2022-02-11 11:24:28 +08:00
|
|
|
|
import functools
|
|
|
|
|
|
|
|
|
|
from flask import request
|
|
|
|
|
from itsdangerous import Serializer
|
|
|
|
|
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer, SignatureExpired, BadSignature
|
|
|
|
|
|
|
|
|
|
from user.user_db import FIND_DATA
|
|
|
|
|
|
|
|
|
|
TOKEN_KEY = "P0eHym@&CbaLzWkq"
|
|
|
|
|
TOKEN_EXPIRE = 60*60*8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_token(param):
|
|
|
|
|
"""
|
|
|
|
|
创建token
|
|
|
|
|
Parameters:
|
|
|
|
|
param: 传入参数,用于创建token
|
|
|
|
|
Returns:
|
|
|
|
|
token: 用户访问令牌
|
|
|
|
|
"""
|
|
|
|
|
s = Serializer(TOKEN_KEY, expires_in=TOKEN_EXPIRE)
|
|
|
|
|
token = '' + s.dumps(param).decode('ascii')
|
|
|
|
|
return token
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_token(func):
|
|
|
|
|
"""
|
|
|
|
|
校验token
|
|
|
|
|
Returns:
|
|
|
|
|
返回token被解析后的值
|
|
|
|
|
"""
|
|
|
|
|
@functools.wraps(func)
|
|
|
|
|
def internal(*args, **kwargs):
|
|
|
|
|
try:
|
|
|
|
|
s = Serializer(TOKEN_KEY)
|
|
|
|
|
session_id = s.loads(request.headers.get('token'))
|
|
|
|
|
|
|
|
|
|
records = FIND_DATA("用户", "token记录", {"session_id": session_id})
|
|
|
|
|
if not records:
|
|
|
|
|
return {"info": "提示: 账号已在别处登录"}, 401
|
|
|
|
|
|
|
|
|
|
uid = records[0]['UID']
|
|
|
|
|
|
|
|
|
|
except TypeError:
|
|
|
|
|
return {"info": "缺少token"}, 401
|
|
|
|
|
except KeyError:
|
|
|
|
|
return {"info": "异常token"}, 401
|
|
|
|
|
except BadSignature:
|
|
|
|
|
return {"info": "错误token"}, 401
|
|
|
|
|
except SignatureExpired:
|
|
|
|
|
return {"info": "过期token"}, 401
|
|
|
|
|
return func(*args, **kwargs, uid=uid)
|
|
|
|
|
return internal
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def authority_scope(scope):
|
|
|
|
|
def decorate(func):
|
|
|
|
|
@functools.wraps(func)
|
|
|
|
|
def internal(*args, ** kwargs):
|
|
|
|
|
|
|
|
|
|
records = FIND_DATA("用户", "用户信息", {"UID": kwargs['uid']})
|
|
|
|
|
|
|
|
|
|
if not records:
|
2022-02-11 16:55:22 +08:00
|
|
|
|
return {"info": "提示: 账户不存在"}, 401
|
2022-02-11 11:24:28 +08:00
|
|
|
|
|
|
|
|
|
if records[0]['status'] != "normal":
|
2022-02-11 16:55:22 +08:00
|
|
|
|
return {"info": "提示: 账户已被禁用"}, 401
|
2022-02-11 11:24:28 +08:00
|
|
|
|
|
|
|
|
|
if records[0]['role'] not in scope:
|
2022-02-11 16:55:22 +08:00
|
|
|
|
return {"info": "提示: 没有此项操作权限"}, 401
|
2022-02-11 11:24:28 +08:00
|
|
|
|
|
|
|
|
|
return func(*args, ** kwargs)
|
|
|
|
|
return internal
|
|
|
|
|
return decorate
|