def post(self):
"""
用户注册
:return:
"""
# 1.0 获取注册参数
user_type = _USER_TYPE_BORROW
argument_dict, aes_share_key, aes_nonce = self.get_argument_dict(
must_keys=[
'user_mobile', 'vcode', 'password', 'register_signature'
],
check_token=False,
invariable_key=True,
api_type=user_type,
request_type=_REQUEST_TYPE_REGISTER)
user_mobile = argument_dict['user_mobile']
vcode = argument_dict['vcode']
password = argument_dict['password']
register_signature = argument_dict['register_signature']
vcode_service = VcodeService(aes_share_key=aes_share_key,
aes_nonce=aes_nonce)
# 2.0 校验touken
vcode_service.check_register_signature(register_signature)
# 3.0 检查验证码有效性
vcode_service.check_vcode(vcode,
_VCODE_REGISTER,
user_mobile,
user_type=user_type)
user_service = UserBaseService(aes_share_key=aes_share_key,
aes_nonce=aes_nonce)
# 4.0 处理用户注册逻辑
result = user_service.register(user_mobile,
password,
0,
user_type=user_type)
if ('status' not in result) or result['status'] != "true":
return result, aes_share_key, aes_nonce
# 5.0 注册后直接登录
login_result = user_service.login(user_mobile, password, user_type)
result = dict(result, **login_result)
return result, aes_share_key, aes_nonce
def check_form_token(self, token):
vcode_service = VcodeService()
# 2.0 校验token
return vcode_service.check_register_signature(token,
direct_error=False)
def get_argument_dict(self,
must_keys=None,
format_str=False,
format_keys=True,
format_eval=True,
verify_timeliness=True,
encrypt=True,
check_token=True,
invariable_key=True,
check_form_token=False,
is_transfer=False,
api_type=_USER_TYPE_INVEST,
request_type=_REQUEST_TYPE_LOGIN,
decode_by_inner=_DECODE_TYPE_DEFAULT,
check_user_id=False):
"""
:param must_keys: 必须含有的key
:param format_str: str格式化
:param format_keys: keys格式化
:param format_eval:
:param verify_timeliness: 校验时效性
:param encrypt: 是否加密
:param check_token: 是否校验token
:param invariable_key: 是否采用默认的sharekey解密
:param check_form_token: 是否校验表单的随机字符串
:param is_transfer: 是否是通过usercenter传递数据到其他平台
:param api_type: 访问接口的用户类型
:param request_type: 请求的类型:注册、登陆前、登陆后
:param decode_by_inner: 是否采用内网的sharekey解析
:param check_user_id: 是否校验userid的正确性
:return:
"""
env = get_conf('env')
if env == 'dev' and get_conf('close_all_aes'):
# 测试环境,关所有校验的函数头
verify_timeliness = False
encrypt = False
check_token = False
invariable_key = False
check_form_token = False
try:
# 1. 校验时效性
if not verify_timeliness:
request_header = request.headers
source = request_header.get("Source", _SOURCE_TYPE_1)
else:
'''
# 校验实效性,需要header中存在如下参数 Timestamp, Signature, Nonce, Source
'''
redis_tools = RedisTools()
request_header = request.headers
# 1.0 判断时间是否在请求限制时间内
timestamp = request_header.get("Timestamp", '0')
df_timestamp = abs(int(time.time()) - int(timestamp))
if df_timestamp > 6000 or df_timestamp < 0:
self.return_error(10005)
# 2.0 检查signature是否在redis中,防止重复请求
c_signature = request_header.get("Signature")
if redis_tools.exists(c_signature):
self.return_error(10003)
# 3.0 验证c_signature合理性
nonce = request_header.get("Nonce", '')
source = request_header.get("Source", _SOURCE_TYPE_1)
if nonce == '' or source == '':
self.return_error(10006)
s_signature = sha256_hex(
str(timestamp) + str(nonce) + str(source))
self.logger.info('check signature ' + str(timestamp) + ' ' +
str(nonce) + ' ' + str(source) + ' ' +
str(s_signature) + ' ' + str(c_signature))
if s_signature != c_signature:
self.return_error(10004)
# 4.0 将c_signature存到redis中
redis_tools.set(name=c_signature, value="c_signature", ex=60)
content = self.get_request_content()
share_key, nonce = None, None
# 2.1 不解密解析,仅开发环境生效
if not encrypt:
decrypt_content = content
if 'data' in content and isinstance(content['data'], dict):
for k, v in content['data'].items():
content[k] = v
del content['data']
if check_token:
# 2.0 获取用户信息
ts = ApiTokenService(
aes_share_key=share_key,
aes_nonce=nonce).check_access_token_by_user_id(
decrypt_content, api_type)
if not ts:
self.return_error(10035)
else:
if 'data' not in content.keys():
self.return_error(10008)
delete_user_id = False
if is_transfer and content['user_mobile'] == '':
invariable_key = False
check_token = False
decode_by_inner = _DECODE_TYPE_DEFAULT
delete_user_id = True
# 2.2 使用指定秘钥解密
if invariable_key:
decrypt_content, share_key, nonce = self.decrypt_request_content(
content,
check_token=check_token,
api_type=api_type,
request_type=request_type,
check_user_id=check_user_id,
source=source)
else:
decrypt_content, share_key, nonce = self.decrypt_request_content_with_invariable_key(
content,
check_token=check_token,
api_type=api_type,
decode_by_inner=decode_by_inner,
source=source)
if delete_user_id:
decrypt_content['user_id'] = ''
# 3 规范入参
request_args = formate_args(decrypt_content, format_str,
format_keys, format_eval)
self.logger.info("request_args解析后:" + str(request_args))
# 4 确保表单有效性
if check_form_token:
if 'form_token' not in request_args:
self.return_error(10046)
vcode_service = VcodeService(aes_share_key=share_key,
aes_nonce=nonce)
# 2.0 校验token
vcode_service.check_register_signature(
request_args['form_token'])
request_args.pop('form_token')
# 5 校验是否包含规定的参数
if must_keys:
for key in must_keys:
if key not in request_args:
error_msg = "请求缺少 [%s] 参数" % key
self.return_error(10048, error_msg=error_msg)
return request_args, share_key, nonce
except InvalidUsageException as error:
raise_logger(error.error_msg, error_code=error.error_code)
raise error
except OperateUsageException as error:
raise error
except Exception as error:
raise_logger(str(error), error_code=10022)
self.return_error(10022)
