AccesTokenController ist ein Thread
AccesTokenController schaut immer wieder nach, ob ein AccesToken noch valid ist. Zeitabstand beträgt bis jetzt 10 SeKunden ValidLifeTime beträgt bis jetzt 60 Sekunden
This commit is contained in:
parent
5c5799206f
commit
535b9cbc12
|
@ -1,15 +1,18 @@
|
|||
from flask import Flask
|
||||
from flask_sqlalchemy import SQLAlchemy
|
||||
from flask_bcrypt import Bcrypt
|
||||
from flask_cors import CORS
|
||||
from .controller.accesTokenController import AccesTokenController
|
||||
# from flask_login import LoginManager
|
||||
|
||||
app = Flask(__name__)
|
||||
CORS(app)
|
||||
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
|
||||
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'
|
||||
db = SQLAlchemy(app)
|
||||
bcrypt = Bcrypt(app)
|
||||
accesTokenController = AccesTokenController()
|
||||
accesTokenController.start()
|
||||
# login_manager = LoginManager(app)
|
||||
# login_manager.login_view = 'login'
|
||||
# login_manager.login_message_category = 'info'
|
||||
|
|
|
@ -1,25 +1,51 @@
|
|||
from geruecht.model.accessToken import AccessToken
|
||||
from datetime import datetime
|
||||
import time
|
||||
from threading import Thread
|
||||
import hashlib
|
||||
|
||||
class AccesTokenController():
|
||||
class AccesTokenController(Thread):
|
||||
tokenList = None
|
||||
self.lifetime = 60
|
||||
|
||||
def __init__(self):
|
||||
print("init AccesTokenControlle")
|
||||
print("init threading")
|
||||
Thread.__init__(self)
|
||||
self.tokenList = []
|
||||
|
||||
def findAccesToken(self, token):
|
||||
print("search for AccesToken", token)
|
||||
for accToken in self.tokenList:
|
||||
if accToken == token:
|
||||
print("find AccesToken", accToken, "with token", token)
|
||||
return accToken
|
||||
print("no AccesToken with", token)
|
||||
return None
|
||||
|
||||
def createAccesToken(self, user):
|
||||
time = datetime.ctime(datetime.now())
|
||||
token = hashlib.md5((time + user.password).encode('utf-8')).hexdigest()
|
||||
print("create AccesToken")
|
||||
now = datetime.ctime(datetime.now())
|
||||
token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest()
|
||||
self.tokenList.append(AccessToken(user, token))
|
||||
print(self.tokenList)
|
||||
print("finished create AccesToken", token)
|
||||
return token
|
||||
|
||||
def isSameGroup(self, accToken, group):
|
||||
print("controll if", accToken, "hase group", group)
|
||||
return True if accToken.user.group == group else False
|
||||
|
||||
def run(self):
|
||||
while True:
|
||||
print("start allocate")
|
||||
for accToken in self.tokenList:
|
||||
print("controle", accToken)
|
||||
if (datetime.now() - accToken.timestamp).seconds > self.lifetime:
|
||||
print("delete", accToken)
|
||||
self.tokenList.remove(accToken)
|
||||
else:
|
||||
print("time is only", (datetime.now() - accToken.timestamp).seconds)
|
||||
print(self.tokenList)
|
||||
print("wait")
|
||||
time.sleep(10)
|
||||
|
|
|
@ -12,6 +12,7 @@ class User(db.Model):
|
|||
|
||||
def toJSON(self):
|
||||
dic = {
|
||||
"userId": self.userID,
|
||||
"username": self.username,
|
||||
"firstname": self.firstname,
|
||||
"lastname": self.lastname,
|
||||
|
|
|
@ -7,6 +7,7 @@ from flask import request, jsonify
|
|||
MONEY = "moneymaster"
|
||||
GASTRO = "gastro"
|
||||
USER = "user"
|
||||
BAR = "bar"
|
||||
|
||||
def verifyAccessToken(token, group):
|
||||
accToken = accesTokenController.findAccesToken(token)
|
||||
|
@ -31,6 +32,15 @@ def _getFinanzer():
|
|||
return jsonify(dic)
|
||||
return jsonify({"error": "permission denied"}), 401
|
||||
|
||||
@app.route("/valid", methods=['POST'])
|
||||
def _valid():
|
||||
data = request.get_json()
|
||||
token = data["token"]
|
||||
accToken = verifyAccessToken(token, MONEY)
|
||||
if accToken is not None:
|
||||
return jsonify(accToken.user.toJSON())
|
||||
return jsonify({"error": "permission denied"}), 401
|
||||
|
||||
@app.route("/login", methods=['POST'])
|
||||
def _login():
|
||||
data = request.get_json()
|
||||
|
@ -43,7 +53,7 @@ def _login():
|
|||
token = accesTokenController.createAccesToken(user)
|
||||
dic = user.toJSON()
|
||||
dic["token"] = token
|
||||
return jsonify({user.userID: dic})
|
||||
return jsonify(dic)
|
||||
else:
|
||||
return jsonify({"error": "wrong password"}), 401
|
||||
return jsonify({"error": "wrong username"}), 402
|
||||
|
|
BIN
geruecht/site.db
BIN
geruecht/site.db
Binary file not shown.
Loading…
Reference in New Issue