importtornado.httpserverimporttornado.ioloopimporttornado.webimporttornado.optionsimportos.pathimporthashlibimportfunctoolsfrom pymongo importMongoClientfrom tornado.options importdefine, options
define("port", default=8000, help="run on the given port", type=int)defrole(roleList):defdecorator(func):
@functools.wraps(func)def wrapper(self, *args, **kw):
identify=self.current_user
client=MongoClient()
db= client["privace"]
roleSet=db.role
person= roleSet.find_one({"identity": identify})
role= person["role"]if role inroleList:
func(self)else:
self.redirect("/permission")returnwrapperreturndecoratorclassBaseHandler(tornado.web.RequestHandler):defget_current_user(self):return self.get_secure_cookie("identity")#use self to get the identify and get the role
classLoginHandler(BaseHandler):defget(self):
self.render("login.html")defpost(self):
guest= self.get_argument("guest", None);if guest !=None:
self.redirect("/guest")return
#self.set_secure_cookie("username", self.get_argument("username"))
identity = self.get_argument("identity")#aliasName = self.get_argument("alias")
password = self.get_argument("password")#md5
md5Password =hashlib.md5()
md5Password.update(password)
password=md5Password.hexdigest()
client=MongoClient()
self.db= client["privace"]
role=self.db.role
person= role.find_one({"identity": identity})ifperson:if password == person["password"]:
self.set_secure_cookie("identity", person["identity"]) #store the salias Name thrount cookie
self.redirect("/")else:
self.redirect("/login")else:
self.redirect("/login")#only not for guest
classWelcomeHandler(BaseHandler):
@tornado.web.authenticateddefget(self):
client=MongoClient()
self.db= client["privace"]
role=self.db.role
person=role.find_one({"identity": self.current_user})
self.render("index.html", user=self.current_user, role=person["role"])defpost(self):
choice= self.get_argument("role");printchoiceif choice == "user":
self.redirect("/user")elif choice == "vip":
self.redirect("/vip")elif choice == "admin":
self.redirect("/admin")else:pass
classWelcomeUserHandler(BaseHandler):
@tornado.web.authenticated
@role(['admin', 'vip', 'user'])defget(self):
client=MongoClient()
self.db= client["privace"]
roleInfo=self.db.role
person= roleInfo.find_one({"identity": self.current_user})
self.render("user.html", user=self.current_user, role=person["role"])classWelcomeAdminHandler(BaseHandler):
@tornado.web.authenticated
@role(['admin'])defget(self):
client=MongoClient()
self.db= client["privace"]
roleInfo=self.db.role
person= roleInfo.find_one({"identity": self.current_user})
self.render("admin.html", user=self.current_user, role=person["role"])classWelcomeVipHandler(BaseHandler):
@tornado.web.authenticated
@role(['vip'])defget(self):
client=MongoClient()
self.db= client["privace"]
roleInfo=self.db.role
person= roleInfo.find_one({"identity": self.current_user})
self.render("vip.html", user=self.current_user, role=person["role"])classWelcomeGuestHandler(BaseHandler):
@role(['guest'])defget(self):
self.render("guest.html")classLogoutHandler(BaseHandler):defget(self):if(self.get_argument("logout", None)):
self.clear_cookie("username")
self.redirect("/")classPermissionHandler(BaseHandler):defget(self):
self.render("permission.html")if __name__ == '__main__':
tornado.options.parse_command_line()
settings={"template_path": os.path.join(os.path.dirname(__file__), "templates"),"cookie_secret": "bZJc2sWbQLKos6GkHn/VB9oXwQt8S0R0kRvJ5/xJ89E=","xsrf_cookies": True, #http://www.cnblogs.com/hyddd/archive/2009/04/09/1432744.html ;event the attacker "get" the cookiet, but the xsrf_cookies is safe. the attacker cann't make the false request(form)
"login_url":"/login"}
application=tornado.web.Application([
(r'/', WelcomeHandler),
(r'/user', WelcomeUserHandler),
(r'/admin', WelcomeAdminHandler),
(r'/vip', WelcomeVipHandler),
(r'/guest', WelcomeGuestHandler),
(r'/login', LoginHandler),
(r'/logout', LogoutHandler),
(r'/permission', PermissionHandler)
],**settings)
http_server=tornado.httpserver.HTTPServer(application)
http_server.listen(options.port)
tornado.ioloop.IOLoop.instance().start()