修复令牌验证逻辑,修改管理员dashboard,增加退出登录功能
Change-Id: I6a832763126dffd28733269044a1b1956c5b1106
diff --git a/Merge/back_trm/app/functions/Fpost.py b/Merge/back_trm/app/functions/Fpost.py
index 2237815..248ed13 100644
--- a/Merge/back_trm/app/functions/Fpost.py
+++ b/Merge/back_trm/app/functions/Fpost.py
@@ -6,6 +6,10 @@
from sqlalchemy.orm import Session
from ..models.logs import Log
from ..models.syscost import PerformanceData
+# from ..models.token import Token
+from config import Config
+import requests
+
class Fpost:
def __init__(self,session:Session):
self.session=session
@@ -48,13 +52,30 @@
def getpost(self,postid):
res=self.session.query(post).filter(post.id==postid).first()
return res
- def checkid(self,userid,status=''):
- res=self.session.query(users).filter(users.id==userid).first()
- if(not res):
+ def checkid(self, token, status=''):
+ """
+ 使用前端传来的 token 调用 /verify_user 接口校验,
+ 如果接口返回 success=False 或者角色不匹配则返回 False,否则 True。
+ """
+ print("---------------------------------------------------------")
+ try:
+ url = f"{Config.API_BASE_URL}/verify_user"
+ headers = {
+ 'Authorization': f'Bearer {token}',
+ 'Content-Type': 'application/json'
+ }
+ payload = {'token': token}
+ resp = requests.post(url, headers=headers, json=payload)
+
+ print(resp.json())
+ if resp.status_code != 200:
+ return False
+ data = resp.json()
+ if not data.get('success'):
+ return False
+ return data.get('role') == status,data.get('user_id')
+ except Exception:
return False
- if res.role !=status:
- return False
- return True
def review(self,postid,status):
print(status)
@@ -65,43 +86,43 @@
self.session.commit()
return True
- def createtoken(self, userid):
- """
- 根据userid创建token并插入到数据库
- :param userid: 用户ID
- :return: 生成的token字符串
- """
- # 生成随机盐值
- salt = secrets.token_hex(16)
+ # def createtoken(self, userid):
+ # """
+ # 根据userid创建token并插入到数据库
+ # :param userid: 用户ID
+ # :return: 生成的token字符串
+ # """
+ # # 生成随机盐值
+ # salt = secrets.token_hex(16)
- # 创建哈希值:userid + 当前时间戳 + 随机盐值
- current_time = str(datetime.now().timestamp())
- hash_input = f"{userid}_{current_time}_{salt}"
+ # # 创建哈希值:userid + 当前时间戳 + 随机盐值
+ # current_time = str(datetime.now().timestamp())
+ # hash_input = f"{userid}_{current_time}_{salt}"
- # 生成SHA256哈希值作为token
- token = hashlib.sha256(hash_input.encode()).hexdigest()
+ # # 生成SHA256哈希值作为token
+ # token = hashlib.sha256(hash_input.encode()).hexdigest()
- # 设置时间
- created_time = datetime.now()
- expires_time = created_time + timedelta(days=1) # 一天后过期
+ # # 设置时间
+ # created_time = datetime.now()
+ # expires_time = created_time + timedelta(days=1) # 一天后过期
- try:
- # 创建新的token记录
- new_token = Token(
- token=token,
- expires_at=expires_time,
- created_at=created_time
- )
+ # try:
+ # # 创建新的token记录
+ # new_token = Token(
+ # token=token,
+ # expires_at=expires_time,
+ # created_at=created_time
+ # )
- # 假设self.session是数据库会话对象
- self.session.add(new_token)
- self.session.commit()
+ # # 假设self.session是数据库会话对象
+ # self.session.add(new_token)
+ # self.session.commit()
- return token
+ # return token
- except Exception as e:
- self.session.rollback()
- raise Exception(f"创建token失败: {str(e)}")
+ # except Exception as e:
+ # self.session.rollback()
+ # raise Exception(f"创建token失败: {str(e)}")
def recordlog(self,user_id,log_type,content,ip):
"""
@@ -152,5 +173,5 @@
raise Exception(f"记录系统性能消耗失败: {e}")
def getsyscost(self):
- res= self.session.query(PerformanceData).all()
+ res = self.session.query(PerformanceData).order_by(PerformanceData.record_time.desc()).limit(200).all()
return res
\ No newline at end of file