Merge pull request mailgyc#3 from mailgyc-163/master

login implement
godem · Jul 7, 2017 · 364da08 · 364da08
2 parents 7d1a698 + 2b869df
commit 364da08
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 38 deletions.
diff --git a/schema.sql b/schema.sql
@@ -11,10 +11,10 @@ CREATE TABLE IF NOT EXISTS account (
     created_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
-CREATE TABLE IF NOT EXISTS session (
+CREATE TABLE IF NOT EXISTS record (
     id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
     u_id INT NOT NULL REFERENCES account(id),
-    slug VARCHAR(100) NOT NULL UNIQUE,
+    round VARCHAR(100) NOT NULL,
     markdown MEDIUMTEXT NOT NULL,
     published DATETIME NOT NULL,
     updated TIMESTAMP NOT NULL,

diff --git a/src/net/web.py b/src/net/web.py
@@ -26,13 +26,16 @@ def executor(self) -> ThreadPoolExecutor:
     def data_received(self, chunk):
         pass
 
-    # def on_finish(self):
+    def on_finish(self):
         # self.session.flush()
+        pass
 
 
 class WebHandler(BaseHandler):
     # @tornado.web.authenticated
     def get(self):
+        if not self.get_cookie("_csrf"):
+            self.set_cookie("_csrf", self.xsrf_token)
         self.render('poker.html')
 
 
@@ -44,8 +47,9 @@ def get(self):
 
 
 class RegHandler(BaseHandler):
-    def get(self):
-        email = self.get_argument('email')
+
+    def post(self):
+        email = self.get_argument('email', self.get_argument('username'))
         account = self.db.get('SELECT * FROM account WHERE email="%s"', email)
         if account:
             raise tornado.web.HTTPError(400, "username already taken")
@@ -57,24 +61,28 @@ def get(self):
         uid = self.db.insert('INSERT INTO account (email, username, password) VALUES ("%s", "%s", "%s")',
                              email, username, password)
 
-        self.head('content-type', 'application/json')
+        self.set_secure_cookie("uid", str(account.get('id')))
         self.write('ok')
 
 
-def auth_login(self):
-    account = self.db.get('SELECT * FROM account WHERE email="%s"', self.get_argument('email'))
-    password = self.get_argument("password")
-    password = bcrypt.hashpw(password.encode('utf8'), account.get('password'))
+class LoginHandler(BaseHandler):
 
-    if password == account.get('password'):
-        self.set_secure_cookie("uid", str(account.get('id')))
-        self.redirect(self.get_argument("next", "/"))
-        return True
-    return False
+    def post(self):
+        username = self.get_argument('email')
+        password = self.get_argument("password")
+        account = self.db.get('SELECT * FROM account WHERE email="%s"', self.get_argument('email'))
+        password = bcrypt.hashpw(password.encode('utf8'), account.get('password'))
+
+        self.head('content-type', 'application/json')
+        if password == account.get('password'):
+            self.set_secure_cookie("uid", str(account.get('id')))
+            self.redirect(self.get_argument("next", "/"))
 
 
-def auth_logout(self):
-    uid = self.get_secure_cookie("uid")
-    self.clear_cookie("uid")
-    self.session.remove(int(uid))
-    self.redirect(self.get_argument("next", "/"))
+class LoginoutHandler(BaseHandler):
+
+    def post(self):
+        uid = self.get_secure_cookie("uid")
+        self.clear_cookie("uid")
+        self.session.remove(int(uid))
+        self.redirect(self.get_argument("next", "/"))
diff --git a/src/static/js/boot.js b/src/static/js/boot.js
@@ -1,10 +1,16 @@
-PG = {
+PG = {
     score: 0,
     music: null,
     playerInfo: {},
     orientated: false
 };
 
+
+PG.getCookie = function(name) {
+    var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
+    return r ? r[1] : undefined;
+}
+
 PG.PW = 90;
 PG.PH = 120;
 
@@ -172,6 +178,7 @@ PG.Login = function (game) {
     this.username = null;
     this.password = null;
     this.passwordAgain = null;
+    this.error = null;
 };
 
 PG.Login.prototype = {
@@ -188,26 +195,27 @@ PG.Login.prototype = {
             // type: PhaserInput.InputType.password
         };
         this.game.add.plugin(PhaserInput.Plugin);
+
         this.username = this.add.inputField((this.world.width-300)/2, this.world.height/2 - 130, style);
+
         style.placeHolder = '密码';
         this.password = this.add.inputField((this.world.width-300)/2, this.world.height/2 - 65, style);
+
         style.placeHolder = '再次输入密码';
         this.passwordAgain = this.add.inputField((this.world.width-300)/2, this.world.height/2, style);
 
+        var style = {font: "22px Arial", fill: "#f00", align: "center"};
+        this.error = this.add.text(this.world.width/2, this.world.height/2 + 20, '', style);
+
 		var login = this.add.button(this.world.width/2, this.world.height * 3/4, 'btn', this.onLogin, this, 'register.png', 'register.png', 'register.png');
 		login.anchor.set(0.5);
 	},
 
 	onLogin: function () {
-        var req = {
-            email: this.username.value,
-            username: this.username.value,
-            password: this.password.value,
-            password_again: this.passwordAgain.value
-        };
-        if (!req['username']) { alert('请输入用户名'); }
-        if (!req['password']) { alert('请输入密码'); }
-        if (!req['password_again']) { alert('请再次输入密码'); }
+        if (!this.username.value) { this.username.startFocus(); return; }
+        if (!this.password.value) { this.password.startFocus(); return; }
+        if (!this.passwordAgain.value) { this.passwordAgain.startFocus(); return; }
+        if (this.password.value != this.passwordAgain.value) { this.error.text="两次输入的密码不一致"; return; }
 
         var httpRequest = new XMLHttpRequest();
         httpRequest.onreadystatechange = function(){
@@ -217,18 +225,15 @@ PG.Login.prototype = {
                     console.log(httpRequest.responseText);
                 } else {
                     console.log('Error:' + httpRequest.status);
-                    alert(httpRequest.responseText);
+                    this.error.text = httpRequest.responseText;
                 }
             }
         };
         httpRequest.open('POST', '/reg', true);
         httpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
-        httpRequest.send(JSON.stringify(req) + '&_xsrf=' + this.getCookie("_xsrf"));
-	},
-
-	getCookie: function(name) {
-        var r = document.cookie.match("\\b" + name + "=([^;]*)\\b");
-        return r ? r[1] : undefined;
-    }
+        httpRequest.setRequestHeader('X-Csrftoken', PG.getCookie("_xsrf"))
 
+        var req = 'username=' + encodeURIComponent(this.username.value) + '&password=' + encodeURIComponent(this.password.value);
+        httpRequest.send(req);
+	}
 };
diff --git a/src/static/poker.html b/src/static/poker.html
@@ -18,6 +18,7 @@
 <body>
 <div id="game"></div>
 <div id="orientation"></div>
+{% module xsrf_form_html() %}
 <script>
 (function () {
     var h = window.innerHeight * 960/window.innerWidth;