正在显示
4 个修改的文件
包含
37 行增加
和
31 行删除
| @@ -3,7 +3,7 @@ from authlib.integrations.flask_oauth2 import current_token | @@ -3,7 +3,7 @@ from authlib.integrations.flask_oauth2 import current_token | ||
| 3 | from flask import abort | 3 | from flask import abort |
| 4 | from app.modules.auth.oauth2 import require_oauth | 4 | from app.modules.auth.oauth2 import require_oauth |
| 5 | from flask import request | 5 | from flask import request |
| 6 | - | 6 | +import configure |
| 7 | # 认证装饰器 | 7 | # 认证装饰器 |
| 8 | 8 | ||
| 9 | 9 | ||
| @@ -17,25 +17,28 @@ class auth_decorator(object): | @@ -17,25 +17,28 @@ class auth_decorator(object): | ||
| 17 | 17 | ||
| 18 | @wraps(func) | 18 | @wraps(func) |
| 19 | def wrapped_function(*args, **kwargs): | 19 | def wrapped_function(*args, **kwargs): |
| 20 | - token = request.headers.get('Authorization') | ||
| 21 | - if not token: | ||
| 22 | - abort(401) | ||
| 23 | - validate_token() | ||
| 24 | - if current_token and current_token.user and current_token.user.role: | ||
| 25 | - print(func.__name__) | ||
| 26 | - if self.permission and len(self.permission) > 0: | ||
| 27 | - # 判断角色是否在permission列表中 | ||
| 28 | - role = current_token.user.role | ||
| 29 | - for p in self.permission: | ||
| 30 | - if role == p: | ||
| 31 | - return func(*args, **kwargs) | 20 | + if configure.PermissionActive: |
| 21 | + token = request.headers.get('Authorization') | ||
| 22 | + if not token: | ||
| 23 | + abort(401) | ||
| 24 | + validate_token() | ||
| 25 | + if current_token and current_token.user and current_token.user.role: | ||
| 26 | + print(func.__name__) | ||
| 27 | + if self.permission and len(self.permission) > 0: | ||
| 28 | + # 判断角色是否在permission列表中 | ||
| 29 | + role = current_token.user.role | ||
| 30 | + for p in self.permission: | ||
| 31 | + if role == p: | ||
| 32 | + return func(*args, **kwargs) | ||
| 32 | 33 | ||
| 33 | - abort(403) | 34 | + abort(403) |
| 35 | + else: | ||
| 36 | + # 无permission,不校验 | ||
| 37 | + return func(*args, **kwargs) | ||
| 34 | else: | 38 | else: |
| 35 | - # 无permission,不校验 | ||
| 36 | - return func(*args, **kwargs) | 39 | + abort(401) # 无token,401 |
| 37 | else: | 40 | else: |
| 38 | - abort(401) # 无token,401 | 41 | + return func(*args, **kwargs) |
| 39 | 42 | ||
| 40 | @require_oauth(self.scope) | 43 | @require_oauth(self.scope) |
| 41 | def validate_token(): | 44 | def validate_token(): |
| @@ -3,7 +3,7 @@ from authlib.integrations.flask_oauth2 import current_token | @@ -3,7 +3,7 @@ from authlib.integrations.flask_oauth2 import current_token | ||
| 3 | from flask import abort | 3 | from flask import abort |
| 4 | from app.modules.auth.oauth2 import require_oauth | 4 | from app.modules.auth.oauth2 import require_oauth |
| 5 | from flask import request | 5 | from flask import request |
| 6 | - | 6 | +import configure |
| 7 | # 认证装饰器 | 7 | # 认证装饰器 |
| 8 | 8 | ||
| 9 | 9 | ||
| @@ -14,16 +14,19 @@ class token_decorator(object): | @@ -14,16 +14,19 @@ class token_decorator(object): | ||
| 14 | def __call__(self, func): | 14 | def __call__(self, func): |
| 15 | @wraps(func) | 15 | @wraps(func) |
| 16 | def wrapped_function(*args, **kwargs): | 16 | def wrapped_function(*args, **kwargs): |
| 17 | - token = request.headers.get('Authorization') | ||
| 18 | - if token: | ||
| 19 | - validate_token() | ||
| 20 | - if current_token and current_token.user: | ||
| 21 | - return func(*args, **kwargs) | ||
| 22 | - else: | ||
| 23 | - abort(403) | 17 | + if configure.PermissionActive: |
| 18 | + token = request.headers.get('Authorization') | ||
| 19 | + if token: | ||
| 20 | + validate_token() | ||
| 21 | + if current_token and current_token.user: | ||
| 22 | + return func(*args, **kwargs) | ||
| 23 | + else: | ||
| 24 | + abort(403) | ||
| 24 | 25 | ||
| 26 | + else: | ||
| 27 | + abort(401) # 无token,401 | ||
| 25 | else: | 28 | else: |
| 26 | - abort(401) # 无token,401 | 29 | + return func(*args, **kwargs) |
| 27 | 30 | ||
| 28 | @require_oauth(self.scope) | 31 | @require_oauth(self.scope) |
| 29 | def validate_token(): | 32 | def validate_token(): |
| @@ -6,13 +6,12 @@ from app.util import BlueprintApi | @@ -6,13 +6,12 @@ from app.util import BlueprintApi | ||
| 6 | from flask import Blueprint, render_template, redirect, request, session, jsonify | 6 | from flask import Blueprint, render_template, redirect, request, session, jsonify |
| 7 | from sqlalchemy import and_ | 7 | from sqlalchemy import and_ |
| 8 | from .models import * | 8 | from .models import * |
| 9 | -from .oauth2 import authorization, generate_user_info | 9 | +from .oauth2 import authorization, generate_user_info,require_oauth |
| 10 | from authlib.oauth2 import OAuth2Error | 10 | from authlib.oauth2 import OAuth2Error |
| 11 | from authlib.integrations.flask_oauth2 import current_token | 11 | from authlib.integrations.flask_oauth2 import current_token |
| 12 | from . import user_create, client_create, client_query, user_query, user_update, user_delete | 12 | from . import user_create, client_create, client_query, user_query, user_update, user_delete |
| 13 | import configure | 13 | import configure |
| 14 | from app.decorators.auth_decorator import auth_decorator | 14 | from app.decorators.auth_decorator import auth_decorator |
| 15 | -from app.decorators.token_decorator import token_decorator | ||
| 16 | 15 | ||
| 17 | 16 | ||
| 18 | def current_user(): | 17 | def current_user(): |
| @@ -82,7 +81,7 @@ class DataManager(BlueprintApi): | @@ -82,7 +81,7 @@ class DataManager(BlueprintApi): | ||
| 82 | 81 | ||
| 83 | @staticmethod | 82 | @staticmethod |
| 84 | @bp.route("/userinfo") | 83 | @bp.route("/userinfo") |
| 85 | - @token_decorator("profile") | 84 | + @require_oauth("profile") |
| 86 | def api_me(): | 85 | def api_me(): |
| 87 | try: | 86 | try: |
| 88 | return jsonify(generate_user_info(current_token.user, current_token.scope)) | 87 | return jsonify(generate_user_info(current_token.user, current_token.scope)) |
| @@ -4,8 +4,8 @@ import logging | @@ -4,8 +4,8 @@ import logging | ||
| 4 | deploy_ip_host = "172.26.40.105:8840" | 4 | deploy_ip_host = "172.26.40.105:8840" |
| 5 | # 系统数据库 | 5 | # 系统数据库 |
| 6 | 6 | ||
| 7 | -# SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.60.100:5432/dmap_manager_test" | ||
| 8 | -SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@localhost:5433/dmap_dms_test" | 7 | +SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.60.100:5432/dmap_manager_test" |
| 8 | +# SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@localhost:5433/dmap_dms_test" | ||
| 9 | 9 | ||
| 10 | # 指定精华表所在位置(必须为空间库),设置为None则存放在各自的实体库中 | 10 | # 指定精华表所在位置(必须为空间库),设置为None则存放在各自的实体库中 |
| 11 | #VACUATE_DB_URI = None | 11 | #VACUATE_DB_URI = None |
| @@ -23,6 +23,7 @@ entry_data_thread = 3 | @@ -23,6 +23,7 @@ entry_data_thread = 3 | ||
| 23 | scan_module = ["app.modules"] # API所在的模块 | 23 | scan_module = ["app.modules"] # API所在的模块 |
| 24 | SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/' | 24 | SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/' |
| 25 | # 权限 | 25 | # 权限 |
| 26 | +PermissionActive = False | ||
| 26 | UserPermission = ['admin'] | 27 | UserPermission = ['admin'] |
| 27 | MonitorPermission = ['admin'] | 28 | MonitorPermission = ['admin'] |
| 28 | DataPermission = ['admin', 'dataman'] | 29 | DataPermission = ['admin', 'dataman'] |
请
注册
或
登录
后发表评论