新增token鉴权

优化了原来同学的代码格式
Optimized HTML tags
2023-05-16 14:46:57 +08:00 · 2023-05-06 19:08:45 +08:00 · 2023-04-23 19:57:18 +08:00 · 2023-04-23 19:36:26 +08:00
6 changed files with 105 additions and 44 deletions
--- a/app/account_service.py
+++ b/app/account_service.py
@ -1,10 +1,11 @@
 from flask import *
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
 from Login import check_username_availability, verify_user, add_user, get_expiry_date, change_password, WarningMessage
 # 初始化蓝图
 accountService = Blueprint("accountService", __name__)
 ### Sign-up, login, logout ###
@accountService.route("/signup", methods=['GET', 'POST'])
 def signup():
@ -19,21 +20,14 @@ def signup():
        # POST方法需判断是否注册成功，再根据结果返回不同的内容
        username = escape(request.form['username'])
        password = escape(request.form['password'])
-        password2 = escape(request.form['password2'])
+        # ! 添加如下代码为了过滤注册时的非法字符
        #! 添加如下代码为了过滤注册时的非法字符
        warn = WarningMessage(username)
        if str(warn) != 'OK':
-            return str(warn)
+            return jsonify({'status': '3', 'warn': str(warn)})
        available = check_username_availability(username)
        if not available:  # 用户名不可用
-            flash('用户名 %s 已经被注册。' % (username))
+            return jsonify({'status': '0'})
            return render_template('signup.html')
        elif len(password.strip()) < 4: # 密码过短
            return '密码过于简单。'
        elif password != password2:
            return '确认密码与输入密码不一致！'
        else:  # 添加账户信息
            add_user(username, password)
            verified = verify_user(username, password)
@ -42,13 +36,14 @@ def signup():
                session['logged_in'] = True
                session[username] = username
                session['username'] = username
                session['token'] = "70620F32A9DC965FCCF0447B674AA161"
                session['expiry_date'] = get_expiry_date(username)
                session['articleID'] = None
-                return '<p>恭喜，你已成功注册， 你的用户名是 <a href="%s">%s</a>。</p>\
+                return render_template('signup_success.html', username=username)
-                <p><a href="/%s">开始使用</a> <a href="/">返回首页</a><p/>' % (username, username, username)
+            #                 session['existing_articles'] = None
            #                 return jsonify({'status': '2'})
            else:
-                return '用户名密码验证失败。'
+                return jsonify({'status': '1'})
@accountService.route("/login", methods=['GET', 'POST'])
@ -64,8 +59,7 @@ def login():
            return render_template('login.html')
        else:
            # 已登录，提示信息并显示登出按钮
-            return '你已登录 <a href="/%s">%s</a>。 登出点击<a href="/logout">这里</a>。' % (
+            return render_template('login_success.html', username=session['username'])
                session['username'], session['username'])
    elif request.method == 'POST':
        # POST方法用于判断登录是否成功
        # check database and verify user
@ -77,12 +71,13 @@ def login():
            session['logged_in'] = True
            session[username] = username
            session['username'] = username
            session['token'] = "70620F32A9DC965FCCF0447B674AA161"
            user_expiry_date = get_expiry_date(username)
            session['expiry_date'] = user_expiry_date
-            session['articleID'] = None
+            session['existing_articles'] = None
-            return redirect(url_for('user_bp.userpage', username=username))
+            return jsonify({'status': '1'})
        else:
-            return '无法通过验证。'
+            return jsonify({'status': '0'})
@accountService.route("/logout", methods=['GET', 'POST'])
@ -93,6 +88,7 @@ def logout():
    '''
    # 将session标记为登出状态
    session['logged_in'] = False
    session["token"] = None
    return redirect(url_for('mainpage'))
@ -115,31 +111,15 @@ def reset():
        # POST请求用于提交修改后信息
        old_password = escape(request.form['old-password'])
        new_password = escape(request.form['new-password'])
        re_new_password = escape(request.form['re-new-password'])  # 确认新密码
-        if re_new_password != new_password: #验证新密码两次输入是否相同
+        if re_new_password != new_password:  # 验证新密码两次输入是否相同
            return '新密码不匹配，请重新输入'
-        if len(new_password) < 4: #验证新密码长度，原则参照注册模块
+        if len(new_password) < 4:  # 验证新密码长度，g原则参照注册模块
            return '密码过于简单。(密码长度至少4位)'
        flag = change_password(username, old_password, new_password)  # flag表示是否修改成功
        if flag:
            session['logged_in'] = False
-            return \
+            return render_template('password_change_status.html', message="密码修改成功，请重新登录。", path="/login")
 '''
 <script>
 alert('密码修改成功，请重新登录。');
 window.location.href="/login";
 </script>
 '''
        else:
-            return \
+            return render_template('password_change_status.html', message="密码修改失败", path="/reset")
 '''
 <script>
 alert('密码修改失败');
 window.location.href="/reset";
 </script>
 '''
--- a/app/api_bp.py
+++ b/app/api_bp.py
@ -0,0 +1,43 @@
 import json
 from flask import Blueprint, session
 import pickle_idea2
 path_prefix = '/var/www/wordfreq/wordfreq/'
 path_prefix = './'  # comment this line in deployment
 # 创建api蓝图
 api_blue = Blueprint('api', __name__, url_prefix='/api')
 def helper(res, result):
    for item in res:
        if type(res[str(item)]) == 'dict':
            helper(res[str(item)], result)
        if type(res[str(item)]) == 'list':
            for i in range(len(res[str(item)])):
                helper(res[str(item)][i], result)
        result.append(str(item))
    return result
@api_blue.route('/json/<username>', methods=['GET'])
 def api_bp(username):
    # 获取session里的用户名,必须携带token
    token = session.get("token")
    if token == "70620F32A9DC965FCCF0447B674AA161":
        result = []
        user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
        s = pickle_idea2.load_record(user_freq_record)
        wordlist = helper(s, result)
        print(json.dumps(s))
        results = {}
        for word in wordlist:
            results[word] = len(s[word])
        return results
    else:
        print("无效的token")
--- a/app/main.py
+++ b/app/main.py
@ -12,12 +12,14 @@ from Article import *
 import Yaml
 from user_service import userService
 from account_service import accountService
 from api_bp import api_blue
 app = Flask(__name__)
 app.secret_key = 'lunch.time!'
 # 将蓝图注册到Lab app
 app.register_blueprint(userService)
 app.register_blueprint(accountService)
 app.register_blueprint(api_blue)
 path_prefix = '/var/www/wordfreq/wordfreq/'
 path_prefix = './'  # comment this line in deployment
--- a/app/templates/login_success.html
+++ b/app/templates/login_success.html
@ -0,0 +1,10 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <title>已成功登录</title>
 </head>
 <body>
    你已登录 <a href="/{{ username }}">{{ username}}</a>。 登出点击<a href="/logout">这里</a>。
 </body>
 </html>
--- a/app/templates/password_change_status.html
+++ b/app/templates/password_change_status.html
@ -0,0 +1,15 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <title>密码修改提示</title>
 </head>
 <body>
 <script>
 alert("{{ message }}");
 window.location.href="{{path}}";
 </script>
 </body>
 </html>
--- a/app/templates/signup_success.html
+++ b/app/templates/signup_success.html
@ -0,0 +1,11 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <title>注册成功</title>
 </head>
 <body>
    <p>恭喜，你已成功注册， 你的用户名是 <a href="{{ username }}">{{ username }}</a>。</p>
    <p><a href="/{{ username }}">开始使用</a> <a href="/">返回首页</a></p>
 </body>
 </html>
Author	SHA1	Message	Date
谢思怡	df82f59297	新增token鉴权	2023-05-16 14:46:57 +08:00
谢思怡	6c2a9823af	优化了原来同学的代码格式	2023-05-06 19:08:45 +08:00
bargin	e42309184d	Optimized HTML tags	2023-04-23 19:57:18 +08:00
bargin	13caf13950	重新添加进去了原来同学的commit	2023-04-23 19:36:26 +08:00