Commit 754ad169 authored by Libcat's avatar Libcat 👷
Browse files

修改token验证方式为header

parent 3321e310
......@@ -177,4 +177,5 @@ class CarItemUpdate(Model):
class SigninSignupResult(Response):
"""注册结果"""
user: Optional[UserBase]
sessionid: str
......@@ -46,19 +46,17 @@ async def user_login(response: Response, user: api.UserLogin):
# 生成sessionid
sid = str(uuid.uuid4())
Session.create(id=sid, user=u)
response.set_cookie(key="sessionid", value=sid)
return api.SigninSignupResult(succ=True, msg="登录成功!", user=u)
return api.SigninSignupResult(succ=True, msg="登录成功!", user=u, sessionid=sid)
else:
return api.SigninSignupResult(succ=False, msg="用户名或密码错误!")
else:
return api.SigninSignupResult(succ=False, msg="用户名不存在!")
@router.post('/logout', response_model=api.Response, description="用户退出")
async def user_logout(response: Response, sessionid: str = Cookie(None)):
Session.delete().where(Session.id == sessionid).execute()
response.delete_cookie('sessionid')
return api.Response(succ=True, msg="退出成功!")
@router.post('/logout', description="用户退出")
async def user_logout(response: Response, user: User = Depends(get_user)):
Session.delete().where(Session.user_id == user.id).execute()
return Response("退出成功!")
@router.get('/profile', response_model=api.UserBase, description="获取当前登录用户信息")
......@@ -78,15 +76,14 @@ async def change_user_profile(data: api.UserUpdate,
@router.post('/changePassword',
response_model=api.Response,
description="修改用户密码")
async def change_user_password(data: api.UserPassword,
user: User = Depends(get_user)):
if user.password != data.oldPassword:
return api.Response(succ=False, msg="原密码错误!")
return Response("原密码错误!", 403)
user.password = data.newPassword
user.save()
return api.Response(succ=True, msg="修改成功!")
return Response("修改成功!")
@router.delete('/{id}', description="删除用户")
......
from fastapi import Depends, HTTPException, Cookie
from fastapi import Depends, HTTPException, Cookie, Header
import apischemas as api
import database as db
from database import Session, User
async def get_user(sessionid: str = Cookie(None)) -> User:
async def get_user(sessionid: str = Header(None)) -> User:
if sessionid!=None:
session: Session = Session.get_or_none(Session.id==sessionid)
if session:
......
host = "localhost"
user = "root"
password = "root"
password = "TRZ19971029"
port = 3306
database = "wenyuanmall"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment