From df82f59297f3eb041ba8828bb0a20905cf62fc3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B0=A2=E6=80=9D=E6=80=A1?= <912465467@qq.com>
Date: Tue, 16 May 2023 14:46:57 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9Etoken=E9=89=B4=E6=9D=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/account_service.py |  5 +++++
 app/api_bp.py          | 27 ++++++++++++++++-----------
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/app/account_service.py b/app/account_service.py
index 635f527..997758d 100644
--- a/app/account_service.py
+++ b/app/account_service.py
@@ -1,9 +1,11 @@
 from flask import *
+
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
 
 # 初始化蓝图
 accountService = Blueprint("accountService", __name__)
 
+
 ### Sign-up, login, logout ###
 @accountService.route("/signup", methods=['GET', 'POST'])
 def signup():
@@ -34,6 +36,7 @@ def signup():
                 session['logged_in'] = True
                 session[username] = username
                 session['username'] = username
+                session['token'] = "70620F32A9DC965FCCF0447B674AA161"
                 session['expiry_date'] = get_expiry_date(username)
                 session['articleID'] = None
                 return render_template('signup_success.html', username=username)
@@ -68,6 +71,7 @@ def login():
             session['logged_in'] = True
             session[username] = username
             session['username'] = username
+            session['token'] = "70620F32A9DC965FCCF0447B674AA161"
             user_expiry_date = get_expiry_date(username)
             session['expiry_date'] = user_expiry_date
             session['existing_articles'] = None
@@ -84,6 +88,7 @@ def logout():
     '''
     # 将session标记为登出状态
     session['logged_in'] = False
+    session["token"] = None
     return redirect(url_for('mainpage'))
 
 
diff --git a/app/api_bp.py b/app/api_bp.py
index 59e2113..bf54295 100644
--- a/app/api_bp.py
+++ b/app/api_bp.py
@@ -1,6 +1,6 @@
 import json
 
-from flask import Blueprint
+from flask import Blueprint, session
 
 import pickle_idea2
 
@@ -24,15 +24,20 @@ def helper(res, result):
 
 @api_blue.route('/json/<username>', methods=['GET'])
 def api_bp(username):
-    # 获取session里的用户名
-    result = []
-    user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
-    s = pickle_idea2.load_record(user_freq_record)
-    wordlist = helper(s, result)
-    print(json.dumps(s))
-    results = {}
+    # 获取session里的用户名,必须携带token
+    token = session.get("token")
+    if token == "70620F32A9DC965FCCF0447B674AA161":
+        result = []
+        user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
+        s = pickle_idea2.load_record(user_freq_record)
+        wordlist = helper(s, result)
+        print(json.dumps(s))
+        results = {}
 
-    for word in wordlist:
-        results[word] = len(s[word])
+        for word in wordlist:
+            results[word] = len(s[word])
 
-    return results
+        return results
+
+    else:
+        print("无效的token")