def cookie2user(cookie_str):
'''
Parse cookie and load user if cookie is valid.
'''
if not cookie_str:
return None
try:
L = cookie_str.split('-')
if len(L) != 3:
return None
uid, expires, sha1 = L
if int(expires) < time.time():
return None
user = yield from User.find(uid)
if user is None:
return None
s = '%s-%s-%s-%s' % (uid, user.passwd, expires, _COOKIE_KEY)
if sha1 != hashlib.sha1(s.encode('utf-8')).hexdigest():
logging.info('invalid sha1')
return None
user.passwd = '******'
return user
except Exception as e:
logging.exception(e)
return None
def block_user(username, user, session):
target = User.find(username=username)
if not user:
abort(404)
user.block(target)
return response({'blocked': True})
def new_msg(cls, sender_id, recipient_id, text):
"""
when a user sends a new message to the server
:param sender_id: sender's id
:param recipient_id: recipient (group/user) id
:param text: message's text
:return:
"""
sender = User.find(id=sender_id)
sender_sid = cls.get_user_sid(sender.id)
if is_group(recipient_id):
recipient_group = Group.find(id=recipient_id)
if not recipient_group:
raise Exception('recipient was not found')
if not recipient_group.has_user(sender):
raise Exception('user is not a member of this group')
cls._broadcast_group(sender, sender_sid,
recipient_group, text)
elif is_user(recipient_id):
recipient = User.find(id=recipient_id)
if not sender.is_friends(recipient):
raise Exception('user is not friends with recipient')
if recipient.blocked(sender):
raise Exception('recipient has blocked you')
if not recipient:
raise Exception('recipient was not found')
cls._broadcast_user(sender, sender_sid, recipient,
text)
else:
raise Exception('bad recipient id')
def unfriend_user(username, user, session):
friend = User.find(username=username)
if not user:
abort(404)
if not user.is_friends(friend):
return error_response('user is not a friend')
user.unfriend(friend)
return response({'unfriended': True})
def friend_user(username, user, session):
friend = User.find(username=username)
if not user:
abort(404)
if friend.is_blocked(user):
return error_response('you have been blocked by user')
user.friend(friend)
return response({'added': True, 'friend': friend.make_json()})
def unblock_user(username, user, session):
target = User.find(username=username)
if not user:
abort(404)
if not user.is_blocked(target):
return error_response('user is not blocked')
user.unblock(target)
return response({'unblocked': True})
def saveManagerInfo(id, *, image, blogName, blogDescription, ownName,
ownDescription, githubSite):
user = yield from User.find(id)
if user:
# user.image = image
user.blogName = blogName
user.blogDescription = blogDescription
user.ownName = ownName
user.ownDescription = ownDescription
user.githubSite = githubSite
yield from user.update()
def verify_phone():
"""
initialize a new phone verification
"""
json = request.json
if 'phone' not in json:
abort(400)
phone = json['phone']
TextAPI.begin_auth(phone)
user = User.find(phone_num=phone)
return jsonify({'ok': True, 'signed_up': user is not None})
def wrapper(*args, **kwargs):
auth = request.headers.get('Authorization')
if not auth:
abort(401)
method, token = auth.split()
if method != 'bearer' or not token:
abort(401)
session = Session.find(token=token)
if not session:
abort(401)
user = User.find(id=session.user_id)
return func(user=user, session=session, *args, **kwargs)
def register():
"""
verify user's phone number and
authenticate with a new token
:return:
"""
json = request.json
schema = Schema(
{
"first_name": str,
"username": str,
"token": str,
"phone": str,
Optional('last_name'): str
},
ignore_extra_keys=True)
try:
schema.validate(request.json)
except SchemaError as err:
return response(err.code)
last_name = None
if 'last_name' in json:
last_name = json['last_name']
first_name = json['first_name']
username = json['username']
token = json['token']
phone = json['phone']
if User.find(username=username):
return error_response("username already exists")
if not TextAPI.verify_auth(phone, token):
return error_response('invalid phone authentication')
user = User.new(first_name, last_name, username, phone)
session = Session.new(user.id)
return response({'user': user.make_json(), 'session': session.make_json()})
def login():
"""
verify user's phone number and login
the user
"""
json = request.json
schema = Schema({"token": str, "phone": str}, ignore_extra_keys=True)
try:
schema.validate(request.json)
except SchemaError as err:
return response(err.code)
token = json['token']
phone = json['phone']
if not TextAPI.verify_auth(phone, token):
return error_response('invalid phone authentication')
user = User.find(phone_num=phone)
if not user:
return error_response('user is not registered')
session = Session.new(user.id)
return response({'user': user.make_json(), 'session': session.make_json()})
def find_user(username, user, session):
user = User.find(username=username)
if not user:
abort(404)
return response({'user': user.make_json()})