def register():
result = {}
if request.method == 'POST':
username = request.values.get('username')
password = request.values.get('password')
email = request.values.get('email')
if username and password and email:
user = User.query.filter(User.username == username
or User.email == email).all()
if user:
result.update(msg='账号或者邮箱已经存在', status=-2)
else:
pwd = generate_password_hash(password)
user = User(username=username, password=pwd, email=email)
db.session.add(user)
db.session.commit()
#发送激活邮箱
msg = Message('激活邮件',
body='用户您好',
html=render_template('activate.html',
username=username),
sender='*****@*****.**',
recipients=[email])
mail.send(msg)
#将用户缓存到redis
# rds.set('username', username, ex=10 * 60)
cache.set('username', username, timeout=10 * 60)
else:
result.update(msg='必要参数不能为空', status=-1)
else:
result.update(msg='错误的请求方式', status=400)
return jsonify(result)
def _verify():
token = get_token()
if not token:
abort(RET.Forbidden, msg='请登录', status=RET.REENTRY)
token_data = Auth.decode_auth_token(token)
token_id = token_data['data']['id']
token_time = token_data['data']['login_time']
# cache 记录的token,如果cache中没有这个token
cache_token = cache.get(token_id)
if not cache_token:
abort(RET.Forbidden, msg='请重新登录!', status=RET.REENTRY)
# 用户是否存在
admin = get_admin(token_id)
if not admin:
abort(RET.Forbidden, msg='请重新登录', status=RET.REENTRY)
# 超时生成新的token
now_time = datetime.datetime.now()
g.admin = admin
# g.auth = token
# 超过30分钟就要重新获取token
if (datetime.datetime.strptime(token_time, "%Y-%m-%d %H:%M:%S") +
datetime.timedelta(minutes=60 * 8)) < now_time:
cache.delete(token)
new_token = Auth.encode_auth_token(admin.id)
cache.set(admin.id, new_token, timeout=60 * 60 * 8)
data = {'status': RET.RESETOKEN, 'token': new_token}
return data
# 其他用户异地登录
if cache_token != token:
abort(RET.Forbidden, msg='当前账户在其他地方登录,您已被强制下线!', status=RET.REENTRY)
def post(self):
args = lr_parser.parse_args()
phone = args.get('mobile')
code = args.get('code')
cache_code = cache.get(phone)
if cache_code and code == cache_code:
user = User.query.filter(User.phone == phone).first()
if not user:
user = User()
user.phone = phone
s = ''
for i in range(13):
ran = random.randint(0, 9)
s += str(ran)
user.username = '******' + s
db.session.add(user)
db.session.commit()
token = str(uuid.uuid4()).replace('-', '') + str(
random.randint(100, 999))
cache.set(token, phone)
return jsonify(status=200, msg='登录成功', token=token)
else:
return jsonify(status=400, errmsg='验证码错误')
def post(self):
parse = parser.parse_args()
#用户信息
user = User()
user.name = parse.get('name')
user.password = generate_password_hash(parse.get('password'))
user.email = parse.get('email')
user.phone = parse.get('phone')
user.token = generate_token()
#存入数据库(考虑账户邮箱有唯一约束,要捕获异常)
try:
#存入数据库
save_db(user)
responseData = {}
responseData['status'] = 200
responseData['msg'] = '注册成功'
responseData['data'] = user
#发送邮箱
active_mail(user)
#缓存设置
cache.set(user.token, '超时处理', timeout=30)
return responseData
except Exception as e:
responseData = {}
responseData['status'] = 406
responseData['msg'] = '该邮箱已经被占用'
return responseData
def register():
if request.method == 'GET':
return render_template('register.html')
elif request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
email = request.form.get('email')
users = User.query.filter(User.username == username)
if users.count():
return '用户已存在,请重新选择'
users = User.query.filter(User.email == email)
if users.count():
return '邮箱已存在,请重新选择'
user = User()
user.username = username
user.password = password
user.email = email
db.session.add(user)
db.session.commit()
token = uuid.uuid5(uuid.uuid4(), 'aa').hex
cache.set(token, user.id, timeout=60 * 3)
session['token'] = token
return redirect(url_for('blue.index'))
def post(self):
'''
登录
'''
args_login = parse_login.parse_args()
password = args_login.get('password')
username = args_login.get('username').lower()
captcha = args_login.get('captcha')
text = cache.get('image_code_%s'%args_login.get('image_code'))
if not text:
abort(RET.Forbidden,msg='验证码错误')
if captcha.lower() != text.lower():
abort(RET.Forbidden,msg='验证码错误')
cache.delete('image_code_%s'%args_login.get('image_code'))
admin = Admin.query.filter_by(username = username,is_del='0').first()
if not admin:
abort(RET.BadRequest,msg='用户名或密码错误')
if not admin.check_pwd(password):
abort(RET.Unauthorized,msg='用户名或密码错误')
token = Auth.encode_auth_token(admin.id)
cache.set(admin.id,token,timeout=60*60*8)
# 记录登陆日志
admin_log = AdminLog()
admin_log.username = admin.username
admin_log.ip = request.remote_addr
admin_log.add()
data = {
'status':RET.OK,
'msg':'登录成功',
'token':token
}
return data
def psot(self):
args = sms_parser.parse_args()
mobile = args.get('mobile')
ret, code = send_duanxin(mobile)
if ret is not None:
if ret["code"] == 200:
cache.set(mobile, code, timeout=1800)
return jsonify(code=200, msg='短信发送成功')
else:
return jsonify(code=400, msg='短信发送失败')
def post(self):
parse = parser.parse_args()
user = User()
user.username = parse.get('username')
user.password = generate_password_hash(parse.get('password'))
user.email = parse.get('email')
response_data = {
'date': str(time.time()),
}
# 数据处理
response_data['status'] = 406
response_data['user'] = ''
users = User.query.filter(User.username == user.username)
if users.count(): # 存在
response_data['msg'] = '用户名已存在,注册失败!'
return response_data
users = User.query.filter(User.email == user.email)
if users.count():
response_data['msg'] = '邮箱已存在,注册失败!'
return response_data
# 存入数据库
db.session.add(user)
db.session.commit()
# 状态保持
token = uuid.uuid5(uuid.uuid4(), 'regisger').hex
cache.set(token, user.id, timeout=60 * 10)
# 发送邮件
active_url = 'http://127.0.0.1:5000/api/v1/active/?token=' + token
tempplate_str = render_template('mail_active.html',
active_url=active_url,
username=user.username)
msg = Message(
subject='AXF激活邮件', # 主题
sender='*****@*****.**', # 发件人
recipients=[user.email], # 收件人
html=tempplate_str # 正文
)
mail.send(msg)
# 返回数据
response_data['msg'] = '注册成功'
response_data['status'] = 200
response_data['user'] = user
response_data['token'] = token
return response_data
def post(self):
parse = parser.parse_args()
phone = parse.get('phone')
# 短信应用SDK AppID
appid = 1400112809 # SDK AppID是1400开头
# 短信应用SDK AppKey
appkey = "8d8b808cb9073023631d241951f49fb4"
# 需要发送短信的手机号码
phone_numbers = [phone]
# 短信模板ID,需要在短信应用中申请
template_id = 166915 # NOTE: 这里的模板ID`7839`只是一个示例,真实的模板ID需要在短信控制台中申请
# templateId 7839 对应的内容是"您的验证码是: {1}"
# 签名
sms_sign = "钟远智工作经验分享" # NOTE: 这里的签名"腾讯云"只是一个示例,真实的签名需要在短信控制台中申请,另外签名参数使用的是`签名内容`,而不是`签名ID`
ssender = SmsSingleSender(appid, appkey)
# 模板需要的参数
# 短信验证码: {1},请于{2}分钟内填写。如非本人操作,请忽略本短信。
temp_random = random.randrange(10000, 100000)
# 缓存验证码(后续过期处理,以及验证处理)
cache.set(phone, temp_random, timeout=30)
print(phone, cache.get(phone), type(phone))
params = [
temp_random, 10
] # 当模板没有参数时,`params = []`,数组具体的元素个数和模板中变量个数必须一致,例如事例中templateId:5678对应一个变量,参数数组中元素个数也必须是一个
try:
result = ssender.send_with_param(
86,
phone_numbers[0],
template_id,
params,
sign=sms_sign,
extend="",
ext="") # 签名参数未提供或者为空时,会使用默认签名发送短信
except HTTPError as e:
print(e)
except Exception as e:
print(e)
responseData = {'msg': '发送短信成功'}
return responseData
def post(self):
responsedata = {'time': str(int(time.time()))}
parse = parser.parse_args()
user = User()
user.telephone = parse.get('telephone')
user.password = generate_password_hash(parse.get('password')) #加密处理
user.name = parse.get('name')
user.email = parse.get('email')
# 图片数据
imgfile = parse.get('filename')
# 图片名称
filename = '%s-%s' % (user.telephone, secure_filename(
imgfile.filename))
# 文件路径
filepath = os.path.join(UPLOAD_RID, filename)
user.token = get_token()
users = User.query.filter(User.telephone == user.telephone)
if users.count() > 0:
responsedata['msg'] = '注册失败!'
responsedata['status'] = 406
responsedata['err'] = '此手机号已经被注册!'
return responsedata
else:
# 保存文件
imgfile.save(filepath)
# 更新用户信息
user.icon = filename
db.session.add(user)
db.session.commit()
#邮件信息
msg = Message(
subject='Tpp激活邮件',
recipients=[user.email], #收件人邮箱
sender="*****@*****.**") #发件人
body_html = render_template(
'mail_send.html',
name=user.name,
active_url='http://127.0.0.1:5000/api/v1/useractive?token=' +
user.token)
msg.html = body_html
#发送邮件
mail.send(msg)
#状态保持,即控制注册链接的有效时间
cache.set(user.token, user.id, timeout=60)
responsedata['msg'] = '注册成功!'
responsedata['status'] = 200
responsedata['data'] = user
return responsedata
def get(self):
"""
图片验证码
"""
args = parse.parse_args()
image_code = args.get('image_code')
text, image_data = Captcha.gene_graph_captcha()
try:
cache.set('image_code_%s' % image_code, text, timeout=3 * 60)
data = {'status': RET.OK, 'data': image_data}
return data
except Exception as e:
current_app.logger.error(e)
abort(RET.BadRequest, msg='获取验证码失败')
def post(self):
parse = parser.parse_args()
username = parse.get('username')
password = parse.get('password')
response_data = {'date': str(time.time()), 'status': 406}
users = User.query.filter(User.username == username)
if users.count(): # 存在
user = users.first()
if check_password_hash(user.password, password): # 验证通过
# 删除
if user.isdelte:
response_data['msg'] = '登录失败,用户不存在'
return response_data
# 状态保持
token = uuid.uuid5(uuid.uuid4(), 'regisger').hex
cache.set(token, user.id, timeout=60 * 10)
# 激活
if user.isactive:
response_data['msg'] = '登录成功'
response_data['status'] = 200
response_data['user'] = user
response_data['token'] = token
return response_data
else:
# 发送邮件
active_url = 'http://127.0.0.1:5000/api/v1/active/?token=' + token
tempplate_str = render_template('mail_active.html',
active_url=active_url,
username=user.username)
msg = Message(
subject='AXF激活邮件', # 主题
sender='*****@*****.**', # 发件人
recipients=[user.email], # 收件人
html=tempplate_str # 正文
)
mail.send(msg)
response_data['msg'] = '登录失败,用户未激活。激活邮件已经重新发送,请注意查看邮箱!'
return response_data
else:
response_data['msg'] = '登录失败,密码错误'
return response_data
else: # 不存在
response_data['msg'] = '登录失败,用户名不存在'
return response_data
def heheda():
#反爬虫 首先检查有没有user-agent 再看ip如果在30s内访问10次 就搞他
user_agent = request.user_agent
if not user_agent:
return jsonify({'code': 10000, 'msg': 'h换个网站吧'}), 500
ip = request.remote_addr
key = ip + 'fanpa'
times = cache.get(key)
if not times:
cache.set(key, 1, 30)
else:
if int(times) >= 3:
return '搞你M啊', 404
else:
cache.set(key, times + 1, 30)
def my_cache():
#先获取ip,拼接我们的key
ip = request.remote_addr
key = ip + 'day04'
#去缓存尝试拿数据
data = cache.get(key)
if data:
print('有数据')
return jsonify(data)
else:
# 一顿查数据
new_data = {'code': 1, 'msg': 'ok', 'data': '呵呵哒'}
print('查数据')
cache.set(key, new_data, 30)
return jsonify(new_data)
def post(self):
#获取数据
parse = parser.parse_args()
email = parse.get('email')
password = parse.get('password')
responseData ={}
#获取用户
users = User.query.filter(User.email==email)
if users.count(): #有用户
user = users.first()
#密码校验
if check_password_hash(user.password,password): #验证通过
if user.is_delete == True: # 已删除
responseData['status'] = 401
responseData['msg'] = '登录失败,用户已被注销!'
return responseData
if user.is_active == False: #未激活
#发送邮件
active_mail(user)
#缓存token
cache.set(user.token, '超时处理', timeout=30)
responseData['status'] = 401
responseData['msg'] = '用户未激活,请查看邮件激活后操作!'
return responseData
# 验证成功
user.token = generate_token()
save_db(user)
responseData['status'] = 200
responseData['msg'] = '登录成功'
responseData['data'] = user
return responseData
else:
responseData['status'] = 401
responseData['msg'] = '登录失败,密码错误!'
return responseData
else: #没有用户
responseData['status'] =401
responseData['msg'] = '邮箱错误,请重新登录'
return responseData
def post(self):
args = password_login_parser.parse_args()
mobile = args.get('mobile')
password = args.get('password')
# 判断用户
user = User.query.filter(User.phone == mobile).first()
if user:
if check_password_hash(user.password, password):
# 说明用户是登录成功的 dfjkdj-hdfjhsd34-sdjf83748-3847fnmm
token = str(uuid.uuid4()).replace('-', '') + str(
random.randint(100, 999))
print('token:', token)
# 存储用户的登录信息
cache.set(token, mobile)
return {'status': 200, 'msg': '用户登录成功', 'token': token}
return {'status': 400, 'msg': '账户名或者密码有误!'}
def login():
if request.method == 'GET':
return render_template('login.html')
elif request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
users = User.query.filter(User.username == username).filter(
User.password == password)
if users.count():
user = users.first()
token = uuid.uuid5(uuid.uuid4(), 'aa').hex
cache.set(token, user.id, timeout=60 * 3)
session['token'] = token
return redirect(url_for('blue.index'))
else:
return '登录失败,输入信息有误'
def post(self):
args = parse_base.parse_args()
password = args.get('password')
action = args.get('action').lower()
if action == USER_ACTION_REGISTER:
args_register = parse_register.parse_args()
username = args_register.get('username')
phone = args_register.get('phone')
movie_user = CinemaUser()
movie_user.username = username
movie_user.password = password
movie_user.phone = phone
if not movie_user.save():
abort(400, msg='create fail')
data = {
'status': HTTP_CREATE_OK,
'msg': 'user create success',
'data': movie_user
}
return marshal(data, single_cinema_user_fields)
elif action == USER_ACTION_LOGIN:
args_login = parse_login.parse_args()
username = args_login.get('username')
phone = args_login.get('phone')
user = get_cinema_user(username) or get_cinema_user(phone)
if not user:
abort(400, msg='用户不存在')
if not user.check_password(password):
abort(401, msg='密码错误')
if user.is_delete:
abort(401, msg='用户不存在')
token = generate_cinema_user_token()
cache.set(token, user.id, timeout=60 * 60 * 24 * 7)
data = {'msg': 'login success', 'status': HTTP_OK, 'token': token}
return data
else:
abort(400, msg='请提供正确的参数')
def sortGoods():
page = int(request.args.get("page") or 1)
type = request.args.get("type")
try:
type = type.split("/")[0]
cache.set("type", type)
except:
type = cache.get("type")
pass
print(type)
per = 12
paginates = Goods.query.filter(Goods.type == type).paginate(page, per)
if g.user:
return render_template('market.html',
type=type,
paginates=paginates,
name=g.user.name,
img=g.user.img)
return render_template("sort.html", paginates=paginates, type=type)
def register():
if request.method == 'GET':
return render_template('register.html')
elif request.method == 'POST':
user = User()
user.tel = request.form.get('tel')
user.passrod = request.form.get('password')
user.email = request.form.get('email')
# print(request.form.get('tel'),request.form.get('password'),request.form.get('email'))
#
db.session.add(user)
db.session.commit()
# 状态保持
token = uuid.uuid5(uuid.uuid4(), 'register').hex
session['token'] = token
cache.set(token, user.id, timeout=60 * 2)
return redirect(url_for('blue.index'))
def post(self):
"""
注册
"""
args = parse_base.parse_args()
password = args.get('password')
action = args.get('action').lower()
# 注册
if action == USER_ACTION_REGISTER:
args_register = parse_register.parse_args()
username = args_register.get('username').lower()
email = args_register.get('email')
phone = args_register.get('phone')
if get_user(username):
abort(RET.BadRequest, msg='用户名已注册')
if get_user(phone):
abort(RET.BadRequest, msg='手机号码已注册')
if get_user(email):
abort(RET.BadRequest, msg='邮箱已注册')
user = User()
user.username = username
user.password = password
user.email = email
user.phone = phone
if user.add():
data = {'status': RET.Created, 'msg': '注册成功', 'data': user}
return marshal(data, sing_user_fields)
abort(RET.BadRequest, msg='注册失败')
# 登录
elif action == USER_ACTION_LOGIN:
args_login = parse_login.parse_args()
username = args_login.get('username').lower()
user = get_user(username)
if not user:
abort(RET.BadRequest, msg='用户名或密码错误')
if (not user.check_pwd(password)) or user.is_del != '0':
abort(RET.Unauthorized, msg='用户名或密码错误')
token = uuid.uuid4().hex
cache.set(token, user.id, timeout=60 * 60 * 7)
data = {'status': RET.OK, 'msg': '登录成功', 'token': token}
return data
else:
abort(RET.BadRequest, msg='参数错误,请检查后重试')
def get(self):
args = reset_parser.parse_args()
phone = args.get('mobile')
imageCode = args.get('imageCode')
code = session.get('code')
if code and imageCode.lower() == code.lower():
user = User.query.filter(User.phone == phone).first()
if user:
ret, smscode = send_duanxin(phone)
if ret is not None:
if ret['code'] == 200:
cache.set(phone, smscode, timeout=180)
return jsonify(status=200, msg='短信发送成功')
else:
return jsonify(status=400, msg='短信发送失败')
else:
return jsonify(status=400, msg='此用户未注册')
else:
return jsonify(status=400, msg='验证码有误')
def post(self):
responsedata = {'time': str(int(time.time()))}
parse = parser.parse_args()
telephone = parse.get('telephone')
password = parse.get('password') # 加密处理
users = User.query.filter(User.telephone == telephone)
if not users.count():
return format_response(msg='登录失败!', status=406, err='用户不存在!')
user = users.first()
if user.isdelete:
return format_response(msg='登录失败!', status=406, err='用户已经注销!')
if not check_password_hash(user.password, password): #校验密码
return format_response(msg='登录失败!', status=406, err='密码错误!')
else:
if not user.isactive: #激活
# 邮件信息
msg = Message(
subject='Tpp激活邮件',
recipients=[user.email], # 收件人邮箱
sender="*****@*****.**") # 发件人
body_html = render_template(
'mail_send.html',
name=user.name,
active_url='http://127.0.0.1:5000/api/v1/useractive?token='
+ user.token)
msg.html = body_html
# 发送邮件
mail.send(msg)
# 状态保持,即控制注册链接的有效时间
cache.set(user.token, user.id, timeout=60)
return format_response(msg='登录失败!',
status=406,
err='用户还没有激活,激活链接已经重新发送!!')
user.token = get_token()
db.session.add(user)
db.session.commit()
return format_response(msg='登录成功!', status=200, data=user)
def login():
if request.method == 'GET':
return render_template('login.html')
elif request.method == 'POST':
tel = request.form.get('tel')
password = request.form.get('password')
print(tel, password)
users = User.query.filter(User.tel == tel).filter(
User.passrod == password)
if users.count():
user = users.first()
# 状态保持
token = uuid.uuid5(uuid.uuid4(), 'register').hex
session['token'] = token
cache.set(token, user.id, timeout=60 * 5)
return redirect(url_for('blue.index'))
else:
return '账号或密码错误'
def post(self):
params = register_args.parse_args()
email = params.get('email')
pwd = params.get('pwd')
confirm_pwd = params.get('confirm_pwd')
# 判断密码和确认密码是否一致
if pwd != confirm_pwd:
return {'code': 2, 'msg': '密码不一致'}
res = User.create_user(email=email, pwd=pwd)
# 发送邮件,激活
url = 'http://' + request.host + '/active/' + create_unique_str()
if res:
# send_email.delay(email, url, res.id)
title = '欢迎注册爱鲜蜂后台管理'
msg = Message(title, [email], sender='*****@*****.**')
msg.html = render_template('register/active.html', url=url)
mail.send(msg)
# 设置缓存
key = url.split('/')[-1]
cache.set(key, res.id, timeout=60 * 60)
return {'data': '/index/'}
else:
return {'code': 3, 'msg': '注册失败,邮箱已被使用'}
def post(self):
parse = parser.parse_args()
user = User()
user.username = parse.get('username')
user.password = generate_password_hash(parse.get('password'))
user.email = parse.get('email')
response_data = {
'date': str(time.time()),
'status': 404,
'user': '',
'token': '',
}
users = User.query.filter(User.username == user.username)
if users.count():
response_data['msg'] = '注册失败,用户名已存在,请重新注册!'
return response_data
users = User.query.filter(User.email == user.email)
if users.count():
response_data['msg'] = '注册失败,邮箱已存在,请重新注册!'
return response_data
db.session.add(user)
db.session.commit()
# 状态保持
token = uuid.uuid5(uuid.uuid4(), 'register').hex
cache.set(token, user.id, timeout=60 * 5)
response_data['status'] = 200
response_data['user'] = user
response_data['msg'] = '注册成功!!!'
response_data['token'] = token
return render_template(url_for('blue.index'))
def hello_world():
# 设置
cache.set('username', 'atom', timeout=60)
return render_template('index.html')
