Commit f42fb269 authored by Xueting's avatar Xueting
Browse files

finalpush

parent 12851178
Pour le chiffrement asymétrique, nous avons seulement généré les clefs.
Nous voulions utiliser la clef publique de l'API afin de générer le token avec l'algorithme RSA (RS256) Lorque celui-ci aurait reçu le token, il l'aurait déchiffré avec sa clef privée.
# -*- coding: utf-8 -*-
import jwt
import time
# 使用 sanic 作为restful api 框架
def create_token(request):
grant_type = request.json.get('grant_type')
username = request.json['username']
password = request.json['password']
if grant_type == 'password':
account = verify_password(username, password)
elif grant_type == 'wxapp':
account = verify_wxapp(username, password)
if not account:
return {}
payload = {
"iss": "gusibi.com",
"iat": int(time.time()),
"exp": int(time.time()) + 86400 * 7,
"aud": "www.gusibi.com",
"sub": account['_id'],
"username": account['username'],
"scopes": ['open']
}
token = jwt.encode(payload, 'secret', algorithm='HS256')
return True, {'access_token': token, 'account_id': account['_id']}
def verify_bearer_token(token):
# 如果在生成token的时候使用了aud参数,那么校验的时候也需要添加此参数
payload = jwt.decode(token, 'secret', audience='www.gusibi.com', algorithms=['HS256'])
if payload:
return True, token
return False, token
# -*- coding: utf-8 -*-
import base64
import time
import jwt
from jwt.exceptions import ExpiredSignatureError
from weixin.helper import smart_str
from apis.models.oauth import Account, OAuth2Client
from apis.settings import Config
from apis.exception import Unauthorized
from apis.models import ObjectModel
class CurrentAccount(object):
id = None
current_account = CurrentAccount()
def get_authorization(request):
authorization = request.headers.get('Authorization')
if not authorization:
return False, None
try:
authorization_type, token = authorization.split(' ')
return authorization_type, token
except ValueError:
return False, None
def verify_client(client_id, secret):
client = OAuth2Client.objects(client_id=client_id,
secret=secret).first()
if client:
return True, client.scopes or []
return False, []
def verify_request(request):
authorization_type, token = get_authorization(request)
if authorization_type == 'Basic':
return verify_basic_token(token)
elif authorization_type == 'JWT':
return verify_jwt_token(token)
return False, None
def verify_password(username, password):
account = Account.get(username=username, password=password)
if account:
return account
else:
return {}
def get_wxapp_userinfo(encrypted_data, iv, code):
from weixin.lib.wxcrypt import WXBizDataCrypt
from weixin import WXAPPAPI
from weixin.oauth2 import OAuth2AuthExchangeError
appid = Config.WXAPP_ID
secret = Config.WXAPP_SECRET
api = WXAPPAPI(appid=appid, app_secret=secret)
try:
session_info = api.exchange_code_for_session_key(code=code)
except OAuth2AuthExchangeError as e:
raise Unauthorized(e.code, e.description)
session_key = session_info.get('session_key')
crypt = WXBizDataCrypt(appid, session_key)
user_info = crypt.decrypt(encrypted_data, iv)
return user_info
def verify_wxapp(encrypted_data, iv, code):
user_info = get_wxapp_userinfo(encrypted_data, iv, code)
openid = user_info.get('openId', None)
if openid:
auth = Account.get_by_wxapp(openid)
if not auth:
raise Unauthorized('wxapp_not_registered')
return auth
raise Unauthorized('invalid_wxapp_code')
def create_token(request):
# verify basic token
approach = request.json.get('auth_approach')
username = request.json['username']
password = request.json['password']
if approach == 'password':
account = verify_password(username, password)
elif approach == 'wxapp':
account = verify_wxapp(username, password, request.args.get('code'))
if not account:
return False, {}
payload = {
"iss": Config.ISS,
"iat": int(time.time()),
"exp": int(time.time()) + 86400 * 7,
"aud": Config.AUDIENCE,
"sub": str(account.id),
"nickname": account.nickname,
"scopes": ['open']
}
token = jwt.encode(payload, 'secret', algorithm='HS256')
return True, {'access_token': token,
'nickname': account.nickname,
'account_id': str(account.id)}
def verify_basic_token(token):
try:
client = base64.b64decode(token)
client_id, secret = smart_str(client).split(':')
except (TypeError, ValueError):
return False, None
return verify_client(client_id, secret)
def verify_jwt_token(token):
try:
payload = jwt.decode(token, 'secret',
audience=Config.AUDIENCE,
algorithms=['HS256'])
except ExpiredSignatureError:
return False, token
if payload:
return True, ObjectModel.object_from_dictionary(payload)
return False, token
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAz/75u3TDurN7SkMVAmyVpQxH0MXV59rY9OAJKpiqKm7qYU3G
1oJYCviEXCgiuc+abPzmKmtoINczKkRdSITp4cf195SLN2d3jnjzeQ+lUPdGdRKK
30zY/vf4cPxp3tLJ0bdB5xxAXS0kkdnZ+NNxPNiEW5lozVJjuIZNNYOp1svUIEVE
qEt5cO8GfMVjkGcJ17su5qGQk7H7IE35HGJT+baoSarA7uNxvJ5LnJAQDfFIgq+C
Bf/v/M+CYGWdZg7NbvZP972UWhnjcIdjeqy2JGA0TndYDNAsapFPQ+bHdEOQ+YKC
IjLJmMysJuPOsP38wWf58ty97NlI2QlYNkYQg9aVkmUKk4wpqh8fnupJ5U9G/Y8R
BDVyT5orPTo4Fmu1yLa/POb92ihaapYVBtEsJS6BjFrQ1Q6I+yqa2r9qBU0E1Udy
uJGrSk+sOWjKjeu0cbdOOlvUAjsx7P/HPsjGSGHKudRn4h3TqZFdP2IWl18i/44M
rprwlxeC8oUohEr84WAjRFvHwqbm3mDqw0mnC5DiB75ubhPNchH0hYrX5qD1Kye6
bXn2zaIWSMVPyABtEECJydi5A++qIF26UCnNXjGBpF43xKXL2iZKepVxlopr+t+I
Yn6NqdfDdfJXUmM0T7xu4qRYMjE2UGmis2sIS8kxtEJyMBvTT2TEG8C7x1MCAwEA
AQKCAgB8Stb7USRhnj2PvBSC9VZbYcJMnNxdh+bcNkDkBoSxhMRkzzCCITPxol6e
H5HYzZlvhZUZRkPcVB0MJfxEiMCmnnJ6t3aV7iuApQCBmHrmrk2ZSjJYjDij7JS3
F+9AK2BVBRjJvZUs2PwgeDmMOvZRMOWvQzZgc9qJeyAKWZqVdApYGmyT0T5J4VxU
FTSRJzG3i/DT+zpFODdkL5QshQm/kIpyMyrF1n6yAzoV3fTqEASPq8ecRDwqK+qy
JibvxOq4Y1KYLd7IFO5X4V/t/+V8SU0YkrK4PXI9YIYognEwJewtXfLb8tOLjstV
Fg7+r1hqTvMLUSPhtFqW78GZ9TaKLccel/ZnEk7BA7K0xx8+dY9TWAXcXyuNXJ8f
acMzTbULqcg0rQT6q2ZWEIL5xNHRDpV5j8pTnYkqbhWN6HGJe1B1gFzkORj/fWmq
SEHG3tSqu4uuCdfVSWnXDI7Vj6I0rE4s6mSjIHumlAm38N4pvc2vP7GWzUcPEs6W
yOXO6JfZ0LQNkjr/nPuQC3MVkOCCWHhVhnOzEQwf1dR7ns4Q7aA8btTiMRmIebDx
+NNmfTeOw8MRROtD9Sbe+DJxXCU2tA37lbgJySA690k6T5bP2vIUp3KOnHX67gzl
tnGbf9PCDGrrvmbBw/Vj6U5FEuTxRCEnR4OU11Swg6obNeslMQKCAQEA9gy3AVtD
gWbgkCpkmJpPgOuFseT7TELaX1ub6zTHLRZHyXCpYCzIbhUnwNrENBa13/s8zYaC
OUXF2fFK7ClbFwhUmZ3MPwLoqrqyPzMm0Vza1Po7W05oVZDsX8WxrGFrHE4YOVxa
WpIOyOhDkej5LmD1SWRZoV+ki1KXGpALHmJZq+zRdb5mGJ7lYj7xstdSPgm/dNmT
GlEhjhUB4yYD79C4uY2wZj1lN1lSyAIDuE9ksCSQxD6h290hm8cV/sKKDLWZZnvU
l8otiSt6IfdNlAJ5otyvoINAw2QkeKnxYYYqkq9yoXxWJIDI2MmL5IYpaMI8Lusm
twBwxy3jMSj0WwKCAQEA2GhNJ68IBzgWeUpSDiXP6a61TrOV4gcxxN1exYBMhqLy
Mo1LMGpuRDCpHxl4SdjYnkNs6dUQaekPSftbS67w3jDyzk3MJ8tr2HV2O5LfNllH
WzDFqHCIQlbaSm1hlgF9fBA8pdpviV/gRWR90cXB7w3SGFvchb+XdVut1DaKYF0K
3g4044kpxzciOo9xQ2onaOHnkGZFV7z70X7MtVAi30IfpD61QlisPbrJTjawmG0v
B5uYgQfpay+CnFCuEWa69KzguPG7bQ7LAaR48DEwFB9J8FviW2EtWlEpQJONbynD
WHQMO0tMK57as91XjNKgjkTC9r2LauSV1S2WZWwKaQKCAQAJqeouJXV7SZ0cTG3z
CGyC9b0khYfRMPb+s8xl6obAIJXlNYWRf3DH0hDjpDP8j7/I8kcrE1NeCH2C19VH
fUBUoUEhX288MlMNEZQao1ms82as4r8eEPBMHAsMn+kgihr426Bb8GKkGAR4o5az
zmCrD6fSoBxdGDKQPkgtBOdK5DX9aKm5ZCcCZItB1pMLoSVbxmo8nqcGa5VTzUNr
tnyFGL+ImiYJffPRvrJfpKScwpGD0YvWCVe2GPNO+PzGKsHdSeyid86bv5cWQhzj
5KCpZYd9fAlx1nXetrov+wy99dUKOdXYvddsS5qX2SKjcRmDQc23UgkNOvky+Xxo
2+DtAoIBABQLJQpF5eJ1SW+WeJ8i1Wz5Z4WQkJNMw0lOj5aPWYcm1HPmLk6frPLX
5vIgc8mzMe0GpbHKsCh/E5FwnHYYD+skcXi2L/CHoMd9qaO+6Lmp7zf8/nGpapVq
YfF+zAkOvkadYmCiKK56mNUUh6rEPEAd8ZWb/ILOygJuqVz8aDigpX8HpdJlQ99V
te/ilUT/MgM+2SnAry9/K3ut2Nv6PiCbiT63KCaq+9kD0d1Sp2yWwEJeIPPifbYV
wm0j89tcvngnAvFeQlPJiPfv+duVUrSqaTi/6ek4yPCSj9WRVQo0vgkVRoS/ZqCr
p+n82D0MzR4gNEaSK7WM0mvaOxHNvfECggEBAM1ssEBj83VREGJGvhkf5K3t+JZK
FKiRTz/2k7M2rua9e28AUA5W4QZM/SBXC2SArYZ6i0eL4uof7ComVr/F9oWsFlNh
wnvLI6OczlydHtf4ey5D91/sJ4BMq758w7XxVeAdHqH4ZGZQsLnrjKSKJOmqDcpD
CDrVh8RR5Qq1sA+Thqpw2/jeBcWBBQNER0ZAL/EVy1n79Z17a19D4hzg63vEabcS
YAvMYkbzUKO6eY2JACwFgcG05819J87x3lH4KldYa02o/zdWu2+/QoAbcRih7bc9
L9YPavoxB0YK3mm5BZiPcbPvprYmvGreOxYFe5LzSfHncLUFoQ37P4PVa9Y=
-----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP/vm7dMO6s3tKQxUCbJWlDEfQxdXn2tj04AkqmKoqbuphTcbWglgK+IRcKCK5z5ps/OYqa2gg1zMqRF1IhOnhx/X3lIs3Z3eOePN5D6VQ90Z1EorfTNj+9/hw/Gne0snRt0HnHEBdLSSR2dn403E82IRbmWjNUmO4hk01g6nWy9QgRUSoS3lw7wZ8xWOQZwnXuy7moZCTsfsgTfkcYlP5tqhJqsDu43G8nkuckBAN8UiCr4IF/+/8z4JgZZ1mDs1u9k/3vZRaGeNwh2N6rLYkYDROd1gM0CxqkU9D5sd0Q5D5goIiMsmYzKwm486w/fzBZ/ny3L3s2UjZCVg2RhCD1pWSZQqTjCmqHx+e6knlT0b9jxEENXJPmis9OjgWa7XItr885v3aKFpqlhUG0SwlLoGMWtDVDoj7Kprav2oFTQTVR3K4katKT6w5aMqN67Rxt046W9QCOzHs/8c+yMZIYcq51GfiHdOpkV0/YhaXXyL/jgyumvCXF4LyhSiESvzhYCNEW8fCpubeYOrDSacLkOIHvm5uE81yEfSFitfmoPUrJ7ptefbNohZIxU/IAG0QQInJ2LkD76ogXbpQKc1eMYGkXjfEpcvaJkp6lXGWimv634hifo2p18N18ldSYzRPvG7ipFgyMTZQaaKzawhLyTG0QnIwG9NPZMQbwLvHUw== osboxes@osboxes
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAyxGuOFSLFv+FwOQTIs+hA0ZqGisFxIMpxe3JtsuwzHMW1xul
KpMIxpasygtQaPizyGkT6h/L3ujd/CpEHrSw0ToXhQgcEbJ7cVLVPMnPkgsP3Ma6
SONL1IwMFBv6DrfI2jwtfYiLmUi3Kue8jMoUmVXLD1nZjuqrMY1pmDYdpEmgP4ig
JTK8RvO55J/T2erG7fN8STXjhBlohyxHNApVh9iTLIGnPmt56roFIa3sniMSthI7
9ozJWPrVftqxmOPEnRWSZqHC+QsvCduWd/K66LSmzO5rvbyETwG7Qt93gdUle8ez
ZDv//w1Vnu72nSCqr6DQDK8oeaTfN/YujCndT5icAkOciqiBuJGZQQ2D73hFdOF8
o8mPp+G704tJXcyEX8U+cwc4C+ZsAbtW6FSSyXxrgtjiexLsMsmmIr6pUzkfolMZ
0aMr6Uavp0Et8o3jwB+mDdy9mtmJkA6pg6KyTBP/MsITlyHJDdZQm+1CGj7O+s5V
HKblJeYRPNLlEieJA9kvhzpM0jMBCR6mEdS7xtM0dgNIsc+9JkZRLhmv567L0aMx
cMFczpHQPZsVodEoDTrYyaG02S4Z1Zim4t9Pc0fNf6zGSK0ZHfv/L+MNeJar02e6
PXWovpBv+wIQjmUx6B8wd+g0B1gD6HmsHIBEYYo9r83eWAwlwLCRLEOpJe0CAwEA
AQKCAgBp28mqa8gmMQYUy9B98SbKgkaFZbAYBRgdqhvhQsXjjot1j1/GleeZPqrM
mKFOV3fBHaXYAsNQbKxr68yfBSq3p0TjgJrBTv2y0a9/hOTECSg3uxEZNgQtxOP3
B66PRZdazMwaCLhdK97wauWLrzyVwnechQY4znR33HQTeQJyxj7XX+279nrXse5S
FE9n5k/Vc3xy3bjBAE3RSW/E3S5BJtFx/hSlIXnotxg9umEC/t2eNFs156Z+0CPD
gVXbkcDI8pnjDqiJEx9uUB5cYRi2fpYFdrSLsF54oTpxXfT6pZZotG377ptA5j6g
H4pH1uOjsn1CX30GDMCgd6FER/6ptU7oupiR9rLNeE8ArZEE3D7j9IJ6+cjEcSy7
erHKfeFZarRdv/CJhIkvobdxYdf3QPsAWZzLmesAeL/Pd/TT2uFGEvEtzBMZ3QYx
CFG6BWj9XRxuzy1j4qniCH0aBHdYzsIf8/RiyFVb7YHHEKpaCiqqtcSfAFIXHXar
xnQ781C42QPTArwzIIJqu6+n/5h4/LA8KxN9nUywBmBkDmf4V5W5EUVFh67OwqK9
hdXsr5Xewq1QCrELzrSF2hJLPTGrOoZ0cdLUCLLtDO+Cer40HWIs9PQIY+IPU3ZH
qrtKuvIumiWVKS+4vyv9GtKCwQrysrrn6+LbzMXKiZKHCd9PgQKCAQEA9bGTrfh+
uq2fDrpjcZs0JOflfDTOwp5KvLim+2NUNGZ+mC6utMcbj9wfaEINurGD2f8ZoI4h
eXK0HVNvD0scm6K6d6EX0lH2YUdfEogYDeTv8kRK9rKki4vQzyEIsY/aKqLZY2CM
sf3dbVTw5ppT1UZ82F72QR6gJxkwkMY4TqspD6oPR9iSr6wfWTk8fbHSkdjs3P0U
6+EkaiOGDuXHEmeaaXUMiKdvJkD2h89gYa/coTa22QTTLG1T6ePjrawQOIvDq0Fb
Qq5lG1KBUHSXk4hBwiYa36LPX4LGJtArb5LkL42PfLqk8fY/1g7FFizrr4fT3d9V
AhSWv6ukCDynFQKCAQEA05ZfSXgxGeIYh1zszRULMcR8dQc2zBuMm3y1wM4cLhK8
IP/CAwZ+V65GiGFpcW+qdO/7mppEoMS9Qj8JtaFTD9Oj/yUnxxLLD5vo/7gmR0OF
Se7JBBq0e78wI5MhwqLXDg5HZoUSUHDZKr8HPB3g7zzdCDha0DtNQAUEVkMpChPO
EMrTdzXzOeqDsnbYwzVKcvva84YGcwYFA6ZW+VhUOlWGJvSKQAyi0ZtTXCSjC+E6
VlfPSNgjgHzJB3NwQZO84y8J9rwBBYkKtIUfMc8b2j0O+IG4uMYJpVwksYG/MyYn
AIovb2yKmc+zzEp77MqcgcxZWpbq8ZjbapRM8UC5eQKCAQAny35nBEPKisqjgQ8Q
XJoijCkAaDFBFpB2ZtYtC5ac8ij5Dz6e600MjRPNOD2vCoeXrJkDB2JmoGyJ/3SS
npDgqIfZTo9kMoBcm0nL3509yuIOdH9L2/2I2LmWgvw8fldQ5pWdYgsH3V2bEtH+
F+sSNVuNVDxAqew4yPyzxldibpi0/89/zJVdvNxLAFlK5p17oA4lcRyNZCcYxe41
xYPr+DnrcNj53VzEbms/7hfnWqu6tPkCx6RIouCflpjPDXqHHiQwPeLBNywLM97c
IDZY4A3+m1to857xEmZz7O3MIZeyGBSwmC6VPlRyoGvNvrLh+HcZjc3gC2OrYeqs
pt5NAoIBAQDJwAZXra1T+sxctfRtkHU+HRZ3GEvdzx8BW6aKk303SVHtPTGnZNev
j1Nd01SRf2JPYkzMm/B4Q2Aa/LSrZYon+yvSq4EERx0sYwOGYfbN2MoNNwyhRz11
CVZDdZWpW1An7OGUFari3NeV9NRXND44oBY6MlIVX5ZHRwFdp2hIXZ4NUPjWILEt
NjohP0VszTGR9ihOMCuSHdlGI6Om2dxmSwpBtsbkT6goqSyRHbYCK95OWigiU0V2
zIV6/024mcBv93hOtfFbb9KvUofuHId4TuQpfLfAJ8Um0XeDci33/ZcO4rRcUGjQ
RMYyM4t6u68D7O/+ewzHFXOSapn7KDYxAoIBAFA/zoYsXfe+NMwzaFJkR46ErtCH
LuR39GFF1DFYsrAphg/bWHyF6CWQLVsLFJ1AOXyH4bYi1ZDsVGJp4YPo2tmkWKdG
jwjsbuN0I/RngeWLfzHKkG3Ao/28JciGY8V9tLJcs+he+2Ae1FbbfqGjw7dNVRmD
/9jpUvcqmoKm5ERl1jVLoNA/s2rEloljFykQzuTCEiNfj2GpIcgQbXk81AGboB4Y
GZAt0pgVhBCcP1TAoOkPpwGx4EHLzmOL7dLPpM39xz4K11TYai5SNLsotJVXp3eS
Eqiv9l3QvhXicJp8WG/kWmEftZhPkbwaTqAk5hf105njXfZkd6k8Rz4OxLo=
-----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLEa44VIsW/4XA5BMiz6EDRmoaKwXEgynF7cm2y7DMcxbXG6UqkwjGlqzKC1Bo+LPIaRPqH8ve6N38KkQetLDROheFCBwRsntxUtU8yc+SCw/cxrpI40vUjAwUG/oOt8jaPC19iIuZSLcq57yMyhSZVcsPWdmO6qsxjWmYNh2kSaA/iKAlMrxG87nkn9PZ6sbt83xJNeOEGWiHLEc0ClWH2JMsgac+a3nqugUhreyeIxK2Ejv2jMlY+tV+2rGY48SdFZJmocL5Cy8J25Z38rrotKbM7mu9vIRPAbtC33eB1SV7x7NkO///DVWe7vadIKqvoNAMryh5pN839i6MKd1PmJwCQ5yKqIG4kZlBDYPveEV04XyjyY+n4bvTi0ldzIRfxT5zBzgL5mwBu1boVJLJfGuC2OJ7EuwyyaYivqlTOR+iUxnRoyvpRq+nQS3yjePAH6YN3L2a2YmQDqmDorJME/8ywhOXIckN1lCb7UIaPs76zlUcpuUl5hE80uUSJ4kD2S+HOkzSMwEJHqYR1LvG0zR2A0ixz70mRlEuGa/nrsvRozFwwVzOkdA9mxWh0SgNOtjJobTZLhnVmKbi309zR81/rMZIrRkd+/8v4w14lqvTZ7o9dai+kG/7AhCOZTHoHzB36DQHWAPoeawcgERhij2vzd5YDCXAsJEsQ6kl7Q== osboxes@osboxes
symetrique @ 12851178
Subproject commit 12851178645d7f617ce76518596a5887950d2f4a
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment