def get(self):
resp = yield self.get_user_info()
self.write(resp)
# everytime we receive a GET request to this api, we'll update last_date and last_ip
username = self.get_current_user()
if username:
now_ip = AntiCrawler(self).get_real_ip()
self.instance.update_user_last(username, now_ip)
def process(self, method):
obj_id = self.json.get("obj_id")
token = self.json.get("token")
ua = self.request.headers['user-agent']
ip = AntiCrawler(self).get_real_ip()
logging.info("Authentication %s(%s) for spam API now...", ua, ip)
if token == os.getenv("TOKEN"):
return getattr(self.instance, method)(obj_id)
else:
self.set_status(HTTPStatus.FORBIDDEN)
return {
"status": False,
"message": "this token is not allowed to access this API"
}
def add_announcement(self):
username = self.get_current_user()
if not self.instance.is_admin(username):
self.set_status(HTTPStatus.FORBIDDEN)
return {"message": "只有管理员可以设置公告"}
payload = self.json
content = payload["content"]
real_ip = AntiCrawler(self).get_real_ip()
browser = self.request.headers['user-agent']
self.instance.add_announcement(username, content, real_ip, browser)
self.set_status(HTTPStatus.CREATED)
return {"message": "添加成功"}
def login_user(self):
data = json.loads(self.request.body)
username = data["username"]
password = data["password"]
ip = AntiCrawler(self).get_real_ip()
browser = self.request.headers['user-agent']
response = self.instance.login_user(username, password, ip, browser)
if response["status_code"] in (HTTPStatus.CREATED, HTTPStatus.OK):
self.set_login(username)
returned_value = ""
else:
returned_value = response["message"]
return returned_value
def add_comment(self):
payload = json.loads(self.request.body)
captcha = payload["captcha"]
captcha_id = payload["id"]
content = payload["content"]
resource_id = payload["resource_id"]
comment_id = payload.get("comment_id")
real_ip = AntiCrawler(self).get_real_ip()
username = self.get_current_user()
browser = self.request.headers['user-agent']
result = self.instance.add_comment(captcha, captcha_id, content, resource_id, real_ip,
username, browser, comment_id)
self.set_status(result["status_code"])
return result
def login_user(self):
data = self.json
username = data["username"]
password = data["password"]
captcha = data.get("captcha")
captcha_id = data.get("captcha_id", "")
ip = AntiCrawler(self).get_real_ip()
browser = self.request.headers['user-agent']
response = self.instance.login_user(username, password, captcha,
captcha_id, ip, browser)
if response["status_code"] in (HTTPStatus.CREATED, HTTPStatus.OK):
self.set_login(username)
else:
self.set_status(response["status_code"])
return response
def get_resource_data(self):
ban = AntiCrawler(self)
if ban.execute():
logging.warning("%s@%s make you happy:-(", self.request.headers.get("user-agent"), ban.get_real_ip())
self.set_status(HTTPStatus.FORBIDDEN)
return {}
else:
resource_id = int(self.get_query_argument("id"))
username = self.get_current_user()
data = self.instance.get_resource_data(resource_id, username)
if not data:
# not found, dangerous
ip = ban.get_real_ip()
ban.imprisonment(ip)
self.set_status(HTTPStatus.NOT_FOUND)
data = {}
return data
def ban_yellow_nazi(self):
if self.db.is_user_blocked(self.get_current_user()):
self.set_status(HTTPStatus.FORBIDDEN, "You don't deserve it.")
real_ip = AntiCrawler(self).get_real_ip()
AntiCrawler(self).imprisonment(real_ip)