switch off debug view

account/decorators.py

@@ -4,7 +4,7 @@ from .models import User
 from utils.http import make_json_response
 
 
-def login_required(error='未登录'):
+def _login_required(error='未登录'):
     # 判断是否登录的decorator
     def is_login(request):
         if request.method != 'POST':
@@ -34,3 +34,5 @@ def login_required(error='未登录'):
         return _wrapped_view
 
     return decorator
+
+login_required = _login_required()

account/views.py

@@ -22,7 +22,7 @@ def auth_with_username_or_email(username, password):
 
 
 @secure_transport
-@debug_view('password', 'email')
+# @debug_view('password', 'email')
 @require_POST
 def register(request):
     username = request.POST.get('username', '')
@@ -46,7 +46,7 @@ def register(request):
 
 
 @secure_transport
-@debug_view('password')
+# @debug_view
 @require_POST
 def login(request):
     username = request.POST.get('username', '')
@@ -85,7 +85,7 @@ def login(request):
 
 
 @secure_transport
-@debug_view()
+# @debug_view()
 @login_required
 def logout(request):
     user = get_user(request)

file/views.py

@@ -19,7 +19,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
 
 @secure_transport
-@debug_view(template_name='upload_file.html')
+# @debug_view(template_name='upload_file.html')
 @login_required
 def upload_file(request):
     data = request.POST
@@ -59,7 +59,7 @@ def upload_file(request):
 
 
 @secure_transport
-@debug_view('file_id')
+# @debug_view('file_id')
 @login_required
 def download_file(request):
     user = get_user(request)
@@ -80,7 +80,7 @@ def download_file(request):
 
 
 @secure_transport
-@debug_view('file_id')
+# @debug_view('file_id')
 @login_required
 def delete_file(request):
     data = request.POST

folder/views.py

@@ -10,7 +10,7 @@ from utils.crypto import secure_transport
 
 
 @secure_transport
-@debug_view()
+# @debug_view()
 @login_required
 def get_root_folder(request):
     # 获取根目录
@@ -20,7 +20,7 @@ def get_root_folder(request):
 
 # 在根目录下列出所有文件夹与文件
 @secure_transport
-@debug_view('folder_id')
+# @debug_view('folder_id')
 @login_required
 def folder_list(request):
     data = request.POST
@@ -41,7 +41,7 @@ def folder_list(request):
 
 # 增文件夹
 @secure_transport
-@debug_view('father_folder_id', 'folder_name')
+# @debug_view('father_folder_id', 'folder_name')
 @login_required
 def add_folder(request):
     data = request.POST
@@ -66,7 +66,7 @@ def add_folder(request):
 
 # 删除文件夹
 @secure_transport
-@debug_view('folder_id')
+# @debug_view('folder_id')
 @login_required
 def delete_folder(request):
     data = request.POST

group/views.py

@@ -9,7 +9,7 @@ from utils.crypto import secure_transport
 
 
 @secure_transport
-@debug_view('group_id')
+# @debug_view('group_id')
 @login_required
 def get_group_root_folder(request):
     user = get_user(request)
@@ -24,7 +24,7 @@ def get_group_root_folder(request):
 
 
 @secure_transport
-@debug_view('group_id')
+# @debug_view('group_id')
 @login_required
 def join_group(request):
     user = get_user(request)
@@ -42,7 +42,7 @@ def join_group(request):
 
 
 @secure_transport
-@debug_view('group_name')
+# @debug_view('group_name')
 @login_required
 def create_group(request):
     user = get_user(request)
@@ -56,7 +56,7 @@ def create_group(request):
 
 
 @secure_transport
-@debug_view('group_id')
+# @debug_view('group_id')
 @login_required
 def quit_group(request):
     user = get_user(request)
@@ -75,7 +75,7 @@ def quit_group(request):
 
 # 获取你所在的所有群组
 @secure_transport
-@debug_view()
+# @debug_view()
 @login_required
 def group_list(request):
     user = get_user(request)

utils/crypto.py

@@ -35,8 +35,10 @@ def secure_transport(view_func):
         aes_key = private_cipher.decrypt(base64.b64decode(enc_key.encode('utf-8')), b'error').decode('utf-8')
         print(f'key={aes_key}')
 
-        aes_cipher = AES.new(aes_key.encode('utf-8'), AES.MODE_CBC, IV.encode('utf-8'))
-        decrypted = aes_cipher.decrypt(base64.b64decode(cipher_text.encode('utf-8')))
+        def get_aes_cipher():
+            return AES.new(aes_key.encode('utf-8'), AES.MODE_CBC, IV.encode('utf-8'))
+
+        decrypted = get_aes_cipher().decrypt(base64.b64decode(cipher_text.encode('utf-8')))
         # print(decrypted)
         decrypted = decrypted[:-decrypted[-1]]
         # print(decrypted)
@@ -55,14 +57,14 @@ def secure_transport(view_func):
 
         raw_response = view_func(dec_request, *args, **kwargs)
 
-        content = json.dumps({'data': raw_response.content.decode('utf-8')})
+        content = json.dumps({'data': json.loads(raw_response.content)}).encode('utf-8')
         padding = 16 - len(content) % 16
         content += bytes([padding] * padding)
         print(content)
 
-        aes_cipher = AES.new(aes_key.encode('utf-8'), AES.MODE_CBC, IV.encode('utf-8'))
-        enc_content = base64.b64encode(aes_cipher.encrypt(content)).decode('utf-8')
+        enc_content = base64.b64encode(get_aes_cipher().encrypt(content)).decode('utf-8')
         print(enc_content)
+        print(get_aes_cipher().decrypt(base64.b64decode(enc_content.encode('utf-8'))))
         return make_json_response(enc_content=enc_content)
     return _wrapped_view
 

utils/debug.py

@@ -9,13 +9,13 @@ DEBUG = settings.DEBUG
 DEFAULT_ITEMS = ['username', 'token', 'enc_key', 'cipher_text']
 
 
-def debug_view(*items, template_name='debug.html'):
+def debug_view(items=DEFAULT_ITEMS, template_name='debug.html'):
     def decorator(view_func):
         @wraps(view_func)
         def _wrapped_view(request, *args, **kwargs):
             if DEBUG and request.method == 'GET':
                 print('render debug view')
-                return render(request, template_name, {'items': [*items, *DEFAULT_ITEMS]})
+                return render(request, template_name, {'items': items})
             else:
                 return view_func(request, *args, **kwargs)
         return _wrapped_view