DigitalMgnt
/
tfse-admin-api-v0.2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

用户登录、在线检查 更改到v0.21版本

This commit is contained in:
王思川 2022-03-30 04:20:36 +08:00
parent ba3a7f2ded
commit d06cf544e2
4 changed files with 89 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
DBHelper/MongoHelper.py
View File

@ -172,6 +172,18 @@ class MongoHelper:
collection = self.client[param1][param2] collection = self.client[param1][param2]
collection.update_one(param3, {"$set": param4}) collection.update_one(param3, {"$set": param4})
def delete_single_data(self, param1, param2, param3):
"""
根据查询条件删除一条文档
param1: str 数据库
param2: str 数据集
param3: obj 查询条件
return: None
"""
collection = self.client[param1][param2]
collection.delete_one(param3)
return True
def find_file(self, param1, param2, param3): def find_file(self, param1, param2, param3):
""" """
读取一个文件 读取一个文件

32
user/user_auth.py
View File

@ -4,6 +4,7 @@ from flask import request
from itsdangerous import Serializer from itsdangerous import Serializer
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer, SignatureExpired, BadSignature from itsdangerous import TimedJSONWebSignatureSerializer as Serializer, SignatureExpired, BadSignature
from DBHelper.MongoHelper import MongoHelper
from user.user_db import FIND_DATA from user.user_db import FIND_DATA
TOKEN_KEY = "P0eHym@&CbaLzWkq" TOKEN_KEY = "P0eHym@&CbaLzWkq"
@ -26,23 +27,40 @@ def create_token(param):
def verify_token(func): def verify_token(func):
""" """
校验token 校验token
Returns: return:
返回token被解析后的值 type:str
desc: token被解析后的值
""" """
@functools.wraps(func) @functools.wraps(func)
def internal(*args, **kwargs): def internal(*args, **kwargs):
try: try:
# step 1.1
# 解析请求头传送的token
s = Serializer(TOKEN_KEY) s = Serializer(TOKEN_KEY)
session_id = s.loads(request.headers.get('token')) session_id = s.loads(request.headers.get('token'))
records = FIND_DATA("用户", "token记录", {"session_id": session_id}) # step 1.2
if not records: # 请求头中没有token参数 返回错误提示
if session_id is None:
return {"info": "缺少token"}, 401
# step 2.1
# token解析成功 从token记录中查询session_id对应的uid
db = MongoHelper("tfse_v0.21")
uid = db.find_single_column(
"管理端",
"token记录",
{"session_id": session_id},
"UID"
)
# step 2.2
# 根据session_id没有找到对应的uid 返回错误提示
if not uid:
return {"info": "提示: 账号已在别处登录"}, 401 return {"info": "提示: 账号已在别处登录"}, 401
uid = records[0]['UID']
except TypeError: except TypeError:
return {"info": "缺少token"}, 401 return {"info": "异常token"}, 401
except KeyError: except KeyError:
return {"info": "异常token"}, 401 return {"info": "异常token"}, 401
except BadSignature: except BadSignature:

63
user/user_impl.py
View File

@ -6,7 +6,7 @@ import random
import requests import requests
from werkzeug.security import generate_password_hash, check_password_hash from werkzeug.security import generate_password_hash, check_password_hash
from DBHelper.MongoHelper import MongoHelper
from user.user_auth import create_token from user.user_auth import create_token
from user.user_utils import check_mail_fmt, check_pwd_fmt, decrypt_data from user.user_utils import check_mail_fmt, check_pwd_fmt, decrypt_data
from user.user_db import INSERT_DATA, FIND_DATA, UPSERT_DATA, DELETE_DATA, FIND_DATA_PAGE, UPDATE_INFO from user.user_db import INSERT_DATA, FIND_DATA, UPSERT_DATA, DELETE_DATA, FIND_DATA_PAGE, UPDATE_INFO
@ -99,7 +99,14 @@ def create_user_impl(email, name, pwd, role):
def login_impl(email, pwd, vcode): def login_impl(email, pwd, vcode):
user_info = FIND_DATA('用户', '用户信息', {"email": email}) db = MongoHelper("tfse_v0.21")
user_info = db.find_single_data(
"管理端",
"用户",
{"email": email},
["UID", "name", "pwd", "status", "role"]
)
def check_email(): def check_email():
if not user_info: if not user_info:
@ -109,28 +116,37 @@ def login_impl(email, pwd, vcode):
return True return True
def check_disable(): def check_disable():
if user_info[0]['status'] != 'normal': if user_info['status'] != 'normal':
return "账户已禁用" return "账户已禁用"
return True return True
def check_vcode(): def check_vcode():
records = FIND_DATA("用户", "验证记录", {"email": email}) record = db.find_single_data(
"管理端",
"用户",
{"email": email},
["vcode", "timestamp"]
)
if len(records) == 0: if not record:
return "无验证信息" return "无验证信息"
if records[0]['vcode'] != vcode: if record['vcode'] != vcode:
return "验证码错误" return "验证码错误"
if time.time() - records[0]['timestamp'] > 300: if time.time() - record['timestamp'] > 300:
return "验证码过期" return "验证码过期"
DELETE_DATA("用户", "验证记录", {"email": email}) db.delete_single_data(
"管理端",
"邮箱验证码记录",
{"email": email}
)
return True return True
def check_pwd(): def check_pwd():
hash_pwd = user_info[0]['pwd'] hash_pwd = user_info['pwd']
try: try:
if not check_password_hash(hash_pwd, decrypt_data(encrypt_msg=pwd)): if not check_password_hash(hash_pwd, decrypt_data(encrypt_msg=pwd)):
return "密码错误" return "密码错误"
@ -139,7 +155,7 @@ def login_impl(email, pwd, vcode):
return True return True
def make_menus(): def make_menus():
role = user_info[0]['role'] role = user_info['role']
with open(os.path.abspath(os.path.dirname(__file__)+'/static/menus.json'), "r", encoding='utf-8') as f: with open(os.path.abspath(os.path.dirname(__file__)+'/static/menus.json'), "r", encoding='utf-8') as f:
duties = json.load(f) duties = json.load(f)
@ -151,17 +167,24 @@ def login_impl(email, pwd, vcode):
session_id = '' session_id = ''
for i in range(4): for i in range(4):
session_id += random.choice(choices) session_id += random.choice(choices)
UPSERT_DATA("用户", "token记录", {"UID": user_info[0]['UID']}, {"session_id": session_id})
db.update_single_data(
"管理端",
"token记录",
{"UID": user_info['UID']},
{"session_id": session_id}
)
return session_id return session_id
def make_result_data(): def make_login_return_data():
res_data = dict() return_data = dict()
res_data['name'] = user_info[0]["name"] return_data['name'] = user_info["name"]
res_data['token'] = create_token(make_session_id()) return_data['token'] = create_token(make_session_id())
res_data['menus'] = make_menus() return_data['menus'] = make_menus()
return res_data return return_data
def start_impl(): def __main__():
result = check_email() result = check_email()
if result is not True: if result is not True:
return result return result
@ -178,9 +201,9 @@ def login_impl(email, pwd, vcode):
if result is not True: if result is not True:
return result return result
return make_result_data() return make_login_return_data()
return start_impl() return __main__()
def send_vcode_to_user_impl(email): def send_vcode_to_user_impl(email):

18
user/user_routes.py
View File

@ -6,6 +6,15 @@ from user.user_auth import verify_token, authority_scope
user_route = Blueprint('user', __name__) user_route = Blueprint('user', __name__)
@user_route.route('/online_check', methods=['GET'])
@verify_token
def online_check_route(**kwargs):
"""
在线检查检查token是否有效
"""
return {"info": "正常"}, 200
@user_route.route('/send_vcode_to_user', methods=['POST']) @user_route.route('/send_vcode_to_user', methods=['POST'])
def send_vcode_to_user_route(): def send_vcode_to_user_route():
""" """
@ -37,15 +46,6 @@ def login_route():
return {"info": result}, 200 return {"info": result}, 200
@user_route.route('/online_check', methods=['GET'])
@verify_token
def online_check_route(**kwargs):
"""
在线检查检查token是否有效
"""
return {"info": "正常"}, 200
@user_route.route('/create_user', methods=['POST']) @user_route.route('/create_user', methods=['POST'])
@verify_token @verify_token
@authority_scope(['admin']) @authority_scope(['admin'])