_token(g.current_user)
response = jsonify(data)
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def delete(self, id):
if len(g.current_user.rooms_owned) != 0:
return api_abort(400, 'user owned some rooms')
code = request.args.get('verify_code', None)
data = user_delete(code)
return make_resp(data)
def get(self, id):
room = Room.query.get(id)
if room is None:
return api_abort(422, 'room do not exit')
data = room_schema(room)
return make_resp(data)
