async def get(self, request, **kwargs):
"""获取某用户所有todo或者获取所有用户的所有todo"""
user_id_args = request.args.get("user_id")
user_id = request[Constant.auth_info][Constant.user_id]
logger.info("user_id: %s, user_id_args: %s", user_id, user_id_args)
# 查看自己的用户信息
if user_id_args:
if user_id_args == str(user_id):
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_todos, (user_id_args))
data = await cur.fetchall()
data = formatTodosInfo(data)
return webJson(data=data)
# 管理员查看信息
is_admin = False
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_permission, (user_id))
data = await cur.fetchone()
if data:
is_admin = User.checkIfAdmin(data.permission)
if not is_admin:
return webJson(RetCode.FORBIDDEN)
# 如果传入参数有user_id, 那就只看该id信息
if user_id_args:
await cur.execute(S.s_user_todos, (user_id_args))
data = await cur.fetchall()
else:
await cur.execute(S.s_all_todo)
data = await cur.fetchall()
data = formatTodosInfo(data)
return webJson(data=data)
async def get(request, **kwargs):
"""获取群组用户列表或者当前用户信息"""
user_id_args = request.args.get("user_id")
user_id = request[Constant.auth_info][Constant.user_id]
logger.info("user_id: %s, user_id_args: %s", user_id, user_id_args)
# 查看自己的用户信息
if user_id_args:
if user_id_args == str(user_id):
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_info, (user_id))
data = await cur.fetchone()
data = formatUserInfo(data)
return webJson(data=data)
# 管理员查看信息
is_admin = False
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_permission, (user_id))
data = await cur.fetchone()
if data:
is_admin = User.checkIfAdmin(data.permission)
if not is_admin:
return webJson(RetCode.FORBIDDEN)
# 如果传入参数有user_id, 那就只看该id信息
if user_id_args:
await cur.execute(S.s_user_info, (user_id_args))
data = await cur.fetchone()
data = formatUserInfo(data)
else:
await cur.execute(S.s_alluser)
data = await cur.fetchall()
for i in range(len(data)):
data[i] = formatUserInfo(data[i])
return webJson(data=data)
def regist():
"""注册过程有缺陷,要加上confirm等"""
email = requestPostParam(request, 'email')
password = requestPostParam(request, 'password')
img = request.files.get("img", None)
logger.info("email: %s, img: %s", email, img)
if None in (email, password, img):
return webJson(RetCode.PARAMS_ERROR)
if User.query.filter_by(email=email).first():
logger.warn('email duplication')
return webJson(RetCode.EMAIL_DUPLICATION)
user = User(email=email, password=password)
db.session.add(user)
db.session.commit()
try:
avatar = saveAvatar(user, img)
except UploadNotAllowed:
return webJson(RetCode.FILE_SUFFIX_ERROR)
except ValueError:
return webJson(RetCode.AVATAR_TOO_BIG)
user.avatar = avatar
db.session.add(user)
db.session.commit()
return webJson(RetCode.SUCCESS)
async def delete(self, request, todo_id, **kwargs):
"""删除用户单条todo"""
user_id = request[Constant.auth_info][Constant.user_id]
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_todo, (user_id, todo_id))
todo = await cur.fetchone()
if todo:
await cur.execute(S.d_user_todo, (todo.id, ))
else:
return webJson(RetCode.PARAMETER_ERROR, data="无此todo")
await conn.commit()
return webJson(data=todo.title)
def login():
"""获取token只允许用账号和密码,禁止用token更新token.
这里最好不用login_required,而是自己处理一个表单,
然后把token返回去,后续再使用token_auth"""
user_info = g.user.info()
user_info["token"] = g.user.generate_auth_token()
return webJson(RetCode.SUCCESS, data=user_info)
async def delete(request, **kwargs):
"""注销,非登出"""
user_id = request[Constant.auth_info][Constant.user_id]
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.d_user, (user_id, ))
await conn.commit()
return webJson(data=user_id)
async def post(self, request, **kwargs):
"""注册"""
form = postUserListView(request)
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
if_name_exist = await ifNameExist(cur, form.name)
if if_name_exist:
return webJson(RetCode.PARAMETER_ERROR, data="用户名已存在")
logger.info("start to regist")
await cur.execute(
S.i_user,
(form.name, form.password, form.email, form.age,\
form.sex, form.city, form.signature, form.created_time,
form.updated_time, form.last_login))
await conn.commit()
user = {"name": form.name}
return webJson(data=user)
async def post(self, request, **kwargs):
"""创建todo"""
form = postTodoListView(request)
user_id = request[Constant.auth_info][Constant.user_id]
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
logger.info("check if title exists")
await cur.execute(S.s_todo_title, (form.title, user_id))
todo = await cur.fetchone()
if todo:
return webJson(RetCode.PARAMETER_ERROR,
data=("title exists"))
logger.info("start to insert todo")
await cur.execute(S.i_todo,
(user_id, form.title, form.detail,
form.created_time, form.updated_time))
await conn.commit()
return webJson(data=form.title)
async def put(self, request, todo_id, **kwargs):
"""待完善"""
user_id = request[Constant.auth_info][Constant.user_id]
form = request.json
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_todo, (user_id, todo_id))
todo = await cur.fetchone()
return webJson(data=todo)
async def decorated(request, *args, **kwargs):
if request.token:
user_info = User.verifyToken(request.token)
# 每个http请求的request都是不同的,所以可以用来保存该次请求中的全局变量
request[Constant.auth_info] = user_info
response = await func(request, *args, **kwargs)
return response
else:
return webJson(RetCode.NEED_LOGIN)
async def get(request, **kwargs):
"""获取登陆信息"""
user_id = request[Constant.auth_info][Constant.user_id]
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_login_info, (user_id, ))
data = await cur.fetchone()
if data:
data.last_login = datetime2str(data.last_login)
return webJson(data=data)
def test_upload():
upload_file = request.files.get("files", None)
logger.info('---%s', upload_file)
filename = files.save(upload_file)
# 如果是多文件上传
# for filename in request.files.getlist('photo'):
# photos.save(filename)
logger.info(filename)
logger.info("path: %s", files.path(filename))
logger.info("url: %s", files.url(filename))
return webJson(RetCode.SUCCESS)
async def get(self, request, todo_id, **kwargs):
"""获取用户单条todo"""
user_id = request[Constant.auth_info][Constant.user_id]
# user_id = request.get("user_id") # 还需求证一下,request共用于同一个线程,还需考虑一个协程在await时,另一个协程去认证,造成前一个协程的user_id被改变
# 应该不会有上面的问题,因为每个request的args都是不同的, request其实只在sanic/app.handle_request中处理
# 经过大量的并发实验,该方案可行
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_user_todo, (user_id, todo_id))
todo = await cur.fetchone()
todo = formatTodoInfo(todo)
return webJson(data=todo)
async def post(self, request, **kwargs):
"""登陆, 不需要权限控制"""
name = request.form.get("name")
password = request.form.get("password")
if None in (name, password):
return webJson(RetCode.PARAMETER_NOT_ENOUGH)
async with request.app.db.acquire() as conn:
async with conn.cursor() as cur:
await cur.execute(S.s_password, (name, name))
logger.debug("sql: %s: %s", S.s_password, name)
sql_data = await cur.fetchone()
if not sql_data:
return webJson(RetCode.PARAMETER_ERROR, data="无此用户")
if User.verifyPassword(password, sql_data.password):
data = {Constant.user_id: sql_data.id}
data = User.generalToken(
data, expiration=Constant.expires_in_login)
await cur.execute(S.u_user_login,
(User.last_login.default(), sql_data.id))
await conn.commit()
return webJson(data=data)
else:
return webJson(RetCode.PARAMETER_ERROR, data="用户名或者密码错误")
return webJson()
async def index(request):
# logger.info("visit main by get")
main_url = app.url_for("main.index")
users = app.url_for("user.UserListView")
token = app.url_for("user.TokenView")
todos = app.url_for("todo.TodoListView")
todo = app.url_for("todo.TodoView", todo_id=42)
info = {
f'{main_url}': "show all the url for this app",
f"{users}":
"POST: 注册; GET: 查看用户组信息; PUT: 更新用户信息; DELETE: 注销用户, 非登出,而是删除",
f"{token}": "POST: 登陆; GET: 查看当前登陆信息; PUT: 更新登陆信息, DELETE: 登出",
f"{todo}": "GET: 获取某条todo; DELETE: 删除该条todo; PUT: 更新该条todo",
f"{todos}": "POST: 创建todo; GET: 当前用户的所有todo"
}
return webJson(data=info)
def handleParamsError(error):
return webJson(RetCode.PARAMS_ERROR, data=error.data)
def invalidUsage(request, exception):
return webJson(RetCode.NOT_FOUND, data="请求方法有误")
def paramsError(request, exception):
return webJson(RetCode.PARAMETER_ERROR, data=exception.data)
def basicUnauthorized():
return webJson(RetCode.NEED_LOGIN)
def tokenUnauthorized():
return webJson(RetCode.NEED_LOGIN)
def paramsError(request, exception):
return webJson(RetCode.TOKEN_ERROR, data=exception.data)
async def put(request, **kwargs):
"""修改登陆信息"""
return webJson(RetCode.INCOMPLETE)
async def delete(request, **kwargs):
"""登出"""
return webJson(RetCode.INCOMPLETE)
def serverError(request, exception):
logger.exception(exception)
return webJson(RetCode.SERVER_ERROR)
def handle401(error):
return webJson(RetCode.NEED_LOGIN)
def notfound(request, exception):
return webJson(RetCode.NOT_FOUND)
def handle404(error):
return webJson(RetCode.PAGE_NOT_FOUND)
def internal_server_error(e):
logger.exception("SERVER ERROR 500: %s", e)
code = 500
if isinstance(e, HTTPException):
code = e.code
return webJson(RetCode.SERVER_ERROR, data=code)
def timeout(request, exception):
return webJson(RetCode.REQUEST_TIMEOUT)
