def deploy():
"""
执行部署任务
:return:
"""
# 清空数据库
# TODO
# 为MongoDB 添加专用自增序列尾值记录表
add_mongo_counters()
# 默认角色添加
Role.insert_default_roles()
# 权限数据库索引与默认数据添加
Permission.create_table_indexes()
Permission.insert_defaults_permissions()
# 权限角色关系数据库索引与默认数据添加
PermissionsRoles.create_table_indexes()
PermissionsRoles.insert_defaults_permissions_roles()
# 文章数据库索引
Post.create_table_indexes()
# 用户数据库索引
User.create_table_indexes()
# 设置数据库索引与默认数据添加
Setting.insert_default_settings()
# 标签数据库索引
Tag.create_table_indexes()
# 评论数据库索引
Comment.create_table_indexes()
def deploy():
"""
执行部署任务
:return:
"""
# 清空数据库
# TODO
# 为MongoDB 添加专用自增序列尾值记录表
add_mongo_counters()
# 默认角色添加
Role.insert_default_roles()
# 权限数据库索引与默认数据添加
Permission.create_table_indexes()
Permission.insert_defaults_permissions()
# 权限角色关系数据库索引与默认数据添加
PermissionsRoles.create_table_indexes()
PermissionsRoles.insert_defaults_permissions_roles()
# 文章数据库索引
Post.create_table_indexes()
# 用户数据库索引
User.create_table_indexes()
# 设置数据库索引与默认数据添加
Setting.insert_default_settings()
# 标签数据库索引
Tag.create_table_indexes()
# 评论数据库索引
Comment.create_table_indexes()
def user_homepage_paged(user_id, page):
author = User.get_user_by_id(user_id)
if not author:
abort(404)
pagenation = User.get_user_posts_pagenation(user_id, page=page)
posts = pagenation.items if pagenation else []
return render_template("author.html", author=author, posts=posts, pagenation=pagenation)
def login():
"""
登录 api 接口
:return: 结果 json
"""
# POST username/password
username = request.form.get('username') # TODO 可采用邮箱登录
password = request.form.get('password')
# print(request.form)
if not username or not password:
# parameters are invalid
return value_error(u"无效的用户名或密码")
try:
user = User(name=username)
if user and user.verify_password(password):
# login_manager 保存登录状态
login_user(user, remember=True) # TODO 可让用户选择是否保存登录状态
# ajax response
# 生成 token
tokens = user.generate_access_token()
tokens.update(success=1, message=u'登录成功')
response = jsonify(tokens)
response.status_code = 200
return response
else:
return value_error(u"用户名或密码错误")
except:
return action_failed(u'查找用户失败')
def user_homepage(user_id):
author = User.get_user_by_id(user_id)
if not author:
abort(404)
pagenation = User.get_user_posts_pagenation(user_id)
posts = pagenation.items if pagenation else []
return render_template(
'author.html', author=author, posts=posts,
pagenation=pagenation) # TODO /考虑使用用户名或昵称替代用户 id 作为链接标识
def user_homepage(user_id):
author = User.get_user_by_id(user_id)
if not author:
abort(404)
pagenation = User.get_user_posts_pagenation(user_id)
posts = pagenation.items if pagenation else []
return render_template(
"author.html", author=author, posts=posts, pagenation=pagenation
) # TODO /考虑使用用户名或昵称替代用户 id 作为链接标识
def user_homepage_paged(user_id, page):
author = User.get_user_by_id(user_id)
if not author:
abort(404)
pagenation = User.get_user_posts_pagenation(user_id, page=page)
posts = pagenation.items if pagenation else []
return render_template('author.html',
author=author,
posts=posts,
pagenation=pagenation)
def register():
"""
注册 api 接口
:return: 结果 json
"""
# POST username/email/password
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
if not username or not email or not password:
# parameters are invalid
return value_error(u"无效的用户名,邮箱或密码")
try:
user = User.add_user(name=username, email=email, password=password)
if user:
# 异步发送邮件
send_mail(email, Setting.get_setting('blog_name', 'Plog')+u'注册确认邮件', 'auth/emails/register_confirm',
username=username,
blogname=Setting.get_setting('blog_name', 'Plog'),
token=user.generate_confirmation_token())
# ajax response
response = jsonify({'success': 1, 'message': u'注册成功'})
response.status_code = 200
return response
else:
return value_error(u'用户名或邮箱已存在')
except Exception, e:
print(e)
return action_failed(u'添加用户失败')
def register():
"""
注册 api 接口
:return: 结果 json
"""
# POST username/email/password
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
if not username or not email or not password:
# parameters are invalid
return value_error(u"无效的用户名,邮箱或密码")
try:
user = User.add_user(name=username, email=email, password=password)
if user:
# 异步发送邮件
send_mail(email,
Setting.get_setting('blog_name', 'Plog') + u'注册确认邮件',
'auth/emails/register_confirm',
username=username,
blogname=Setting.get_setting('blog_name', 'Plog'),
token=user.generate_confirmation_token())
# ajax response
response = jsonify({'success': 1, 'message': u'注册成功'})
response.status_code = 200
return response
else:
return value_error(u'用户名或邮箱已存在')
except Exception, e:
print(e)
return action_failed(u'添加用户失败')
def verify_password(username, password):
authorization = request.headers.get('Authorization', '').split(' ')
bearer = authorization[1] if len(authorization) > 1 else ''
if bearer:
g.current_user = User.verify_access_token(bearer)
g.token_used = True
return g.current_user is not None
if username == '':
g.current_user = AnonymousUser()
return True
user = User(username=username)
if not user or not user.user_id:
return False
g.current_user = user
g.token_used = False
return user.verify_password(password)
def verify_password(username, password):
authorization = request.headers.get('Authorization', '').split(' ')
bearer = authorization[1] if len(authorization) > 1 else ''
if bearer:
g.current_user = User.verify_access_token(bearer)
g.token_used = True
return g.current_user is not None
if username == '':
g.current_user = AnonymousUser()
return True
user = User(username=username)
if not user or not user.user_id:
return False
g.current_user = user
g.token_used = False
return user.verify_password(password)
def confirm_email():
""" 确认邮箱页面 """
token = request.args.get('token', '')
if token and User.confirm(token):
message = u"邮箱验证成功, 您的账户现在已激活"
else:
message = u"验证失败,您的链接有误或者已过期, 请重新申请验证邮箱"
return render_template('utils/pure.html', message=message, title=u"确认邮箱")
def confirm_email():
""" 确认邮箱页面 """
token = request.args.get('token', '')
if token and User.confirm(token):
message = u"邮箱验证成功, 您的账户现在已激活"
else:
message = u"验证失败,您的链接有误或者已过期, 请重新申请验证邮箱"
return render_template('utils/pure.html', message=message, title=u"确认邮箱")
def find_pass():
""" 找回密码页面 """
form = FindPassForm()
email = None
if form.validate_on_submit():
email = form.email.data
form.email.data = ''
user = User(email=email)
if user and user.user_id:
token = user.generate_reset_token(expiration=600)
send_mail(email, Setting.get_setting('blog_name', 'Plog')+u'找回您的密码', 'auth/emails/find_pass',
username=user.nickname or user.name, blogname=Setting.get_setting('blog_name', 'Plog'),
token=token)
message = u"我们已经发送一封密码重置邮件至您提供的邮箱, 请登录你的邮箱点击密码重置链接设置你的账户新密码"
else:
message = u"您提供的邮箱不存在, 请重新提交"
return render_template('utils/pure.html', message=message, title=u"找回密码") # TODO post redirect
return render_template('auth/find_pass.html', form=form)
def article_detail(post_id):
post = Post.get_post(post_id)
if not post or not post.post_id or post.status != 'published':
abort(404)
author = User(user_id=post.author_id)
comment_form = CommentForm()
return render_template('article.html',
post=post,
author=author,
comment_form=comment_form)
def grant_token():
username = request.form.get('username') or request.args.get('username')
password = request.form.get('password') or request.args.get('password')
if not username or not password:
# parameters are invalid
return value_error(u"无效的用户名或密码")
try:
user = User(name=username)
if user and user.verify_password(password):
# ajax response
# 生成 token
tokens = user.generate_access_token()
tokens.update(success=1, message=u'登录成功')
response = jsonify(tokens)
response.status_code = 200
return response
else:
return value_error(u"用户名或密码错误")
except:
return action_failed(u'查找用户失败')
def find_pass():
""" 找回密码页面 """
form = FindPassForm()
email = None
if form.validate_on_submit():
email = form.email.data
form.email.data = ''
user = User(email=email)
if user and user.user_id:
token = user.generate_reset_token(expiration=600)
send_mail(email,
Setting.get_setting('blog_name', 'Plog') + u'找回您的密码',
'auth/emails/find_pass',
username=user.nickname or user.name,
blogname=Setting.get_setting('blog_name', 'Plog'),
token=token)
message = u"我们已经发送一封密码重置邮件至您提供的邮箱, 请登录你的邮箱点击密码重置链接设置你的账户新密码"
else:
message = u"您提供的邮箱不存在, 请重新提交"
return render_template('utils/pure.html',
message=message,
title=u"找回密码") # TODO post redirect
return render_template('auth/find_pass.html', form=form)
def reset_pass():
""" 重设密码页面 """
form = ResetPassForm()
if form.validate_on_submit():
password = form.password.data
form.password.data = ''
form.password2.data = ''
token = request.args.get('token', '')
if User.reset_user_password(token, password):
# TODO flask message
flash(u'您的密码已经重设, 请使用新密码登录')
return redirect('auth.login')
else:
message = u"重设密码失败, 您的链接有误或者已过期, 请重新申请"
return render_template('utils/pure.html', message=message, title=u"重设密码") # TODO post redirect
return render_template('auth/reset_pass.html', form=form)
def reset_pass():
""" 重设密码页面 """
form = ResetPassForm()
if form.validate_on_submit():
password = form.password.data
form.password.data = ''
form.password2.data = ''
token = request.args.get('token', '')
if User.reset_user_password(token, password):
# TODO flask message
flash(u'您的密码已经重设, 请使用新密码登录')
return redirect('auth.login')
else:
message = u"重设密码失败, 您的链接有误或者已过期, 请重新申请"
return render_template('utils/pure.html',
message=message,
title=u"重设密码") # TODO post redirect
return render_template('auth/reset_pass.html', form=form)
def refresh_token():
refresh = request.form.get('refresh_token') or request.args.get('refresh_token')
new_token = User.refresh_access_token(refresh)
if new_token and isinstance(new_token, dict):
return jsonify(new_token)
return jsonify({'grant_token': url_for('api.grant_token', _external=True)})
