AccesTokenController ist ein Thread

AccesTokenController schaut immer wieder nach, ob ein AccesToken noch valid ist.
Zeitabstand beträgt bis jetzt 10 SeKunden
ValidLifeTime beträgt bis jetzt 60 Sekunden
This commit is contained in:
Tim Gröger 2019-04-12 14:51:37 +02:00
parent 5c5799206f
commit 535b9cbc12
5 changed files with 45 additions and 5 deletions

View File

@ -1,15 +1,18 @@
from flask import Flask from flask import Flask
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
from flask_bcrypt import Bcrypt from flask_bcrypt import Bcrypt
from flask_cors import CORS
from .controller.accesTokenController import AccesTokenController from .controller.accesTokenController import AccesTokenController
# from flask_login import LoginManager # from flask_login import LoginManager
app = Flask(__name__) app = Flask(__name__)
CORS(app)
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' # app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'
db = SQLAlchemy(app) db = SQLAlchemy(app)
bcrypt = Bcrypt(app) bcrypt = Bcrypt(app)
accesTokenController = AccesTokenController() accesTokenController = AccesTokenController()
accesTokenController.start()
# login_manager = LoginManager(app) # login_manager = LoginManager(app)
# login_manager.login_view = 'login' # login_manager.login_view = 'login'
# login_manager.login_message_category = 'info' # login_manager.login_message_category = 'info'

View File

@ -1,25 +1,51 @@
from geruecht.model.accessToken import AccessToken from geruecht.model.accessToken import AccessToken
from datetime import datetime from datetime import datetime
import time
from threading import Thread
import hashlib import hashlib
class AccesTokenController(): class AccesTokenController(Thread):
tokenList = None tokenList = None
self.lifetime = 60
def __init__(self): def __init__(self):
print("init AccesTokenControlle")
print("init threading")
Thread.__init__(self)
self.tokenList = [] self.tokenList = []
def findAccesToken(self, token): def findAccesToken(self, token):
print("search for AccesToken", token)
for accToken in self.tokenList: for accToken in self.tokenList:
if accToken == token: if accToken == token:
print("find AccesToken", accToken, "with token", token)
return accToken return accToken
print("no AccesToken with", token)
return None return None
def createAccesToken(self, user): def createAccesToken(self, user):
time = datetime.ctime(datetime.now()) print("create AccesToken")
token = hashlib.md5((time + user.password).encode('utf-8')).hexdigest() now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest()
self.tokenList.append(AccessToken(user, token)) self.tokenList.append(AccessToken(user, token))
print(self.tokenList) print(self.tokenList)
print("finished create AccesToken", token)
return token return token
def isSameGroup(self, accToken, group): def isSameGroup(self, accToken, group):
print("controll if", accToken, "hase group", group)
return True if accToken.user.group == group else False return True if accToken.user.group == group else False
def run(self):
while True:
print("start allocate")
for accToken in self.tokenList:
print("controle", accToken)
if (datetime.now() - accToken.timestamp).seconds > self.lifetime:
print("delete", accToken)
self.tokenList.remove(accToken)
else:
print("time is only", (datetime.now() - accToken.timestamp).seconds)
print(self.tokenList)
print("wait")
time.sleep(10)

View File

@ -12,6 +12,7 @@ class User(db.Model):
def toJSON(self): def toJSON(self):
dic = { dic = {
"userId": self.userID,
"username": self.username, "username": self.username,
"firstname": self.firstname, "firstname": self.firstname,
"lastname": self.lastname, "lastname": self.lastname,

View File

@ -7,6 +7,7 @@ from flask import request, jsonify
MONEY = "moneymaster" MONEY = "moneymaster"
GASTRO = "gastro" GASTRO = "gastro"
USER = "user" USER = "user"
BAR = "bar"
def verifyAccessToken(token, group): def verifyAccessToken(token, group):
accToken = accesTokenController.findAccesToken(token) accToken = accesTokenController.findAccesToken(token)
@ -31,6 +32,15 @@ def _getFinanzer():
return jsonify(dic) return jsonify(dic)
return jsonify({"error": "permission denied"}), 401 return jsonify({"error": "permission denied"}), 401
@app.route("/valid", methods=['POST'])
def _valid():
data = request.get_json()
token = data["token"]
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
return jsonify(accToken.user.toJSON())
return jsonify({"error": "permission denied"}), 401
@app.route("/login", methods=['POST']) @app.route("/login", methods=['POST'])
def _login(): def _login():
data = request.get_json() data = request.get_json()
@ -43,7 +53,7 @@ def _login():
token = accesTokenController.createAccesToken(user) token = accesTokenController.createAccesToken(user)
dic = user.toJSON() dic = user.toJSON()
dic["token"] = token dic["token"] = token
return jsonify({user.userID: dic}) return jsonify(dic)
else: else:
return jsonify({"error": "wrong password"}), 401 return jsonify({"error": "wrong password"}), 401
return jsonify({"error": "wrong username"}), 402 return jsonify({"error": "wrong username"}), 402

Binary file not shown.