除service模块外接口控制

+from functools import wraps
+from re import I
+from authlib.integrations.flask_oauth2 import current_token
+from flask import abort
+from sqlalchemy.sql.elements import Null
+from sqlalchemy.sql.functions import mode
+from app.util.component.ParameterUtil import ParameterUtil
+from app.models import db
+from app.modules.auth.oauth2 import require_oauth
+
+# 认证装饰器
+
+class auth_decorator(object):
+    def __init__(self, action='', permission=''):
+        self.permission = permission
+        self.action = action
+
+    def __call__(self, func):
+        @wraps(func)
+        @require_oauth("profile")
+        def wrapped_function(*args, **kwargs):
+            if current_token and current_token.user and current_token.user.role:
+                print(func.__name__)
+                if self.permission and len(self.permission) > 0:
+                    # 判断角色是否在permission列表中
+                    role = current_token.user.role
+                    for p in self.permission:
+                        if role == p:
+                            return func(*args, **kwargs)
+
+                    abort(403)
+                else:
+                    # 无permission，不校验
+                    return func(*args, **kwargs)
+            else:
+                pass  # 无token，401
+
+        return wrapped_function

@@ -10,6 +10,8 @@ from .oauth2 import authorization, require_oauth, generate_user_info
 from authlib.oauth2 import OAuth2Error
 from authlib.integrations.flask_oauth2 import current_token
 from . import user_create, client_create, client_query, user_query, user_update, user_delete
+import configure
+from app.decorators.auth_decorator import auth_decorator
 
 
 def current_user():
@@ -32,68 +34,6 @@ def split_by_crlf(s):
 class DataManager(BlueprintApi):
     bp = Blueprint("Auth", __name__, url_prefix="/auth")
 
-    # @staticmethod
-    # @bp.route("/test", methods=("GET", "POST"))
-    # def Test():
-    #     res = {}
-    #     try:
-    #         res["user"] = User.query.all()
-    #     except Exception as e:
-    #         raise e
-    #     return res
-
-    # @staticmethod
-    # @bp.route("/login", methods=("GET", "POST"))
-    # def Login():
-    #     if request.method == "POST":
-    #         username = request.form["username"]
-    #         password = request.form["password"]
-    #         user = User.query.filter_by(username=username).first()
-    #         if not user:
-    #             user = User(username=username,
-    #                         password=password, role="admin")
-    #             db.session.add(user)
-    #             db.session.commit()
-    #         session["id"] = user.id
-    #         return redirect("/auth/authorize")
-    #     user = current_user()
-    #     if user:
-    #         clients = OAuth2Client.query.filter_by(user_id=user.id).all()
-    #     else:
-    #         clients = []
-    #     return render_template("auth/authorize.html", user=user, clients=clients)
-
-    # @staticmethod
-    # @bp.route("/create_client", methods=("GET", "POST"))
-    # def create_client():
-    #     user = current_user()
-    #     if not user:
-    #         return redirect("/auth/login")
-    #     if request.method == "GET":
-    #         return render_template("auth/create_client.html")
-    #     form = request.form
-    #     client_id = gen_salt(24)
-    #     client = OAuth2Client(client_id=client_id, user_id=user.id)
-    #     # Mixin doesn"t set the issue_at date
-    #     client.client_id_issued_at = int(time.time())
-    #     if client.token_endpoint_auth_method == "none":
-    #         client.client_secret = ""
-    #     else:
-    #         client.client_secret = gen_salt(48)
-    #     client_metadata = {
-    #         "client_name": form["client_name"],
-    #         "client_uri": form["client_uri"],
-    #         "grant_types": split_by_crlf(form["grant_type"]),
-    #         "redirect_uris": split_by_crlf(form["redirect_uri"]),
-    #         "response_types": split_by_crlf(form["response_type"]),
-    #         "scope": form["scope"],
-    #         "token_endpoint_auth_method": form["token_endpoint_auth_method"]
-    #     }
-    #     client.set_client_metadata(client_metadata)
-    #     db.session.add(client)
-    #     db.session.commit()
-    #     return redirect("/auth/login")
-
     @staticmethod
     @bp.route("/authorize", methods=("GET", "POST"))
     def authorize():
@@ -132,10 +72,7 @@ class DataManager(BlueprintApi):
             return jsonify(dict(error.get_body()))
         return render_template("auth/authorize.html", user=user, grant=grant, error=error)
 
-        # if request.form["confirm"]:
-        #     grant_user = user
-        # else:
-        #     grant_user = None
+       
 
     @staticmethod
     @bp.route("/token", methods=["POST"])
@@ -153,7 +90,6 @@ class DataManager(BlueprintApi):
 
     @staticmethod
     @bp.route("/logout", methods=["GET"])
-    # @require_oauth("profile")
     def logout():
         url = ''
         try:
@@ -170,24 +106,13 @@ class DataManager(BlueprintApi):
         except OAuth2Error as error:
             return jsonify(dict(error.get_body()))
         return redirect(url)
-        # if current_token:
-        #     remove_user()
-        #     # accesstoken = OAuth2Token.query.filter_by(
-        #     #     access_token=current_token.access_token).first()
-        #     try:
-        #         # accesstoken.revoked = True
-        #         # db.session.commit()
-        #     except error as e:
-        #         return jsonify(dict(e.get_body()))
-        # else:
-        #     return jsonify({"result": False, "message": "access_token is null"})
-
-        # return jsonify({"result": True, "message": "logout success"})
-
+       
+       
     """接口"""
     @staticmethod
     @bp.route("/users", methods=["GET"])
     @swag_from(user_query.Api.api_doc)
+    @auth_decorator(configure.UserPermission)
     def user_query():
         """
         获取用户列表
@@ -197,6 +122,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route("/users", methods=["POST"])
     @swag_from(user_create.Api.api_doc)
+    @auth_decorator(configure.UserPermission)
     def user_create():
         """
         创建用户
@@ -206,6 +132,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route("/userEdit", methods=["POST"])
     @swag_from(user_update.Api.api_doc)
+    @auth_decorator(configure.UserPermission)
     def user_update():
         """
         更新用户信息
@@ -215,6 +142,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route("/userDelete", methods=["POST"])
     @swag_from(user_delete.Api.api_doc)
+    @auth_decorator(configure.UserPermission)
     def user_delete():
         """
         删除用户

@@ -17,6 +17,8 @@ from . import database_edit
 from . import database_alias_check
 from . import database_connect_test
 from . import database_info
+import configure
+from app.decorators.auth_decorator  import  auth_decorator
 
 class DataManager(BlueprintApi):
 
@@ -26,6 +28,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/Register', methods=['POST'])
     @swag_from(database_register.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_database_register():
         """
         数据源注册
@@ -35,6 +38,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/List', methods=['POST'])
     @swag_from(database_list.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_database_list():
         """
         数据源列表
@@ -44,6 +48,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/Delete', methods=['POST'])
     @swag_from(database_delete.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_database_delete():
         """
         数据源注销
@@ -53,6 +58,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/Edit', methods=['POST'])
     @swag_from(database_edit.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def database_edit():
         """
         修改数据源
@@ -62,6 +68,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/Test', methods=['POST'])
     @swag_from(database_test.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_database_test():
         """
         数据源测试
@@ -71,6 +78,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/CheckAlias', methods=['POST'])
     @swag_from(database_alias_check.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_database_alias_check():
         """
         数据源别名测试
@@ -80,6 +88,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/CheckConnect', methods=['POST'])
     @swag_from(database_connect_test.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_database_connect_test():
         """
         数据源连接测试

@@ -13,6 +13,8 @@ from . import get_meta
 from . import data_entry_by_meta
 from . import get_data_list
 from . import data_entry_simple
+import configure
+from  app.decorators.auth_decorator import  auth_decorator
 
 class DataManager(BlueprintApi):
 
@@ -21,6 +23,7 @@ class DataManager(BlueprintApi):
 
     @staticmethod
     @bp.route('/Download/<file>', methods=['GET'])
+    @auth_decorator(configure.DataPermission)
     def table_download_file(file):
         parent = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
         dirpath = os.path.join(parent,"file_tmp")
@@ -41,6 +44,7 @@ class DataManager(BlueprintApi):
 
     @staticmethod
     @bp.route('/DeleteFile/<file>', methods=['GET'])
+    @auth_decorator(configure.DataPermission)
     def d_file(file):
         parent = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
         dirpath = os.path.join(parent, "file_tmp")
@@ -59,6 +63,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/DataDownloadTask', methods=['POST'])
     @swag_from(data_download_task.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_data_download_task():
         """
         下载数据任务
@@ -69,6 +74,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/GetMeta', methods=['POST'])
     @swag_from(get_meta.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def get_meta():
         """
         数据Meta
@@ -78,6 +84,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/GetDataList', methods=['POST'])
     @swag_from(get_data_list.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def get_data_list():
         """
         本地数据list
@@ -87,6 +94,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/DataEntryByMeta', methods=['POST'])
     @swag_from(data_entry_by_meta.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def data_entry_by_meta():
         """
         数据入库ByMeta
@@ -96,6 +104,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/DataEntrySimple', methods=['POST'])
     @swag_from(data_entry_simple.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def data_entry_simple():
         """
         数据入库Simple

@@ -23,6 +23,9 @@ from . import table_vacuate_info
 from . import table_vacuate_ref
 from . import table_vacuate_delete
 from . import field_value
+import configure
+from app.decorators.auth_decorator  import auth_decorator
+
 class DataManager(BlueprintApi):
 
     bp = Blueprint("DataManager", __name__, url_prefix="/API/Manager")
@@ -30,6 +33,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/FieldEdit', methods=['POST'])
     @swag_from(field_edit.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def field_edit():
         """
         修改属性别名
@@ -48,6 +52,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/FieldValue', methods=['POST'])
     @swag_from(field_value.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def field_value():
         """
         属性值
@@ -67,6 +72,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/TableEdit', methods=['POST'])
     @swag_from(table_edit.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def table_edit():
         """
         修改数据
@@ -77,6 +83,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/TableDelete', methods=['POST'])
     @swag_from(table_delete.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def table_delete():
         """
         删除数据
@@ -97,6 +104,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/TableRefresh', methods=['POST'])
     @swag_from(table_refresh.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def table_refresh():
         """
         刷新数据
@@ -116,6 +124,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/TableVacuate', methods=['POST'])
     @swag_from(table_vacuate.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def table_vacuate():
         """
         数据抽稀
@@ -125,6 +134,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/TableVacuateOne', methods=['POST'])
     @swag_from(table_vacuate_one.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_table_vacuate_one():
         """
         单独数据抽稀
@@ -153,6 +163,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/TableVacuateDelete', methods=['POST'])
     @swag_from(table_vacuate_delete.Api.api_doc)
+    @auth_decorator(configure.DataPermission)
     def api_table_vacuate_delete():
         """
         数据抽稀删除

@@ -11,6 +11,9 @@ from . import task_detail
 from . import task_delete
 from . import task_count
 from . import task_kill
+from app.decorators.auth_decorator import auth_decorator
+import configure
+from app.modules.auth.oauth2 import  require_oauth
 
 class DataManager(BlueprintApi):
 
@@ -38,6 +41,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/Delete', methods=['POST'])
     @swag_from(task_delete.Api.api_doc)
+    @require_oauth("profile")
     def task_delete():
         """
         删除任务
@@ -47,6 +51,7 @@ class DataManager(BlueprintApi):
     @staticmethod
     @bp.route('/Kill', methods=['POST'])
     @swag_from(task_kill.Api.api_doc)
+    @require_oauth("profile")
     def task_kill():
         """
         Kill任务

@@ -8,7 +8,8 @@ from flasgger import swag_from
 from flask import Blueprint
 from app.util import BlueprintApi
 from . import monitoring, metrics, monitor_host_create, monitor_host_list, monitor_host_delete, monitor_host_edit
-
+from app.decorators.auth_decorator  import  auth_decorator
+import configure
 
 user_socket_list = []
 user_socket_dict = {}
@@ -48,6 +49,7 @@ class Monitor(BlueprintApi):
     @staticmethod
     @bp.route('/RegisterHost', methods=['POST'])
     @swag_from(monitor_host_create.Api.api_doc)
+    @auth_decorator(configure.MonitorPermission)
     def monitor_host_create():
         '''
         注册监控主机
@@ -66,6 +68,7 @@ class Monitor(BlueprintApi):
     @staticmethod
     @bp.route('/HostDelete', methods=['POST'])
     @swag_from(monitor_host_delete.Api.api_doc)
+    @auth_decorator(configure.MonitorPermission)
     def monitor_host_delete():
         '''
         删除主机
@@ -75,6 +78,7 @@ class Monitor(BlueprintApi):
     @staticmethod
     @bp.route('/HostEdit', methods=['POST'])
     @swag_from(monitor_host_edit.Api.api_doc)
+    @auth_decorator(configure.MonitorPermission)
     def monitor_host_edit():
         '''
         编辑主机配置

@@ -22,6 +22,10 @@ swagger_configure = {"title": "DMapManager"}
 entry_data_thread = 3
 scan_module = ["app.modules"]  # API所在的模块
 SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/'
+UserPermission = ['admin']
+MonitorPermission = ['admin']
+DataPermission = ['admin', 'dataman']
+PublishPermission = ['admin', 'dataman', 'publisher']
 
 log_level = logging.INFO