def signin(*, page='1'): if request.method == 'POST': user_info = request.json email = user_info['email'] passwd = user_info['passwd'] if not email: raise APIValueError('email', 'Invalid email.') if not passwd: raise APIValueError('passwd', 'Invalid password.') with db_session: users = select(u for u in User if u.email == email)[:] if len(users) == 0: raise APIValueError('email', 'Email not exist.') user = users[0] #session['username'] = user.name # check passwd: sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) if user.passwd != sha1.hexdigest(): raise APIValueError('passwd', 'Invalid password.') # authenticate ok, set cookie: response = make_response(json.dumps({'id': user.id, 'email': user.email, 'passwd': '******', 'admin': user.admin, 'name': user.name,'image': user.image, 'create_at': user.created_at})) response.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) #response.headers['Content-Type'] = 'application/json' return response return render_template('signin.html')
def api_register_user(): data = request.get_json() email = data.get('email') name = data.get('name') passwd = data.get('passwd') if not name or not name.strip(): e = {'error': 'value:invalid', 'data': 'name', 'message': ''} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r if not email or not _RE_EMAIL.match(email): e = {'error': 'value:invalid', 'data': 'email', 'message': ''} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r if not passwd or not _RE_SHA1.match(passwd): e = {'error': 'value:invalid', 'data': 'passwd', 'message': ''} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r users = User.findAll('email=?', [email]) if len(users) > 0: e = {'error': 'value:invalid', 'data': 'email', 'message': 'Email is already in use'} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r uid = next_id() sha1_passwd = '%s:%s' % (uid, passwd) user = User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest()) user.save() r = make_response(json.dumps(user, ensure_ascii=False).encode('utf-8')) r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) r.content_type = 'application/json' return r
def api_login(*, user, password): ''' Do login. Request url: [POST /api/login] Post data: user: user name password: password ''' users = yield from User.findall(where="name='%s'" % user) if not users or len(users) == 0: return dict(retcode=101, message='user %s not eixsts' % user) user = users[0] if user.password != hashlib.sha1(password.encode('utf-8')).hexdigest(): return dict(retcode=102, message='incorrect password') # set cookie r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) r.content_type = 'application/json;charset=utf-8' r.headers['Content-type'] = 'application/json;charset=utf-8' r.headers['Access-Control-Allow-Origin'] = '*' r.headers['Access-Control-Allow-Credentials'] = 'true' d = dict(retcode=0, user=user) r.body = json.dumps(d, ensure_ascii=True).encode('utf-8') yield from log_event(logging.INFO, event_user, event_action_login, 'User %s login' % user.name) return r
async def response(request): logging.info('Response handler...') # 结果 r = await handler(request) if isinstance(r, web.StreamResponse): return r if isinstance(r, bytes): resp = web.Response(body=r) resp.content_type = 'application/octet-stream' return resp if isinstance(r, str): if r.startswith('redirect:'): return web.HTTPFound(r[9:]) resp = web.Response(body=r.encode('utf-8')) resp.content_type = 'text/html;charset=utf-8' return resp if isinstance(r, dict): template = r.get('__template__') if template is None: resp = web.Response(body=json.dumps( r, ensure_ascii=False, default=lambda o: o.__dict__).encode('utf-8')) resp.content_type = 'application/json;charset=utf-8' return resp elif r.get('__user__'): resp = web.Response( body=app['__templating__'].get_template(template).render( **r).encode('utf-8')) resp.content_type = 'text/html;charset=utf-8' resp.set_cookie(COOKIE_NAME, user2cookie(r.get('__user__'), 86400), max_age=86400, httponly=True) return resp else: r['__user__'] = request.__user__ resp = web.Response( body=app['__templating__'].get_template(template).render( **r).encode('utf-8')) resp.content_type = 'text/html;charset=utf-8' return resp if isinstance(r, int) and r >= 100 and r < 600: return web.Response(r) if isinstance(r, tuple) and len(r) == 2: t, m = r if isinstance(t, int) and t >= 100 and t < 600: return web.Response(t, str(m)) # default: resp = web.Response(body=str(r).encode('utf-8')) resp.content_type = 'text/plain;charset=utf-8' return resp
def register(): if request.method == 'POST': user_info = request.json name = user_info['name'] email = user_info['email'] passwd = user_info['passwd'] if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not passwd or not _RE_SHA1.match(passwd): raise APIValueError('passwd') with db_session: users = select(u for u in User if User.email == email)[:] if len(users) > 0: raise APIError('register:failed', 'email', 'Email is already in use.') uid = next_id() #密码加密 sha1_passwd = '%s:%s' % (uid, passwd) with db_session: User(id=uid, name=name.strip(), email=email, passwd=hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest(), admin=False) commit() with db_session: user = User.get(id=uid) #with db_session: # make session cookie: #r = Response(json.dumps({'a': 1, 'b': 1}), content_type='application/json') #r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) response = make_response(json.dumps({'id': user.id, 'email': user.email, 'passwd': '******', 'admin': user.admin, 'name': user.name,'image': user.image, 'create_at': user.created_at})) #设置Cookie,过期时间一天 response.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) response.headers['Content-Type'] = 'application/json' return response return render_template('register.html')
def authenticate(): data = request.get_json() email = data.get('email') passwd = data.get('passwd') if not email: e = {'error': 'value:invalid', 'data': 'email', 'message': 'Invalid email'} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r if not passwd: e = {'error': 'value:invalid', 'data': 'passwd', 'message': 'Invalid password'} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r users = User.findAll('email=?', [email]) if len(users) == 0: e = {'error': 'value:invalid', 'data': 'email', 'message': 'Email not exist'} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r user = users[0] sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) if user.passwd != sha1.hexdigest(): e = {'error': 'value:invalid', 'data': 'passwd', 'message': 'Invalid password'} r = make_response(json.dumps(e, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' return r user2 = user.copy() user2['passwd'] = '******' r = make_response(json.dumps(user2, ensure_ascii=False).encode('utf-8')) r.headers['Content-Type'] = 'application/json' r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) return r