def adduser(self): #对应POST方法,添加用户
user_name=request.json.get('user_name')
#redis判断用户是否存在
user=myredis.rs.hget("user_map",user_name)
if user is not None:
return jsonify(success=False,message='用户名/邮箱/手机号 已存在')
#检查用户名的是否符合要求
reg_type=check_username(user_name)
if reg_type is False:
return jsonify(success=False,message='用户名不符合要求')
user_pass=request.json.get('user_pass')
user_pass=desEncrypt(bytes(user_pass)) #入库前加密密码
#_user_validate用户验证 默认0 未验证 1 已验证 学生角色的不需要验证
#_user_role 角色 1 学生 2 老师 3……待扩展
user_role=request.json.get('user_role','1')
user_validate=1 if user_role=="1" else 0
user_email=user_name if reg_type==2 else ""
user_phone=user_name if reg_type==3 else ""
#注册成功的时候会直接生成一个token给新用户
access_token=generate_access_token()
#使用ORM的情况
if is_use_orm:
USER_MAP=self.dh.load("UserMapper","USER_MAP")
USER_SYS=self.dh.load("UserMapper", "USER_SYS") #加载user_sys类
new_user=USER_SYS(user_name=user_name,
user_email=user_email,
user_phone=user_phone,
user_pass=user_pass,
user_role=user_role,
user_validate=user_validate,
user_access_token=access_token)
self.dh.save(new_user)
user_id=new_user.user_id
if user_id:
new_user_map=USER_MAP(user_name=user_name,user_id=user_id)
self.dh.save(new_user_map)
USER_LOG=self.dh.load("UserMapper", "USER_LOG")
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=1)
self.dh.save(new_log)
#使用存储过程
else:
cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor)
cursor.callproc('sp_user_reg',(user_name,
user_email,
user_phone,
user_pass,
user_role,
request.remote_addr,
access_token))
new_user=cursor.fetchone()
cursor.close()
self.dh.dbconn.commit()
self.dh.dbconn.close()
user_id=new_user['user_id']
#更新redis上的用户信息
myredis.rs.hset("user_map",user_name,user_id)
myredis.rs.hmset("user:{user_id}".format(user_id=user_id),{"user_id":user_id,
"user_name":str(user_name),
"user_email":user_email,
"user_phone":user_phone,
"user_pass":user_pass,
"user_role":user_role,
"user_validate":user_validate,
"user_last_login_ip":request.remote_addr,
"user_last_login_time":time.time(),
"user_error_times":0
})
myredis.rs.hset("userid_token",user_id,access_token)
myredis.rs.hset("token_userid",access_token,user_id)
return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message="注册成功")
def userlogin(self):
user_name=request.json.get("user_name")
user_pass=request.json.get("user_pass")
user_pass=desEncrypt(bytes(user_pass))
success=False
message='登录成功'
access_token=generate_access_token()
#先从redis获取用户信息判断用户是否存在
user_id=myredis.rs.hget("user_map",user_name)
if user_id is not None:
user=myredis.rs.hgetall("user:{user_id}".format(user_id=user_id))
user_error_times=int(user['user_error_times'])
user_last_login_time=float(user['user_last_login_time'])
if user_error_times==5 :
if (time.time()-user_last_login_time)>=86400:
user_error_times=0
else:
return jsonify(success=False,message="您已经连续登录失败5次,请24小时之后再来")
else:
return jsonify(success=False,message='用户不存在')
if is_use_orm:
USER_SYS=self.dh.load("UserMapper", "USER_SYS")
USER_LOG=self.dh.load("UserMapper", "USER_LOG")
user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).first()
if user_pass==user.user_pass:
if user.user_validate is True:
#登录成功,将登录失败次数归0,同时记录用户登录日志
success=True
user_error_times=0
user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_access_token':access_token,'user_error_times':user_error_times})
self.dh.dbsession.commit()
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=1)
self.dh.save(new_log)
else:
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=0)
self.dh.save(new_log)
message="用户未验证"
else:
#登录失败,将登录失败次数加1,同时记录用户登录日志
user_error_times+=1
self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_error_times':user_error_times})
self.dh.dbsession.commit()
new_log=USER_LOG(user_id=user_id,
login_ip=request.remote_addr,
login_status=0)
self.dh.save(new_log)
message="密码错误"
else:
cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor)
cursor.callproc('sp_user_login',(user_name,user_pass,request.remote_addr,access_token))
#登录成功返回一行用户信息,错误返回相关错误信息
user=cursor.fetchone()
cursor.close()
self.dh.dbconn.commit()
self.dh.dbconn.close()
message=user['message']
#登录成功
if user['result']=='success':
user_error_times=0
success=True
else:
user_error_times+=1
#更新redis上的用户信息
myredis.rs.hmset('user:{user_id}'.format(user_id=user_id),{"user_last_login_ip":request.remote_addr,
"user_last_login_time":time.time(),
"user_error_times":user_error_times
})
if success:
#删除旧的token
old_token=myredis.rs.hget("userid_token",user_id)
if old_token:
myredis.rs.hdel("token_userid",old_token)
#更新token
myredis.rs.hset("userid_token",user_id,access_token)
myredis.rs.hset("token_userid",access_token,user_id)
return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message=message)
else:
return jsonify(success=False,message=message)
