views.py 文件源码

python
阅读 25 收藏 0 点赞 0 评论 0
项目:daas 作者: havron 项目源码 文件源码 
def check_auth(request): # /auth
  if request.method != 'POST':  
    return _error_response(request, err_exp.E_BAD_REQUEST, "must make POST request")

  form = AuthForm(request.POST)
  if not form.is_valid():
    return _error_response(request, err_exp.E_FORM_INVALID, "user logout form not correctly filled out")

  post_data = form.cleaned_data
  post_encoded = urllib.parse.urlencode(post_data).encode('utf-8')
  req = urllib.request.Request('http://models-api:8000/api/v1/user/auth/', data=post_encoded, method='POST')
  resp_json = urllib.request.urlopen(req).read().decode('utf-8')
  resp = json.loads(resp_json)

  if not resp:
    return _error_response(request, err_exp.E_LOGIN_FAILED, "no response from models API")
  if resp['ok'] == False: # could be much more nuanced. makes web view handle errors
    return _error_response(request, err_exp.E_LOGIN_FAILED, resp)

  # if datetime.datetime.now() - resp['resp']['date_created'] > : ... expiration of auth token not implemented.
  return _success_response(request, resp['resp'])



# Look into https://github.com/kencochrane/django-defender for blocking brute force login requests
您未登录,请先登录后再评论
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号