In [5]:
from flask import Flask, request, jsonify, make_response
from flask_sqlalchemy import SQLAlchemy
import uuid#生成唯一不重复的id

from flask_bcrypt import Bcrypt
import jwt
import datetime
from functools import wraps

app = Flask(__name__)

app.config['SECRET_KEY'] = 'assignment1'
app.config['SQLALCHEMY_DATABASE_URI'] = app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///assignment1DB.db'
bcrypt = Bcrypt(app)
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    public_id = db.Column(db.String(50), unique=True)
    name = db.Column(db.String(50))
    password = db.Column(db.String(80))
    admin = db.Column(db.Boolean)

def token_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        token = None

        if 'client-token' in request.headers:
            token = request.headers['client-token']

        if not token:
            return jsonify({'message' : 'Token is missing!'}), 401

        try: 
            #print (token)
            data = jwt.decode(token, app.config['SECRET_KEY'],algorithms='HS256')
            #print(data)
            current_user = User.query.filter_by(public_id=data['public_id']).first()
        except:
            return jsonify({'message' : 'Token is invalid!'}), 401
        
        return f(current_user, *args, **kwargs)

    return decorated

@app.route('/greeting', methods=['GET'])
def greetings():
    #return jsonify({"Greeting!" : "This an assignment for COM5940"})#返回一个json对象
    return "This an assignment for COM5940"

@app.route('/creatUser', methods=['POST'])
def create_user():
    data = request.get_json()
    hashed_password = bcrypt.generate_password_hash(data['password'])
    new_user = User(public_id=str(uuid.uuid4()), name=data['name'], password=hashed_password, admin=False)
    db.session.add(new_user)
    db.session.commit()
    return jsonify({'message' : 'New user created!'})

@app.route('/login')#login为什么不需要指定HTTP method？？
def login():
    auth = request.authorization

    if not auth or not auth.username or not auth.password:
        return make_response('Could not verify', 401, {'WWW-Authenticate' : 'Basic realm="Login required!"'})

    user = User.query.filter_by(name=auth.username).first()

    if not user:
        return make_response('Could not verify', 401, {'WWW-Authenticate' : 'Basic realm="Login required!"'})

    # if check_password_hash(user.password, auth.password):
    if bcrypt.check_password_hash(user.password, auth.password):
        token = jwt.encode({'public_id' : user.public_id, 'exp' : datetime.datetime.utcnow() + datetime.timedelta(minutes=30)}, app.config['SECRET_KEY'])

        print (user.public_id)
        print (token)
        return jsonify({"Your ID": user.public_id ,'Your token' : token})

    return make_response('Could not verify', 401, {'WWW-Authenticate' : 'Basic realm="Login required!"'})

@app.route('/user/<public_id>', methods=['GET'])
@token_required#get_one_user=token_required（get_one_user）
def get_user_info(current_user,public_id):

    user = User.query.filter_by(public_id=public_id).first()
    
    if not user:
        return jsonify({'message' : 'No user found!'})

    user_data = {}
    user_data['public_id'] = str(user.public_id)
    user_data['name'] = user.name
    user_data['password'] = str(user.password)
    user_data['admin'] = user.admin

    return jsonify({'user' : user_data})

@app.route('/user_password/<public_id>', methods=['PUT'])
@token_required
def change_password(current_user, public_id):
    req = request.get_json()

    user = User.query.filter_by(public_id=public_id).first()

    if not user:
        return jsonify({'message' : 'No user found!'})

    user.password = bcrypt.generate_password_hash(req['password'])
    db.session.commit()
    
    #token = jwt.encode({'public_id' : user.public_id, 'exp' : datetime.datetime.utcnow() + datetime.timedelta(minutes=30)}, app.config['SECRET_KEY'])

    return jsonify({'message' : f"The password has been changed to '{req['password']}'"}) 

@app.route('/user_delete/<public_id>', methods=['DELETE'])
@token_required
def delete_user(current_user, public_id):

    user = User.query.filter_by(public_id=public_id).first()
    name = user.name

    if not user:
        return jsonify({'message' : 'No user found!'})

    db.session.delete(user)
    db.session.commit()

    return jsonify({'message' : f"'{name}' has been deleted!"})


if __name__ == '__main__':
    app.run('localhost', port=7000)

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
   Use a production WSGI server instead.
 * Debug mode: off


 * Running on http://localhost:7000/ (Press CTRL+C to quit)
127.0.0.1 - - [17/Jan/2022 19:18:59] "[37mGET /greeting HTTP/1.1[0m" 200 -
127.0.0.1 - - [17/Jan/2022 19:19:09] "[37mPOST /creatUser HTTP/1.1[0m" 200 -
127.0.0.1 - - [17/Jan/2022 19:19:29] "[37mPOST /creatUser HTTP/1.1[0m" 200 -
127.0.0.1 - - [17/Jan/2022 19:19:45] "[37mPOST /creatUser HTTP/1.1[0m" 200 -
127.0.0.1 - - [17/Jan/2022 19:19:55] "[37mGET /login HTTP/1.1[0m" 200 -


69e717e2-b28a-4fdc-b503-670a51e4e9ba
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwdWJsaWNfaWQiOiI2OWU3MTdlMi1iMjhhLTRmZGMtYjUwMy02NzBhNTFlNGU5YmEiLCJleHAiOjE2NDI0MjAxOTV9.EiAZwbMUoOO2b5VK27nLlSo5Mgm0a-3Zj5ath0Lxjgs


127.0.0.1 - - [17/Jan/2022 19:20:44] "[37mGET /user/69e717e2-b28a-4fdc-b503-670a51e4e9ba HTTP/1.1[0m" 200 -
127.0.0.1 - - [17/Jan/2022 19:21:33] "[37mPUT /user_password/69e717e2-b28a-4fdc-b503-670a51e4e9ba HTTP/1.1[0m" 200 -
127.0.0.1 - - [17/Jan/2022 19:22:01] "[37mDELETE /user_delete/69e717e2-b28a-4fdc-b503-670a51e4e9ba HTTP/1.1[0m" 200 -
