import binascii import json, datetime from django.shortcuts import HttpResponse from django.middleware.csrf import get_token from django.views.decorators.http import require_GET, require_POST from apps.auth import models as auth_models from django.contrib.auth.hashers import make_password, check_password from apps.api.common import CaesarCypherClass, Base64CypherClass from apps.api.config import Config # Create your views here. config = Config() base64 = Base64CypherClass() caesar = CaesarCypherClass() @require_GET def gettoken(request): """ 获取token :param request: :return: """ token = get_token(request) return HttpResponse(json.dumps({'token': token}), content_type="application/json,charset=utf-8") @require_POST def search_user(request): """ 查询用户名是否存在,若存在则返回True,不存在则返回False,如果使用加密版数据库则根据加密方式进行加密后再查询数据库 :param request: :return: """ if config.getconfig("isCypher"): # 启用加密数据库 if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar username = caesar.caesar_encode(request.POST.get("username")) user = auth_models.User.objects.using("cypher").filter(username=username) else: # 加密方式为Base64 username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8') user = auth_models.User.objects.using("cypher").filter(username=username) else: # 不加密的数据库 username = request.POST.get("username") user = auth_models.User.objects.using("default").filter(username=username) if user.exists(): return HttpResponse(True) else: return HttpResponse(False) @require_POST def add_user(request): """ 用户注册,前端需要将用户名密码以base64的方式加密后传输,存储密码时是用md5进行存储。 如果使用加密版数据库则根据加密方式,将用户名、邮箱、电话加密后存储到数据库。 用户头像目前以路径的方式存储 :param request: POST提交注册信息 :return: 注册结果 """ try: create_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") last_login_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") avatar = request.FILES.get("avatar") pwd_base64 = base64.base64_decode_str(base64, request.POST.get("pwd")) pwd = make_password(pwd_base64) if config.getconfig("isCypher"): # 启用加密数据库 if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar username = caesar.caesar_encode(request.POST.get("username")) email = caesar.caesar_encode(request.POST.get("email")) phone = caesar.caesar_encode(request.POST.get("phone")) else: # 加密方式为Base64 username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8') email = base64.base64_encode_str(base64, request.POST.get("email")).decode('utf-8') phone = base64.base64_encode_str(base64, request.POST.get("phone")).decode('utf-8') auth_models.User.objects.using("cypher").create( username=username, pwd=pwd, email=email, phone=phone, create_time=create_time, last_login_time=last_login_time, avatar=avatar ) else: # 不加密的数据库 username = request.POST.get("username") email = request.POST.get("email") phone = request.POST.get("phone") auth_models.User.objects.using("default").create( username=username, pwd=pwd, email=email, phone=phone, create_time=create_time, last_login_time=last_login_time, avatar=avatar ) return HttpResponse("添加用户成功") except Exception as e: return HttpResponse(f"报错了:{e}") @require_POST def login_user(request): """ 用户登录,验证用户密码是否正确,正确返回菜单,错误返回用户名或密码不正确。 如果使用加密版数据库则根据加密方式,将用户名加密后进行数据库查询。 :param request: :return: "用户名或密码不正确"或用户拥有权限的菜单 """ try: pwd_input = base64.base64_decode_str(base64, request.POST.get("pwd")) if config.getconfig("isCypher"): # 启用加密数据库 if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar username = caesar.caesar_encode(request.POST.get("username")) else: # 加密方式为Base64 username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8') pwd_made = auth_models.User.objects.using("cypher").filter(username=username).first() else: # 不加密的数据库 username = request.POST.get("username") pwd_made = auth_models.User.objects.using("default").filter(username=username).first() if pwd_made is not None: if check_password(pwd_input, pwd_made.pwd): return HttpResponse(True) else: return HttpResponse("用户名或密码不正确") else: return HttpResponse("用户名或密码不正确") except binascii.Error as e: return HttpResponse("base64解码失败") except Exception as e: return HttpResponse(f"报错了:{e}")