修复令牌验证逻辑,修改管理员dashboard,增加退出登录功能
Change-Id: I6a832763126dffd28733269044a1b1956c5b1106
diff --git a/Merge/back_trm/app/__pycache__/routes.cpython-310.pyc b/Merge/back_trm/app/__pycache__/routes.cpython-310.pyc
index e22e52b..8eadf0e 100644
--- a/Merge/back_trm/app/__pycache__/routes.cpython-310.pyc
+++ b/Merge/back_trm/app/__pycache__/routes.cpython-310.pyc
Binary files differ
diff --git a/Merge/back_trm/app/functions/Fpost.py b/Merge/back_trm/app/functions/Fpost.py
index 2237815..248ed13 100644
--- a/Merge/back_trm/app/functions/Fpost.py
+++ b/Merge/back_trm/app/functions/Fpost.py
@@ -6,6 +6,10 @@
from sqlalchemy.orm import Session
from ..models.logs import Log
from ..models.syscost import PerformanceData
+# from ..models.token import Token
+from config import Config
+import requests
+
class Fpost:
def __init__(self,session:Session):
self.session=session
@@ -48,13 +52,30 @@
def getpost(self,postid):
res=self.session.query(post).filter(post.id==postid).first()
return res
- def checkid(self,userid,status=''):
- res=self.session.query(users).filter(users.id==userid).first()
- if(not res):
+ def checkid(self, token, status=''):
+ """
+ 使用前端传来的 token 调用 /verify_user 接口校验,
+ 如果接口返回 success=False 或者角色不匹配则返回 False,否则 True。
+ """
+ print("---------------------------------------------------------")
+ try:
+ url = f"{Config.API_BASE_URL}/verify_user"
+ headers = {
+ 'Authorization': f'Bearer {token}',
+ 'Content-Type': 'application/json'
+ }
+ payload = {'token': token}
+ resp = requests.post(url, headers=headers, json=payload)
+
+ print(resp.json())
+ if resp.status_code != 200:
+ return False
+ data = resp.json()
+ if not data.get('success'):
+ return False
+ return data.get('role') == status,data.get('user_id')
+ except Exception:
return False
- if res.role !=status:
- return False
- return True
def review(self,postid,status):
print(status)
@@ -65,43 +86,43 @@
self.session.commit()
return True
- def createtoken(self, userid):
- """
- 根据userid创建token并插入到数据库
- :param userid: 用户ID
- :return: 生成的token字符串
- """
- # 生成随机盐值
- salt = secrets.token_hex(16)
+ # def createtoken(self, userid):
+ # """
+ # 根据userid创建token并插入到数据库
+ # :param userid: 用户ID
+ # :return: 生成的token字符串
+ # """
+ # # 生成随机盐值
+ # salt = secrets.token_hex(16)
- # 创建哈希值:userid + 当前时间戳 + 随机盐值
- current_time = str(datetime.now().timestamp())
- hash_input = f"{userid}_{current_time}_{salt}"
+ # # 创建哈希值:userid + 当前时间戳 + 随机盐值
+ # current_time = str(datetime.now().timestamp())
+ # hash_input = f"{userid}_{current_time}_{salt}"
- # 生成SHA256哈希值作为token
- token = hashlib.sha256(hash_input.encode()).hexdigest()
+ # # 生成SHA256哈希值作为token
+ # token = hashlib.sha256(hash_input.encode()).hexdigest()
- # 设置时间
- created_time = datetime.now()
- expires_time = created_time + timedelta(days=1) # 一天后过期
+ # # 设置时间
+ # created_time = datetime.now()
+ # expires_time = created_time + timedelta(days=1) # 一天后过期
- try:
- # 创建新的token记录
- new_token = Token(
- token=token,
- expires_at=expires_time,
- created_at=created_time
- )
+ # try:
+ # # 创建新的token记录
+ # new_token = Token(
+ # token=token,
+ # expires_at=expires_time,
+ # created_at=created_time
+ # )
- # 假设self.session是数据库会话对象
- self.session.add(new_token)
- self.session.commit()
+ # # 假设self.session是数据库会话对象
+ # self.session.add(new_token)
+ # self.session.commit()
- return token
+ # return token
- except Exception as e:
- self.session.rollback()
- raise Exception(f"创建token失败: {str(e)}")
+ # except Exception as e:
+ # self.session.rollback()
+ # raise Exception(f"创建token失败: {str(e)}")
def recordlog(self,user_id,log_type,content,ip):
"""
@@ -152,5 +173,5 @@
raise Exception(f"记录系统性能消耗失败: {e}")
def getsyscost(self):
- res= self.session.query(PerformanceData).all()
+ res = self.session.query(PerformanceData).order_by(PerformanceData.record_time.desc()).limit(200).all()
return res
\ No newline at end of file
diff --git a/Merge/back_trm/app/functions/__pycache__/Fpost.cpython-310.pyc b/Merge/back_trm/app/functions/__pycache__/Fpost.cpython-310.pyc
index 3a49c6c..88279b4 100644
--- a/Merge/back_trm/app/functions/__pycache__/Fpost.cpython-310.pyc
+++ b/Merge/back_trm/app/functions/__pycache__/Fpost.cpython-310.pyc
Binary files differ
diff --git a/Merge/back_trm/app/models/__pycache__/token.cpython-310.pyc b/Merge/back_trm/app/models/__pycache__/token.cpython-310.pyc
new file mode 100644
index 0000000..ab59118
--- /dev/null
+++ b/Merge/back_trm/app/models/__pycache__/token.cpython-310.pyc
Binary files differ
diff --git a/Merge/back_trm/app/routes.py b/Merge/back_trm/app/routes.py
index 20cf99c..b1d1fd6 100644
--- a/Merge/back_trm/app/routes.py
+++ b/Merge/back_trm/app/routes.py
@@ -17,9 +17,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行修改用户角色的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -27,12 +27,12 @@
res=f.giveadmin(data['targetid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f"尝试修改用户{data['targetid']}角色为admin失败,用户不存在",
request.remote_addr)
return jsonify({'status': 'error', 'message': 'User not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'用户角色为admin修改成功,用户ID: {data["targetid"]} 被修改为管理员',
request.remote_addr)
@@ -46,9 +46,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行修改用户角色的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -56,12 +56,12 @@
res=f.giveuser(data['targetid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f"尝试修改用户{data['targetid']}为user失败,用户不存在",
request.remote_addr)
return jsonify({'status': 'error', 'message': 'User not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'用户角色修改成功,用户ID: {data["targetid"]} 被修改为普通用户',
request.remote_addr)
@@ -76,9 +76,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行修改用户角色的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -86,12 +86,12 @@
res=f.givesuperadmin(data['targetid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试修改用户{data["targetid"]}角色为superadmin失败,用户不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'User not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'用户角色修改成功,用户ID: {data["targetid"]} 被修改为超级管理员',
request.remote_addr)
@@ -105,9 +105,11 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
+ print("+++++++++++++++++++++++++++++++++++++++++++++++++")
+ print(checres)
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要超级管理员才能执行获取用户列表的操作,但是当前用户不是超级管理员',
request.remote_addr)
@@ -121,7 +123,7 @@
'role': datai[2]
})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取用户列表成功',
request.remote_addr)
@@ -135,9 +137,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取帖子列表的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -150,7 +152,7 @@
'title': datai[1],
'status': datai[2]
})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取帖子列表成功',
request.remote_addr)
@@ -163,21 +165,21 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取帖子详情的操作,但是当前用户不是管理员',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Unauthorized'})
res=f.getpost(data['postid'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试获取帖子{data["postid"]}失败,帖子不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Post not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
f'获取帖子详情成功,帖子ID: {data["postid"]}',
request.remote_addr)
@@ -190,9 +192,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行帖子审核的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -200,12 +202,12 @@
res=f.review(data['postid'],data['status'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试审核帖子{data["postid"]}失败,帖子不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Post not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'帖子审核成功,帖子ID: {data["postid"]} 状态更新为 {data["status"]}',
request.remote_addr)
@@ -220,9 +222,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'admin')
+ checres,userid=f.checkid(data['userid'],'admin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行Nginx认证的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -230,12 +232,12 @@
res=f.nginxauth(data['postid'],data['status'])
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
f'尝试更新Nginx认证状态失败,帖子{data["postid"]}不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'Post not found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'behavior',
f'Nginx认证状态更新成功,帖子ID: {data["postid"]} 状态更新为 {data["status"]}',
request.remote_addr)
@@ -248,9 +250,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取系统性能消耗的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -258,13 +260,13 @@
res=f.getsyscost()
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'尝试获取系统性能消耗数据失败,数据不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'No performance data found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取系统性能消耗数据成功',
request.remote_addr)
@@ -287,9 +289,9 @@
SessionLocal = sessionmaker(bind=engine)
session = SessionLocal()
f=Fpost(session)
- checres=f.checkid(data['userid'],'superadmin')
+ checres,userid=f.checkid(data['userid'],'superadmin')
if(not checres):
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'系统需要管理员才能执行获取日志的操作,但是当前用户不是管理员',
request.remote_addr)
@@ -297,13 +299,13 @@
res=f.getrecordlog()
if not res:
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'error',
'尝试获取日志失败,日志不存在',
request.remote_addr)
return jsonify({'status': 'error', 'message': 'No logs found'})
- f.recordlog(data['userid'],
+ f.recordlog(userid,
'access',
'获取日志成功',
request.remote_addr)