def logout(self, data):
auth_token = "" or data
if auth_token:
resp = User.decode_auth_token(auth_token) # 判断token是否在黑名单
if not isinstance(resp, str): # mark the token as blacklisted
return self.save_token(token=auth_token) # 退出登录后自动加入黑名单,销毁Token
else:
msg.set_msg(code=UNAUTHORIZED, msg=resp)
else:
msg.set_msg(code=FORBIDDEN, msg="Provide a valid auth token.")
return msg.body
def get_user_permission(request=None):
"""
1.权限查询
2.等级查询
可拓展为:接口权限、方法权限、查询权限
role 角色表
:param request:
:return:
"""
auth_token = request.headers.get('Authorization') # get the auth token
if auth_token:
resp = User.decode_auth_token(auth_token[7:]) # Token解码
if not isinstance(resp, str): # 查询成功会返回int类型
user = User.query.filter_by(id=resp).first()
success = MsgBody() # 初始化响应消息
data = dict(user_id=user.id, email=user.email, is_admin=user.is_admin)
success.set_msg(code=SUCCESS, msg="The query is successful.", data=data)
return success.body
msg.set_msg(code=UNAUTHORIZED, msg=resp)
else:
msg.set_msg(code=UNAUTHORIZED, msg="Provide a valid auth token.")
return msg.body
def get_logged_in_user(new_request):
auth_token = new_request.headers.get("Authorization") # get the auth token
if auth_token:
resp = User.decode_auth_token(auth_token[7:])
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
response_object = {
"status": "success",
"data": {
"user_id": user.id,
"email": user.email,
# "is_admin": user.is_admin,
# 'registered_on': str(user.registered_on)
},
}
return response_object, 200
response_object = {"status": "fail", "message": resp}
return response_object, 401
else:
response_object = {
"status": "fail",
"message": "Provide a valid auth token.",
}
return response_object, 401