def do(self): if request.method=="GET": appid=request.args.get("appid","") appsecret=request.args.get("appsecret","") if appid=="" or appsecret=="": return jsonify({"token":"null"}) else: from v1.db.DbHelper import DbHelper dh=DbHelper() user_token=dh.load("UserMapper","user_token") sql=dh.do("query",user_token).filter(user_token.appid==appid, user_token.appsecret==appsecret) getUser=sql.first() if getUser: import hashlib tokenstr=hashlib.sha256(appid+appsecret).hexdigest() import datetime now=datetime.datetime.now() starttime=now.strftime("%Y-%m-%d %H:%M:%S") endtime=now+datetime.timedelta(seconds=30) sql.update({"tokenstr":tokenstr,"starttime":starttime,"endtime":endtime}) dh.do("commit") return jsonify({"token":tokenstr}) else: return jsonify({"token":"null"})
def __token(*args): getToken=request.args.get("token") from v1.db.DbHelper import DbHelper dh=DbHelper() user_token=dh.load("UserMapper", "user_token") ret=dh.do("query",user_token).filter(user_token.tokenstr==getToken\ ,user_token.starttime<=datetime.datetime.now()\ ,user_token.endtime>=datetime.datetime.now()).first() if ret: # print ret.appid return func(*args,appid=ret.appid) else: return jsonify({"result":"access error"})
def __init__(self): self.dh=DbHelper()
class UserController(): dh=None cusor=None def __init__(self): self.dh=DbHelper() def userlist(self): #对应GET方法,获取用户列表 userid=request.args.get('userid','') if userid!='': return self.userinfo(userid) return 'userlist111' def userinfo(self,userid): #对应GET方法,获取用户信息, return 'userinfo,userid='+userid def adduser(self): #对应POST方法,添加用户 user_name=request.json.get('user_name') #redis判断用户是否存在 user=myredis.rs.hget("user_map",user_name) if user is not None: return jsonify(success=False,message='用户名/邮箱/手机号 已存在') #检查用户名的是否符合要求 reg_type=check_username(user_name) if reg_type is False: return jsonify(success=False,message='用户名不符合要求') user_pass=request.json.get('user_pass') user_pass=desEncrypt(bytes(user_pass)) #入库前加密密码 #_user_validate用户验证 默认0 未验证 1 已验证 学生角色的不需要验证 #_user_role 角色 1 学生 2 老师 3……待扩展 user_role=request.json.get('user_role','1') user_validate=1 if user_role=="1" else 0 user_email=user_name if reg_type==2 else "" user_phone=user_name if reg_type==3 else "" #注册成功的时候会直接生成一个token给新用户 access_token=generate_access_token() #使用ORM的情况 if is_use_orm: USER_MAP=self.dh.load("UserMapper","USER_MAP") USER_SYS=self.dh.load("UserMapper", "USER_SYS") #加载user_sys类 new_user=USER_SYS(user_name=user_name, user_email=user_email, user_phone=user_phone, user_pass=user_pass, user_role=user_role, user_validate=user_validate, user_access_token=access_token) self.dh.save(new_user) user_id=new_user.user_id if user_id: new_user_map=USER_MAP(user_name=user_name,user_id=user_id) self.dh.save(new_user_map) USER_LOG=self.dh.load("UserMapper", "USER_LOG") new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=1) self.dh.save(new_log) #使用存储过程 else: cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor) cursor.callproc('sp_user_reg',(user_name, user_email, user_phone, user_pass, user_role, request.remote_addr, access_token)) new_user=cursor.fetchone() cursor.close() self.dh.dbconn.commit() self.dh.dbconn.close() user_id=new_user['user_id'] #更新redis上的用户信息 myredis.rs.hset("user_map",user_name,user_id) myredis.rs.hmset("user:{user_id}".format(user_id=user_id),{"user_id":user_id, "user_name":str(user_name), "user_email":user_email, "user_phone":user_phone, "user_pass":user_pass, "user_role":user_role, "user_validate":user_validate, "user_last_login_ip":request.remote_addr, "user_last_login_time":time.time(), "user_error_times":0 }) myredis.rs.hset("userid_token",user_id,access_token) myredis.rs.hset("token_userid",access_token,user_id) return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message="注册成功") def updateuser(self): #对应PUT方法,更新用户信息 userid=request.form['userid'] return 'updateuser'+userid def deleteuser(self): #对应DELETE方法,删除用户 userid=request.form['userid'] return 'delete user' def userlogin(self): user_name=request.json.get("user_name") user_pass=request.json.get("user_pass") user_pass=desEncrypt(bytes(user_pass)) success=False message='登录成功' access_token=generate_access_token() #先从redis获取用户信息判断用户是否存在 user_id=myredis.rs.hget("user_map",user_name) if user_id is not None: user=myredis.rs.hgetall("user:{user_id}".format(user_id=user_id)) user_error_times=int(user['user_error_times']) user_last_login_time=float(user['user_last_login_time']) if user_error_times==5 : if (time.time()-user_last_login_time)>=86400: user_error_times=0 else: return jsonify(success=False,message="您已经连续登录失败5次,请24小时之后再来") else: return jsonify(success=False,message='用户不存在') if is_use_orm: USER_SYS=self.dh.load("UserMapper", "USER_SYS") USER_LOG=self.dh.load("UserMapper", "USER_LOG") user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).first() if user_pass==user.user_pass: if user.user_validate is True: #登录成功,将登录失败次数归0,同时记录用户登录日志 success=True user_error_times=0 user=self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_access_token':access_token,'user_error_times':user_error_times}) self.dh.dbsession.commit() new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=1) self.dh.save(new_log) else: new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=0) self.dh.save(new_log) message="用户未验证" else: #登录失败,将登录失败次数加1,同时记录用户登录日志 user_error_times+=1 self.dh.do("query",USER_SYS).filter_by(user_id=user_id).update({'user_error_times':user_error_times}) self.dh.dbsession.commit() new_log=USER_LOG(user_id=user_id, login_ip=request.remote_addr, login_status=0) self.dh.save(new_log) message="密码错误" else: cursor=self.dh.dbconn.cursor(cursorclass = MySQLdb.cursors.DictCursor) cursor.callproc('sp_user_login',(user_name,user_pass,request.remote_addr,access_token)) #登录成功返回一行用户信息,错误返回相关错误信息 user=cursor.fetchone() cursor.close() self.dh.dbconn.commit() self.dh.dbconn.close() message=user['message'] #登录成功 if user['result']=='success': user_error_times=0 success=True else: user_error_times+=1 #更新redis上的用户信息 myredis.rs.hmset('user:{user_id}'.format(user_id=user_id),{"user_last_login_ip":request.remote_addr, "user_last_login_time":time.time(), "user_error_times":user_error_times }) if success: #删除旧的token old_token=myredis.rs.hget("userid_token",user_id) if old_token: myredis.rs.hdel("token_userid",old_token) #更新token myredis.rs.hset("userid_token",user_id,access_token) myredis.rs.hset("token_userid",access_token,user_id) return jsonify(success=True,user_id=user_id,user_name=user_name,access_token=access_token,message=message) else: return jsonify(success=False,message=message) def userunlogin(self): return "userunlogin" def do(self): if request.method=='GET': return self.userlist() elif request.method=='POST': getaction=request.args.get("action",None) if getaction is not None: if getaction=="userlogin": return self.userlogin() elif getaction=="userunlogin": return self.userunlogin() elif getaction=='userreg': return self.adduser() return "找不到相关操作" elif request.method=='PUT': return self.updateuser() elif request.method=='DELETE': return self.deleteuser()