def wrapper(*args, **kwargs): # logger.warning(f" auth now: {fn}, {dir(fn)}") if 'Resource.dispatch_request' in str(fn) or ( '__auth_not_required__' in dir(fn) and fn.__auth_not_required__ is True) or \ ('__inner__' in dir(fn) and ( "Resource.dispatch_request" in str(fn.__inner__) or "__auth_not_required__" in str(fn.__inner__))): return fn(*args, **kwargs) args_ = auth_reqparse.parse_args(http_error_code=401) # logger.info(f" auth args: {args_}, {fn.__inner__ if '__inner__' in dir(fn) else '(no inner)'}") auth = args_.get(Constants.JWT_HEADER_NAME, None) if auth is None: return make_result(401) try: if not db.session.token_available(auth): raise BadSignature("Token disabled.") data = Statics.tjw_access_token.loads(auth) if data.get('type', None) != 'access_token': raise BadSignature("Token type error.") except (BadSignature, BadData, BadHeader, BadPayload) as e: return make_result(422, message=f"Bad token: {e}") except BadTimeSignature: return make_result(423) # logger.info(f"data: {data}") fn_data = inspect.getfullargspec(fn) if 'uid' in fn_data.args: kwargs['uid'] = data.get('uid') if 'access_token' in fn_data.args: kwargs['access_token'] = auth return fn(*args, **kwargs)
def post(self): """ 注册 :json username: 用户名 :json password: 密码 :return: """ args = self.args_signin.parse_args() username, password = args.get('username'), args.get('password') result, text = password_check(password) if not result: return make_result(400, message=text) # check_result = db.session.check_password(username=username, password=password) # if not check_result: # return make_result(403) try: uid = db.user.insert({ 'username': username, 'nick': username, 'level': 1, 'state': 'normal', 'profile': {} }) except exceptions.BlogUserExist: return make_result(400, message='用户已存在') db.session.insert(uid, password) return make_result(data={'uid': uid})
def put(self, uid: int): """ 更新用户信息 :param uid: uid :return: """ user = reqparse.RequestParser().parse_args() user['uid'] = uid result = db.user.update_one(user) if not result: return make_result(400) return make_result()
def get(self, cid: int): """ 获取发布的内容 :param cid: :return: """ content = db.content.get_by_cid(cid) if content is None: return make_result(404) if 'password' not in content: return make_result(data={'content': content}) password = self.args_visit_content.parse_args().get("password") if password != content['password']: return make_result(403) return make_result(data={'content': content})
def get(self): """ 获取内容的树状path :return: """ root = db.content.get_tree_root() return make_result(data={'tree': root})
def delete(self, uid: int): """ 删除自己用户 :param uid: uid :return: """ db.user.delete_user(uid) return make_result()
def get(self, uid: int): """ 获取 uid 对应用户信息 :param uid: uid :return: """ user = db.user.get_by_uid(uid) return make_result(data={'user': user})
def post(self): args = self.args_login.parse_args() username, password = args.get('username'), args.get('password') user = db.user.find_by_username(username=username) if user is None: return make_result(403) uid = user.get('uid') result = db.session.check_password(uid=uid, password=password) if not result: return make_result(403) db.session.update_login(uid) token_payload = {'uid': uid} access_token = create_access_token(token_payload) refresh_token = create_refresh_token(token_payload) return make_result(data={ 'access_token': access_token, 'refresh_token': refresh_token })
def post(self, uid: int): """ 发布新内容 :return: """ content = self.args_post_content.parse_args() content = {k: content[k] for k in content if content[k] is not None} content['author'] = uid cid = db.content.insert(content) return make_result(data={'cid': cid})
def get(self): """ 更新 access_token :return: """ refresh_token = self.args_update.parse_args().get('refresh_token') try: data = Statics.tjw_refresh_token.loads(refresh_token) except (BadSignature, BadData, BadHeader, BadPayload) as e: return make_result(422, message=f"Bad token: {e}") except BadTimeSignature: return make_result(424) uid = data.get('uid') payload = {'uid': uid} access_token = create_access_token(payload) refresh_token_new = create_refresh_token(payload) return make_result(data={ 'access_token': access_token, 'refresh_token': refresh_token_new })
def wrapper(*args, **kwargs): # logger.warning(f" auth now: {fn}, {dir(fn)}") if 'Resource.dispatch_request' in str(fn) or ( '__auth_not_required__' in dir(fn) and fn.__auth_not_required__ is True) or \ ('__inner__' in dir(fn) and ( "Resource.dispatch_request" in str(fn.__inner__) or "__auth_not_required__" in str( fn.__inner__))): return fn(*args, **kwargs) args_ = auth_reqparse.parse_args() logger.info(f" auth args: {args_}, {fn.__inner__}") auth = args_.get(Constants.JWT_HEADER_NAME, None) if auth is None: return make_result(401) try: data = Statics.tjw_access_token.loads(auth) if data.get('type', None) != 'access_token': raise BadSignature("Token type error.") except (BadSignature, BadData, BadHeader, BadPayload) as e: return make_result(422, message=f"Bad token: {e}") except BadTimeSignature: return make_result(423) logger.info(f"data: {data}") kwargs['uid'] = data.get('uid') return fn(*args, **kwargs)
def get(self): """ 获取发布的内容列表 :return: """ args = self.args_list_content.parse_args() filters = args.get('filters') filters = {} if filters is None else filters args = {k: args[k] for k in args if args[k] is not None} kwargs = {} kws = ['sort_by', 'limit', 'offset', 'reverse'] for k in kws: if k in args: kwargs[k] = args[k] # TODO: 检查 filter 是否合法 result = db.content.find(filters, **kwargs) return make_result(data={'content_list': result})
def delete(self, uid: int): """ 注销 :return: """ return make_result()
def put(self, uid: int): password = self.args_update_password.parse_args().get('password') if not db.session.update_one(uid, password): return make_result(400) return make_result()