def send_email_capture(app, mail, email, capture): """用于注册时候异步发送邮件验证码 注意频繁发送邮件可能会导致550 MailBox not found and access denied错误 :param app: Flask实例对象 :param mail: Flask的MAIL实例 :param email: 合法用户注册的email :param capture: 随机数字验证码 :return: bool """ flag = False msg = Message(subject='Spider用户登录邮箱验证码:', recipients=[email]) msg.html = '<!DOCTYPE HTML><html><head></head><body><p><font size="5",color=black>尊敬的用户: 您好!</font></p>      您 <font color="#ff9955">Spider</font> 邮箱登录的验证码为: <span style="border-bottom: 1px dashed rgb(204, 204, 204);"><font size="5" color =green><b>{0}</b></font></span>有效期限为<b><font color ="rgb(204, 195, 175)">10分钟</font></b>,请尽快前往注册。(<i>如果不是您提交的申请,请忽略</i>)<p>      感谢您的使用。</p></body></html>'.format( capture) thread = Thread(target=send_async_email, args=[app, mail, msg]) # .start()会安排对象在另外一个单独线程中运行run()方法,是异步执行。run()是普通的同步执行 try: thread.start() flag = True print("{0} 邮件发送成功".format(email)) logger.info("%s邮箱验证码%s发送成功" % (email, capture)) except Exception as e: flag = False print("{0} 邮件发送失败".format(email)) logger.error("%s邮箱验证码%s发送失败,原因:%s" % (email, capture, e)) return flag
def refresh_redis(username: str): """从mysql刷新数据到Redis :param username: 需要刷新的用户名 :return bool """ # db = pymysql.Connect(host='localhost', user='******', password=mysql_passwd, # database=mysql_base, charset='utf8') # 通过docker部署需要使用下面的配置连接 db = pymysql.Connect(host=mysql_host, user='******', password=mysql_passwd, database=mysql_base, charset='utf8') cursor = db.cursor(cursor=pymysql.cursors.DictCursor) myname = "\"{0}\"".format(username) try: sql = 'select USER_TYPE, USER_LOCK, USER_NAME, USER_PASSWD, USER_SALT, USER_MAIL, SUBMISSION_DATE from {0} where USER_NAME={1};'.format( mysql_table, myname) print("refresh_redis", sql) cursor.execute(sql) result_mysql = cursor.fetchall() print("refresh redis from mysql", result_mysql) # 原来redis存有数据需要清空 if dict_into_redis(result_mysql[0]['USER_NAME'], result_mysql[0]): flag = True logger.info("%s用户同步到redis刷新成功" % username) else: flag = False except Exception as e: db.rollback() flag = False logger.error("%s用户同步到redis刷新失败,原因:%s" % (username, e)) db.close() r.close() return flag
def super_cleanLog(): """ 超级管理员清除服务器的所有用户行为日志errlogs.txt :return: json结果 """ username = request.form.get("username", type=str, default="") if session.get("isLogin") and session.get("username") == username: result = DB_Sync.query_redis(username) usertype = result["data"]["USER_TYPE"] userlock = result["data"]["USER_LOCK"] # 超级用户且没有被人为锁定 if usertype == "super" and userlock == 0: if cleanLogging(): code = "0" msg = "文件清除成功" logger.info("%s用户删除日志成功,具有权限为%s,锁定为%d" % (username, usertype, userlock)) else: code = "1" msg = "文件异常,无法清除" logger.error("%s用户删除日志失败,原因:文件异常,无法清除" % username) else: code = "-1" msg = "您没有权限执行该操作" else: code = "-1" msg = "您当前不处于登录状态,请先登录" resp = jsonify(code=code, msg=msg) resp.set_cookie("datetime", getlocaltime()) return resp
def exist_UserName_email(username: str, email: str): """ 判断用户名或者邮箱是否存在,有一个存在就返回True,都不存在返回False 本地数据库username,email字段为unique类型,保证唯一 :param username: 需要查询的用户名 :param email: 需要查询的邮箱 :return: bool """ db = pymysql.Connect('localhost', 'root', mysql_passwd, mysql_base, charset='utf8') cursor = db.cursor(cursor=pymysql.cursors.DictCursor) flag = True sql = 'select USER_NAME,USER_MAIL from {} where (USER_NAME=%s) or (USER_MAIL=%s);'.format( mysql_table) try: cursor.execute(sql, (username, email)) result_mysql = cursor.fetchall() # 查询到本地数据库存在该数据的时候 if result_mysql: flag = True logger.warning("查询%s用户或%s邮箱本地信息存在" % (username, email)) # 本地没有任何同名用户名和email else: flag = False except Exception as e: print("查询用户%s失败" % username) logger.error("查询%s用户和%s邮箱信息失败,原因是: %s" % (username, email, e)) db.rollback() db.close() return flag
def register(): """判断为新用户,新用户注册,需要结合传递过来的邮箱(邮箱要唯一)以及邮箱验证码,用户名(唯一)和密码 :return: json结果 """ if request.method == "POST": email = request.form.get("email", type=str, default="") username = request.form.get("username", type=str, default="") passwd = request.form.get("passwd", type=str, default="") capture = request.form.get("capture", type=str, default="") # 用户名,密码,验证码, 邮箱为空 if not (username and passwd and email and capture): code = "-1" msg = "用户输入了空参数" # 查询本地是否有同名用户名和邮箱 else: # 本地数据库不存在已注册相关用户名和邮箱信息,核实验证码注册 if not DB_Sync.exist_UserName_email(username, email): captureCode = DB_Sync.query_redis_Capture( email) # 如果email没找到,capturecode为None而不是"" if captureCode == capture: code = "0" msg = "注册成功" # 新用户写入数据库 # 先对用户密码加密,需要盐 salt = create_Salt() passwd = computePW(passwd, salt) # 新用户入库 isOk = DB_Sync.sync_redis_insert(username, passwd, salt, email) if not isOk: code = "-1" msg = "新用户注册入库失败" else: # 刷新同步到redis DB_Sync.refresh_redis(username) session['isLogin'] = True session['username'] = username # 最后创建该用户的文件夹 iscreate, user_home_str = User_Action.create_user_homedir( username) if iscreate: logger.info("为新注册用户%s创建文件夹成功" % username) else: logger.error("为新注册用户%s创建文件夹失败" % username) else: code = "-1" msg = "验证码失效或错误" # 本地已存在相关信息用户信息 else: code = "-1" msg = "用户名或邮箱已存在,请重新输入" else: code = '-1' msg = '{} Method is not allowed !'.format(request.method) resp = jsonify(code=code, msg=msg) resp.set_cookie("datetime", getlocaltime()) return resp
def forgetPWD(): """用户名和邮箱以及邮箱的验证码和新密码,查询本地用户名和邮箱是否对应,是发送验证码,然后检验验证码 :return: json结果 """ email = request.form.get("email", type=str, default="") username = request.form.get("username", type=str, default="") captureCode = request.form.get("capture", type=str, default="") new_passwd = request.form.get("new_passwd", type=str, default="") # 本地数据库无对应数据,修改不了 if not DB_Sync.exist_UserName_email(username, email): code = "-1" msg = "用户名或者邮箱错误" # 本地有数据可以修改,核对验证码 else: # 判断根据邮箱查到的用户名是否一致,避免修改他人的数据 # 验证码一致,而且email和用户名也对应.(默认不考虑用户忘记用户名的情况) isConsist = DB_Sync.is_consistent(email, username) if captureCode == DB_Sync.query_redis_Capture(email) and isConsist: result = DB_Sync.query_redis(username) # 根据用户名查询到了结果(salt) print(result) salt = result["data"]['USER_SALT'] compute_new_pwd = computePW(new_passwd, salt) isOK = DB_Sync.sync_redis_insert(username, compute_new_pwd, salt, email) print("is ok", isOK) if isOK: code = "0" msg = "密码重置成功,请用新的密码登录" logger.info("%s用户密码修改成功" % username) # 修改密码后需要清除session数据 session["isLogin"] = False session.clear() if DB_Sync.refresh_redis(username): print("redis刷新成功...") else: print("redis刷新失败...") else: code = "-1" msg = "密码重置失败,请重试" print("{0}用户重置密码失败".format(username)) logger.error("%s用户重置密码失败" % username) else: code = "-1" msg = ("验证码失效" if isConsist else "用户名密码不一致") logger.error("%s用户重置密码失败,原因:%s" % (username, msg)) resp = jsonify(code=code, msg=msg) resp.set_cookie("datetime", getlocaltime()) return resp
def dict_into_redis(redis_name: str, dict_value: dict): """ 根据dict原有数据类型插入到redis的value中 :param redis_name: redis保存的键名 :param dict_value: redis保存的值(string) :return: bool """ try: r.delete(redis_name) redis_value = dumps(dict_value) r.set(redis_name, redis_value) r.expire(redis_name, 60 * 60 * 24 * 6) # 默认存6天 return True except Exception as e: logger.error('dict原有数据类型插入到redis出错,理由是:%s' % e) return False
def deleteUSER(): """ 管理员或者super用户在用户管理界面删除其他用户(低权限用户) :return: """ tup = ("user", "admin", "super") # 用下标 0, 1, 2 来比较权限的大小!! # 当前修改者属性 username = request.form.get("username", type=str, default="") # 被修改者的属性 othername = request.form.get('othername', type=str, default="") otheremail = request.form.get("otheremail", type=str, default="") result = DB_Sync.query_redis(othername) # print(result) othertype = result["data"]["USER_TYPE"] # 判断当前用户是否在线 if session.get("username") == username and session.get('isLogin'): # 获取当前用户的权限和锁定情况 result = DB_Sync.query_redis(username) usertype = result["data"]["USER_TYPE"] userlock = result["data"]["USER_LOCK"] # 判断当前用户是否有权限删除,自己删除不了自己 if userlock == 0 and tup.index(usertype) > tup.index(othertype): is_delete = DB_Sync.sync_redis_delete(othername, otheremail) if is_delete: code = "0" msg = "用户账号注销成功" logger.info("%s管理员注销%s用户成功" % (username, othername)) # 用户删除成功时候,删除用户目录 if User_Action.remove_user_homedir(username): logger.warning("注销删除%s用户文件目录数据成功" % username) else: logger.error("注销删除%s用户文件目录数据失败" % username) else: code = "-1" msg = "用户账号注销失败" logger.error("%s管理员注销%s用户失败" % (username, othername)) else: code = "1" msg = "您没有权限执行操作" else: code = "-1" msg = "您当前不处于登录状态,请先登录" resp = jsonify(code=code, msg=msg) resp.set_cookie("datetime", getlocaltime()) return resp
def change_user_permission(username: str, new_user_type: str, new_user_lock: int): """ 根据username来重置user_type和user_lock :param username: 需要修改的用户名 :param new_user_type: 新的用户类型 :param new_user_lock: 用户是否锁定 0不锁定,1锁定 :return: bool """ # db = pymysql.Connect(host='localhost', user='******', password=mysql_passwd, # database=mysql_base, charset='utf8') # 通过docker部署需要使用下面的配置连接 db = pymysql.Connect(host=mysql_host, user='******', password=mysql_passwd, database=mysql_base, charset='utf8') cursor = db.cursor(cursor=pymysql.cursors.DictCursor) # username = "******".format(username) flag = False sql = "UPDATE {0} SET USER_TYPE='{1}', USER_LOCK={2} WHERE USER_NAME='{3}';".format( mysql_table, new_user_type, new_user_lock, username) print("你想改权限的sql是:%s" % sql) isRedis = False try: cursor.execute(sql) # 这里必须要加commit,因为MySQL的默认存储引擎就是事务型InnoDB表的结构 # 所以对数据库数据的操作会在事先分配的缓存中进行,只有在commit之后,数据库的数据才会改变 db.commit() isRedis = True # 将修改后的数据同步到redis里面 if refresh_redis(username): logger.warning("修改%s用户权限[user_type:%s; user_lock=%d]成功..." % (username, new_user_type, new_user_lock)) flag = True else: logger.error("修改%s用户权限[user_type:%s; user_lock=%d]失败..." % (username, new_user_type, new_user_lock)) except: if not isRedis: db.rollback() logger.error("修改用户权限后,同步redis出错" if isRedis else "mysql中修改{0}用户权限出错". format(username)) db.close() return flag
def sync_redis_delete(username: str, email: str): """MySQL数据库删除数据同步到Redis :param username: 需要删除的用户名 :param email: 用户的邮箱 :return: bool """ # db = pymysql.Connect(host='localhost', user='******', password=mysql_passwd, # database=mysql_base, charset='utf8') # 通过docker部署需要使用下面的配置连接 db = pymysql.Connect(host=mysql_host, user='******', password=mysql_passwd, database=mysql_base, charset='utf8') cursor = db.cursor(cursor=pymysql.cursors.DictCursor) flag = True # 标记操作成功或失败 # 先查询本地mysql是否有用户数据记录,有的话则删除,然后同步到redis;没有则不执行任何操作返回true if not exist_UserName_email(username, email): r.close() db.close() flag = True else: # 有用户数据,直接删除mysql和Redis print("mysql本地有 %s 用户,直接删除并同步" % username) isRedis = False try: # 直接删除数据库 sql = 'delete from {0} where USER_NAME=%s;'.format(mysql_table) cursor.execute(sql, [username]) # sql = 'Alter table {0} AUTO_INCREMENT=1;'.format(mysql_table) # cursor.execute(sql) db.commit() isRedis = True # 删除redis缓存的用户数据 r.delete(username) logger.info("本地有%s用户数据删除成功" % username) except Exception as e: print("删除Redis用户缓存失败" if isRedis else "删除MySQL用户数据失败") db.rollback() flag = False logger.error("本地有%s用户数据删除失败,原因%s" % (username, e)) db.close() r.close() return flag
def updatePWD(): """Post方式用户更新密码,需要核实用户登录状态,用原来的salt加密后新密码入库,并要求重新登录。 :return: json结果 """ username = session.get("username") if session.get("isLogin") and username is not None: # 处于登录的状态的时候,重新生成密码存储到mysql而且同步刷新Redis old_pwd = request.form.get("old_passwd", type=str, default="") new_pwd = request.form.get("new_passwd", type=str, default="") # 下面获取该用户原始数据进行验证 result = DB_Sync.query_redis(username) print("查询用户本地结果为:", result) localPW = result["data"]["USER_PASSWD"] salt = result["data"]["USER_SALT"] # 用户原始密码输入正确,允许修改mysql然后同步redis print('计算结果:', computePW(old_pwd, salt)) if checkPW(computePW(old_pwd, salt), localPW): # 用原来的盐加密生成新的用户密码 compute_new_pwd = computePW(new_pwd, salt) isOK = DB_Sync.sync_redis_insert(username, compute_new_pwd, salt) if isOK: resp = jsonify(code="0", msg="密码修改成功,请用新的密码登录") resp.set_cookie("datetime", getlocaltime()) logger.warning("%s用户修改密码成功,并退出登录" % username) # 修改了密码后,需要重新登录,应该清除session数据。然后刷新redis,不然会导致login时候的redis用之前的 DB_Sync.refresh_redis(username) session["isLogin"] = False session.clear() else: resp = jsonify(code="-1", msg="密码修改失败,请重试") print("{0}用户修改密码失败,原密码:{1}|新密码:{2}".format( username, localPW, compute_new_pwd)) logger.warning("%s用户修改密码失败" % username) else: # 传递过来的用户原始密码为假 resp = jsonify(code="-1", msg="您原始密码输入有误,请重新输入") logger.error("%s用户修改密码失败,原始密码不正确" % username) else: # 该用户已经退出登录了,不处于登录状态 resp = jsonify(code="1", msg="您当前不处于登录状态,请先登录") logger.warning("%s用户当前处于非登录状态,修改密码失败" % username) return resp
def eraseUSER(): """ 清空redis数据并删除本地数据库用户信息,同步redis :return: json结果 """ username = request.form.get("username", type=str, default="") email = request.form.get("email", type=str, default="") captureCode = request.form.get("capture", type=str, default="") # 判断是否处于登录状态 if session["isLogin"] and session.get("username") == username: # 判断验证码是否正确 isConsist = DB_Sync.is_consistent(email, username) if captureCode == DB_Sync.query_redis_Capture(email) and isConsist: # 删除redis数据,然后删除本地mysql数据 isDelete = DB_Sync.sync_redis_delete(username, email) if isDelete: code = "0" msg = "用户账号注销成功" session["isLogin"] = False # 清除服务器数据 session.clear() logger.info("%s用户账号注销成功" % username) # 用户删除成功时候,删除用户目录 if User_Action.remove_user_homedir(username): logger.warning("注销删除%s用户文件目录数据成功" % username) else: logger.error("注销删除%s用户文件目录数据失败" % username) else: code = "-1" msg = "用户账号注销失败" logger.warning("%s用户账户注销失败" % username) else: code = "-1" msg = "验证码不一致" logger.info("%s用户输入验证码不一致" % username) # 当前不是处于登录状态 else: code = "-1" msg = "您当前不处于登录状态,请先登录" logger.warning("%s用户删除数据失败,原因:当前处于非登录状态" % username) resp = jsonify(code=code, msg=msg) resp.set_cookie("datetime", getlocaltime()) return resp
def super_Handle_LogDB(): """ super清空errlogs.txt和删除db备份文件(正常来说应该保留最近一次备份的不允许删除,本项目不考虑此情况) :return: json结果 """ filename = request.form.get("filename", type=str, default="") username = request.form.get("username", type=str, default="") if session.get("isLogin") and session.get("username") == username: result = DB_Sync.query_redis(username) usertype = result["data"]["USER_TYPE"] userlock = result["data"]["USER_LOCK"] # 超级用户且没有被人为锁定 if usertype == "super" and userlock == 0: # 如果是日志则清空 if filename == serverlogs_name: if cleanLogging(): code = "0" msg = "文件清空成功" logger.info("%s用户删除日志成功,具有权限为%s,锁定为%d" % (username, usertype, userlock)) else: code = "1" msg = "文件异常,无法清除" logger.error("%s用户删除日志失败,原因:文件异常,无法清除" % username) # 如果是备份文件则删除 else: global serverlogs_path User_Action.fileDelete(serverlogs_path + r'\{}'.format(filename)) code = "0" msg = "文件删除成功" logger.info("%s用户删除文件%s成功,具有权限为%s,锁定为%d" % (username, filename, usertype, userlock)) else: code = "-1" msg = "您没有权限执行该操作" else: code = "-1" msg = "您当前不处于登录状态,请先登录" resp = jsonify(code=code, msg=msg) resp.set_cookie("datetime", getlocaltime()) return resp
def quit(): """ get方式退出登录并清除session数据 :return: json结果 """ username = session.get("username") print(username) print('session["isLogin"]='******'csrf_token') session.clear() session['csrf_token'] = csrf_token resp = jsonify(code="0", msg="清除服务端数据成功!") logger.info("%s用户退出成功,已经清除服务端session数据" % username) return resp else: resp = jsonify(code="1", msg="您已经退出登录") logger.error("拒绝响应%s用户,原因是: 您已经退出登录" % username) return resp
def userFilesInfo(): username = request.args.get("username") if session.get('username') == username and session.get('isLogin'): result = DB_Sync.query_redis(username) userlock = result['data']['USER_LOCK'] if userlock == 0: userfiles_info = [] # 返回该用户下的文件列表 user_file_list = User_Action.user_file_list(username) if user_file_list: # 根据文件列表去获取文件的属性 for li in user_file_list: userfiles_info.append( User_Action.user_file_info(username, li)) return jsonify(code="0", msg="用户文件获取成功", data=userfiles_info) else: logger.error("%s用户文件夹为空" % username) return jsonify(code="1", msg="用户文件获取失败") else: return abort(401) else: return jsonify(code="-1", msg="您当前不处于登录状态,请先登录")
def handleITSpider(username: str, url: str, path: str): """ 核心业务ITSpider.py爬取,通过全局函数来保存爬取的状态,解决函数无法操作sessio的问题 :param username: 执行操作的用户名 :param url: 需要爬取的网址 :param path: 用户文件夹下的绝对路径,保存爬取过的文件txt :return: 没有return(在ThreadWorker里面,return没有意义) """ myfilename = "" try: myfilename = runSpider(url, path) except Exception as e: logger.error('%s用户爬取%s过程出错,原因是%s' % (username, url, e)) if myfilename: # 全局变量解决任务完成后,函数无法操作session的问题 global spider_file_status spider_file_status = True global spider_file_name spider_file_name = myfilename logger.info('%s用户请求爬取%s成功' % (username, url)) else: logger.info('%s用户请求爬取%s失败' % (username, url))
def itSpiderID(): """ 根据url hash为一个值作为任务id,存在session中,id值返回给前端。同时开个线程去爬取。 :return: json结果 """ username = request.form.get('username') it_url = request.form.get('spiderurl', type=str, default='') # 是否处于登录状态 if session.get('username') == username and session.get('isLogin'): # 判断是否是super权限以及被人为锁定状态 result = DB_Sync.query_redis(username) userlock = result['data']['USER_LOCK'] if userlock == 0: # 给出用户的文件夹路径,用来保存爬取后的txt user_spider_path = User_Action.user_rootFile_dir + \ r'\{0}'.format(username) # 生成任务id task_id = computePW(it_url, '') task_id = task_id[:17] session['task_id'] = task_id # 任务id存到session里面 # 创建线程去爬取而不阻塞当前执行 try: threadWorker(handleITSpider, username=username, url=it_url, path=user_spider_path) except Exception as e: logger.error('%s用户启动threadWorker失败,原因是%s' % (username, e)) code = "0" msg = "已收到爬取请求" data = task_id return jsonify(code=code, msg=msg, data=data) else: return abort(401) else: code = "-1" msg = "您当前不处于登录状态,请先登录" return jsonify(code=code, msg=msg)