def get_user_by_cookie(cookie):
'''
Parse cookie and load user if cookie is valid.
split the cookie and get the encrypted part to validate
'''
if not cookie:
return None
try:
lst = cookie.split('-')
if len(lst) != 3:
return None
uid, expiration, sha1 = lst
if int(expiration) < time.time():
return None
user = yield from User.find(uid)
if user is None:
return None
valid = '%s-%s-%s-%s' % (uid, user.password, expiration, _COOKIE_KEY)
if sha1 != hashlib.sha1(valid.encode('utf-8')).hexdigest():
logging.info('invalid sha1')
return None
user.password = '******'
return user
except Exception as e:
logging.exception(e)
评论列表
文章目录
