2021-11-29 17:38:50 +08:00
|
|
|
|
import functools
|
2021-12-01 01:18:23 +08:00
|
|
|
|
import time
|
|
|
|
|
|
|
2021-11-29 17:38:50 +08:00
|
|
|
|
from flask import request
|
|
|
|
|
|
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer, BadSignature, SignatureExpired
|
|
|
|
|
|
|
2021-12-01 01:18:23 +08:00
|
|
|
|
from common.rsa import decrypt_data
|
2022-02-15 15:14:47 +08:00
|
|
|
|
from user.user_db import FIND_FID_IN_RATING_RECORD
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_token(param):
|
|
|
|
|
|
"""
|
|
|
|
|
|
创建token
|
|
|
|
|
|
Parameters:
|
|
|
|
|
|
param: 传入参数,用于创建token
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
token: 用户访问令牌
|
|
|
|
|
|
"""
|
|
|
|
|
|
secret_key = '0FTuOi^#Afx1@2@F'
|
|
|
|
|
|
token_expire = 14400
|
|
|
|
|
|
s = Serializer(secret_key, expires_in=token_expire)
|
|
|
|
|
|
token = '' + s.dumps(param).decode('ascii')
|
|
|
|
|
|
return token
|
2021-11-29 17:38:50 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_token(func):
|
|
|
|
|
|
"""
|
|
|
|
|
|
校验token
|
|
|
|
|
|
"""
|
2022-02-09 13:53:10 +08:00
|
|
|
|
secret_key = '0FTuOi^#Afx1@2@F'
|
2021-11-29 17:38:50 +08:00
|
|
|
|
|
|
|
|
|
|
@functools.wraps(func)
|
2021-12-01 01:18:23 +08:00
|
|
|
|
def internal(*args, **kwargs):
|
2021-11-29 17:38:50 +08:00
|
|
|
|
# 检查token
|
|
|
|
|
|
try:
|
|
|
|
|
|
token = request.headers.get('token')
|
2022-02-09 13:53:10 +08:00
|
|
|
|
s = Serializer(secret_key)
|
2021-12-01 01:18:23 +08:00
|
|
|
|
cid = s.loads(token)['cid']
|
2021-11-29 17:38:50 +08:00
|
|
|
|
except TypeError:
|
|
|
|
|
|
return {"info": "参数错误"}, 401
|
|
|
|
|
|
except KeyError:
|
|
|
|
|
|
return {"info": "参数错误"}, 401
|
|
|
|
|
|
except BadSignature:
|
|
|
|
|
|
return {"info": "token错误"}, 401
|
|
|
|
|
|
except SignatureExpired:
|
|
|
|
|
|
return {"info": "token过期"}, 401
|
|
|
|
|
|
# 通过以上检查 返回原函数
|
2021-12-01 01:18:23 +08:00
|
|
|
|
return func(*args, **kwargs, cid=cid)
|
2021-11-29 17:38:50 +08:00
|
|
|
|
|
|
|
|
|
|
# 返回包装函数结果
|
|
|
|
|
|
return internal
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def check_block(func):
|
|
|
|
|
|
"""
|
|
|
|
|
|
检查滑块是否通过
|
|
|
|
|
|
|
|
|
|
|
|
注: 前端发送的滑块校验码是rsa加密的时间戳,若时间戳间隔小于3秒则校验通过
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
|
|
@functools.wraps(func)
|
2021-12-01 01:18:23 +08:00
|
|
|
|
def internal(*args, **kwargs):
|
2021-11-29 17:38:50 +08:00
|
|
|
|
try:
|
|
|
|
|
|
verify_code = decrypt_data(encrypt_msg=request.headers.get('block'))
|
2021-12-01 01:18:23 +08:00
|
|
|
|
if (time.time() - float(verify_code)/1000) > 3:
|
2021-11-29 17:38:50 +08:00
|
|
|
|
return {"info": "滑块校验失败"}, 400
|
|
|
|
|
|
except TypeError:
|
|
|
|
|
|
return {"info": "缺少滑块验证"}, 400
|
|
|
|
|
|
except ValueError:
|
|
|
|
|
|
return {"info": "滑块验证异常"}, 400
|
|
|
|
|
|
return func(*args, **kwargs)
|
2021-12-01 01:18:23 +08:00
|
|
|
|
return internal
|
2022-02-15 15:14:47 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_report_view_auth(func):
|
|
|
|
|
|
"""
|
|
|
|
|
|
检查是否具有报告查看权限
|
|
|
|
|
|
"""
|
|
|
|
|
|
@functools.wraps(func)
|
|
|
|
|
|
def internal(*args, **kwargs):
|
|
|
|
|
|
|
|
|
|
|
|
file_id = request.args.get('file_id')
|
|
|
|
|
|
|
|
|
|
|
|
records = FIND_FID_IN_RATING_RECORD(kwargs['cid'])
|
|
|
|
|
|
|
|
|
|
|
|
if not records:
|
|
|
|
|
|
return {"info": "没有找到文件"}, 404
|
|
|
|
|
|
|
|
|
|
|
|
file_id_pool = list()
|
|
|
|
|
|
for record in records:
|
|
|
|
|
|
for a_file_id in list(record.values()):
|
|
|
|
|
|
file_id_pool.append(a_file_id)
|
|
|
|
|
|
|
|
|
|
|
|
if file_id not in file_id_pool:
|
|
|
|
|
|
return {"info": "没有文件访问权限"}, 401
|
|
|
|
|
|
|
|
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
|
|
return internal
|
