解决登陆session问题

a6d19380 · Davve · 626302b9 · a6d19380 · a6d19380 · a6d19380
Commit a6d19380 authored Nov 27, 2018 by Davve
14 changed files
--- a/api/account.py
+++ b/api/account.py
@@ -2,9 +2,9 @@
 # -*- coding: utf-8 -*-
 # __author__ = "chenwei"
 # Date: 2018/11/16
 from django.conf import settings
 from utils.base import APIView
+from utils.user_util import make_password
 class AccountList(APIView):
@@ -20,9 +20,14 @@ class AccountList(APIView):
    def post(self, request):
        ids = request.POST.get('ids', '').split()
-        filter = request.POST.get('type', '')
+        type = request.POST.get('type', '')
+        updates = {}
+        if type == 'offline':
+            updates['is_online'] = 0
+        else:
+            updates['is_online'] = 1
        try:
-            self.rpc['venus/community/account/update'](filter=filter, ids=ids).unwrap()
+            self.rpc['venus/sun/account/batch/update'](updates=updates, ids=ids).unwrap()
        except Exception as e:
            raise e
        return {
@@ -34,7 +39,7 @@ class AccountUpdateOrCreateView(APIView):
    def get(self, request):
        id = request.GET.get('id')
        try:
-            data = self.rpc['venus/community/account/detail'](id=id).unwrap()
+            data = self.rpc['venus/sun/account/get'](id=id).unwrap()
        except Exception as e:
            raise e
        return {'data': data}
@@ -44,9 +49,10 @@ class AccountUpdateOrCreateView(APIView):
        data = {
            'username': request.POST.get('username'),
            'email': request.POST.get('email'),
-            'password': request.POST.get('password'),
+            'password': make_password(request.POST.get('password')),
            'phone': request.POST.get('phone'),
            'nick_name': request.POST.get('nick_name'),
+            'is_staff': True,
        }
        try:
            self.rpc['venus/sun/account/edit'](id=id, data=data).unwrap()
@@ -64,28 +70,16 @@ class LoginView(APIView):
        :param request:
        :return:
        """
-        map = {
+        try:
-            'admin': {
+            data = self.rpc['venus/sun/account/get_user_info']().unwrap()
-                'id': 1,
+            data.update({
-                'roles': ['admin'],
+                'avatar': settings.AVATAR
-                'token': 'admin',
+            })
-                'introduction': '我是超级管理员',
+        except Exception as e:
-                'avatar': 'https://wpimg.wallstcn.com/f778738c-e4f8-4870-b634-56703b4acafe.gif',
+            raise e
-                'name': 'Super Admin'
+        return {'data': data}
-            },
-            'editor': {
-                'id': 2,
-                'roles': ['editor'],
-                'token': 'editor',
-                'introduction': '我是编辑',
-                'avatar': 'https://wpimg.wallstcn.com/f778738c-e4f8-4870-b634-56703b4acafe.gif',
-                'name': 'Normal Editor'
-            }
-        }
-        token = request.GET.get('token')
-        return {
-            'data': map[token]
-        }
    def post(self, request):
        """
@@ -95,25 +89,26 @@ class LoginView(APIView):
        """
        username = request.POST.get('username')
        password = request.POST.get('password')
+        try:
-        if username == settings.USERNAME and password == settings.PASSWORD:
+            data = self.rpc['venus/sun/account/login'](username=username, password=password).unwrap()
-            data = {
+            if data['success'] or all([username == settings.USERNAME, password == settings.PASSWORD]):
-                'id': 1,
+                data = {
-                'roles': ['admin'],
+                    'id': data['id'],
-                'token': 'admin',
+                    'avatar': settings.AVATAR,
-                'introduction': '我是超级管理员',
+                    'name': data['username'],
-                'avatar': 'https://wpimg.wallstcn.com/f778738c-e4f8-4870-b634-56703b4acafe.gif',
+                    'session_key': data['session'],
-                'name': 'Super Admin'
+                    'success': 1,
-              }
+                }
-        else:
+            else:
-            data = {
+                data = {
-                'id': 2,
+                    'id': data['id'],
-                'roles': ['editor'],
+                    'avatar': settings.AVATAR,
-                'token': 'editor',
+                    'name': '',
-                'introduction': '我是编辑',
+                    'session_key': data['session'],
-                'avatar': 'https://wpimg.wallstcn.com/f778738c-e4f8-4870-b634-56703b4acafe.gif',
+                    'success': 0,
-                'name': 'Normal Editor'
+                }
-              }
+        except Exception as e:
+            raise e
        return {
            'data': data
        }
@@ -121,6 +116,10 @@ class LoginView(APIView):
 class LogoutView(APIView):
    def post(self, request):
-        pass
+        print(request.POST)
+        self.rpc['venus/sun/account/logout']().unwrap()
+        return {
+            'session_key': ''
+        }
--- a/api/token.py
+++ b/api/token.py
@@ -3,6 +3,7 @@
 # __author__ = "chenwei"
 # Date: 2018/11/20
+from django.middleware.csrf import get_token
 from utils.base import APIView
 from gm_upload.utils.qiniu_tool import QiniuTool

--- a/sun/settings.py
+++ b/sun/settings.py
@@ -125,7 +125,7 @@ STATIC_URL = '/static/'
 PAGE_SIZE = 10
-USER_COOKIE_NAME = 'sun_session_key'
+USER_COOKIE_NAME = 'session_key'
 STATIC_ROOT = os.path.join(BASE_DIR, 'static')
 STATICFILES_DIRS = [
@@ -141,4 +141,7 @@ QINIU_SCOPE = 'wanmeizhensuo'
 # 超级管理员
 USERNAME = 'admin'
 PASSWORD = 'admin'
\ No newline at end of file
+# 管理员头像
+AVATAR = 'https://wpimg.wallstcn.com/f778738c-e4f8-4870-b634-56703b4acafe.gif'
\ No newline at end of file
--- a/utils/base.py
+++ b/utils/base.py
@@ -190,19 +190,10 @@ class APIView(View):
        # 请求是否来自客户端, client js请求也会带上version的
        self.request_version = request.GET.get('version')
        self.request_from_client = False
-        if self.request_version:
-            self.request_from_client = True
        self.args_default = ClientDefaultArgs(request.GET)
-        if self.request_from_client:
-            # 判断是否是从hybrid js请求的
-            self.args_default.hybrid = request.GET.get('hybrid') == 'true'
        self.args_get = LazyAttrDict(request.GET, self.args_GET, self.request_version)
        self.args_post = LazyAttrDict(request.POST, self.args_POST, self.request_version)
        self.rpc = request.rpc.origin
-        if getattr(request, 'doctor_user', None) is not None:
-            self.doctor = request.doctor_user
    @handler_exception
    def dispatch(self, request, *args, **kwargs):

--- a/utils/user_util.py
+++ b/utils/user_util.py
@@ -6,6 +6,7 @@ import json
 from django.conf import settings
 from django.http import JsonResponse
+from django.contrib.auth.hashers import make_password
 from django.http.response import HttpResponseBadRequest
 from utils.logger import auth_logger
@@ -38,3 +39,9 @@ def require_login(request, origin=''):
        target_uid=request.GET.get('_dd', '-'),
    ))
    return login_require
+def py(password):
+    """生成密码hash
+    """
+    return make_password(password, None, 'pbkdf2_sha256')
--- a/vu/src/api/login.js
+++ b/vu/src/api/login.js
@@ -12,19 +12,20 @@ export function loginByUsername(username, password) {
  })
 }
-export function logout() {
+export function logout(data) {
  return request({
    url: '/api/account/logout',
-    method: 'post'
+    method: 'post',
+    data
  })
 }
-export function getUserInfo(token) {
+export function getUserInfo(session_key) {
-  console.log(token)
  return request({
    url: '/api/account/get',
    method: 'get',
-    params: { token }
+    params: { session_key }
  })
 }
--- a/vu/src/permission.js
+++ b/vu/src/permission.js
@@ -3,7 +3,7 @@ import store from './store'
 import { Message } from 'element-ui'
 import NProgress from 'nprogress' // progress bar
 import 'nprogress/nprogress.css'// progress bar style
-import { getToken } from '@/utils/auth' // getToken from cookie
+import { getSession } from '@/utils/auth' // getToken from cookie
 NProgress.configure({ showSpinner: false })// NProgress Configuration
@@ -14,11 +14,11 @@ function hasPermission(roles, permissionRoles) {
  return roles.some(role => permissionRoles.indexOf(role) >= 0)
 }
-const whiteList = ['/login', '/auth-redirect']// no redirect whitelist
+const whiteList = ['/login']// no redirect whitelist
 router.beforeEach((to, from, next) => {
  NProgress.start() // start progress bar
-  if (getToken()) { // determine if there has token
+  if (getSession()) { // determine if there has token
    /* has token*/
    if (to.path === '/login') {
      next({ path: '/' })

--- a/vu/src/store/getters.js
+++ b/vu/src/store/getters.js
@@ -12,6 +12,7 @@ const getters = {
  introduction: state => state.user.introduction,
  status: state => state.user.status,
  roles: state => state.user.roles,
+  session_key: state => state.user.session_key,
  setting: state => state.user.setting,
  permission_routers: state => state.permission.routers,
  addRouters: state => state.permission.addRouters,

--- a/vu/src/store/modules/user.js
+++ b/vu/src/store/modules/user.js
+import { Message } from 'element-ui'
 import { loginByUsername, logout, getUserInfo } from '@/api/login'
-import { getToken, setToken, removeToken } from '@/utils/auth'
+import { setSession, getSession, removeSession } from '@/utils/auth'
 const user = {
  state: {
@@ -7,14 +8,15 @@ const user = {
    id: '',
    status: '',
    code: '',
-    token: getToken(),
+    // token: getToken(),
    name: '',
    avatar: '',
    introduction: '',
    roles: [],
    setting: {
      articlePlatform: []
-    }
+    },
+    session_key: ''
  },
  mutations: {
@@ -44,7 +46,10 @@ const user = {
    },
    SET_ID: (state, id) => {
      state.id = id
-    }
+    },
+    SET_SESSIONID: (state, session_key) => {
+      state.session_key = session_key
+}
  },
  actions: {
@@ -54,10 +59,15 @@ const user = {
      return new Promise((resolve, reject) => {
        loginByUsername(username, userInfo.password).then(response => {
          const data = response.data.data.data
-          commit('SET_TOKEN', data.token)
+          if (data['success']){
-          commit('SET_ID', data.id)
+            commit('SET_SESSIONID', data.session_key)
-          setToken(data.token)
+            commit('SET_ID', data.id)
-          resolve()
+            setSession(data.session_key)
+            resolve()
+          }else{
+            Message.error('用户名或者密码错误啦')
+            resolve('/login')
+          }
        }).catch(error => {
          reject(error)
        })
@@ -66,21 +76,23 @@ const user = {
    // 获取用户信息
    GetUserInfo({ commit, state }) {
+      const session_key = state.session_key
      return new Promise((resolve, reject) => {
-        getUserInfo(state.token).then(response => {
+        getUserInfo(session_key).then(response => {
          if (!response.data) { // 由于mockjs 不支持自定义状态码只能这样hack
            reject('error')
          }
          const data = response.data.data.data
+          data.roles = ['admin']
          if (data.roles && data.roles.length > 0) { // 验证返回的roles是否是一个非空数组
            commit('SET_ROLES', data.roles)
          } else {
            reject('getInfo: roles must be a non-null array !')
          }
+          commit('SET_ROLES', data.roles)
          commit('SET_NAME', data.name)
          commit('SET_ID', data.id)
          commit('SET_AVATAR', data.avatar)
-          commit('SET_INTRODUCTION', data.introduction)
          resolve(response)
        }).catch(error => {
          reject(error)
@@ -94,7 +106,7 @@ const user = {
        logout(state.token).then(() => {
          commit('SET_TOKEN', '')
          commit('SET_ROLES', [])
-          removeToken()
+          removeSession()
          resolve()
        }).catch(error => {
          reject(error)
@@ -105,8 +117,8 @@ const user = {
    // 前端 登出
    FedLogOut({ commit }) {
      return new Promise(resolve => {
-        commit('SET_TOKEN', '')
+        commit('SET_SESSIONID', '')
-        removeToken()
+        removeSession()
        resolve()
      })
    },
@@ -115,7 +127,7 @@ const user = {
    ChangeRoles({ commit, dispatch }, role) {
      return new Promise(resolve => {
        commit('SET_TOKEN', role)
-        setToken(role)
+        // setToken(role)
        getUserInfo(role).then(response => {
          const data = response.data.data
          commit('SET_ROLES', data.roles)

--- a/vu/src/utils/auth.js
+++ b/vu/src/utils/auth.js
 import Cookies from 'js-cookie'
-const TokenKey = 'Admin-Token'
+const SessionKey = 'session_key'
-export function getToken() {
+export function getSession() {
-  return Cookies.get(TokenKey)
+  return Cookies.get(SessionKey)
 }
-export function setToken(token) {
+export function setSession(key) {
-  return Cookies.set(TokenKey, token)
+  return Cookies.set(SessionKey, key)
 }
-export function removeToken() {
+export function removeSession() {
-  return Cookies.remove(TokenKey)
+  return Cookies.remove(SessionKey)
 }
--- a/vu/src/utils/request.js
+++ b/vu/src/utils/request.js
@@ -14,9 +14,9 @@ const service = axios.create({
 service.interceptors.request.use(
  config => {
    // Do something before request is sent
-    if (store.getters.token) {
+    if (store.getters.session_key) {
      // 让每个请求携带token-- ['X-Token']为自定义key 请根据实际情况自行修改
-      config.headers['X-Token'] = getToken()
+      // config.headers['X-CSRFToken'] = getToken()
    }
    config.data = Qs.stringify(config.data)
    return config

--- a/vu/src/views/account/components/AccountDetail.vue
+++ b/vu/src/views/account/components/AccountDetail.vue
@@ -10,8 +10,14 @@
        <el-row>
          <el-col :span="24">
-            <el-form-item style="margin-bottom: 40px;" prop="username">
+            <el-form-item style="margin-bottom: 40px;" prop="username" v-if="isEdit">
-              <MDinput v-model="postForm.username" :maxlength="100" name="username" required>
+              <MDinput v-model="postForm.username" :maxlength="100" name="username" required disabled="disabled">
+                账号
+              </MDinput>
+            </el-form-item>
+            <el-form-item style="margin-bottom: 40px;" prop="username" v-else>
+              <MDinput v-model="postForm.username" :maxlength="100" name="username" required >
                账号
              </MDinput>
            </el-form-item>
@@ -21,8 +27,14 @@
        <el-row>
          <el-col :span="24">
-            <el-form-item style="margin-bottom: 40px;" prop="password">
+            <el-form-item style="margin-bottom: 40px;" prop="password" v-if="isEdit">
-              <MDinput v-model="postForm.password" :maxlength="100" name="password" required>
+              <MDinput v-model="postForm.password" :maxlength="100" name="password" required disabled="disabled">
+                密码
+              </MDinput>
+            </el-form-item>
+            <el-form-item style="margin-bottom: 40px;" prop="password" v-else>
+              <MDinput v-model="postForm.password" :maxlength="100" name="password" required >
                密码
              </MDinput>
            </el-form-item>

--- a/vu/src/views/account/list.vue
+++ b/vu/src/views/account/list.vue
@@ -26,22 +26,22 @@
        </template>
      </el-table-column>
-      <el-table-column  align="center" label="密码">
+      <el-table-column  align="center" label="邮箱">
        <template slot-scope="scope">
-          <span>{{ scope.row.password }}</span>
+          <span>{{ scope.row.email }}</span>
        </template>
      </el-table-column>
+      <el-table-column  align="center" label="下线">
-      <el-table-column  align="center" label="邮箱">
        <template slot-scope="scope">
-          <span>{{ scope.row.email }}</span>
+          <el-tag :type="scope.row.is_online | isOnlineFilter">{{ scope.row.is_online==1 ? '是' : '否' }}</el-tag>
        </template>
      </el-table-column>
    </el-table>
-    <pagination v-show="total>0" :total="total" :page.sync="listQuery.page" :limit.sync="listQuery.limit" style="margin-left: 150px;" @pagination="getList" />
+    <pagination v-show="total>0" :total="total" :page="listQuery.page" :limit="listQuery.limit" style="margin-left: 150px;" @pagination="getList" />
  </div>
 </template>
@@ -55,6 +55,15 @@ export default {
  name: 'UserList',
  components: { Pagination },
  directives: { waves },
+  filters: {
+    isOnlineFilter(status) {
+      const statusMap = {
+        1: 'success',
+        0: 'info',
+      }
+      return statusMap[status]
+    }
+  },
  data() {
    return {
      list: null,
@@ -62,6 +71,7 @@ export default {
      listLoading: true,
      multipleSelection: [],
      del_list: [],
      listQuery: {
        page: 0,
        limit: 10,

--- a/vu/src/views/login/index.vue
+++ b/vu/src/views/login/index.vue
@@ -4,7 +4,7 @@
    <el-form ref="loginForm" :model="loginForm" :rules="loginRules" class="login-form" auto-complete="on" label-position="left">
      <div class="title-container">
-        <h3 class="title">更美社区后台</h3>
+        <h3 class="title">更美社区管理后台</h3>
      </div>
      <el-form-item prop="username">
@@ -108,6 +108,7 @@ export default {
          }).catch(() => {
            this.loading = false
          })
        } else {
          console.log('error submit!!')
          return false