Merge pull request #18 from samsam2310/v0.0

V0.0.2b
Entresoft · Jul 4, 2015 · a57b35b · a57b35b
2 parents 53546af + f25cfe5
commit a57b35b
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 21 deletions.
diff --git a/schoolcms/__init__.py b/schoolcms/__init__.py
@@ -14,5 +14,5 @@
 # is zero for an official release, positive for a development branch,
 # or negative for a release candidate or beta (after the base version
 # number has been incremented)
-version = "0.0dev"
-version_info = (0, 0, 1, 5)
+version = "0.0.2b"
+version_info = (0, 0, 2, -1)
diff --git a/schoolcms/creatDB.py b/schoolcms/creatDB.py
@@ -5,7 +5,7 @@
 
 CreatDB.
 
-DB ver -106
+DB ver -107
 
 """
 
@@ -22,7 +22,7 @@
 from sqlalchemy.orm.exc import NoResultFound
 
 from .db import engine, Base, SessionGen
-from .db import System, User, GroupList, Announce, AnnTag, TempFileList, AttachmentList, Record
+from .db import System, Login_Session, User, GroupList, Announce, AnnTag, TempFileList, AttachmentList, Record
 from . import version as system_version
 from . import db
 

diff --git a/schoolcms/db/__init__.py b/schoolcms/db/__init__.py
@@ -13,14 +13,14 @@
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker
 
-version = '-106'
+version = '-107'
 
 
 # creat engine
 engine = sqlalchemy.create_engine(options.database_config, 
                         echo=options.database_debug, pool_recycle=3600)
 Base = declarative_base()
-Session = sessionmaker(bind=engine)
+SQL_Session = sessionmaker(bind=engine)
 
 
 class SessionGen(object):
@@ -35,7 +35,7 @@ def __init__(self):
         self.session = None
 
     def __enter__(self):
-        self.session = Session()
+        self.session = SQL_Session()
         return self.session
 
     def __exit__(self, unused1, unused2, unused3):
@@ -44,7 +44,7 @@ def __exit__(self, unused1, unused2, unused3):
 
 
 from .system import System
-from .user import User, GroupList
+from .user import User, GroupList, Login_Session
 from .announce import Announce, AnnTag
 from .filelist import TempFileList, AttachmentList
 from .record import Record
diff --git a/schoolcms/db/user.py b/schoolcms/db/user.py
@@ -13,12 +13,13 @@
 import random
 import hashlib
 import string
+import uuid
+from datetime import datetime, timedelta 
 
 from . import Base
-import uuid
 
 from sqlalchemy import Column
-from sqlalchemy.dialects.mysql import INTEGER, BOOLEAN, CHAR, VARCHAR, ENUM
+from sqlalchemy.dialects.mysql import INTEGER, BOOLEAN, CHAR, VARCHAR, ENUM, TIMESTAMP
 
 
 try:
@@ -126,3 +127,39 @@ def to_dict(self):
             'userkey' : self.userkey,
             'group' : self.group,
         }
+
+
+class Login_Session(Base):
+    __tablename__ = 'login_sessions'
+
+    key = Column(VARCHAR(40, collation='utf8_unicode_ci'), primary_key=True)
+    userkey = Column(VARCHAR(40, collation='utf8_unicode_ci'), nullable=False)
+    ip = Column(VARCHAR(40, collation='utf8_unicode_ci'))
+    os = Column(VARCHAR(40, collation='utf8_unicode_ci'))
+    browser = Column(VARCHAR(40, collation='utf8_unicode_ci'))
+    TTL = Column(TIMESTAMP, nullable=False)
+
+    def __init__(self, userkey):
+        self.key = uuid.uuid3(uuid.uuid1(), userkey.encode()).hex
+        self.userkey = userkey
+        self.TTL = datetime.utcnow() + timedelta(days=1)
+
+    @classmethod
+    def get_by_key(cls, key, sql_session):
+        q = sql_session.query(cls)
+        q = q.filter(cls.key == key)
+        q = q.filter(cls.TTL >= datetime.utcnow())
+        login_session = q.scalar()
+        return login_session
+
+    @classmethod
+    def delete_by_key(cls, key, sql_session):
+        q = sql_session.query(cls)
+        q = q.filter(cls.key == key)
+        q.delete()
+
+    @classmethod
+    def clear_old(cls, sql_session):
+        q = sql_session.query(cls)
+        q = q.filter(cls.TTL < datetime.utcnow())
+        q.delete()
diff --git a/schoolcms/dropDB.py b/schoolcms/dropDB.py
@@ -5,7 +5,7 @@
 
 DropDB.
 
-DB ver -106
+DB ver -107
 
 """
 

diff --git a/schoolcms/handler/__init__.py b/schoolcms/handler/__init__.py
@@ -16,7 +16,7 @@
 import tornado.web
 from tornado.escape import json_encode
 
-from schoolcms.db import Session, User, GroupList
+from schoolcms.db import SQL_Session, User, GroupList, Login_Session
 from webassets import Environment, Bundle
 from schoolcms.util  import webassets_react
 
@@ -56,7 +56,7 @@ def prepare(self):
         """This method is executed at the beginning of each request.
 
         """
-        self.sql_session = Session()
+        self.sql_session = SQL_Session()
 
     def on_finish(self):
         """Finish this response, ending the HTTP request 
@@ -69,10 +69,13 @@ def get_current_user(self):
         If a valid cookie is retrieved, return a User object.
         Otherwise, return None.
         """
-        uid = self.get_secure_cookie('uid')
-        if not uid:
+        session_key = self.get_secure_cookie('session_key')
+        if not session_key:
             return None
-        return User.by_key(uid, self.sql_session).scalar()
+        login_session = Login_Session.get_by_key(session_key, self.sql_session)
+        if not login_session:
+            return None
+        return User.by_key(login_session.userkey, self.sql_session).scalar()
 
     def get_template_namespace(self):
         _ = super(BaseHandler, self).get_template_namespace()

diff --git a/schoolcms/handler/signhandler.py b/schoolcms/handler/signhandler.py
@@ -14,13 +14,13 @@
 
 from . import BaseHandler
 
-from schoolcms.db import User
+from schoolcms.db import User, Login_Session
 
 
 class LoginHandler(BaseHandler):
     def post(self):
         if self.current_user:
-            raise self.HTTPError(404)
+            raise self.HTTPError(403)
 
         self._ = dict()
         self._['account'] = self.get_argument('account', '')
@@ -32,7 +32,12 @@ def post(self):
             del self._['passwd']
             self.write(self._)
         else:
-            self.set_secure_cookie('uid', unicode(user.key))
+            login_session = Login_Session(user.key)
+            self.sql_session.add(login_session)
+            Login_Session.clear_old(self.sql_session)
+            self.sql_session.commit()
+
+            self.set_secure_cookie('session_key', login_session.key)
             self.write({'success':True,'next':self._['next']})
 
     def login(self):
@@ -56,5 +61,11 @@ def login(self):
 
 class LogoutHandler(BaseHandler):
     def get(self):
-        self.clear_cookie('uid')
+        session_key = self.get_secure_cookie('session_key')
+        if session_key:
+            Login_Session.delete_by_key(session_key, self.sql_session)
+            Login_Session.clear_old(self.sql_session)
+            self.sql_session.commit()
+
+        self.clear_cookie('session_key')
         self.write({'logout':True})
diff --git a/schoolcms/static/schoolcms/import/component.jsx b/schoolcms/static/schoolcms/import/component.jsx
@@ -54,6 +54,9 @@ SC.A = React.createClass({
   propTypes: {
     href: React.PropTypes.string,
   },
+  componentDidMount: function(){
+    React.findDOMNode(this.refs.a).addEventListener('click', this.handleClick);
+  },
   handleClick: function(e){
     e.preventDefault();
     e.stopPropagation();
@@ -63,7 +66,7 @@ SC.A = React.createClass({
   render: function() {
     var other = SC.makeOtherArray(['onClick'],this.props);
     return (
-      <a onClick={this.handleClick} {...other} >{this.props.children}</a>
+      <a ref='a' {...other} >{this.props.children}</a>
     );
   }
 });