def wrapper(request, **kwargs) : if 'HTTP_DEVICE_ID' not in request.META : result = dict(success=False, message=u'device id is not in the request header') return HttpResponse(dumps(result)) if 'HTTP_SERVER_KEY' not in request.META : result = dict(success=False, message=u'server key is not in the request header') return HttpResponse(dumps(result)) device_id = request.META['HTTP_DEVICE_ID'] server_key = request.META['HTTP_SERVER_KEY'] key_cache = get_cache('user_key') saved_server_key = key_cache.get(device_id) if server_key != saved_server_key : result = dict(success=False, message=u'server key does not match') return HttpResponse(dumps(result)) user_session = get_cache('user_session') user_info = user_session.get(server_key) if not user_info : result = dict(success=False, message=u'need login') return HttpResponse(dumps(result)) user_info = loads(user_info) if not user_info['is_admin'] : result = dict(success=False, message=u'you are not an admin') return HttpResponse(dumps(result)) return f(request, **kwargs)
def get_user_id(meta) : # login한 상태를 가정하고 짠거기 때문에 결과에 취약 # 키의 2중화때문에 독이 될 수도 있다. key_cache = get_cache('user_key') user_session = get_cache('user_session') if 'HTTP_DEVICE_ID' not in meta : return None if 'HTTP_SERVER_KEY' not in meta : return None server_key = key_cache.get(meta['HTTP_DEVICE_ID']) if server_key != meta['HTTP_SERVER_KEY'] : return None user_info = loads(user_session.get(server_key)) if not user_info : return None return user_info['user_id']