| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- # coding:utf-8
- from rest_framework.permissions import BasePermission
- from django.contrib.sessions.models import Session
- from django.utils import timezone
- from smartfarming.models.user import DeviceUser
- from kedong.utils import PrAes
- class LoginPermission(BasePermission):
- def has_permission(self, request, view):
- token = request.data.get("token", "")
- if not token:
- return False
- try:
- ip = request.META['HTTP_X_FORWARDED_FOR']
- except Exception as e:
- ip = request.META['REMOTE_ADDR']
- if '%2B' in token or " " in token:
- token = str(token).replace("%2B", "+").replace(" ", "+")
- try:
- session_key = PrAes.aesdecrypt(token)
- sessions_obj = Session.objects.get(session_key=session_key)
- expired_time = sessions_obj.expire_date
- if timezone.now() >= expired_time:
- raise Exception()
- sessions = sessions_obj.get_decoded()
- try:
- value = sessions.get('user_id')
- uid = int(value)
- state = 1
- try:
- auto_login_uid = int(sessions.get('auto_login_uid'))
- temp_state = auto_login_uid - uid
- if temp_state in [1, 4]:
- state = temp_state
- except Exception as e:
- pass
- device_user = DeviceUser.objects.get(uid=uid, state=state)
- request.myuser = device_user
- request.ip = ip
- try:
- perm = device_user.perm(uid)
- request.user_perm = perm
- request.role_id = device_user.role_id
- request.user_type = device_user.user_type
- except Exception:
- request.user_perm = None
- request.role_id = None
- pass
- except Exception:
- request.myuser = None
- request.user_perm = None
- request.role_id = None
- return False
- except Exception as e:
- return False
- return True
|
