def verify_auth_token(token):
s = Serializer(SysConfig.SecretKey())
try:
data = s.loads(token)
except SignatureExpired:
print("token过期了")
return SysConfig.ReturnCode("TOKEN_EXPIRED")
except BadSignature:
print("无效的token")
return SysConfig.ReturnCode("TOKEN_ERROR")
user = User.query.get(data['ID'])
return user
def wrapper(*args, **kwargs):
parser.add_argument('UserID', location='headers')
args = parser.parse_args()
print("UserID认证:", {args["UserID"]})
if not args["UserID"]:
return SysConfig.ReturnCode("USERID_NEED")
check_user = User.query.get(args["UserID"])
if not check_user:
return SysConfig.ReturnCode("USER_NOT_EXIST")
if check_user.RoleID != 1:
return SysConfig.ReturnCode("USER_NOT_PERMISSION")
return func(*args, **kwargs)
def delete(self, *args, **kwargs):
parser.add_argument("ArticleID")
args = parser.parse_args()
check_article = Article.query.get(args["ArticleID"])
if not check_article:
return SysConfig.ReturnCode("ARTICLE_NOT_EXIST")
db.session.delete(check_article)
try:
db.session.commit()
return SysConfig.ReturnCode("DELETE_SUCCESS")
except Exception as e:
db.session.rollback()
return {"code": 204, "message": f"删除失败!{str(e)}"}
def post(self):
parser.add_argument("Password", help="用户密码")
args = parser.parse_args()
check_user = User.query.filter_by(UserName=args["UserName"]).first()
if not check_user:
return SysConfig.ReturnCode("USER_NOT_EXIST")
if not check_user.verify_password(args["Password"]):
return SysConfig.ReturnCode("USER_PASSWORD_ERROR")
token = check_user.generate_auth_token()
return {
"code": 200,
"Token": token.decode('ascii'),
"UserID": check_user.ID
}
def post(self):
print("开始添加用户")
parser.add_argument("Password", help="密码")
args = parser.parse_args()
if args["UserName"] == None or args["UserName"] == "":
return SysConfig.ReturnCode("USER_NAME_EMPTY")
if args["Password"] == None or args["Password"] == "":
return SysConfig.ReturnCode("USER_PASSWORD_EMPTY")
check_user = User.query.filter_by(UserName=args["UserName"]).first()
if check_user:
return SysConfig.ReturnCode("USER_EXIST")
check_user = User()
check_user.UserName = args["UserName"]
check_user.password = args["Password"]
db.session.add(check_user)
db.session.commit()
return SysConfig.ReturnCode("SIGN_UP_SUCCESS")
def put(self, *args, **kwargs):
parser.add_argument("ArticleID")
parser.add_argument("Title")
parser.add_argument("Text")
args = parser.parse_args()
check_article = Article.query.get(args["ArticleID"])
if not check_article:
return SysConfig.ReturnCode("ARTICLE_NOT_EXIST")
check_article.Title = args["Title"]
check_article.Text = args["Text"]
check_article.UpdateTime = datetime.now()
try:
db.session.commit()
return SysConfig.ReturnCode("CHANGE_SUCCESS")
except Exception as e:
db.session.rollback()
return {"code": 204, "message": f"添加失败!{str(e)}"}
def wrapper(*args, **kwargs):
parser.add_argument('Token', location='headers')
args = parser.parse_args()
print("token认证:", {args["Token"]})
if not args["Token"]:
return SysConfig.ReturnCode("TOKEN_NEED")
check_user = User.verify_auth_token(args["Token"])
if type(check_user) == type({}):
return check_user
return func(*args, **kwargs)
def get(self, *args, **kwargs):
parser.add_argument("ArticleID")
args = parser.parse_args()
# 下面注释了无需链表的查询
# article = Article.query.get(args['ArticleID'])
article = db.session.query(
Article.Title, Article.Text, Article.UserID, Article.CreateTime,
Article.UpdateTime,
User.UserName).outerjoin(User, Article.UserID == User.ID).filter(
Article.ID == args['ArticleID']).first()
if not article:
return SysConfig.ReturnCode("ARTICLE_NOT_EXIST")
article_schema = ArticleSchema()
return article_schema.dump(article)
def generate_auth_token(self, expiration=600):
s = Serializer(SysConfig.SecretKey(), expires_in=expiration)
return s.dumps({'ID': self.ID})