def delete(self, id): room = Room.query.get(id) if room is None: return api_abort(422, 'room do not exit') if g.current_user is not room.owner: return api_abort(403, 'permission denied') db.session.delete(room) db.session.commit()
def put(self, id): # 采用装饰器确认是否有权限 room = Room.query.get(id) if room is None: return api_abort(422, 'room do not exit') if g.current_user is not room.owner: return api_abort(403, 'permission denied') data = room_put_reqparse.parse_args() data = room_put(data, room) return make_resp(data)
def signup(data): if User.query.filter_by(username=data['username']).first() is not None: return api_abort(401, 'username already exit') if User.query.filter_by(phone=data['phone']).first() is not None: return api_abort(401, 'phone already register') if not validate_code(data['phone'], data['verify_code'], 'create'): raise VerifyCodeError user = User(data['username'], data['password'], data['phone']) db.session.add(user) db.session.commit() g.current_user = user return user_schema(user)
def delete(self): message = Message.query.get_or_404(id) if message.author is not g.current_user: return api_abort(403, 'permission denied') if datetime.utcnow().timestamp() - message.timestamp.timestamp( ) >= 120: return api_abort(403, 'time limit excess') data = message_schema(message) db.session.delete(message) db.session.commit() return make_resp(data)
def get(self): action = request.args.get('action', None) phone = request.args.get('phone', None) if action is None or phone is None: return api_abort(400, 'action and phone is needed') code = random.randint(100001, 999999) if not check_time_interval(phone, 60): return api_abort(400, 'permission denied') send_message(phone, code) new_code = VerifyCode(code, phone, action) db.session.add(new_code) db.session.commit() return make_resp({})
def put(self, id): data = user_put_reqparse.parse_args() if data['verify_code'] is None: if data['password'] is not None or data['phone'] is not None: return api_abort(400, 'verify code is needed') data = user_put(data) return make_resp(data=data)
def decorated(*args, **kwargs): token_type, token = get_token() # Flask normally handles OPTIONS requests on its own, but in the # case it is configured to forward those to the application, we # need to ignore authentication headers and let the request through # to avoid unwanted interactions with CORS. if request.method != 'OPTIONS': if token_type is None: return api_abort(400, 'token missing') if token_type.lower() != 'bearer': return api_abort(400, 'The token type must be bearer.') if token is None: return token_missing() if not validate_token(token): raise InvalidTokenError return f(*args, **kwargs)
def put(self, id): message = Message.query.get_or_404(id) data = message_put_reqparse.parse_args() if message.author is not g.current_user: return api_abort(403, 'permission denied') message.content = data['content'] db.session.commit() return make_resp(message_schema(message))
def post(self): data = room_post_reqparse.parse_args() if Room.query.filter_by(name=data['name']).first() is not None: return api_abort(422, 'room name already exit') room = Room(data['name'], data['introduce']) room.owner.append(g.current_user) room.users.append(g.current_user) db.session.add(room) db.session.commit() return make_resp(room_schema(room))
def get(self, id): user = User.query.get(id) if user is None: return api_abort(422, 'user do not exit') if g.current_user.id != id: data = user_schema(user, False, False, False) else: data = user_schema(user) return make_resp(data)
def post(self): action = request.args.get('action', None) # validate password or refresh_token before generate token if action == 'get' or action is None: data = token_get_reqparse.parse_args() user = User.query.filter_by(username=data['username']).first() if user is None or not user.validate_password(data['password']): return api_abort( code=401, message='Either the username or password was invalid.') g.current_user = user elif action is 'refresh': # https://www.jianshu.com/p/25ab2f456904 data = token_refresh_reqparse.parse_args() if not validate_token(data['refresh_token']): raise InvalidTokenError else: return api_abort(401, 'unknown action') data = generate_token(g.current_user) response = jsonify(data) response.headers['Cache-Control'] = 'no-store' response.headers['Pragma'] = 'no-cache' return response
def delete(self, id): if len(g.current_user.rooms_owned) != 0: return api_abort(400, 'user owned some rooms') code = request.args.get('verify_code', None) data = user_delete(code) return make_resp(data)
def get(self, id): room = Room.query.get(id) if room is None: return api_abort(422, 'room do not exit') data = room_schema(room) return make_resp(data)