正在显示
4 个修改的文件
包含
37 行增加
和
31 行删除
| ... | ... | @@ -3,7 +3,7 @@ from authlib.integrations.flask_oauth2 import current_token |
| 3 | 3 | from flask import abort |
| 4 | 4 | from app.modules.auth.oauth2 import require_oauth |
| 5 | 5 | from flask import request |
| 6 | - | |
| 6 | +import configure | |
| 7 | 7 | # 认证装饰器 |
| 8 | 8 | |
| 9 | 9 | |
| ... | ... | @@ -17,25 +17,28 @@ class auth_decorator(object): |
| 17 | 17 | |
| 18 | 18 | @wraps(func) |
| 19 | 19 | def wrapped_function(*args, **kwargs): |
| 20 | - token = request.headers.get('Authorization') | |
| 21 | - if not token: | |
| 22 | - abort(401) | |
| 23 | - validate_token() | |
| 24 | - if current_token and current_token.user and current_token.user.role: | |
| 25 | - print(func.__name__) | |
| 26 | - if self.permission and len(self.permission) > 0: | |
| 27 | - # 判断角色是否在permission列表中 | |
| 28 | - role = current_token.user.role | |
| 29 | - for p in self.permission: | |
| 30 | - if role == p: | |
| 31 | - return func(*args, **kwargs) | |
| 20 | + if configure.PermissionActive: | |
| 21 | + token = request.headers.get('Authorization') | |
| 22 | + if not token: | |
| 23 | + abort(401) | |
| 24 | + validate_token() | |
| 25 | + if current_token and current_token.user and current_token.user.role: | |
| 26 | + print(func.__name__) | |
| 27 | + if self.permission and len(self.permission) > 0: | |
| 28 | + # 判断角色是否在permission列表中 | |
| 29 | + role = current_token.user.role | |
| 30 | + for p in self.permission: | |
| 31 | + if role == p: | |
| 32 | + return func(*args, **kwargs) | |
| 32 | 33 | |
| 33 | - abort(403) | |
| 34 | + abort(403) | |
| 35 | + else: | |
| 36 | + # 无permission,不校验 | |
| 37 | + return func(*args, **kwargs) | |
| 34 | 38 | else: |
| 35 | - # 无permission,不校验 | |
| 36 | - return func(*args, **kwargs) | |
| 39 | + abort(401) # 无token,401 | |
| 37 | 40 | else: |
| 38 | - abort(401) # 无token,401 | |
| 41 | + return func(*args, **kwargs) | |
| 39 | 42 | |
| 40 | 43 | @require_oauth(self.scope) |
| 41 | 44 | def validate_token(): | ... | ... |
| ... | ... | @@ -3,7 +3,7 @@ from authlib.integrations.flask_oauth2 import current_token |
| 3 | 3 | from flask import abort |
| 4 | 4 | from app.modules.auth.oauth2 import require_oauth |
| 5 | 5 | from flask import request |
| 6 | - | |
| 6 | +import configure | |
| 7 | 7 | # 认证装饰器 |
| 8 | 8 | |
| 9 | 9 | |
| ... | ... | @@ -14,16 +14,19 @@ class token_decorator(object): |
| 14 | 14 | def __call__(self, func): |
| 15 | 15 | @wraps(func) |
| 16 | 16 | def wrapped_function(*args, **kwargs): |
| 17 | - token = request.headers.get('Authorization') | |
| 18 | - if token: | |
| 19 | - validate_token() | |
| 20 | - if current_token and current_token.user: | |
| 21 | - return func(*args, **kwargs) | |
| 22 | - else: | |
| 23 | - abort(403) | |
| 17 | + if configure.PermissionActive: | |
| 18 | + token = request.headers.get('Authorization') | |
| 19 | + if token: | |
| 20 | + validate_token() | |
| 21 | + if current_token and current_token.user: | |
| 22 | + return func(*args, **kwargs) | |
| 23 | + else: | |
| 24 | + abort(403) | |
| 24 | 25 | |
| 26 | + else: | |
| 27 | + abort(401) # 无token,401 | |
| 25 | 28 | else: |
| 26 | - abort(401) # 无token,401 | |
| 29 | + return func(*args, **kwargs) | |
| 27 | 30 | |
| 28 | 31 | @require_oauth(self.scope) |
| 29 | 32 | def validate_token(): | ... | ... |
| ... | ... | @@ -6,13 +6,12 @@ from app.util import BlueprintApi |
| 6 | 6 | from flask import Blueprint, render_template, redirect, request, session, jsonify |
| 7 | 7 | from sqlalchemy import and_ |
| 8 | 8 | from .models import * |
| 9 | -from .oauth2 import authorization, generate_user_info | |
| 9 | +from .oauth2 import authorization, generate_user_info,require_oauth | |
| 10 | 10 | from authlib.oauth2 import OAuth2Error |
| 11 | 11 | from authlib.integrations.flask_oauth2 import current_token |
| 12 | 12 | from . import user_create, client_create, client_query, user_query, user_update, user_delete |
| 13 | 13 | import configure |
| 14 | 14 | from app.decorators.auth_decorator import auth_decorator |
| 15 | -from app.decorators.token_decorator import token_decorator | |
| 16 | 15 | |
| 17 | 16 | |
| 18 | 17 | def current_user(): |
| ... | ... | @@ -82,7 +81,7 @@ class DataManager(BlueprintApi): |
| 82 | 81 | |
| 83 | 82 | @staticmethod |
| 84 | 83 | @bp.route("/userinfo") |
| 85 | - @token_decorator("profile") | |
| 84 | + @require_oauth("profile") | |
| 86 | 85 | def api_me(): |
| 87 | 86 | try: |
| 88 | 87 | return jsonify(generate_user_info(current_token.user, current_token.scope)) | ... | ... |
| ... | ... | @@ -4,8 +4,8 @@ import logging |
| 4 | 4 | deploy_ip_host = "172.26.40.105:8840" |
| 5 | 5 | # 系统数据库 |
| 6 | 6 | |
| 7 | -# SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.60.100:5432/dmap_manager_test" | |
| 8 | -SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@localhost:5433/dmap_dms_test" | |
| 7 | +SQLALCHEMY_DATABASE_URI = "postgresql://postgres:chinadci@172.26.60.100:5432/dmap_manager_test" | |
| 8 | +# SQLALCHEMY_DATABASE_URI = "postgresql://postgres:postgres@localhost:5433/dmap_dms_test" | |
| 9 | 9 | |
| 10 | 10 | # 指定精华表所在位置(必须为空间库),设置为None则存放在各自的实体库中 |
| 11 | 11 | #VACUATE_DB_URI = None |
| ... | ... | @@ -23,6 +23,7 @@ entry_data_thread = 3 |
| 23 | 23 | scan_module = ["app.modules"] # API所在的模块 |
| 24 | 24 | SECRET_KEY = b'_5#y2L"F4Q8z\n\xec]/' |
| 25 | 25 | # 权限 |
| 26 | +PermissionActive = False | |
| 26 | 27 | UserPermission = ['admin'] |
| 27 | 28 | MonitorPermission = ['admin'] |
| 28 | 29 | DataPermission = ['admin', 'dataman'] | ... | ... |
请
注册
或
登录
后发表评论