def delete(self):
logging.info(self.request)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ', '')
except:
logging.info("got access_token null")
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
logging.info("got access_token %r", access_token)
auth_access_dao.auth_access_dao().delete(access_token)
self.set_status(200) # OK
self.finish('OK')
return
def get(self):
logging.info(self.request)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
refresh_token = None
try:
refresh_token = self.request.headers['Authorization']
refresh_token = refresh_token.replace('Bearer ', '')
except:
logging.info("got refresh_token null")
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
logging.info("got refresh_token %r", refresh_token)
token = auth_access_dao.auth_access_dao().query_by_refresh(
refresh_token)
if token is None:
self.set_status(404) # Not Found
self.write('Not Found')
self.finish()
return
_timestamp = int(time.time())
access_token = generate_uuid_str()
expires_at = _timestamp + TOKEN_EXPIRES_IN # 2hours
refresh_token = generate_uuid_str()
_json = {
'_id': access_token,
'token_type': 'Bearer',
'expires_at': expires_at,
'refresh_token': refresh_token,
'account_id': token['account_id'],
'scope': 'all'
}
auth_access_dao.auth_access_dao().create(_json)
self.set_status(200) # OK
session_ticket = {
"access_token": access_token,
"token_type": "Bearer",
"expires_at": expires_at,
"refresh_token": refresh_token,
'account_id': token['account_id'],
"scope": "all"
}
logging.info("got response %r", token)
self.finish(JSON.dumps(session_ticket))
return
def post(self):
logging.info(self.request)
data = json_decode(self.request.body)
title = None
image = None
desc = None
try:
_type = data['type']
title = data['title']
image = data['image']
desc = data['desc']
logging.info("got _type %r", _type)
logging.info("got title %r", title)
logging.info("got image %r", image)
logging.info("got desc %r", desc)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if _type is None or title is None or image is None or desc is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ','')
except:
logging.info("got access_token null")
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
logging.info("got access_token %r", access_token)
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
article_id = str(uuid.uuid1()).replace('-', '')
timestamp = int(time.time());
data['_id'] = article_id
data['type'] = _type
data['status'] = "draft"
data['create_time'] = timestamp
data['publish_time'] = timestamp
data['account_id'] = token['account_id']
blog_article_dao.blog_article_dao().create(data)
self.set_status(200) # OK
self.finish(JSON.dumps({'article_id':article_id}))
return
def put(self, article_id):
logging.info(self.request)
logging.info("got article_id %r in uri", article_id)
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ','')
except:
logging.info("got access_token null")
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
logging.info("got access_token %r", access_token)
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
# TODO 检查文章是否account_id创建
timestamp = int(time.time());
data = {'_id':article_id, 'status':'pub',
'last_update_time':timestamp, 'publish_time':timestamp}
blog_article_dao.blog_article_dao().update(data)
self.set_status(200) # OK
self.finish(JSON.dumps("OK"))
return
def delete(self, article_id):
logging.info(self.request)
logging.info("got article_id %r in uri", article_id)
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ','')
except:
logging.info("got access_token null")
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
logging.info("got access_token %r", access_token)
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
# TODO 检查文章是否account_id创建
article = blog_article_dao.blog_article_dao().delete(article_id)
self.set_status(200) # OK
self.finish(JSON.dumps("OK"))
return
def put(self, article_id):
logging.info(self.request)
logging.info("got article_id %r in uri", article_id)
data = json_decode(self.request.body)
title = None
image = None
desc = None
try:
title = data['title']
image = data['image']
desc = data['desc']
logging.info("got title %r", title)
logging.info("got image %r", image)
logging.info("got desc %r", desc)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if title is None or image is None or desc is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ','')
except:
logging.info("got access_token null")
self.set_status(401) # Unauthorized
self.write('Unauthorized')
self.finish()
return
logging.info("got access_token %r", access_token)
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
# TODO 检查文章是否account_id创建
timestamp = int(time.time());
data['_id'] = article_id
data['last_update_time'] = timestamp
blog_article_dao.blog_article_dao().update(data)
self.set_status(200) # OK
self.finish(JSON.dumps("OK"))
return
def get(self):
logging.info(self.request)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ', '')
except:
logging.info("got access_token null")
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
logging.info("got access_token %r", access_token)
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(404) # Not Found
self.write('Not Found')
self.finish()
return
session_ticket = {
"access_token": token['_id'],
"token_type": "Bearer",
"expires_at": token['expires_at'],
"refresh_token": token['refresh_token'],
"account_id": token['account_id'],
"scope": "all"
}
self.set_status(200) # OK
self.finish(JSON.dumps(session_ticket))
return
def post(self):
logging.info(self.request)
logging.info(self.request.body)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
_body = json_decode(self.request.body)
appid = None
app_secret = None
login = None
md5pwd = None
try:
appid = _body['appid']
app_secret = _body['app_secret']
login = _body['login']
md5pwd = _body['pwd']
logging.info("got appid %r", appid)
logging.info("got app_secret %r", app_secret)
logging.info("got login %r", login)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
if appid is None or app_secret is None or login is None or md5pwd is None:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
# TODO check appid & app_secret
_login = auth_login_dao.auth_login_dao().query_not_safe(login)
if not _login:
self.set_status(404) # Not Found
self.write('login & password pair are wrong')
self.finish()
return
salt = _login['salt']
_hash_pwd = hash_pwd(md5pwd, salt)
if _hash_pwd != _login['hash_pwd']:
self.set_status(404) # Not Found
self.write('login & password pair are wrong')
self.finish()
return
_timestamp = int(time.time())
logging.info("timestamp %r", _timestamp)
access_token = generate_uuid_str()
expires_at = _timestamp + TOKEN_EXPIRES_IN # 2hours
refresh_token = generate_uuid_str()
_json = {
'_id': access_token,
'token_type': 'Bearer',
'expires_at': expires_at,
'refresh_token': refresh_token,
'account_id': _login['account_id'],
'scope': 'all'
}
auth_access_dao.auth_access_dao().create(_json)
self.set_status(200) # OK
session_ticket = {
"access_token": access_token,
"token_type": "Bearer",
"expires_at": expires_at,
"refresh_token": refresh_token,
"account_id": _login['account_id'],
"scope": "all"
}
logging.info("got session_ticket response %r", session_ticket)
self.finish(JSON.dumps(session_ticket))
return
def put(self, account_id):
logging.info(self.request)
logging.info("got account_id %r from uri", account_id)
# 允许跨域访问
self.set_header('Access-Control-Allow-Origin', '*')
self.set_header('Access-Control-Allow-Methods',
'POST, PUT, DELETE, GET, OPTIONS')
self.set_header('Access-Control-Max-Age', 1000)
self.set_header('Access-Control-Allow-Headers', '*')
access_token = None
try:
access_token = self.request.headers['Authorization']
access_token = access_token.replace('Bearer ', '')
except:
logging.info("got access_token null")
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
logging.info("got access_token %r", access_token)
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
_body = json_decode(self.request.body)
appid = None
app_secret = None
login = None
md5pwd = None
try:
nickname = _body['nickname']
avatar = _body['avatar']
logging.info("got nickname %r", nickname)
logging.info("got avatar %r", avatar)
except:
self.set_status(400) # Bad Request
self.write('Bad Request')
self.finish()
return
token = auth_access_dao.auth_access_dao().query(access_token)
if token is None:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
_account_id = token['account_id']
logging.info("got _account_id %r in access_token", _account_id)
if _account_id != account_id:
self.set_status(403) # Forbidden
self.write('Forbidden')
self.finish()
return
_timestamp = int(time.time())
if not avatar:
_json = {
"_id": account_id,
"nickname": nickname,
"last_update_time": _timestamp
}
auth_basic_dao.auth_basic_dao().update(_json)
else:
_json = {
"_id": account_id,
"nickname": nickname,
"avatar": avatar,
"last_update_time": _timestamp
}
auth_basic_dao.auth_basic_dao().update(_json)
self.set_status(200) # OK
self.finish('OK')
return