用户登录、注销

--Subproject commit 8e446e18a7a81ea282d05f6026f4d41d5dae1378

@@ -4,11 +4,13 @@ from flask import Flask as _Flask
 from flask.json import JSONEncoder as _JSONEncoder
 from flask.json import JSONEncoder as _JSONEncoder
 from flask_cors import CORS
 from flask_cors import CORS
 import time
 import time
+
+from sqlalchemy.sql.expression import true
 import configure
 import configure
 from app.util import BlueprintApi
 from app.util import BlueprintApi
 from app.util import find_class
 from app.util import find_class
 from app.models import db, Table, InsertingLayerName, Database, DES, Task
 from app.models import db, Table, InsertingLayerName, Database, DES, Task
-from app.modules.auth.oauth2 import config_oauth
+from app.modules.auth.oauth2 import config_oauth, myCodeIDToken
 from flasgger import Swagger
 from flasgger import Swagger
 # from rtree import index
 # from rtree import index
 import logging
 import logging
@@ -28,10 +30,12 @@ from app.util.component.StructuredPrint import StructurePrint
 from app.util.component.PGUtil import PGUtil
 from app.util.component.PGUtil import PGUtil
 import os
 import os
 
 
+
 class JSONEncoder(_JSONEncoder):
 class JSONEncoder(_JSONEncoder):
     """
     """
     因为decimal不能序列化，增加Flask对decimal类的解析
     因为decimal不能序列化，增加Flask对decimal类的解析
     """
     """
+
     def default(self, o):
     def default(self, o):
         if isinstance(o, decimal.Decimal):
         if isinstance(o, decimal.Decimal):
             return float(o)
             return float(o)
@@ -42,7 +46,9 @@ class Flask(_Flask):
     json_encoder = JSONEncoder
     json_encoder = JSONEncoder
 
 
 
 
-GLOBAL_DIC={}
+GLOBAL_DIC = {}
+
+
 def create_app():
 def create_app():
     """
     """
     flask应用创建函数
     flask应用创建函数
@@ -62,6 +68,9 @@ def create_app():
     app.config['OAUTH2_JWT_KEY'] = 'secret-key'
     app.config['OAUTH2_JWT_KEY'] = 'secret-key'
     app.config['OAUTH2_JWT_ALG'] = 'HS256'
     app.config['OAUTH2_JWT_ALG'] = 'HS256'
     # app.config['SQLALCHEMY_ECHO'] = True
     # app.config['SQLALCHEMY_ECHO'] = True
+    
+    # allows cookies and credentials to be submitted across domains
+    app.config['CORS_SUPPORTS_CREDENTIALS'] = true
 
 
     # 跨域设置
     # 跨域设置
     CORS(app)
     CORS(app)
@@ -85,10 +94,10 @@ def create_app():
         '[%(levelname)s] %(asctime)s %(message)s')
         '[%(levelname)s] %(asctime)s %(message)s')
     handler.setFormatter(logging_format)
     handler.setFormatter(logging_format)
     app.logger.addHandler(handler)
     app.logger.addHandler(handler)
-    
+
     # 配置使用鉴权组件，不写无法认证授权
     # 配置使用鉴权组件，不写无法认证授权
     config_oauth(app)
     config_oauth(app)
-    
+
     # 注册blueprint，查找BlueprintApi的子类
     # 注册blueprint，查找BlueprintApi的子类
     for scan in configure.scan_module:
     for scan in configure.scan_module:
         for api in find_class(scan, BlueprintApi):
         for api in find_class(scan, BlueprintApi):
@@ -101,7 +110,7 @@ def create_app():
         StructurePrint.print("start listen")
         StructurePrint.print("start listen")
         process = threading.Thread(target=data_entry_center)
         process = threading.Thread(target=data_entry_center)
         process.start()
         process.start()
-    
+
     # 不检测https
     # 不检测https
     os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
     os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
 
 
@@ -147,7 +156,8 @@ def data_entry_center():
 
 
             if inter_size < configure.entry_data_thread:
             if inter_size < configure.entry_data_thread:
                 # 锁表啊
                 # 锁表啊
-                ready_task:Task = sys_session.query(Task).filter_by(state=0,task_type=1).order_by(Task.create_time).with_lockmode("update").limit(1).one_or_none()
+                ready_task: Task = sys_session.query(Task).filter_by(state=0, task_type=1).order_by(
+                    Task.create_time).with_lockmode("update").limit(1).one_or_none()
                 if ready_task:
                 if ready_task:
 
 
                     try:
                     try:
@@ -204,4 +214,4 @@ def data_entry_center():
                     sys_session.commit()
                     sys_session.commit()
         except Exception as e:
         except Exception as e:
             sys_session.commit()
             sys_session.commit()
-            StructurePrint.print(e.__str__(), "error")
+            StructurePrint.print(e.__str__(), "error")

+from enum import auto
+from logging import error
+
+from sqlalchemy.sql.expression import false, true
 from app.util import BlueprintApi
 from app.util import BlueprintApi
 from app.util import BlueprintApi
 from app.util import BlueprintApi
 from flask import Blueprint, render_template, redirect, url_for, request, session, jsonify
 from flask import Blueprint, render_template, redirect, url_for, request, session, jsonify
@@ -6,9 +10,10 @@ from sqlalchemy import and_
 from .models import *
 from .models import *
 from werkzeug.security import gen_salt
 from werkzeug.security import gen_salt
 import time
 import time
-from .oauth2 import authorization, require_oauth, generate_user_info
+from .oauth2 import authorization, myCodeIDToken, require_oauth, generate_user_info
 from authlib.oauth2 import OAuth2Error
 from authlib.oauth2 import OAuth2Error
 from authlib.integrations.flask_oauth2 import current_token
 from authlib.integrations.flask_oauth2 import current_token
+from authlib.oidc.core import CodeIDToken
 
 
 
 
 def current_user():
 def current_user():
@@ -18,6 +23,12 @@ def current_user():
     return None
     return None
 
 
 
 
+def remove_user():
+    user = current_user()
+    if user:
+        session.pop('id')
+
+
 def split_by_crlf(s):
 def split_by_crlf(s):
     return [v for v in s.splitlines() if v]
     return [v for v in s.splitlines() if v]
 
 
@@ -92,17 +103,21 @@ class DataManager(BlueprintApi):
     def authorize():
     def authorize():
         user = current_user()
         user = current_user()
         if request.method == 'GET':
         if request.method == 'GET':
+            # 没有登录，跳转到登录界面
             try:
             try:
                 grant = authorization.validate_consent_request(end_user=user)
                 grant = authorization.validate_consent_request(end_user=user)
             except OAuth2Error as error:
             except OAuth2Error as error:
                 return jsonify(dict(error.get_body()))
                 return jsonify(dict(error.get_body()))
-            return render_template('auth/authorize.html', user=user, grant=grant)
+            if not user:
+                return render_template('auth/authorize.html', user=user, grant=grant)
             # return render_template('auth/login1.html', user=user, grant=grant)
             # return render_template('auth/login1.html', user=user, grant=grant)
         if not user and 'username' in request.form:
         if not user and 'username' in request.form:
             username = request.form.get('username')
             username = request.form.get('username')
             password = request.form.get('password')
             password = request.form.get('password')
             user = User.query.filter_by(
             user = User.query.filter_by(
                 username=username, password=password).first()
                 username=username, password=password).first()
+        if User:
+            session['id'] = user.id
         grant_user = user
         grant_user = user
         # if request.form['confirm']:
         # if request.form['confirm']:
         #     grant_user = user
         #     grant_user = user
@@ -119,4 +134,25 @@ class DataManager(BlueprintApi):
     @bp.route('/userinfo')
     @bp.route('/userinfo')
     @require_oauth('profile')
     @require_oauth('profile')
     def api_me():
     def api_me():
-        return jsonify(generate_user_info(current_token.user, current_token.scope))
+        try:
+            return jsonify(generate_user_info(current_token.user, current_token.scope))
+        except error as e:
+            return jsonify(dict(e.get_body()))
+
+    @staticmethod
+    @bp.route('/logout', methods=('GET', 'POST'))
+    @require_oauth('profile')
+    def logout():
+        if current_token:
+            remove_user()
+            accesstoken = OAuth2Token.query.filter_by(
+                access_token=current_token.access_token).first()
+            try:
+                accesstoken.revoked = True
+                db.session.commit()
+            except error as e:
+                return jsonify(dict(e.get_body()))
+        else:
+            return jsonify({'result': False, 'message': 'access_token is null'})
+
+        return jsonify({'result': True, 'message': 'logout success'})

@@ -56,4 +56,5 @@ class OAuth2Token(db.Model, OAuth2TokenMixin):
     id = Column(Integer, primary_key=True)
     id = Column(Integer, primary_key=True)
     user_id = Column(
     user_id = Column(
         Integer, ForeignKey('dmdms_user.id', ondelete='CASCADE'))
         Integer, ForeignKey('dmdms_user.id', ondelete='CASCADE'))
-    user = relationship('User')
+    # name = Column(Text)
+    user = relationship('User')

+from os import access, remove
+from time import time
 from authlib.integrations.flask_oauth2 import (
 from authlib.integrations.flask_oauth2 import (
     AuthorizationServer, ResourceProtector)
     AuthorizationServer, ResourceProtector)
 from authlib.integrations.sqla_oauth2 import (
 from authlib.integrations.sqla_oauth2 import (
@@ -13,11 +15,12 @@ from authlib.oidc.core.grants import (
     OpenIDImplicitGrant as _OpenIDImplicitGrant,
     OpenIDImplicitGrant as _OpenIDImplicitGrant,
     OpenIDHybridGrant as _OpenIDHybridGrant,
     OpenIDHybridGrant as _OpenIDHybridGrant,
 )
 )
-from authlib.oidc.core import UserInfo
+from authlib.oidc.core import UserInfo, CodeIDToken, IDToken
+from sqlalchemy.sql.sqltypes import DateTime
 from werkzeug.security import gen_salt
 from werkzeug.security import gen_salt
 from .models import db, User
 from .models import db, User
 from .models import OAuth2Client, OAuth2AuthorizationCode, OAuth2Token
 from .models import OAuth2Client, OAuth2AuthorizationCode, OAuth2Token
-
+from flask import g
 
 
 DUMMY_JWT_CONFIG = {
 DUMMY_JWT_CONFIG = {
     'key': 'secret-key',
     'key': 'secret-key',
@@ -26,6 +29,17 @@ DUMMY_JWT_CONFIG = {
     'exp': 7200,
     'exp': 7200,
 }
 }
 
 
+class myCodeIDToken(CodeIDToken):
+    def validate(self, now, leeway):
+        return super().validate(now=now, leeway=leeway)
+    
+    def validate_exp(self, now, leeway):
+        return super().validate_exp(now, leeway)
+
+
+def validate_token(accesstoken):
+    return IDToken.validate(self=accesstoken)
+
 
 
 def exists_nonce(nonce, req):
 def exists_nonce(nonce, req):
     exists = OAuth2AuthorizationCode.query.filter_by(
     exists = OAuth2AuthorizationCode.query.filter_by(
@@ -119,11 +133,12 @@ def config_oauth(app):
         app,
         app,
         query_client=query_client,
         query_client=query_client,
         save_token=save_token
         save_token=save_token
+        # fetch_token=fetch_token
     )
     )
 
 
     # support all openid grants
     # support all openid grants
     authorization.register_grant(AuthorizationCodeGrant, [
     authorization.register_grant(AuthorizationCodeGrant, [
-        OpenIDCode(require_nonce=True),
+        OpenIDCode(require_nonce=True)
     ])
     ])
     authorization.register_grant(ImplicitGrant)
     authorization.register_grant(ImplicitGrant)
     authorization.register_grant(HybridGrant)
     authorization.register_grant(HybridGrant)

 # coding=utf-8
 # coding=utf-8
 from flask import Flask
 from flask import Flask
 from app import create_app
 from app import create_app
-app:Flask = create_app()
+app: Flask = create_app()
 if __name__ == '__main__':
 if __name__ == '__main__':
     app.run(host="0.0.0.0", port="8840", threaded=True, debug=True)
     app.run(host="0.0.0.0", port="8840", threaded=True, debug=True)
-    # app.run(host="0.0.0.0", port="8840", threaded=True)
+    # app.run(host="0.0.0.0", port="8840", threaded=True)