mirror of https://github.com/veops/cmdb.git
50 lines
1.3 KiB
Python
50 lines
1.3 KiB
Python
# -*- coding:utf-8 -*-
|
|
|
|
import datetime
|
|
|
|
import jwt
|
|
from flask import abort
|
|
from flask import current_app
|
|
from flask import request
|
|
from flask_login import login_user, logout_user
|
|
|
|
from api.lib.decorator import args_required
|
|
from api.lib.perm.auth import auth_abandoned
|
|
from api.models.acl import User
|
|
from api.resource import APIView
|
|
|
|
|
|
class LoginView(APIView):
|
|
url_prefix = "/login"
|
|
|
|
@args_required("username")
|
|
@args_required("password")
|
|
@auth_abandoned
|
|
def post(self):
|
|
username = request.values.get("username") or request.values.get("email")
|
|
password = request.values.get("password")
|
|
user, authenticated = User.query.authenticate(username, password)
|
|
if not user:
|
|
return abort(403, "User <{0}> does not exist".format(username))
|
|
if not authenticated:
|
|
return abort(403, "invalid username or password")
|
|
|
|
login_user(user)
|
|
|
|
token = jwt.encode({
|
|
'sub': user.email,
|
|
'iat': datetime.datetime.now(),
|
|
'exp': datetime.datetime.now() + datetime.timedelta(minutes=24 * 60 * 7)},
|
|
current_app.config['SECRET_KEY'])
|
|
|
|
return self.jsonify(token=token.decode())
|
|
|
|
|
|
class LogoutView(APIView):
|
|
url_prefix = "/logout"
|
|
|
|
@auth_abandoned
|
|
def post(self):
|
|
logout_user()
|
|
self.jsonify(code=200)
|