def post(self):
res = AppSetting.general_result()
res["err_code"] = APIStatus.INTERFACE_DISABLED
res["message"] = "this api is not use"
res["result"] = "fail"
self.write(json.dumps(res))
self.finish()
def prepare(self):
req_path = self.request.uri
method = self.request.method
if method == "OPTIONS" or method == "options":
return
if req_path.startswith("/api") and (req_path
not in AppSetting.TOKEN_EXTERNAL):
res = AppSetting.general_result()
if AppSetting.AUTH_KEY not in self.request.headers:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = "no token"
self.write(json.dumps(res))
self.finish()
return
token = self.request.headers[AppSetting.AUTH_KEY]
try:
user_payload = jwt.decode(token,
AppSetting.TOKEN_SECRET,
algorithm='HS256')
except Exception as err:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = str(err)
self.write(json.dumps(res))
self.finish()
return
self.current_user = user_payload
self.request_info["username"] = self.current_user["username"]
def delete(self):
res = AppSetting.general_result()
res["err_code"] = APIStatus.INTERFACE_DISABLED
res["message"] = "this interface is disabled."
res["result"] = "fail"
self.write(json.dumps(res))
self.finish()
def get(self, args_, headers):
res = AppSetting.general_result()
res["cmd"] = "token_info"
if AppSetting.AUTH_KEY not in headers:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = "no token"
return res
token = headers[AppSetting.AUTH_KEY]
try:
user_payload = jwt.decode(token,
AppSetting.TOKEN_SECRET,
algorithm='HS256')
except Exception as err:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = str(err)
return res
res["data"] = user_payload
self.request_info["username"] = user_payload["username"]
res["request_info"] = self.request_info
res["data"]["token"] = token
res["err_code"] = APIStatus.SUCCESS
return res
def post(self):
res = AppSetting.general_result()
res["cmd"] = "upload-file"
log_info = self.request_info
file_list = self.request.files.get('file', "")
if not file_list:
res["err_code"] = APIStatus.FIELD_LACK
res["message"] = "no such params: file"
res["result"] = "fail"
log_info["message"] = res["message"]
log_info["err_code"] = res["err_code"]
self.write(json.dumps(res))
self.finish()
logger.error(json.dumps(log_info))
return
file_obj = self.request.files['file'][0]
filename = file_obj['filename']
upload_path = os.path.join(AppSetting.BASE_DIR, AppSetting.UP_FILE_DIR)
try:
with open(os.path.join(upload_path, filename), 'wb') as fh:
fh.write(file_obj['body'])
print("success")
res["err_code"] = APIStatus.SUCCESS
res["data"] = {"filename": filename}
except IOError as e:
res["err_code"] = APIStatus.FILE_IO_ERROR
res["message"] = str(e)
log_info["message"] = res["message"]
log_info["err_code"] = res["err_code"]
logger.error(json.dumps(log_info))
else:
logger.info(json.dumps(log_info))
self.write(json.dumps(res))
self.finish()
def delete(self, args_, current_user):
"""
删除用户,逻辑删除
:return:
"""
res = AppSetting.general_result()
res["request_info"] = self.request_info
if not Permission.check_user_role(self.edit_roles,
current_user["roles"]):
res["err_code"] = APIStatus.ROLE_FORBIDDEN
res["message"] = "user role is forbidden: {}".format(
current_user["username"])
res["result"] = "fail"
return res
if "item" not in args_ or not args_["item"]:
res["err_code"] = APIStatus.FIELD_LACK
res["message"] = "no such params: item"
res["result"] = "fail"
return res
res["data"] = {"uid": args_.get("item", "")}
try:
self.controller.delete(args_["item"])
except SQLAlchemyError as err:
# print(err.orig.args)
res["err_code"] = APIStatus.DB_ERROR
res["message"] = json.dumps(err.orig.args)
res["result"] = "fail"
except Exception as err:
res["err_code"] = APIStatus.UNDEFINED
res["message"] = str(err)
res["result"] = "fail"
else:
res["err_code"] = APIStatus.SUCCESS
return res
def get(self):
res = AppSetting.general_result()
res["err_code"] = APIStatus.SUCCESS
res["message"] = ""
res["result"] = "ok"
res["data"] = "Deepcyto KaryoType Restful"
self.write(json.dumps(res))
self.finish()
def put(self, args_, body_, current_user=None):
res = AppSetting.general_result()
res["cmd"] = "login"
self.request_info["username"] = body_["username"]
res["request_info"] = self.request_info
if not body_ or "username" not in body_ or body_["username"] == "":
res["err_code"] = APIStatus.USER_ERROR
res["result"] = "fail"
res["message"] = "user name empty"
return res
try:
user = self.controller.search(username=body_["username"])
except Exception as err:
res["err_code"] = APIStatus.DB_ERROR
res["result"] = "fail"
res["message"] = str(err)
return res
if not user:
res["err_code"] = APIStatus.USER_ERROR
res["result"] = "fail"
res["message"] = "user name error"
return res
if not check_password_hash(user["password"], body_["password"]):
res["err_code"] = APIStatus.PASS_WORD_ERROR
res["result"] = "fail"
res["message"] = "user password error"
return res
roles = [user["role_ref"]["code"]]
username = body_["username"]
expire_time = int(time.time() + 3600 * 12)
encoded = jwt.encode(
{
'uid': user["uid"],
"username": username,
"name": user["name"],
"roles": roles,
'exp': expire_time
},
AppSetting.TOKEN_SECRET,
algorithm='HS256')
token = str(encoded, encoding='utf-8')
self.controller.update(user["uid"], is_login=True)
res["err_code"] = APIStatus.SUCCESS
res["data"] = {
"roles": roles,
"username": username,
"token": token,
"name": user["name"],
}
return res
def get(self, args_, current_user):
"""
获取用户信息
:return:
"""
res = AppSetting.general_result()
res["request_info"] = self.request_info
if not Permission.check_user_role(self.view_roles,
current_user["roles"]):
res["err_code"] = APIStatus.ROLE_FORBIDDEN
res["message"] = "user role is forbidden: {}".format(
current_user["username"])
res["result"] = "fail"
return res
order_key = args_.get("order_key", "-create_time")
if order_key:
if order_key.startswith("-"):
key_check = order_key[1:]
else:
key_check = order_key
if key_check not in self.fields_border:
res["err_code"] = APIStatus.FIELD_OUTER
res["message"] = "order_key: [{}] is unknown field".format(
key_check)
res["result"] = "fail"
return res
start = args_.get("start", 0)
count = args_.get("count", 0)
start = start if isinstance(start, int) and start >= 0 else 0
count = count if isinstance(count, int) and count >= 0 else 0
try:
total = self.controller.count()
res["data"] = self.controller.all(
start=start, count=count, order_key=order_key) or []
except SQLAlchemyError as err:
# print(err.orig.args)
res["err_code"] = APIStatus.DB_ERROR
res["message"] = json.dumps(err.orig.args)
res["result"] = "fail"
except Exception as err:
res["err_code"] = APIStatus.UNDEFINED
res["message"] = str(err)
res["result"] = "fail"
else:
res["err_code"] = APIStatus.SUCCESS
res["total"] = total
return res
def put(self, args_, body_, current_user):
"""
更改用户信息
:return:
"""
res = AppSetting.general_result()
res["request_info"] = self.request_info
if not Permission.check_user_role(self.edit_roles,
current_user["roles"]):
res["err_code"] = APIStatus.ROLE_FORBIDDEN
res["message"] = "user role is forbidden: {}".format(
current_user["username"])
res["result"] = "fail"
return res
if "item" not in args_ or not args_["item"]:
res["err_code"] = APIStatus.FIELD_LACK
res["message"] = "no such params: item"
res["result"] = "fail"
return res
res["data"] = {"uid": args_.get("item", "")}
for field in list(body_.keys()):
if field not in self.fields_border:
body_.pop(field)
# print(body_)
unique_list = deepcopy(self.controller.get_model().unique_list)
unique_list.append(self.controller.get_model().key_word)
try:
self._check_unique_field(body_, unique_list)
except Exception as err:
res["err_code"] = APIStatus.ALREADY_EXIST
res["message"] = str(err)
res["result"] = "fail"
return res
try:
self.controller.update(args_["item"], **body_)
except SQLAlchemyError as err:
res["err_code"] = APIStatus.DB_ERROR
res["message"] = json.dumps(err.orig.args)
res["result"] = "fail"
except Exception as err:
res["err_code"] = APIStatus.UNDEFINED
res["message"] = str(err)
res["result"] = "fail"
else:
res["err_code"] = APIStatus.SUCCESS
res["err_code"] = APIStatus.SUCCESS
return res
def get(self):
res = AppSetting.general_result()
log_info = self.request_info
if not self.args_["filename"]:
res["err_code"] = APIStatus.FIELD_LACK
res["message"] = "no such params: filename"
res["result"] = "fail"
log_info["message"] = res["message"]
log_info["err_code"] = res["err_code"]
self.write(json.dumps(res))
self.finish()
logger.error(json.dumps(log_info))
return
full_path = os.path.join(AppSetting.BASE_DIR, AppSetting.DOWN_FILE_DIR,
self.args_["filename"])
if not os.path.exists(full_path):
res["err_code"] = APIStatus.FILE_IO_ERROR
res["message"] = "file not exist: {filename}".format(
filename=self.args_["filename"])
res["result"] = "fail"
log_info["message"] = res["message"]
log_info["err_code"] = res["err_code"]
self.write(json.dumps(res))
self.finish()
logger.error(json.dumps(log_info))
return
self.set_header('Content-Type', 'application/octet-stream')
self.set_header(
'Content-Disposition', 'attachment; filename="{name}"'.format(
name=self.args_["filename"].encode("utf-8")))
with open(full_path, 'rb') as f:
while True:
data = f.read(4096)
if not data:
break
self.write(data)
self.finish()
logger.info(json.dumps(log_info))
return
def delete(self, headers, current_user=None):
res = AppSetting.general_result()
res["cmd"] = "logout"
if AppSetting.AUTH_KEY not in headers:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = "no token"
return res
token = headers[AppSetting.AUTH_KEY]
try:
user_payload = jwt.decode(token,
AppSetting.TOKEN_SECRET,
algorithm='HS256')
except Exception as err:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = str(err)
return res
self.request_info["username"] = user_payload["username"]
res["request_info"] = self.request_info
try:
user = self.controller.search(username=user_payload["username"])
except Exception as err:
res["err_code"] = APIStatus.DB_ERROR
res["result"] = "fail"
res["message"] = str(err)
return res
if not user:
res["err_code"] = APIStatus.USER_ERROR
res["result"] = "fail"
res["message"] = "user name error"
return res
self.controller.update(user_payload["uid"], is_login=False)
res["err_code"] = APIStatus.SUCCESS
return res
def search(self, body_, current_user):
res = AppSetting.general_result()
res["request_info"] = self.request_info
if not Permission.check_user_role(self.view_roles,
current_user["roles"]):
res["err_code"] = APIStatus.ROLE_FORBIDDEN
res["message"] = "user role is forbidden: {}".format(
current_user["username"])
res["result"] = "fail"
return res
try:
res["data"] = self.controller.search(**body_) or []
except SQLAlchemyError as err:
# print(err.orig.args)
res["err_code"] = APIStatus.DB_ERROR
res["message"] = json.dumps(err.orig.args)
res["result"] = "fail"
except Exception as err:
res["err_code"] = APIStatus.UNDEFINED
res["message"] = str(err)
res["result"] = "fail"
else:
res["err_code"] = APIStatus.SUCCESS
return res
def before_request():
req_path = request.path
session.permanent = True
app.permanent_session_lifetime = 3600
if req_path.startswith("/api/dashboard/") and (req_path
not in token_external):
res = AppSetting.general_result()
if AppSetting.AUTH_KEY not in request.headers:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = "no token"
return json.dumps(res)
token = request.headers[AppSetting.AUTH_KEY]
try:
user_payload = jwt.decode(token,
AppSetting.TOKEN_SECRET,
algorithm='HS256')
except Exception as err:
res["result"] = "fail"
res["err_code"] = APIStatus.TOKEN_BROKEN
res["message"] = str(err)
return json.dumps(res)
# print(session)
# if user_payload["uid"] not in session:
# res["result"] = "fail"
# res["err_code"] = APIStatus.NOT_YET_LOGIN
# res["message"] = "this user is not login: {}".format(user_payload["username"])
# return json.dumps(res)
# if token != session[user_payload["uid"]]["token"]:
# res["result"] = "fail"
# res["err_code"] = APIStatus.TOKEN_EXPIRED
# res["message"] = "login expired, other client is using this user"
# return json.dumps(res)
del res
# g_user.user = session[user_payload["uid"]]
g_user.user = user_payload
def post(self, body_, current_user):
"""
创建新用户
"""
res = AppSetting.general_result()
res["request_info"] = self.request_info
if not Permission.check_user_role(self.edit_roles,
current_user["roles"]):
res["err_code"] = APIStatus.ROLE_FORBIDDEN
res["message"] = "user role is forbidden: {}".format(
current_user["username"])
res["result"] = "fail"
return res
# print(body_)
for field in self.fields_require:
if field not in body_:
res["err_code"] = APIStatus.FIELD_LACK
res["message"] = "field lack: {}".format(field)
res["result"] = "fail"
return res
for field in list(body_.keys()):
if field not in self.fields_border:
body_.pop(field)
try:
self._check_unique_field(body_,
self.controller.get_model().unique_list)
except Exception as err:
res["err_code"] = APIStatus.ALREADY_EXIST
res["message"] = str(err)
res["result"] = "fail"
return res
try:
key_word = self.controller.get_model().key_word
table_name = self.controller.get_model().table_name
search_res = self.controller.search_keyword_on_create(
key_word=body_[key_word])
if search_res:
if search_res["deleted"] is None or search_res["deleted"] == "":
res["err_code"] = APIStatus.ALREADY_EXIST
res["message"] = "{table_name} [{key_word}] is already exist".format(
table_name=table_name, key_word=body_[key_word])
res["result"] = "fail"
return res
else:
uid = search_res["uid"]
body_["deleted"] = None
self.controller.update(uid, **body_)
res["data"] = {"uid": uid}
else:
res["data"] = {"uid": self.controller.create(**body_)}
except SQLAlchemyError as err:
res["err_code"] = APIStatus.DB_ERROR
res["message"] = json.dumps(err.orig.args)
res["result"] = "fail"
except Exception as err:
res["err_code"] = APIStatus.UNDEFINED
res["message"] = str(err)
res["result"] = "fail"
else:
res["err_code"] = APIStatus.SUCCESS
return res