def update():
data = {key: dict(request.form)[key][0] for key in dict(request.form)}
if not data:
data = request.get_json()
username = session.get('username')
user_obj = admin_user.find_one({'username': username})
_id = data.get('_id')
if not _id or not ObjectId.is_valid(_id):
_obj = user_obj
else:
_obj = admin_user.find_one({'_id': ObjectId(_id)})
if not _obj:
return jsonify({'code': 202, 'msg': u'不存在'})
_id = str(_obj.get('_id'))
if 'old_pass' in data:
if not check_password_hash(_obj.get('password'), data.get('old_pass')):
return jsonify({'code': 203, 'msg': u'旧密码不正确'})
_values = data.get('password')
_values = generate_password_hash(_values)
if _obj.get('password') != _values:
admin_user.update_one({'_id': ObjectId(_id)},
{'$set': {
'password': _values
}})
return jsonify({'code': 200, 'msg': u'成功'})
def _login_log():
"""
登录日志页面
:return:
"""
username = session.get('username')
user_obj = admin_user.find_one({'username': username})
del user_obj['_id']
return render_template('login/login_log.html', user_obj=user_obj)
def detail():
_id = request.args.get('_id')
if not _id or not ObjectId.is_valid(_id):
return jsonify({'code': 201, 'msg': u'参数错误'})
_obj = admin_user.find_one({'_id': ObjectId(_id)})
if not _obj:
return jsonify({'code': 202, 'msg': u'不存在'})
_obj['_id'] = _id
_obj['status_name'] = status_values.get(_obj.get('status', 0))
return jsonify({'code': 200, 'data': _obj})
def add():
data = {key: dict(request.form)[key][0] for key in dict(request.form)}
if not data:
data = request.get_json()
user_obj = admin_user.find_one({'username': data.get('username')})
if user_obj:
return jsonify({'code': 202, 'msg': u'此账号已经存在,请不要重复添加'})
result = _insert(data)
if result.get('status', False):
return jsonify({'code': 200, 'msg': u'成功'})
else:
return jsonify({'code': 203, 'msg': result.get('msg', '')})
def layout():
"""
框架主页
:return:
"""
domain_dic = {'': {'name': u'夺宝APP', 'logo': ''}}
host_domain = request.headers.get('host')
name = domain_dic.get(host_domain, {}).get('name', u'夺宝APP')
logo = domain_dic.get(host_domain, {}).get('logo', u'')
username = session.get('username')
user_obj = admin_user.find_one({'username': username})
user_id = str(user_obj.get('_id'))
del user_obj['_id']
role_id_list = user_role.find({'user_id': user_id}).distinct('role_id')
authority_list = []
role_authority_cur = role_authority.find({
'role_id': {
'$in': role_id_list
}
}).sort([('authority', 1)])
for role_authority_obj in role_authority_cur:
authority_list.append(role_authority_obj.get('authority'))
new_navs = copy.deepcopy(base_navs)
add_navs = []
for index, nav_obj in enumerate(admin_navs):
if nav_obj.has_key('children'):
children_list = nav_obj.get('children')
for children_obj in children_list:
try:
if filter(
lambda x: filter(lambda b: b == x['value'],
authority_list),
children_obj['authority_list']):
new_navs[index]['children'].append(children_obj)
else:
pass
except:
pass
last_navs = []
for item in new_navs:
if item.get('spread') or item.get('children'):
last_navs.append(item)
navs = json.dumps(last_navs)
nickname = user_obj.get('name', '')
if not nickname:
nickname = user_obj.get('username', '')
user_obj['nickname'] = nickname
return render_template('layout.html',
navs=last_navs,
login_obj=user_obj,
name=name,
logo=logo)
def send_code():
username = session.get('username')
user_obj = admin_user.find_one({'username': username})
phone = user_obj.get('phone')
if phone:
msg_code = get_chars2(0, 6)
params_163 = '{"code":"' + msg_code + '"}'
response_json = send_sms_163(phone, params_163, '10859')
if response_json.get('code') == 200:
# 验证码存redis
redis_code.set(phone, msg_code, ex=int(60 * 5))
return jsonify({'code': 200, 'msg': u'成功'})
return jsonify({'code': 200, 'msg': u'成功'})
def _login():
"""
后台登录页面和接口
:return:
"""
# 获取登录IP和城市
ip, ip_area = get_ip_area()
if request.method == 'POST':
try:
data = request.get_data()
data = json.loads(data)
username = data.get('loginname')
password = data.get('password')
captcha = data.get('login_code')
except:
return jsonify({'code': 201, 'msg': u'参数错误'})
if not username or not captcha:
return jsonify({'code': 201, 'msg': u'缺少参数'})
temp_code = request.cookies.get('login_code')
s_captcha = crypt_obj.decrypt(temp_code)
if not s_captcha or captcha.lower() != s_captcha.lower():
return jsonify({'code': 202, 'msg': u'验证码不正确'})
user_obj = admin_user.find_one({'username': username})
if not user_obj:
return jsonify({'code': 202, 'msg': u'账户信息不正确'})
if user_obj.get('status') == 1:
return jsonify({'code': 202, 'msg': u'账号已被封禁,如有疑问请联系管理员'})
if not check_password_hash(user_obj.get('password'), password):
return jsonify({'code': 202, 'msg': u'密码不对'})
default_values = {
'user_id': str(user_obj.get('_id')),
'username': username,
'ip': ip,
'city': ip_area,
'created_time': timestamp_to_strftime(time.time())
}
login_log.insert_one(default_values)
session['username'] = username
user_key = crypt_obj.encrypt(
username.encode("utf-8") + '__' + str(int(time.time())))
redis_admin.set(user_key, username, ex=int(60 * 60 * 24))
resp = make_response(jsonify({'code': 200, 'msg': u'成功'}))
resp.set_cookie('admin_key', value=user_key)
return resp
return render_template('login/login.html')
def wrapper(*args, **kwargs):
username = session.get('username')
user_obj = admin_user.find_one({'username': username, 'status': 0})
if not user_obj:
return jsonify({'code': 230, 'msg': u'当前未登录,无法访问'})
for perm_name in permissions.split('|'):
role_id_list = user_role.find({
'user_id':
str(user_obj.get('_id'))
}).distinct('role_id')
result = role_authority.find_one({
'role_id': {
'$in': role_id_list
},
'authority': perm_name
})
if not result:
return jsonify({'code': 208, 'msg': u'您无此操作权限,如想操作请联系管理员'})
return func(*args, **kwargs)
def update():
_update = {}
data = {key: dict(request.form)[key][0] for key in dict(request.form)}
if not data:
data = request.get_json()
_id = data.get('_id')
if not _id or not ObjectId.is_valid(_id):
return jsonify({'code': 201, 'msg': u'参数错误'})
_obj = admin_user.find_one({'_id': ObjectId(_id)})
if not _obj:
return jsonify({'code': 202, 'msg': u'不存在'})
for key in default_values:
if key in data:
_values = data.get(key)
if _values:
# if isinstance(_values, str) or isinstance(_values, unicode):
if isinstance(_values, str):
_values = _values.strip()
if key in int_key:
try:
_values = int(_values)
except:
return jsonify({'code': 201, 'msg': u'参数错误'})
if _obj.get(key) != _values:
if key == 'password':
_values = generate_password_hash(_values)
_update.update({key: _values})
if _update:
_update.update({'updated_time': timestamp_to_strftime(time.time())})
try:
admin_user.update_one({'_id': ObjectId(_id)}, {'$set': _update})
return jsonify({'code': 200, 'msg': u'成功'})
except:
pass
else:
return jsonify({'code': 203, 'msg': u'无更新数据'})
return jsonify({'code': 204, 'msg': u'失败'})
},
{
'role_id': str(role_id),
'authority': 'system:get'
},
]
if role_authority.count({'role_id': str(role_id)}) == 0:
role_authority.insert_many(permissions)
user_dict = {
'username': u'yqf_admin',
'password': u'yiqifu%914@4185^6',
'real_name': u'易起富',
'phone': u'18926445436',
'status': 0,
'created_time': timestamp_to_strftime(time.time()),
'updated_time': timestamp_to_strftime(time.time())
}
user_dict['password'] = generate_password_hash(user_dict['password'])
user_id = admin_user.update_one({
'username': user_dict['username']
}, {
'$set': user_dict
},
upsert=True).upserted_id
if not user_id:
user_id = admin_user.find_one()['_id']
user_role_dict = {'user_id': str(user_id), 'role_id': str(role_id)}
user_role.update_one(user_role_dict, {'$set': user_role_dict}, upsert=True)
def revise_psw():
username = session.get('username')
user_obj = admin_user.find_one({'username': username})
del user_obj['_id']
return render_template('login/revise_psw.html', user_obj=user_obj)