def post(self): """ POST """ input_json = request.get_json() if 'account' not in input_json: return self.response_json(self.HttpErrorCode.PARAMS_VALID_ERROR, '账号不能为空') if 'password' not in input_json: return self.response_json(self.HttpErrorCode.PARAMS_VALID_ERROR, '密码不能为空') account, password = input_json.get('account'), input_json.get('password') # 获取账号 account = Account.query.filter_by(account=account).first() if not bcrypt.checkpw(password.encode('utf-8'), account.password.encode('utf-8')): return self.response_json(self.HttpErrorCode.AUTHORIZED_ERROR) # Cookie设置 res = make_response(self.response_json(self.HttpErrorCode.SUCCESS)) session_token = SessionCache().create_session(account.id) res.set_cookie( 'session_token', session_token, expires=time.time()+24*60*60, domain=request.host ) return res
def get(self): session_token = request.cookies.get('session_token', None) if not session_token: return self.response_json(self.HttpErrorCode.SUCCESS) SessionCache().delete(session_token) res = make_response(self.response_json(self.HttpErrorCode.SUCCESS)) res.set_cookie('session_token', session_token, expires=0) return res
def get_current_user(self): session_token = request.cookies.get('session_token', '') user_id = SessionCache().get_user_id_by_token(session_token) if not user_id: return None user = Account.query.filter_by(id=user_id).first() if user: bussiness_id = UserBussinessCache().get(user.id) or 1 # TODO 需要修复db.model自动保存的问题 if self._is_bussiness_admin(user.id, bussiness=bussiness_id) and user.role != 'super_admin': user.role = 'admin' user.role = 'super_admin' if user.id == 1 else user.role return user
def post(self, panel_id=None): try: query_params = request.get_json() except: query_params = {} # 用户名称添加到参数中 session_token = request.cookies.get('session_token', '') user = None query_params.get("query", {}).setdefault("isadmin", 0) if session_token: user_id = SessionCache().get_user_id_by_token(session_token) user = Account.query.filter_by(id=user_id).first() query_params.get("query", {}).setdefault("username", user.name) else: username = request.cookies.get('admin_name', None) user = Account.query.filter_by(account=username).first() query_params.get("query", {}).setdefault("username", username) if user and user.role in ('super_admin', 'admin'): query_params.get("query", {}).update({"isadmin": 1}) if panel_id: panel_data = self.session.query(PanelsModel).filter_by( id=panel_id).first() panel_data, errors = PanelSchema( exclude=PanelsModel.column_filter).dump(panel_data) if errors: return self.response_json(self.HttpErrorCode.ERROR, msg=str(errors)) else: panel_data = {} panel_data.update(query_params) try: dtype, db = get_db_by_id(panel_data['db_source']) query_datas = DataAccess(dtype, db, **panel_data).get_datas() except Exception as e: error_message = str(e) return self.response_json(self.HttpErrorCode.ERROR, msg=error_message) return self.response_json(self.HttpErrorCode.SUCCESS, data=query_datas)
def get(self): session_token = request.cookies.get('session_token', None) auth_type = current_app.config["AUTH_TYPE"] sso_url = current_app.config["SSO_URL"] login_url = request.host_url + "login" if sso_url and auth_type == "SSO": response = make_response(self.response_json(self.HttpErrorCode.UNAUTHORIZED, data=sso_url)) else: response = make_response(self.response_json(self.HttpErrorCode.UNAUTHORIZED, data=login_url)) response.set_cookie("admin_uid", '', expires=0, domain=".oa.com") response.set_cookie("admin_key", '', expires=0, domain=".oa.com") if not session_token: return response SessionCache().delete(session_token) response.set_cookie('session_token', session_token, expires=0) return response