From 535b9cbc12c3ab7c9a6095d9b4ca0ad30cd93beb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Fri, 12 Apr 2019 14:51:37 +0200 Subject: [PATCH] AccesTokenController ist ein Thread MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit AccesTokenController schaut immer wieder nach, ob ein AccesToken noch valid ist. Zeitabstand beträgt bis jetzt 10 SeKunden ValidLifeTime beträgt bis jetzt 60 Sekunden --- geruecht/__init__.py | 3 ++ geruecht/controller/accesTokenController.py | 32 ++++++++++++++++++-- geruecht/model/user.py | 1 + geruecht/routes.py | 14 +++++++-- geruecht/site.db | Bin 28672 -> 28672 bytes 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/geruecht/__init__.py b/geruecht/__init__.py index 6591d64..671f980 100644 --- a/geruecht/__init__.py +++ b/geruecht/__init__.py @@ -1,15 +1,18 @@ from flask import Flask from flask_sqlalchemy import SQLAlchemy from flask_bcrypt import Bcrypt +from flask_cors import CORS from .controller.accesTokenController import AccesTokenController # from flask_login import LoginManager app = Flask(__name__) +CORS(app) # app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db' db = SQLAlchemy(app) bcrypt = Bcrypt(app) accesTokenController = AccesTokenController() +accesTokenController.start() # login_manager = LoginManager(app) # login_manager.login_view = 'login' # login_manager.login_message_category = 'info' diff --git a/geruecht/controller/accesTokenController.py b/geruecht/controller/accesTokenController.py index 1dfc13c..e7a5c77 100644 --- a/geruecht/controller/accesTokenController.py +++ b/geruecht/controller/accesTokenController.py @@ -1,25 +1,51 @@ from geruecht.model.accessToken import AccessToken from datetime import datetime +import time +from threading import Thread import hashlib -class AccesTokenController(): +class AccesTokenController(Thread): tokenList = None + self.lifetime = 60 def __init__(self): + print("init AccesTokenControlle") + print("init threading") + Thread.__init__(self) self.tokenList = [] def findAccesToken(self, token): + print("search for AccesToken", token) for accToken in self.tokenList: if accToken == token: + print("find AccesToken", accToken, "with token", token) return accToken + print("no AccesToken with", token) return None def createAccesToken(self, user): - time = datetime.ctime(datetime.now()) - token = hashlib.md5((time + user.password).encode('utf-8')).hexdigest() + print("create AccesToken") + now = datetime.ctime(datetime.now()) + token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest() self.tokenList.append(AccessToken(user, token)) print(self.tokenList) + print("finished create AccesToken", token) return token def isSameGroup(self, accToken, group): + print("controll if", accToken, "hase group", group) return True if accToken.user.group == group else False + + def run(self): + while True: + print("start allocate") + for accToken in self.tokenList: + print("controle", accToken) + if (datetime.now() - accToken.timestamp).seconds > self.lifetime: + print("delete", accToken) + self.tokenList.remove(accToken) + else: + print("time is only", (datetime.now() - accToken.timestamp).seconds) + print(self.tokenList) + print("wait") + time.sleep(10) diff --git a/geruecht/model/user.py b/geruecht/model/user.py index 557e434..6c8c9de 100644 --- a/geruecht/model/user.py +++ b/geruecht/model/user.py @@ -12,6 +12,7 @@ class User(db.Model): def toJSON(self): dic = { + "userId": self.userID, "username": self.username, "firstname": self.firstname, "lastname": self.lastname, diff --git a/geruecht/routes.py b/geruecht/routes.py index c3efb3a..967be95 100644 --- a/geruecht/routes.py +++ b/geruecht/routes.py @@ -7,6 +7,7 @@ from flask import request, jsonify MONEY = "moneymaster" GASTRO = "gastro" USER = "user" +BAR = "bar" def verifyAccessToken(token, group): accToken = accesTokenController.findAccesToken(token) @@ -31,6 +32,15 @@ def _getFinanzer(): return jsonify(dic) return jsonify({"error": "permission denied"}), 401 +@app.route("/valid", methods=['POST']) +def _valid(): + data = request.get_json() + token = data["token"] + accToken = verifyAccessToken(token, MONEY) + if accToken is not None: + return jsonify(accToken.user.toJSON()) + return jsonify({"error": "permission denied"}), 401 + @app.route("/login", methods=['POST']) def _login(): data = request.get_json() @@ -43,11 +53,11 @@ def _login(): token = accesTokenController.createAccesToken(user) dic = user.toJSON() dic["token"] = token - return jsonify({user.userID: dic}) + return jsonify(dic) else: return jsonify({"error": "wrong password"}), 401 return jsonify({"error": "wrong username"}), 402 - + @app.route("/getFinanzer") def getFinanzer(): diff --git a/geruecht/site.db b/geruecht/site.db index ae21fbe68089f050a3ef470ccc1be0faaf206144..172ae01ada83bfeb1859bd052b769c271b5ec6ed 100644 GIT binary patch delta 206 zcmZp8z}WDBae_1>>qHr6M%Il9OZYjM_)Qr2r}CR@78KCnPmE{cWDu2>loW1cEzL|! zEzZj?&rMBDFG@|%FG?%QEU8LON-R<_N>VX2Qi(`*t|~Y1_p>N73ARk}af@*Cb`DL= z%gomgDX{eM_b*DXw9N9;^T{>Oa*gy!j7)RPj4+x!RX!hR=W7Q3FZ{1J3o6{_SL9$8 zWdvEq#LX%S0JxMwX2UOZeFs`KL1QPu(o2(9J)2s(e0>|Am47%Vt4`SNvk! j%(9#%sl_Fw#i>PH3=9m6{9hUPzXIi6^KbrY&ustz)O8rO