def user_info():
args = parse_url_query(request.url)
if not check_args(args, ['username']):
user = get_user_from_headers()
else:
username = args['username']
user = db.user_find(username=username)
if user is None:
return make_result(11) # username not found
return make_result(0, data={
'userInfo': user
})
def get_user_from_headers():
headers = dict(request.headers)
if 'Authorization' not in headers:
abort(jsonify(make_result(3))) # login error
token = headers['Authorization']
token_data = db.token_find_by_token(token)
if token_data is None:
abort(jsonify(make_result(3))) # login error
# 用户level大于等于10表示有管理员效力
user = db.user_find(username=token_data['username'])
if user is None:
abort(jsonify(make_result(3))) # login error,不会有效
return user
def check_admin_abort():
headers = dict(request.headers)
if 'Authorization' not in headers:
abort(jsonify(make_result(3))) # login error
token = headers['Authorization']
token_data = db.token_find_by_token(token)
if token_data is None:
abort(jsonify(make_result(3))) # login error
# 用户level大于等于10表示有管理员效力
user = db.user_find(username=token_data['username'])
if user is None:
abort(jsonify(make_result(3))) # login error,不会有效
if user['info']['level'] < 10:
abort(jsonify(make_result(10))) # No permission
def decorated(*args, **kwargs):
headers = dict(request.headers)
if 'Authorization' not in headers:
return make_result(3) # login error
token = headers['Authorization']
token_data = db.token_find_by_token(token)
if token_data is None:
return make_result(3) # login error
# 用户level大于等于10表示有管理员效力
user = db.user_find(username=token_data['username'])
if user is None:
return make_result(3) # login error,不会有效
if user['info']['level'] < 10:
return make_result(10) # No permission
return f(*args, **kwargs)
def user_login():
args = parse_url_query(request.url)
if not check_args(args, ['username', 'password']):
return make_result(5) # args error
username = args['username']
password = args['password']
if not db.user_check(username=username, password=password):
return make_result(3) # login error
token = db.token_create(username)
user = db.user_find(username=username)
# 更新登陆时间
db.user_update_last_login_time(user['username'])
return make_result(0, data={
'token': token,
'userInfo': user
})