def loginout(self, req, username, token, body=None):
body = body or {}
_name_check(username)
def checker(_token):
if not _token.get('user') == username:
raise InvalidArgument('username not match')
TokenProvider.delete(req, token, checker)
return resultutils.results(result='Login out user success')
def online(req):
"""登陆用户信息"""
try:
token = TokenProvider.token(req)
except KeyError:
# 没有经过认证拦截器的必须是fernet token
if not TokenProvider.is_fernet(req):
return None, None
token_id = req.headers.get(service_common.TOKENNAME.lower())
if not token_id:
# 为登陆用户
return None, None
# 解析fernet token
token = TokenProvider.fetch(req, token_id)
return token.get('uid'), token.get('mid')
def create(self, req, body=None):
"""用户注册"""
body = body or {}
session = endpoint_session()
name = body.get('name')
passwd = body.get('passwd')
salt = ''.join(random.sample(string.lowercase, 6))
user = User(name=name,
salt=salt,
passwd=digestutils.strmd5(salt + passwd),
regtime=int(time.time()))
session.add(user)
try:
session.flush()
except DBDuplicateEntry:
return resultutils.results(result='user name duplicate',
resultcode=manager_common.RESULT_ERROR)
token = TokenProvider.create(req, dict(uid=user.uid, name=user.name),
3600)
return resultutils.results(result='crate user success',
data=[
dict(token=token,
uid=user.uid,
name=user.name,
coins=(user.coins + user.gifts),
platforms=Platforms,
one=max(0, CF.one - user.offer))
])
def fetch_and_validate(self, req):
"""
取出数据并校验
address allowed和trusted拥有很高通过权限
允许无token以及错误token通过
有可能导致依赖token的接口出错
"""
PASS = False
if self._address_allowed(req):
PASS = req.environ[service_common.ADMINAPI] = True
token_id = req.headers.get(service_common.TOKENNAME.lower())
if not token_id:
return None if PASS else self.no_auth()
if len(token_id) > 256:
return None if PASS else self.no_auth('Token over size')
# 可信任token,一般为用于服务组件之间的wsgi请求
if self.trusted and token_id == self.trusted:
req.environ[service_common.ADMINAPI] = True
LOG.debug('Trusted token passed, address %s' %
self.client_addr(req))
PASS = True
# 校验host
if not PASS:
self._validate_host(req)
# 通过token id 获取token
try:
token = TokenProvider.fetch(req, token_id)
except InvalidArgument as e:
return None if PASS else self.client_error(e.message)
except exceptions.TokenExpiredError as e:
return None if PASS else self.no_auth(e.message)
return self._validate_token(req, token)
def __call__(self, req, **kwargs):
try:
token = TokenProvider.token(req)
except KeyError:
# 未经认证拦截器校验
raise exceptions.TokenError('Token not verify or none')
if self.vtype is M:
if not token.get('mid'):
raise exceptions.TokenError('No manager found in token')
elif self.vtype is U:
if not TokenProvider.is_fernet(req):
raise exceptions.TokenError('Not fernet token')
self._validate_uid(kwargs, token)
else:
if TokenProvider.is_fernet(req): # fernet token的是普通用户token
self._validate_uid(kwargs, token)
return self.func(req, **kwargs)
def loginout(self, req, mid, body=None):
body = body or {}
mid = int(mid)
session = endpoint_session(readonly=True)
query = model_query(session, Manager, filter=Manager.mid == mid)
manager = query.one()
if TokenProvider.is_fernet(req):
raise InvalidArgument('Manager use uuid token')
token_id = TokenProvider.getid(req)
if not token_id:
raise InvalidArgument('Not token find, not login?')
def checker(token):
if token.get('mid') != mid:
raise InvalidArgument('Mnager id not the same')
TokenProvider.delete(req, token_id, checker)
return resultutils.results(
result='manager loginout success',
data=[dict(name=manager.name, mid=manager.mid)])
def login(self, req, mid, body=None):
"""管理员登录"""
body = body or {}
passwd = body.get('passwd')
session = endpoint_session(readonly=True)
query = model_query(session, Manager, filter=Manager.name == mid)
manager = query.one()
if not passwd:
raise InvalidArgument('Need passwd')
if manager.passwd != digestutils.strmd5(
manager.salt.encode('utf-8') + passwd):
raise InvalidArgument('Password error')
if TokenProvider.is_fernet(req):
raise InvalidArgument('Manager use uuid token')
token = TokenProvider.create(req,
dict(mid=manager.mid, name=manager.name),
3600)
return resultutils.results(
result='manager login success',
data=[dict(token=token, name=manager.name, mid=manager.mid)])
def expire(self, req, username, token, body=None):
def checker(_token):
if not _token.get('user') == username:
raise InvalidArgument('username not match')
session = get_session(readonly=True)
query = model_query(session,
User,
filter=User.username == _token.get('user'))
query.one()
token_id, token = TokenProvider.expire(req, token, checker)
return resultutils.results(result='Expire token success',
data=[dict(token=token_id)])
def login(self, req, uid, body=None):
"""用户登录"""
body = body or {}
passwd = body.get('passwd')
session = endpoint_session(readonly=True)
query = model_query(session, User, filter=User.name == uid)
user = query.one()
if not passwd:
raise InvalidArgument('Need passwd')
if user.passwd != digestutils.strmd5(user.salt + passwd):
raise InvalidArgument('Password error')
if not TokenProvider.is_fernet(req):
raise InvalidArgument('Not supported for uuid token')
token = TokenProvider.create(req, dict(uid=user.uid, name=user.name),
3600)
return resultutils.results(result='login success',
data=[
dict(token=token,
name=user.name,
uid=user.uid,
coins=(user.coins + user.gifts),
platforms=Platforms,
one=max(0, CF.one - user.offer))
])
def login(self, req, username, body=None):
body = body or {}
password = body.get('password')
if not password:
raise InvalidArgument('Need password')
_name_check(username)
session = get_session(readonly=True)
query = model_query(session, User, filter=User.username == username)
userinfo = query.one()
if userinfo.password != digestutils.strmd5(
userinfo.salt.encode('utf-8') + password):
raise InvalidArgument('Password error')
token = dict(ip=req.client_addr, user=userinfo.username)
token.update({service_common.ADMINAPI: True})
token_id = TokenProvider.create(req, token, 3600)
LOG.debug('Auth login success')
return resultutils.results(result='Login success',
data=[
dict(username=username,
id=userinfo.id,
token=token_id,
email=userinfo.email)
])