def loginout(self, req, username, token, body=None): body = body or {} _name_check(username) def checker(_token): if not _token.get('user') == username: raise InvalidArgument('username not match') TokenProvider.delete(req, token, checker) return resultutils.results(result='Login out user success')
def online(req): """登陆用户信息""" try: token = TokenProvider.token(req) except KeyError: # 没有经过认证拦截器的必须是fernet token if not TokenProvider.is_fernet(req): return None, None token_id = req.headers.get(service_common.TOKENNAME.lower()) if not token_id: # 为登陆用户 return None, None # 解析fernet token token = TokenProvider.fetch(req, token_id) return token.get('uid'), token.get('mid')
def create(self, req, body=None): """用户注册""" body = body or {} session = endpoint_session() name = body.get('name') passwd = body.get('passwd') salt = ''.join(random.sample(string.lowercase, 6)) user = User(name=name, salt=salt, passwd=digestutils.strmd5(salt + passwd), regtime=int(time.time())) session.add(user) try: session.flush() except DBDuplicateEntry: return resultutils.results(result='user name duplicate', resultcode=manager_common.RESULT_ERROR) token = TokenProvider.create(req, dict(uid=user.uid, name=user.name), 3600) return resultutils.results(result='crate user success', data=[ dict(token=token, uid=user.uid, name=user.name, coins=(user.coins + user.gifts), platforms=Platforms, one=max(0, CF.one - user.offer)) ])
def fetch_and_validate(self, req): """ 取出数据并校验 address allowed和trusted拥有很高通过权限 允许无token以及错误token通过 有可能导致依赖token的接口出错 """ PASS = False if self._address_allowed(req): PASS = req.environ[service_common.ADMINAPI] = True token_id = req.headers.get(service_common.TOKENNAME.lower()) if not token_id: return None if PASS else self.no_auth() if len(token_id) > 256: return None if PASS else self.no_auth('Token over size') # 可信任token,一般为用于服务组件之间的wsgi请求 if self.trusted and token_id == self.trusted: req.environ[service_common.ADMINAPI] = True LOG.debug('Trusted token passed, address %s' % self.client_addr(req)) PASS = True # 校验host if not PASS: self._validate_host(req) # 通过token id 获取token try: token = TokenProvider.fetch(req, token_id) except InvalidArgument as e: return None if PASS else self.client_error(e.message) except exceptions.TokenExpiredError as e: return None if PASS else self.no_auth(e.message) return self._validate_token(req, token)
def __call__(self, req, **kwargs): try: token = TokenProvider.token(req) except KeyError: # 未经认证拦截器校验 raise exceptions.TokenError('Token not verify or none') if self.vtype is M: if not token.get('mid'): raise exceptions.TokenError('No manager found in token') elif self.vtype is U: if not TokenProvider.is_fernet(req): raise exceptions.TokenError('Not fernet token') self._validate_uid(kwargs, token) else: if TokenProvider.is_fernet(req): # fernet token的是普通用户token self._validate_uid(kwargs, token) return self.func(req, **kwargs)
def loginout(self, req, mid, body=None): body = body or {} mid = int(mid) session = endpoint_session(readonly=True) query = model_query(session, Manager, filter=Manager.mid == mid) manager = query.one() if TokenProvider.is_fernet(req): raise InvalidArgument('Manager use uuid token') token_id = TokenProvider.getid(req) if not token_id: raise InvalidArgument('Not token find, not login?') def checker(token): if token.get('mid') != mid: raise InvalidArgument('Mnager id not the same') TokenProvider.delete(req, token_id, checker) return resultutils.results( result='manager loginout success', data=[dict(name=manager.name, mid=manager.mid)])
def login(self, req, mid, body=None): """管理员登录""" body = body or {} passwd = body.get('passwd') session = endpoint_session(readonly=True) query = model_query(session, Manager, filter=Manager.name == mid) manager = query.one() if not passwd: raise InvalidArgument('Need passwd') if manager.passwd != digestutils.strmd5( manager.salt.encode('utf-8') + passwd): raise InvalidArgument('Password error') if TokenProvider.is_fernet(req): raise InvalidArgument('Manager use uuid token') token = TokenProvider.create(req, dict(mid=manager.mid, name=manager.name), 3600) return resultutils.results( result='manager login success', data=[dict(token=token, name=manager.name, mid=manager.mid)])
def expire(self, req, username, token, body=None): def checker(_token): if not _token.get('user') == username: raise InvalidArgument('username not match') session = get_session(readonly=True) query = model_query(session, User, filter=User.username == _token.get('user')) query.one() token_id, token = TokenProvider.expire(req, token, checker) return resultutils.results(result='Expire token success', data=[dict(token=token_id)])
def login(self, req, uid, body=None): """用户登录""" body = body or {} passwd = body.get('passwd') session = endpoint_session(readonly=True) query = model_query(session, User, filter=User.name == uid) user = query.one() if not passwd: raise InvalidArgument('Need passwd') if user.passwd != digestutils.strmd5(user.salt + passwd): raise InvalidArgument('Password error') if not TokenProvider.is_fernet(req): raise InvalidArgument('Not supported for uuid token') token = TokenProvider.create(req, dict(uid=user.uid, name=user.name), 3600) return resultutils.results(result='login success', data=[ dict(token=token, name=user.name, uid=user.uid, coins=(user.coins + user.gifts), platforms=Platforms, one=max(0, CF.one - user.offer)) ])
def login(self, req, username, body=None): body = body or {} password = body.get('password') if not password: raise InvalidArgument('Need password') _name_check(username) session = get_session(readonly=True) query = model_query(session, User, filter=User.username == username) userinfo = query.one() if userinfo.password != digestutils.strmd5( userinfo.salt.encode('utf-8') + password): raise InvalidArgument('Password error') token = dict(ip=req.client_addr, user=userinfo.username) token.update({service_common.ADMINAPI: True}) token_id = TokenProvider.create(req, token, 3600) LOG.debug('Auth login success') return resultutils.results(result='Login success', data=[ dict(username=username, id=userinfo.id, token=token_id, email=userinfo.email) ])