def _set_auth_info(user: User, res: Response = None, save_user=True):
"""
为某用户设置session中的授权信息
并自动修改中的上次登录的信息
:param user: 用户模型
:param save_user: 是否自动执行user.save()
:param res: 如果需要自动更新cookie,请传入返回的response
"""
now = int(time.time())
session['yobot_user'] = user.qqid
session['csrf_token'] = rand_string(16)
session['last_login_time'] = user.last_login_time
session['last_login_ipaddr'] = user.last_login_ipaddr
user.last_login_time = now
user.last_login_ipaddr = request.headers.get('X-Real-IP',
request.remote_addr)
if res:
new_key = rand_string(32)
userlogin = User_login.create(
qqid=user.qqid,
auth_cookie=_add_salt_and_hash(new_key, user.salt),
auth_cookie_expire_time=now + EXPIRED_TIME,
)
new_cookie = f'{user.qqid}:{new_key}'
res.set_cookie(LOGIN_AUTH_COOKIE_NAME,
new_cookie,
max_age=EXPIRED_TIME)
if save_user:
user.save()
async def logout():
jti = jwt.get_raw_jwt().get("jti")
async with app.db_pool.acquire() as con:
await con.execute(
"""
INSERT INTO
old_tokens (
token
)
VALUES
($1);
""", jti)
app.blacklisted_tokens.add(jti)
headers = {"Content-Type": "application/json"}
response = Response(json.dumps({
"status": 200,
"result": True
}),
headers=headers)
response.set_cookie("access_token_cookie", "", expires=0)
response.set_cookie("jwt_csrf_token", "", expires=0)
return response
def set_auth_info(user: dict, res: Response = None, save_user=True):
now = ue.now()
session['yobot_user'] = user['uid']
session['csrf_token'] = rand_string(16)
session['last_login_time'] = user['last_login_time']
session['last_login_ipaddr'] = user['last_login_ipaddr']
user['last_login_time'] = now
user['last_login_ipaddr'] = request.headers.get('X-Real-IP',
request.remote_addr)
if res:
new_key = rand_string(32)
ue.get_wm().add_login(uid=user['uid'],
auth_cookie=add_salt_and_hash(
new_key, user['salt']),
auth_cookie_expire_time=now + EXPIRED_TIME)
new_cookie = f"{user['uid']}:{new_key}"
res.set_cookie(LOGIN_AUTH_COOKIE_NAME,
new_cookie,
max_age=EXPIRED_TIME)
if save_user:
ue.get_wm().mod_user(user)
async def set_cookie():
r = Response("")
r.set_cookie(key="my-cookie", value="1234")
r.set_cookie(key="my-cookie-2", value="5678")
return r
async def set_cookie(request):
r = Response("")
r.set_cookie("my-cookie", "1234")
r.set_cookie("my-cookie-2", "5678")
return r
async def login():
try:
data = await request.get_json()
except Exception:
return {"status": 400, "error": "Invalid POST data."}, 400
email = data.get("email")
password = data.get("password")
if not email:
return {"status": 400, "error": "Missing email parameter."}, 400
if not password:
return {"status": 400, "error": "Missing password parameter."}, 400
async with app.db_pool.acquire() as con:
user = await con.fetchrow(
"""
SELECT
name,
password_hash
FROM
users
WHERE LOWER($1) = LOWER(email);
""", email)
if user["password_hash"] is None:
return {"status": 401, "error": "Invalid credentials."}, 401
try:
hasher.verify(user["password_hash"], password)
except VerifyMismatchError:
return {"status": 401, "error": "Invalid credentials."}, 401
if hasher.check_needs_rehash(user["password_hash"]):
async with app.db_pool.acquire() as con:
await con.execute(
"""
UPDATE
users
SET
password_hash=$1
WHERE LOWER($2) = LOWER(email);
""", hasher.hash(password), email)
additional = {"name": user["name"]}
access_token = jwt.create_access_token(identity=email.lower(),
user_claims=additional)
headers = {"Content-Type": "application/json"}
async with app.db_pool.acquire() as con:
user = await con.fetchrow(
"""
SELECT
id,
name,
email
FROM
users
WHERE LOWER($1) = LOWER(email);
""", email)
response = Response(json.dumps({
"status": 200,
"result": dict(user)
}),
headers=headers)
response.set_cookie("access_token_cookie", access_token)
response.set_cookie("jwt_csrf_token", jwt.get_csrf_token(access_token))
return response
async def register():
existing_jwt = jwt.get_jwt_identity()
if existing_jwt:
return {
"status": 401,
"error":
"You cannot register for a new account if you are logged in."
}, 401
try:
data = await request.get_json()
except Exception:
return {"status": 400, "error": "Invalid POST data."}, 400
email = data.get("email")
password = data.get("password")
name = data.get("name")
if not email:
return {"status": 400, "error": "Missing email parameter."}, 400
elif not password:
return {"status": 400, "error": "Missing password parameter."}, 400
elif not name:
return {"status": 400, "error": "Missing name parameter."}, 400
hash_ = hasher.hash(password)
async with app.db_pool.acquire() as con:
existing = await con.fetchval(
"""
SELECT
email
FROM
users
WHERE LOWER($1) = LOWER(email);
""", email)
if existing:
return {
"status": 400,
"error": "User with specified email already exists."
}, 400
new_user = await con.fetchrow(
"""
INSERT INTO
users (
email,
password_hash,
name
)
VALUES
($1, $2, $3)
RETURNING id::TEXT, email, name;
""", email, hash_, name)
additional = {"name": name}
access_token = jwt.create_access_token(identity=email.lower(),
user_claims=additional)
headers = {"Content-Type": "application/json"}
response = Response(json.dumps({
"status": 200,
"result": dict(new_user)
}),
headers=headers)
response.set_cookie("access_token_cookie", access_token)
response.set_cookie("jwt_csrf_token", jwt.get_csrf_token(access_token))
return response
async def link(id):
resp = Response("All good. You can exit this page now.")
resp.set_cookie("id", str(id), max_age=2**31-1)
return resp
