123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 |
- from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
- from werkzeug.security import check_password_hash
- from fastapi import APIRouter, Request, Response
- from fastapi import HTTPException, Header
- from fastapi.responses import JSONResponse
- from hub import methods, Global
- router = APIRouter()
- # mdb = Global.get_mongodb_client()
- # serializer = Serializer(secret_key='casper.com@2021', expires_in=86400 * 100) # debug
- serializer = Serializer(secret_key='casper.com@2021', expires_in=86400) # release
- def get_token_by_user(user):
- """生成token"""
- data = {
- 'id': user.get('uid'),
- 'username': user.get('username'),
- 'password': user.get('password'),
- }
- return serializer.dumps(data).decode('utf-8')
- @router.post('/token/api')
- async def get_token(request: Request, response: Response):
- """获取令牌"""
- methods.debug_log('api.get_token.28', f"#now at {methods.now_string()}, #ip: {request.client.host}")
- # --- check key --- # debug
- # node_api = NodeApi()
- # if not node_api.verify_key():
- # return JSONResponse(status_code=401, content=dict(message='not verified!', code=1))
- # --- get params ---
- params = await request.json()
- username = params.get('username')
- password = params.get('password')
- user = Global.mdb.get_one('User', {'username': username})
- if user:
- role_name = Global.mdb.get_one_by_id('UserRole', user.get('role_id')).get('role_name')
- else:
- role_name = ''
- # --- fail log---
- if not user:
- data = {
- 'username': username,
- 'is_login': 'Fail',
- 'role_name': role_name,
- 'login_at': methods.now_ts(),
- 'login_ip': request.client.host,
- }
- Global.mdb.add('UserLoginLog', data)
- code = 2
- elif not check_password_hash(user['password'], password):
- data = {
- 'username': username,
- 'is_login': 'Fail',
- 'role_name': role_name,
- 'login_at': methods.now_ts(),
- 'login_ip': request.client.host,
- }
- Global.mdb.add('UserLoginLog', data)
- code = 3
- else:
- data = {
- 'username': username,
- 'role_name': role_name,
- 'is_login': 'Pass',
- 'login_at': methods.now_ts(),
- 'login_ip': request.client.host,
- }
- Global.mdb.add('UserLoginLog', data)
- code = 0
- # --- 登录失败 ---
- if code:
- return JSONResponse(status_code=401, content=dict(message='unauthorized access!', code=code))
- # --- make token ---
- data = {
- 'id': str(user['_id']),
- 'username': user['username'],
- 'password': user['password'],
- }
- token = serializer.dumps(data).decode('utf-8')
- content = dict(message='authorization passed.', uid=str(user['_id']), role_name=role_name, code=0)
- headers = {'authorization': token}
- return JSONResponse(content=content, headers=headers)
- async def login_required(request: Request):
- """
- 检查登录token
- methods.debug_log('token.login_required.96', f"#code: {code}")
- """
- # --- check ---
- # if request.method == 'POST':
- # sources = await request.json()
- # tag = sources.get('tag', 'v1')
- # code = int(sources.get('code'))
- # # methods.debug_log('token.login_required', f"m-107: code -> {code} | token -> {token}")
- # if not token and tag == 'v3' and code in [1102, 8201]:
- # methods.debug_log('token.login_required', f"m-103: code -> {code}")
- # superuser = Global.mdb.get_one('User', {'username': 'admin'})
- # return {
- # 'uid': str(superuser.get('_id')),
- # 'username': 'admin',
- # 'password': 'admin',
- # 'role_id': superuser.get('role_id'),
- # 'skip_is': True,
- # }
- # --- check --- todo 屏蔽token验证,正常情况下应放开
- # if not token:
- # # raise HTTPException(status_code=401, detail='unauthorized access!')
- # raise HTTPException(status_code=401, headers=dict(message='unauthorized access!', code='4'))
- # --- fill --- todo 屏蔽token验证,正常情况下应放开
- # try:
- # data = serializer.loads(token)
- # user = Global.mdb.get_one_by_id('User', data['id'])
- # role_id = user.get('role_id')
- # # role_acl = Global.mdb.get_one_by_id('UserRole', role_id).get('role_acl')
- # return {
- # 'uid': data['id'],
- # 'username': data['username'],
- # 'password': data['password'],
- # 'role_id': role_id,
- # }
- # except Exception as e:
- # # raise HTTPException(status_code=401, detail='unauthorized access!')
- # raise HTTPException(status_code=401, headers=dict(message='unauthorized access!', code='5'))
- # todo 正常情况下应屏蔽
- return {'skip_is': True}
|