AccesTokenController ist ein Thread
AccesTokenController schaut immer wieder nach, ob ein AccesToken noch valid ist. Zeitabstand beträgt bis jetzt 10 SeKunden ValidLifeTime beträgt bis jetzt 60 Sekunden
This commit is contained in:
parent
5c5799206f
commit
535b9cbc12
|
@ -1,15 +1,18 @@
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
from flask_sqlalchemy import SQLAlchemy
|
from flask_sqlalchemy import SQLAlchemy
|
||||||
from flask_bcrypt import Bcrypt
|
from flask_bcrypt import Bcrypt
|
||||||
|
from flask_cors import CORS
|
||||||
from .controller.accesTokenController import AccesTokenController
|
from .controller.accesTokenController import AccesTokenController
|
||||||
# from flask_login import LoginManager
|
# from flask_login import LoginManager
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
CORS(app)
|
||||||
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
|
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
|
||||||
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'
|
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'
|
||||||
db = SQLAlchemy(app)
|
db = SQLAlchemy(app)
|
||||||
bcrypt = Bcrypt(app)
|
bcrypt = Bcrypt(app)
|
||||||
accesTokenController = AccesTokenController()
|
accesTokenController = AccesTokenController()
|
||||||
|
accesTokenController.start()
|
||||||
# login_manager = LoginManager(app)
|
# login_manager = LoginManager(app)
|
||||||
# login_manager.login_view = 'login'
|
# login_manager.login_view = 'login'
|
||||||
# login_manager.login_message_category = 'info'
|
# login_manager.login_message_category = 'info'
|
||||||
|
|
|
@ -1,25 +1,51 @@
|
||||||
from geruecht.model.accessToken import AccessToken
|
from geruecht.model.accessToken import AccessToken
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
import time
|
||||||
|
from threading import Thread
|
||||||
import hashlib
|
import hashlib
|
||||||
|
|
||||||
class AccesTokenController():
|
class AccesTokenController(Thread):
|
||||||
tokenList = None
|
tokenList = None
|
||||||
|
self.lifetime = 60
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
print("init AccesTokenControlle")
|
||||||
|
print("init threading")
|
||||||
|
Thread.__init__(self)
|
||||||
self.tokenList = []
|
self.tokenList = []
|
||||||
|
|
||||||
def findAccesToken(self, token):
|
def findAccesToken(self, token):
|
||||||
|
print("search for AccesToken", token)
|
||||||
for accToken in self.tokenList:
|
for accToken in self.tokenList:
|
||||||
if accToken == token:
|
if accToken == token:
|
||||||
|
print("find AccesToken", accToken, "with token", token)
|
||||||
return accToken
|
return accToken
|
||||||
|
print("no AccesToken with", token)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def createAccesToken(self, user):
|
def createAccesToken(self, user):
|
||||||
time = datetime.ctime(datetime.now())
|
print("create AccesToken")
|
||||||
token = hashlib.md5((time + user.password).encode('utf-8')).hexdigest()
|
now = datetime.ctime(datetime.now())
|
||||||
|
token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest()
|
||||||
self.tokenList.append(AccessToken(user, token))
|
self.tokenList.append(AccessToken(user, token))
|
||||||
print(self.tokenList)
|
print(self.tokenList)
|
||||||
|
print("finished create AccesToken", token)
|
||||||
return token
|
return token
|
||||||
|
|
||||||
def isSameGroup(self, accToken, group):
|
def isSameGroup(self, accToken, group):
|
||||||
|
print("controll if", accToken, "hase group", group)
|
||||||
return True if accToken.user.group == group else False
|
return True if accToken.user.group == group else False
|
||||||
|
|
||||||
|
def run(self):
|
||||||
|
while True:
|
||||||
|
print("start allocate")
|
||||||
|
for accToken in self.tokenList:
|
||||||
|
print("controle", accToken)
|
||||||
|
if (datetime.now() - accToken.timestamp).seconds > self.lifetime:
|
||||||
|
print("delete", accToken)
|
||||||
|
self.tokenList.remove(accToken)
|
||||||
|
else:
|
||||||
|
print("time is only", (datetime.now() - accToken.timestamp).seconds)
|
||||||
|
print(self.tokenList)
|
||||||
|
print("wait")
|
||||||
|
time.sleep(10)
|
||||||
|
|
|
@ -12,6 +12,7 @@ class User(db.Model):
|
||||||
|
|
||||||
def toJSON(self):
|
def toJSON(self):
|
||||||
dic = {
|
dic = {
|
||||||
|
"userId": self.userID,
|
||||||
"username": self.username,
|
"username": self.username,
|
||||||
"firstname": self.firstname,
|
"firstname": self.firstname,
|
||||||
"lastname": self.lastname,
|
"lastname": self.lastname,
|
||||||
|
|
|
@ -7,6 +7,7 @@ from flask import request, jsonify
|
||||||
MONEY = "moneymaster"
|
MONEY = "moneymaster"
|
||||||
GASTRO = "gastro"
|
GASTRO = "gastro"
|
||||||
USER = "user"
|
USER = "user"
|
||||||
|
BAR = "bar"
|
||||||
|
|
||||||
def verifyAccessToken(token, group):
|
def verifyAccessToken(token, group):
|
||||||
accToken = accesTokenController.findAccesToken(token)
|
accToken = accesTokenController.findAccesToken(token)
|
||||||
|
@ -31,6 +32,15 @@ def _getFinanzer():
|
||||||
return jsonify(dic)
|
return jsonify(dic)
|
||||||
return jsonify({"error": "permission denied"}), 401
|
return jsonify({"error": "permission denied"}), 401
|
||||||
|
|
||||||
|
@app.route("/valid", methods=['POST'])
|
||||||
|
def _valid():
|
||||||
|
data = request.get_json()
|
||||||
|
token = data["token"]
|
||||||
|
accToken = verifyAccessToken(token, MONEY)
|
||||||
|
if accToken is not None:
|
||||||
|
return jsonify(accToken.user.toJSON())
|
||||||
|
return jsonify({"error": "permission denied"}), 401
|
||||||
|
|
||||||
@app.route("/login", methods=['POST'])
|
@app.route("/login", methods=['POST'])
|
||||||
def _login():
|
def _login():
|
||||||
data = request.get_json()
|
data = request.get_json()
|
||||||
|
@ -43,7 +53,7 @@ def _login():
|
||||||
token = accesTokenController.createAccesToken(user)
|
token = accesTokenController.createAccesToken(user)
|
||||||
dic = user.toJSON()
|
dic = user.toJSON()
|
||||||
dic["token"] = token
|
dic["token"] = token
|
||||||
return jsonify({user.userID: dic})
|
return jsonify(dic)
|
||||||
else:
|
else:
|
||||||
return jsonify({"error": "wrong password"}), 401
|
return jsonify({"error": "wrong password"}), 401
|
||||||
return jsonify({"error": "wrong username"}), 402
|
return jsonify({"error": "wrong username"}), 402
|
||||||
|
|
BIN
geruecht/site.db
BIN
geruecht/site.db
Binary file not shown.
Loading…
Reference in New Issue