def delete_(self):
""" 删除群成员信息 """
print('---------------删除群组成员--------------------')
print(self.request_data)
group_id = self.request_data.get('group_id')
to_user_id = self.request_data.get('to_user_id')
# 判断参数是否完整
if not all([group_id, to_user_id]):
self.result = params_error()
# 获取用户在群组信息
group_user_obj = self.check_group_user(self.user_id, group_id)
# 获取被删除用户在群组信息
to_group_user_obj = self.check_group_user(to_user_id, group_id)
if not to_group_user_obj:
return
# 判断用户是否拥有删除用户权限
# 用户不为站长,并且用户不在群组中,或者,权限小于目标用户权限
if self.user_obj.type != 0 and (
not group_user_obj or
(group_user_obj.type >= to_group_user_obj.type)):
self.result = unauth_error(message='无修改权限')
return
db.session.delete(to_group_user_obj)
if self.commit():
self.result = success(message='删除成功')
def delete_news_category(request):
pk = request.POST.get('pk')
try:
NewsCategory.objects.filter(pk=pk).delete()
return restful.ok()
except:
return restful.unauth_error(message="删除的分类不存在!")
def login_view(request):
if request.method == 'GET':
return render(request, 'login.html')
else:
#实例化表单对象
form = LoginForm(request.POST)
if form.is_valid(): #如果符合表单验证要求
#接收表单提交
telephone = form.cleaned_data.get('telephone')
print(telephone)
password = form.cleaned_data.get('password')
print(password)
remember = form.cleaned_data.get('remember')
print(remember)
#验证用户名和密码
user = authenticate(request, username=telephone, password=password)
if user:
if user.is_active: #如果用户不是黑名单
login(request, user)
if remember:
#如果用户点击了记住我 那么让session永不过期
#默认的时间为14天
request.session.set_expiry(None)
else:
#否则会话结束就过期
request.session.set_expiry(0)
return restful.success()
else:
return restful.unauth_error(message="您的账户被冻结了")
else:
return restful.params_error(message="手机号或者密码错误")
else:
errors = form.get_errors()
return restful.params_error(message=errors)
def add_(self):
""" 添加好友,只有副站长和管理员拥有加人权限,强制添加,不需要同意 """
# 判断用户是否存在,获取用户
user_obj = self.check_user()
if not user_obj:
return
friend_id = self.request_data.get('friend_id')
if not friend_id:
self.result = params_error()
return
# 判断被添加用户是否存在
to_user_obj = self.check_user(friend_id)
if not to_user_obj:
return
# 获取群ID
group_id = self.request_data.get('group_id')
group_user_obj = self.check_group_user(self.user_id, group_id)
if user_obj.type in [0, 1] or (group_user_obj
and group_user_obj.type in [0, 1]):
self.add_handler(self.user_id, friend_id)
else:
self.result = unauth_error(message='无添加权限')
def get_(self):
""" 获取群成员信息 """
group_id = self.request_data.get('group_id')
if not all([group_id, self.user_id]):
self.result = params_error()
return
# 获取成员是否在群组中
group_user_obj = self.check_group_user(self.user_id, group_id)
# 判断用户是否拥有添加成员权限,判断是否为站长,或者是否为群主或群管理员
if self.user_obj.type != 0 and not group_user_obj:
self.result = unauth_error(message='用户无权限')
return
# 获取成员列表
group_user_query = self.query_(GroupsToUser, {'group_id': group_id},
'群组成员获取异常')
if not group_user_query:
return
data_list = []
for group_user in group_user_query:
user = self.check_user(group_user.user_id)
if user:
data_list.append(user.to_dict())
self.result = success(data=data_list)
def check_login():
"""
检查用户是否登录
:return:
"""
user_id = session.get('id')
print('用户ID:', user_id)
if not user_id:
return jsonify(unauth_error(message='用户未登录'))
user_obj = User.query.filter_by(id=user_id).first()
if not user_obj:
return jsonify(unauth_error(message='用户不存在'))
# 返回已登录状态,和用户数据
return jsonify(success(data=user_obj.to_dict()))
def login_view(request):
form = forms.LoginForm(request.POST)
if form.is_valid():
telephone = form.cleaned_data.get('telephone')
password = form.cleaned_data.get('password')
remember = form.cleaned_data.get('remember')
user = authenticate(request, telephone=telephone, password=password)
if user:
if user.is_active:
login(request, user)
if remember:
request.session.set_expiry(None)
else:
request.session.set_expiry(0)
return restful.success()
# return JsonResponse({'code': 200, 'message': '', 'data': {}})
else:
return restful.unauth_error(message='您的账号已被冻结!')
# return JsonResponse({'code': 405, 'message': '您的账号已被冻结!', 'data':{}})
else:
return restful.parms_error(message='手机号或密码错误!')
# return JsonResponse({'code': 400, 'message': '手机号或密码错误!', 'data':{}})
else:
return restful.parms_error(message=form.get_errors())
# return JsonResponse({'code': 400, 'message': '参数输入错误!', 'data': form.get_errors()})
def login_view(request):
form = LoginForm(request.POST)
if form.is_valid():
telephone = form.cleaned_data.get('telephone')
password = form.cleaned_data.get('password')
remember = form.cleaned_data.get('remember')
user = authenticate(request, username=telephone, password=password)
if user:
if user.is_active:
login(request, user)
if remember:
request.session.set_expiry(None)
else:
request.session.set_expiry(0)
return restful.ok()
else:
return restful.unauth_error(message="您的账号已经被冻结")
else:
return restful.params_error(message="账号或者密码错误")
else:
errors = form.get_errors()
# {"password": ['密码长度不能超过20位!', 'xxx'], "telephone": ['xx', 'xx']}
return restful.params_error(message=errors)
def tx_login(request):
form = LoginForm(request.POST)
if form.is_valid():
telephone = form.cleaned_data.get('telephone')
password = form.cleaned_data.get('password')
remember = form.cleaned_data.get('remember')
user = authenticate(request, username=telephone, password=password)
# print('user:%s' % user)
if user:
if user.is_active:
login(request, user)
if remember:
request.session.set_expiry(None)
else:
request.session.set_expiry(0)
return restful.ok()
# JsonResponse({"code":200,"message":"","data":{}})
else:
return restful.unauth_error(message="您帐号没有权限访问!")
else:
return restful.params_error(message="您帐号或密码错误!")
else:
# 表单验证失败
errors = form.get_error()
# {"passwrd":['密码过长','密码果断'],"telephone":['xx','xxxx']}
return restful.params_error(message=errors)
def wrapper(request, *args, **kwargs):
if request.user.is_authenticated:
return func(*args, **kwargs)
else:
if request.is_ajax():
return restful.unauth_error(message="请先登录")
else:
redirect('/')
def post(self):
parse = reqparse.RequestParser()
parse.add_argument('token', type=str)
args = parse.parse_args()
token = json.loads(args.get('token')).get('data', None)
user = FrontUserModel.verify_auth_token(token)
if user:
return user
else:
return restful.unauth_error(message='登陆后评论')
def wrapper(*args, **kwargs):
if current_user.is_authenticated:
return func(*args, **kwargs)
else:
if request.is_xhr:
return restful.unauth_error('请先进行登陆')
current_bp = request.blueprint
login_view = current_bp + '.login'
redirect_url = login_url(url_for(login_view), next_url=request.url)
return redirect(redirect_url)
def check_chat(self, chat_id):
""" 检查聊天是否存在 """
try:
chat_obj = Chat.query.get(chat_id)
except Exception as e:
current_app.logger.error(e)
self.result = server_error(message='聊天信息查询异常')
return
if not chat_obj:
self.result = unauth_error(message='聊天不存在')
return chat_obj
def check_user(self, user_id=None):
""" 检查用户是否存在 """
user_id = user_id or self.user_id
try:
user_obj = User.query.get(user_id)
except Exception as e:
current_app.logger.error(e)
self.result = server_error(message='用户查询异常')
return
if not user_obj:
self.result = unauth_error(message='用户不存在')
return
return user_obj
def check_group_user(self, user_id, group_id):
""" 检查用户是否在群组中 """
try:
group_user_obj = GroupsToUser.query.filter_by(
user_id=user_id, group_id=group_id).first()
except Exception as e:
current_app.logger.error(e)
self.result = server_error(message='群组成员查询异常')
return
if not group_user_obj:
self.result = unauth_error(message='权限异常')
return
return group_user_obj
def check_group(self, group_id):
""" 检查群组是否存在 """
# 获取用户信息
user_obj = self.check_user()
if not user_obj:
return
# 判断用户是否在群组中
group_user = self.check_group_user(self.user_id, group_id)
if not group_user and user_obj.type != 0:
self.result = unauth_error(message='权限异常')
return
try:
group_obj = Group.query.get(group_id)
except Exception as e:
current_app.logger.error(e)
self.result = server_error(message='群组查询异常')
return
if not group_obj:
self.result = unauth_error(message='群组不存在')
return
return group_obj
def get_(self):
""" 查询用户 """
print('request_data:', self.request_data)
username = self.request_data.get('username')
# 判断用户是否拥有查询用户权限, 只有站长和副站长拥有查询权限
if self.user_obj.type not in [0, 1]:
self.result = unauth_error(message='无操作权限')
return
user = self.query_(User, {'username': username}, '用户信息获取异常').first()
print('username:', username)
data = user.to_dict() if user else {}
print(data)
self.result = success(data=data)
def post(self):
form = ResetpwdForm(request.form)
if form.validate():
oldpwd = form.oldpwd.data
newpwd = form.newpwd.data
user = g.eog_user
if user.password == oldpwd:
user.password = newpwd
user.save()
NowTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
change_password_signal.send(operate_time=NowTime, ip=request.remote_addr)
return restful.success()
else:
return restful.params_error('旧密码错误!')
else:
message = form.get_error()
return restful.unauth_error(message=message)
def put_(self):
""" 修改群组信息,群组名称,头像 """
group_id = self.request_data.get('group_id')
group_logo = self.request_data.get('group_logo')
name = self.request_data.get('name')
group_info = self.request_data.get('group_info')
# 用户ID和群组ID必须存在,并且群组名和群组头像至少存在一项
if not all([group_id, self.user_id
]) or (all([group_id, self.user_id]) and
(not group_logo and not name and not group_info)):
self.result = params_error()
return
# 获取群组信息,判断群组是否存在
group_obj = self.check_group(group_id)
if not group_obj:
return
# 获取用户信息,判断用户是否存在
user_obj = self.check_user()
if not user_obj:
return
# 判断用户是否有修改群组权限
group_user_obj = self.check_group_user(self.user_id, group_id)
# 用户不在群组中并且用户非站长, 或者用户在群组中非管理员
if user_obj.type != 0 and (not group_user_obj
or group_user_obj.type not in [0, 1]):
self.result = unauth_error(message='用户无修改群组权限')
return
# 修改群组信息
if name:
group_obj.name = name
if group_logo:
group_obj.logo = group_logo
if group_info:
group_obj.info = group_info
# 提交修改
if not self.commit('群组名已存在', '群组修改异常'):
return
self.result = success(message='群组修改成功')
def post(self):
form = SignUpForm(request.form)
if form.validate():
email = form.email.data
user = FrontUser.query.filter_by(email=email).first()
if user:
return restful.unauth_error('邮箱地址已存在,请换一个邮箱地址!')
else:
user_message = FrontUser(username=email,
tel=get_tel.create_phone(),
password=form.password.data,
email=form.email.data)
db.session.add(user_message)
db.session.commit()
return restful.success()
else:
return restful.params_error(message=form.get_error())
def add_(self):
""" 添加群成员 """
group_id = self.request_data.get('group_id')
member_list = self.request_data.get('member_list')
print(member_list)
# 判断参数是否完整
if not all([group_id, self.user_id, member_list]):
self.result = params_error()
return
# 获取成员是否在群组中
group_user_obj = self.check_group_user(self.user_id, group_id)
# 判断用户是否拥有添加成员权限,判断是否为站长,或者是否为群主或群管理员
if self.user_obj.type != 0 and (not group_user_obj
or group_user_obj.type not in [0, 1]):
self.result = unauth_error(message='用户无权限')
return
# 添加群组信息
for user_id in member_list:
# 判断添加的用户是否存在
user_obj = self.check_user(user_id)
# 不存在跳过
if not user_obj:
continue
# 判断用户是否已经在群组中
group_user_obj = self.check_group_user(group_id, user_id)
# 存在则跳过
if group_user_obj:
continue
# 存在则添加到群组表中
group_user_obj = GroupsToUser(group_id=group_id, user_id=user_id)
db.session.add(group_user_obj)
if not self.commit(content2='添加异常'):
return
self.result = success(message='用户添加成功')
def add_(self):
""" 添加聊天信息 """
print('add_chat.', self.request_data)
chat_type = self.request_data.get('chat_type')
if chat_type == 1:
name = self.request_data.get('username')
else:
name = self.request_data.get('name')
chat_obj_id = self.request_data.get('id')
logo = self.request_data.get('logo') or ''
if not all([name, chat_type, chat_obj_id]) or chat_type not in [1, 2]:
self.result = params_error()
return
if chat_type == 2:
chat_obj = self.check_group(chat_obj_id)
else:
chat_obj = self.check_friend(self.user_id, chat_obj_id)
if not chat_obj:
self.result = unauth_error('聊天对象不存在')
return
# 判断聊天对象是否存在
chat = Chat.query.filter_by(user_id=self.user_id,
type=chat_type,
chat_obj_id=chat_obj_id).first()
if chat:
self.result = success(data=chat.id)
return
chat = Chat(name=name,
type=chat_type,
chat_obj_id=chat_obj_id,
user_id=self.user_id,
logo=logo)
db.session.add(chat)
self.commit()
self.result = success(message='聊天信息添加成功', data=chat.id)
def delete_(self):
chat_id = self.request_data.get('chat_id')
if not chat_id:
self.result = params_error()
return
chat_obj = self.check_chat(chat_id)
if not chat_obj:
return
if not self.user_obj:
return
# 判断当前聊天是否属于该用户
if chat_obj.user_id != self.user_id:
self.result = unauth_error('用户无权限')
return
db.session.delete(chat_obj)
if not self.commit():
self.result = server_error('删除异常')
self.result = success()
def course_token(request):
course_id = request.GET.get('course_id')
if not CourseOrder.objects.filter(
course_id=course_id, buyer=request.user, status=0).exists():
return restful.unauth_error(message="请先购买课程!")
# video:是视频文件的完整链接
file = request.GET.get('video_url')
expiration_time = int(time.time()) + 2 * 60 * 60
USER_ID = settings.BAIDU_CLOUD_USER_ID
USER_KEY = settings.BAIDU_CLOUD_USER_KEY
# file=http://hemvpc6ui1kef2g0dd2.exp.bcevod.com/mda-igjsr8g7z7zqwnav/mda-igjsr8g7z7zqwnav.m3u8
extension = os.path.splitext(file)[1]
media_id = file.split('/')[-1].replace(extension, '')
# unicode->bytes=unicode.encode('utf-8')bytes
key = USER_KEY.encode('utf-8')
message = '/{0}/{1}'.format(media_id, expiration_time).encode('utf-8')
signature = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest()
token = '{0}_{1}_{2}'.format(signature, USER_ID, expiration_time)
return restful.result(data={'token': token})
def login_view(request):
# 实例化表单对象
form = LoginForm(request.POST)
if form.is_valid():
telephone = form.cleaned_data.get('telephone')
password = form.cleaned_data.get('password')
remember = form.cleaned_data.get('remember')
user = authenticate(request, username=telephone, password=password)
if user:
if user.is_active:
login(request, user)
if remember:
request.session.set_expiry(None)
else:
request.session.set_expiry(0)
return restful
else:
return restful.unauth_error(message="您的账户被冻结")
else:
return restful.params_error(message="手机号或者密码错误")
else:
errors = form.get_errors()
return restful.params_error(message=errors)
def login_view(request):
form = LoginForm(request.POST)
if form.is_valid():
telephone = form.cleaned_data.get('telephone')
password = form.cleaned_data.get('password')
remember = form.cleaned_data.get('remember')
user = authenticate(request, telephone=telephone, password=password)
if user:
if user.is_active:
login(request, user)
if remember:
request.session.set_expiry(None)
else:
request.session.set_expiry(0)
# 返回200的状态码,就代表的是可以正常访问
return restful.ok()
else:
# 用户已经被拉黑了,没有权限
return restful.unauth_error(message="您的账号已被冻结")
else:
return restful.params_error(message="您输入的手机号或密码不正确")
else:
errors = form.get_errors()
return restful.params_error(message=errors)
def add_(self):
""" 添加群组信息 """
print(self.request_data)
name = self.request_data.get('group_name')
if not all([self.user_id, name]):
self.result = params_error()
return
# 获取用户,判断用户类型是否正确
if not self.user_obj or self.user_obj.type not in [0, 1]:
self.result = unauth_error(message='用户无权限')
return
# 设置群组头像,随机从默认图片中选取一张做为头像
group_logo = self.request_data.get('group_logo')
if not group_logo:
group_logo = random.choice(DEFAULT_IMAGES)
# 添加群组
group_info = self.request_data.get('info') # 获取群公告信息
group_obj = Group(name=name, logo=group_logo, group_info=group_info)
db.session.add(group_obj)
if not self.commit('群组已存在', '群组添加异常'):
return
print('group_obj...', group_obj.id)
# 添加群组成员
group_to_user = GroupsToUser(group_id=group_obj.id,
user_id=self.user_id,
type=0)
db.session.add(group_to_user)
if not self.commit(content2='群组添加异常'):
return
self.result = success(message='群组添加成功')
def login_view(request):
forms = LoginForm(request.POST)
if forms.is_valid():
telephone = forms.cleaned_data.get('telephone')
password = forms.cleaned_data.get('password')
remember = forms.cleaned_data.get(('remember'))
user = authenticate(request, username=telephone, password=password)
if user:
if user.is_active:
login(request, user)
if remember:
request.session.set_expiry(None)
else:
request.session.set_expiry(0)
print(JsonResponse({'code': 200, 'message': '', 'data': {}}))
print(remember)
return restful.ok()
else:
return restful.unauth_error(message='您的账号已被冻结')
else:
return restful.params_error(message='手机号码或者密码错误')
else:
errors = forms.get_errors()
return restful.params_error(message=errors)
def put_(self):
""" 修改群成员信息 """
group_id = self.request_data.get('group_id')
to_user_id = self.request_data.get('to_user_id')
remark_name = self.request_data.get('remark_name')
group_type = self.request_data.get(
'group_type') # 成员类型,{0: 群主,1: 管理员, 2:成员}
# 判断参数是否完整
if not all([group_id, self.user_id, to_user_id]) or (not remark_name or
not group_type):
self.result = params_error()
return
# 判断参数类型是否正确
if group_type and group_type not in [1, 2] or not isinstance(
remark_name, str):
self.result = params_error(message='参数格式不正确')
return
# 修改用户类型,两个用户不能一致
if group_type and self.user_id == to_user_id:
self.result = unauth_error(message='权限错误')
return
# 检查用户和群组信息是否存在
user_obj = self.check_user()
if not user_obj:
return
group_obj = self.check_group(group_id)
if not group_obj:
return
# 判断目标用户是否存在
if self.user_id != to_user_id:
to_user_obj = self.check_user(to_user_id)
if not to_user_obj:
return
# 判断目标用户是否在群组中
to_group_user_obj = self.check_group_user(to_user_id, group_id)
if not to_group_user_obj:
return
# 修改备注名称
if remark_name:
# 判断用户是否有修改权限,如果用户ID不一致,则获取操作用户的权限
if self.user_id != to_user_id:
group_user_obj = self.check_group_user(self.user_id, group_id)
# 用户不为站长,并且用户不在群组中,或者用户不为群主和群管理员
if user_obj.type != 0 and (not group_user_obj or
group_user_obj.type not in [0, 1]):
self.result = unauth_error(message='用户无修改权限')
return
# 修改备注名
to_group_user_obj.remark = remark_name
# 修改用户权限
else:
group_user_obj = self.check_group_user(self.user_id, group_id)
# 用户不为站长,并且用户不在群组中,或者用户不为群主,或者被修改用户为群主
if user_obj.type != 0 and (not group_user_obj
or group_user_obj.type != 0
or to_group_user_obj.type == 0):
self.result = unauth_error(message='用户无修改权限')
return
# 修改用户权限
to_group_user_obj.type = group_type
if not self.commit(content2='群组成员信息修改异常'):
return
self.result = success(message='修改成功')
def login():
"""
用户登录
用户名、 密码
:return:
"""
#index_url = url_for('.index', _external=True)
#if session.get('id'):
# return redirect(index_url)
#if request.method == 'GET':
# return render_template('login.html')
# 获取用户传输数据
request_data = request.json
username = request_data.get('username')
password = request_data.get('password')
if not all([username, password]):
#return render_template('login.html', message='缺少必要参数')
return jsonify(params_error(message='缺少必要参数'))
# 获取用户登录IP
user_ip = request.remote_addr
try:
access_nums = redis_store.get('access_num_%s' % user_ip)
except Exception as e:
current_app.logger.error(e)
else:
if access_nums and int(access_nums) >= 5:
#return render_template('login.html', message='错误次数过多,请稍后重试')
return jsonify(unauth_error(message='错误次数过多,请稍后重试'))
# 从数据库查询用户对象
try:
user_obj = User.query.filter_by(username=username).first()
except Exception as e:
current_app.logger.error(e)
#return render_template('login.html', message='获取用户信息失败')
return jsonify(server_error(message='获取用户信息失败'))
# 取出用户密码与数据库密码对比
if not user_obj or not user_obj.check_password(password):
# 如果用户不存在或者用户密码不正确,返回错误消息,并记录错误次数
try:
# redis的incr可以对字符串类型数据进行加1操作,如果数据开始不存在,则默认设置为1
redis_store.incr('access_num_%s' % user_ip)
redis_store.expire('access_num_%s' % user_ip, 600) # 数据保存600秒
except Exception as e:
current_app.logger.error(e)
#return render_template('login.html', message='用户名或密码错误')
return jsonify(unauth_error(message='用户名或密码错误'))
# 登录成功
session['username'] = username
session['nickname'] = user_obj.nickname
session['id'] = user_obj.id
# 更改用户在线状态
user_obj.state = 1
try:
db.session.commit()
except Exception as e:
current_app.logger.error(e)
#return render_template('login.html', message='登录异常')
return jsonify(server_error('登录异常'))
#return redirect(index_url)
return jsonify(success(data=user_obj.to_dict(), message='用户登录成功'))
