132 lines
5.6 KiB
Python
132 lines
5.6 KiB
Python
import binascii
|
||
import json, datetime
|
||
from django.shortcuts import HttpResponse
|
||
from django.middleware.csrf import get_token
|
||
from django.views.decorators.http import require_GET, require_POST
|
||
from apps.auth import models as auth_models
|
||
from django.contrib.auth.hashers import make_password, check_password
|
||
from apps.api.common import CaesarCypherClass, Base64CypherClass
|
||
from apps.api.config import Config
|
||
|
||
# Create your views here.
|
||
config = Config()
|
||
base64 = Base64CypherClass()
|
||
caesar = CaesarCypherClass()
|
||
|
||
|
||
@require_GET
|
||
def gettoken(request):
|
||
"""
|
||
获取token
|
||
:param request:
|
||
:return:
|
||
"""
|
||
token = get_token(request)
|
||
return HttpResponse(json.dumps({'token': token}), content_type="application/json,charset=utf-8")
|
||
|
||
|
||
@require_POST
|
||
def search_user(request):
|
||
"""
|
||
查询用户名是否存在,若存在则返回True,不存在则返回False,如果使用加密版数据库则根据加密方式进行加密后再查询数据库
|
||
:param request:
|
||
:return:
|
||
"""
|
||
if config.getconfig("isCypher"): # 启用加密数据库
|
||
if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar
|
||
username = caesar.caesar_encode(request.POST.get("username"))
|
||
user = auth_models.User.objects.using("cypher").filter(username=username)
|
||
else: # 加密方式为Base64
|
||
username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8')
|
||
user = auth_models.User.objects.using("cypher").filter(username=username)
|
||
else: # 不加密的数据库
|
||
username = request.POST.get("username")
|
||
user = auth_models.User.objects.using("default").filter(username=username)
|
||
if user.exists():
|
||
return HttpResponse(True)
|
||
else:
|
||
return HttpResponse(False)
|
||
|
||
|
||
@require_POST
|
||
def add_user(request):
|
||
"""
|
||
用户注册,前端需要将用户名密码以base64的方式加密后传输,存储密码时是用md5进行存储。
|
||
如果使用加密版数据库则根据加密方式,将用户名、邮箱、电话加密后存储到数据库。
|
||
用户头像目前以路径的方式存储
|
||
:param request: POST提交注册信息
|
||
:return: 注册结果
|
||
"""
|
||
try:
|
||
create_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
|
||
last_login_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
|
||
avatar = request.FILES.get("avatar")
|
||
pwd_base64 = base64.base64_decode_str(base64, request.POST.get("pwd"))
|
||
pwd = make_password(pwd_base64)
|
||
if config.getconfig("isCypher"): # 启用加密数据库
|
||
if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar
|
||
username = caesar.caesar_encode(request.POST.get("username"))
|
||
email = caesar.caesar_encode(request.POST.get("email"))
|
||
phone = caesar.caesar_encode(request.POST.get("phone"))
|
||
else: # 加密方式为Base64
|
||
username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8')
|
||
email = base64.base64_encode_str(base64, request.POST.get("email")).decode('utf-8')
|
||
phone = base64.base64_encode_str(base64, request.POST.get("phone")).decode('utf-8')
|
||
auth_models.User.objects.using("cypher").create(
|
||
username=username,
|
||
pwd=pwd,
|
||
email=email,
|
||
phone=phone,
|
||
create_time=create_time,
|
||
last_login_time=last_login_time,
|
||
avatar=avatar
|
||
)
|
||
else: # 不加密的数据库
|
||
username = request.POST.get("username")
|
||
email = request.POST.get("email")
|
||
phone = request.POST.get("phone")
|
||
auth_models.User.objects.using("default").create(
|
||
username=username,
|
||
pwd=pwd,
|
||
email=email,
|
||
phone=phone,
|
||
create_time=create_time,
|
||
last_login_time=last_login_time,
|
||
avatar=avatar
|
||
)
|
||
return HttpResponse("添加用户成功")
|
||
except Exception as e:
|
||
return HttpResponse(f"报错了:{e}")
|
||
|
||
|
||
@require_POST
|
||
def login_user(request):
|
||
"""
|
||
用户登录,验证用户密码是否正确,正确返回菜单,错误返回用户名或密码不正确。
|
||
如果使用加密版数据库则根据加密方式,将用户名加密后进行数据库查询。
|
||
:param request:
|
||
:return: "用户名或密码不正确"或用户拥有权限的菜单
|
||
"""
|
||
try:
|
||
pwd_input = base64.base64_decode_str(base64, request.POST.get("pwd"))
|
||
if config.getconfig("isCypher"): # 启用加密数据库
|
||
if config.getconfig("CypherMethod") == "caesar": # 加密方式为Caesar
|
||
username = caesar.caesar_encode(request.POST.get("username"))
|
||
else: # 加密方式为Base64
|
||
username = base64.base64_encode_str(base64, request.POST.get("username")).decode('utf-8')
|
||
pwd_made = auth_models.User.objects.using("cypher").filter(username=username).first()
|
||
else: # 不加密的数据库
|
||
username = request.POST.get("username")
|
||
pwd_made = auth_models.User.objects.using("default").filter(username=username).first()
|
||
if pwd_made is not None:
|
||
if check_password(pwd_input, pwd_made.pwd):
|
||
return HttpResponse(True)
|
||
else:
|
||
return HttpResponse("用户名或密码不正确")
|
||
else:
|
||
return HttpResponse("用户名或密码不正确")
|
||
except binascii.Error as e:
|
||
return HttpResponse("base64解码失败")
|
||
except Exception as e:
|
||
return HttpResponse(f"报错了:{e}")
|