Exemplo n.º 1
0
 def post(self):
     res = AppSetting.general_result()
     res["err_code"] = APIStatus.INTERFACE_DISABLED
     res["message"] = "this api is not use"
     res["result"] = "fail"
     self.write(json.dumps(res))
     self.finish()
Exemplo n.º 2
0
 def prepare(self):
     req_path = self.request.uri
     method = self.request.method
     if method == "OPTIONS" or method == "options":
         return
     if req_path.startswith("/api") and (req_path
                                         not in AppSetting.TOKEN_EXTERNAL):
         res = AppSetting.general_result()
         if AppSetting.AUTH_KEY not in self.request.headers:
             res["result"] = "fail"
             res["err_code"] = APIStatus.TOKEN_BROKEN
             res["message"] = "no token"
             self.write(json.dumps(res))
             self.finish()
             return
         token = self.request.headers[AppSetting.AUTH_KEY]
         try:
             user_payload = jwt.decode(token,
                                       AppSetting.TOKEN_SECRET,
                                       algorithm='HS256')
         except Exception as err:
             res["result"] = "fail"
             res["err_code"] = APIStatus.TOKEN_BROKEN
             res["message"] = str(err)
             self.write(json.dumps(res))
             self.finish()
             return
         self.current_user = user_payload
         self.request_info["username"] = self.current_user["username"]
Exemplo n.º 3
0
 def delete(self):
     res = AppSetting.general_result()
     res["err_code"] = APIStatus.INTERFACE_DISABLED
     res["message"] = "this interface is disabled."
     res["result"] = "fail"
     self.write(json.dumps(res))
     self.finish()
Exemplo n.º 4
0
    def get(self, args_, headers):
        res = AppSetting.general_result()

        res["cmd"] = "token_info"
        if AppSetting.AUTH_KEY not in headers:
            res["result"] = "fail"
            res["err_code"] = APIStatus.TOKEN_BROKEN
            res["message"] = "no token"
            return res
        token = headers[AppSetting.AUTH_KEY]
        try:
            user_payload = jwt.decode(token,
                                      AppSetting.TOKEN_SECRET,
                                      algorithm='HS256')
        except Exception as err:
            res["result"] = "fail"
            res["err_code"] = APIStatus.TOKEN_BROKEN
            res["message"] = str(err)
            return res

        res["data"] = user_payload
        self.request_info["username"] = user_payload["username"]
        res["request_info"] = self.request_info
        res["data"]["token"] = token
        res["err_code"] = APIStatus.SUCCESS
        return res
Exemplo n.º 5
0
 def post(self):
     res = AppSetting.general_result()
     res["cmd"] = "upload-file"
     log_info = self.request_info
     file_list = self.request.files.get('file', "")
     if not file_list:
         res["err_code"] = APIStatus.FIELD_LACK
         res["message"] = "no such params: file"
         res["result"] = "fail"
         log_info["message"] = res["message"]
         log_info["err_code"] = res["err_code"]
         self.write(json.dumps(res))
         self.finish()
         logger.error(json.dumps(log_info))
         return
     file_obj = self.request.files['file'][0]
     filename = file_obj['filename']
     upload_path = os.path.join(AppSetting.BASE_DIR, AppSetting.UP_FILE_DIR)
     try:
         with open(os.path.join(upload_path, filename), 'wb') as fh:
             fh.write(file_obj['body'])
         print("success")
         res["err_code"] = APIStatus.SUCCESS
         res["data"] = {"filename": filename}
     except IOError as e:
         res["err_code"] = APIStatus.FILE_IO_ERROR
         res["message"] = str(e)
         log_info["message"] = res["message"]
         log_info["err_code"] = res["err_code"]
         logger.error(json.dumps(log_info))
     else:
         logger.info(json.dumps(log_info))
     self.write(json.dumps(res))
     self.finish()
Exemplo n.º 6
0
 def delete(self, args_, current_user):
     """
     删除用户,逻辑删除
     :return:
     """
     res = AppSetting.general_result()
     res["request_info"] = self.request_info
     if not Permission.check_user_role(self.edit_roles,
                                       current_user["roles"]):
         res["err_code"] = APIStatus.ROLE_FORBIDDEN
         res["message"] = "user role is forbidden: {}".format(
             current_user["username"])
         res["result"] = "fail"
         return res
     if "item" not in args_ or not args_["item"]:
         res["err_code"] = APIStatus.FIELD_LACK
         res["message"] = "no such params: item"
         res["result"] = "fail"
         return res
     res["data"] = {"uid": args_.get("item", "")}
     try:
         self.controller.delete(args_["item"])
     except SQLAlchemyError as err:
         # print(err.orig.args)
         res["err_code"] = APIStatus.DB_ERROR
         res["message"] = json.dumps(err.orig.args)
         res["result"] = "fail"
     except Exception as err:
         res["err_code"] = APIStatus.UNDEFINED
         res["message"] = str(err)
         res["result"] = "fail"
     else:
         res["err_code"] = APIStatus.SUCCESS
     return res
Exemplo n.º 7
0
 def get(self):
     res = AppSetting.general_result()
     res["err_code"] = APIStatus.SUCCESS
     res["message"] = ""
     res["result"] = "ok"
     res["data"] = "Deepcyto KaryoType Restful"
     self.write(json.dumps(res))
     self.finish()
Exemplo n.º 8
0
 def put(self, args_, body_, current_user=None):
     res = AppSetting.general_result()
     res["cmd"] = "login"
     self.request_info["username"] = body_["username"]
     res["request_info"] = self.request_info
     if not body_ or "username" not in body_ or body_["username"] == "":
         res["err_code"] = APIStatus.USER_ERROR
         res["result"] = "fail"
         res["message"] = "user name empty"
         return res
     try:
         user = self.controller.search(username=body_["username"])
     except Exception as err:
         res["err_code"] = APIStatus.DB_ERROR
         res["result"] = "fail"
         res["message"] = str(err)
         return res
     if not user:
         res["err_code"] = APIStatus.USER_ERROR
         res["result"] = "fail"
         res["message"] = "user name error"
         return res
     if not check_password_hash(user["password"], body_["password"]):
         res["err_code"] = APIStatus.PASS_WORD_ERROR
         res["result"] = "fail"
         res["message"] = "user password error"
         return res
     roles = [user["role_ref"]["code"]]
     username = body_["username"]
     expire_time = int(time.time() + 3600 * 12)
     encoded = jwt.encode(
         {
             'uid': user["uid"],
             "username": username,
             "name": user["name"],
             "roles": roles,
             'exp': expire_time
         },
         AppSetting.TOKEN_SECRET,
         algorithm='HS256')
     token = str(encoded, encoding='utf-8')
     self.controller.update(user["uid"], is_login=True)
     res["err_code"] = APIStatus.SUCCESS
     res["data"] = {
         "roles": roles,
         "username": username,
         "token": token,
         "name": user["name"],
     }
     return res
Exemplo n.º 9
0
    def get(self, args_, current_user):
        """
        获取用户信息
        :return:
        """
        res = AppSetting.general_result()
        res["request_info"] = self.request_info
        if not Permission.check_user_role(self.view_roles,
                                          current_user["roles"]):
            res["err_code"] = APIStatus.ROLE_FORBIDDEN
            res["message"] = "user role is forbidden: {}".format(
                current_user["username"])
            res["result"] = "fail"
            return res

        order_key = args_.get("order_key", "-create_time")
        if order_key:
            if order_key.startswith("-"):
                key_check = order_key[1:]
            else:
                key_check = order_key
            if key_check not in self.fields_border:
                res["err_code"] = APIStatus.FIELD_OUTER
                res["message"] = "order_key: [{}] is unknown field".format(
                    key_check)
                res["result"] = "fail"
                return res

        start = args_.get("start", 0)
        count = args_.get("count", 0)

        start = start if isinstance(start, int) and start >= 0 else 0
        count = count if isinstance(count, int) and count >= 0 else 0
        try:
            total = self.controller.count()
            res["data"] = self.controller.all(
                start=start, count=count, order_key=order_key) or []
        except SQLAlchemyError as err:
            # print(err.orig.args)
            res["err_code"] = APIStatus.DB_ERROR
            res["message"] = json.dumps(err.orig.args)
            res["result"] = "fail"
        except Exception as err:
            res["err_code"] = APIStatus.UNDEFINED
            res["message"] = str(err)
            res["result"] = "fail"
        else:
            res["err_code"] = APIStatus.SUCCESS
            res["total"] = total
        return res
Exemplo n.º 10
0
    def put(self, args_, body_, current_user):
        """
        更改用户信息
        :return:
        """
        res = AppSetting.general_result()
        res["request_info"] = self.request_info
        if not Permission.check_user_role(self.edit_roles,
                                          current_user["roles"]):
            res["err_code"] = APIStatus.ROLE_FORBIDDEN
            res["message"] = "user role is forbidden: {}".format(
                current_user["username"])
            res["result"] = "fail"
            return res
        if "item" not in args_ or not args_["item"]:
            res["err_code"] = APIStatus.FIELD_LACK
            res["message"] = "no such params: item"
            res["result"] = "fail"
            return res

        res["data"] = {"uid": args_.get("item", "")}
        for field in list(body_.keys()):
            if field not in self.fields_border:
                body_.pop(field)
        # print(body_)
        unique_list = deepcopy(self.controller.get_model().unique_list)
        unique_list.append(self.controller.get_model().key_word)
        try:
            self._check_unique_field(body_, unique_list)
        except Exception as err:
            res["err_code"] = APIStatus.ALREADY_EXIST
            res["message"] = str(err)
            res["result"] = "fail"
            return res
        try:
            self.controller.update(args_["item"], **body_)
        except SQLAlchemyError as err:
            res["err_code"] = APIStatus.DB_ERROR
            res["message"] = json.dumps(err.orig.args)
            res["result"] = "fail"
        except Exception as err:
            res["err_code"] = APIStatus.UNDEFINED
            res["message"] = str(err)
            res["result"] = "fail"
        else:
            res["err_code"] = APIStatus.SUCCESS
        res["err_code"] = APIStatus.SUCCESS
        return res
Exemplo n.º 11
0
 def get(self):
     res = AppSetting.general_result()
     log_info = self.request_info
     if not self.args_["filename"]:
         res["err_code"] = APIStatus.FIELD_LACK
         res["message"] = "no such params: filename"
         res["result"] = "fail"
         log_info["message"] = res["message"]
         log_info["err_code"] = res["err_code"]
         self.write(json.dumps(res))
         self.finish()
         logger.error(json.dumps(log_info))
         return
     full_path = os.path.join(AppSetting.BASE_DIR, AppSetting.DOWN_FILE_DIR,
                              self.args_["filename"])
     if not os.path.exists(full_path):
         res["err_code"] = APIStatus.FILE_IO_ERROR
         res["message"] = "file not exist: {filename}".format(
             filename=self.args_["filename"])
         res["result"] = "fail"
         log_info["message"] = res["message"]
         log_info["err_code"] = res["err_code"]
         self.write(json.dumps(res))
         self.finish()
         logger.error(json.dumps(log_info))
         return
     self.set_header('Content-Type', 'application/octet-stream')
     self.set_header(
         'Content-Disposition', 'attachment; filename="{name}"'.format(
             name=self.args_["filename"].encode("utf-8")))
     with open(full_path, 'rb') as f:
         while True:
             data = f.read(4096)
             if not data:
                 break
             self.write(data)
     self.finish()
     logger.info(json.dumps(log_info))
     return
Exemplo n.º 12
0
    def delete(self, headers, current_user=None):
        res = AppSetting.general_result()
        res["cmd"] = "logout"
        if AppSetting.AUTH_KEY not in headers:
            res["result"] = "fail"
            res["err_code"] = APIStatus.TOKEN_BROKEN
            res["message"] = "no token"
            return res
        token = headers[AppSetting.AUTH_KEY]
        try:
            user_payload = jwt.decode(token,
                                      AppSetting.TOKEN_SECRET,
                                      algorithm='HS256')
        except Exception as err:
            res["result"] = "fail"
            res["err_code"] = APIStatus.TOKEN_BROKEN
            res["message"] = str(err)
            return res
        self.request_info["username"] = user_payload["username"]
        res["request_info"] = self.request_info
        try:
            user = self.controller.search(username=user_payload["username"])
        except Exception as err:
            res["err_code"] = APIStatus.DB_ERROR
            res["result"] = "fail"
            res["message"] = str(err)
            return res
        if not user:
            res["err_code"] = APIStatus.USER_ERROR
            res["result"] = "fail"
            res["message"] = "user name error"
            return res
        self.controller.update(user_payload["uid"], is_login=False)
        res["err_code"] = APIStatus.SUCCESS

        return res
Exemplo n.º 13
0
 def search(self, body_, current_user):
     res = AppSetting.general_result()
     res["request_info"] = self.request_info
     if not Permission.check_user_role(self.view_roles,
                                       current_user["roles"]):
         res["err_code"] = APIStatus.ROLE_FORBIDDEN
         res["message"] = "user role is forbidden: {}".format(
             current_user["username"])
         res["result"] = "fail"
         return res
     try:
         res["data"] = self.controller.search(**body_) or []
     except SQLAlchemyError as err:
         # print(err.orig.args)
         res["err_code"] = APIStatus.DB_ERROR
         res["message"] = json.dumps(err.orig.args)
         res["result"] = "fail"
     except Exception as err:
         res["err_code"] = APIStatus.UNDEFINED
         res["message"] = str(err)
         res["result"] = "fail"
     else:
         res["err_code"] = APIStatus.SUCCESS
     return res
Exemplo n.º 14
0
def before_request():
    req_path = request.path
    session.permanent = True
    app.permanent_session_lifetime = 3600
    if req_path.startswith("/api/dashboard/") and (req_path
                                                   not in token_external):
        res = AppSetting.general_result()
        if AppSetting.AUTH_KEY not in request.headers:
            res["result"] = "fail"
            res["err_code"] = APIStatus.TOKEN_BROKEN
            res["message"] = "no token"
            return json.dumps(res)
        token = request.headers[AppSetting.AUTH_KEY]
        try:
            user_payload = jwt.decode(token,
                                      AppSetting.TOKEN_SECRET,
                                      algorithm='HS256')
        except Exception as err:
            res["result"] = "fail"
            res["err_code"] = APIStatus.TOKEN_BROKEN
            res["message"] = str(err)
            return json.dumps(res)
        # print(session)
        # if user_payload["uid"] not in session:
        #     res["result"] = "fail"
        #     res["err_code"] = APIStatus.NOT_YET_LOGIN
        #     res["message"] = "this user is not login: {}".format(user_payload["username"])
        #     return json.dumps(res)
        # if token != session[user_payload["uid"]]["token"]:
        #     res["result"] = "fail"
        #     res["err_code"] = APIStatus.TOKEN_EXPIRED
        #     res["message"] = "login expired, other client is using this user"
        #     return json.dumps(res)
        del res
        # g_user.user = session[user_payload["uid"]]
        g_user.user = user_payload
Exemplo n.º 15
0
 def post(self, body_, current_user):
     """
     创建新用户
     """
     res = AppSetting.general_result()
     res["request_info"] = self.request_info
     if not Permission.check_user_role(self.edit_roles,
                                       current_user["roles"]):
         res["err_code"] = APIStatus.ROLE_FORBIDDEN
         res["message"] = "user role is forbidden: {}".format(
             current_user["username"])
         res["result"] = "fail"
         return res
     # print(body_)
     for field in self.fields_require:
         if field not in body_:
             res["err_code"] = APIStatus.FIELD_LACK
             res["message"] = "field lack: {}".format(field)
             res["result"] = "fail"
             return res
     for field in list(body_.keys()):
         if field not in self.fields_border:
             body_.pop(field)
     try:
         self._check_unique_field(body_,
                                  self.controller.get_model().unique_list)
     except Exception as err:
         res["err_code"] = APIStatus.ALREADY_EXIST
         res["message"] = str(err)
         res["result"] = "fail"
         return res
     try:
         key_word = self.controller.get_model().key_word
         table_name = self.controller.get_model().table_name
         search_res = self.controller.search_keyword_on_create(
             key_word=body_[key_word])
         if search_res:
             if search_res["deleted"] is None or search_res["deleted"] == "":
                 res["err_code"] = APIStatus.ALREADY_EXIST
                 res["message"] = "{table_name} [{key_word}] is already exist".format(
                     table_name=table_name, key_word=body_[key_word])
                 res["result"] = "fail"
                 return res
             else:
                 uid = search_res["uid"]
                 body_["deleted"] = None
                 self.controller.update(uid, **body_)
                 res["data"] = {"uid": uid}
         else:
             res["data"] = {"uid": self.controller.create(**body_)}
     except SQLAlchemyError as err:
         res["err_code"] = APIStatus.DB_ERROR
         res["message"] = json.dumps(err.orig.args)
         res["result"] = "fail"
     except Exception as err:
         res["err_code"] = APIStatus.UNDEFINED
         res["message"] = str(err)
         res["result"] = "fail"
     else:
         res["err_code"] = APIStatus.SUCCESS
     return res