def post(self):
user = users.get_current_user()
if not user:
return self.write("Please login before you're allowed to post a topic.")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put() # put() saves the object in Datastore
return self.write("Topic successfully created!")
def post(self):
email = users.get_current_user().email()
# cgi disables option to post html or javascript in form fields
title = cgi.escape(self.request.get("title"))
content = cgi.escape(self.request.get("content"))
# user_id can't be retrived from google.appengine.api
new_topic = Topic(user_id=email, title=title, content=content)
# save topic to database
new_topic.put()
new_topic_id = new_topic.key.id()
return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def post(self):
user = users.get_current_user()
if not user:
return self.write(
"Please login before you're allowed to post a topic.")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put() # put() saves the object in Datastore
return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def post(self):
user = users.get_current_user()
csrf_token = self.request.get("csrf_token")
mem_token = memcache.get(key=csrf_token)
if not mem_token:
return self.write("Hacker at the doors")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put()
return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def test_topic_add_handler(self):
# GET
get = self.testapp.get('/topic/add')
self.assertEqual(get.status_int, 200)
# POST
csrf_token = str(uuid.uuid4()) # convert UUID to string
memcache.add(key=csrf_token, value=True, time=600)
title = "Some new topic"
content = "This is a new topic. Just for testing purposes."
params = {"title": title, "content": content, "csrf_token": csrf_token}
post = self.testapp.post('/topic/add', params) # do a POST request
self.assertEqual(
post.status_int, 302
) # 302 means "redirect" - this is what we do at the end of POST method in TopicAdd handler
topic = Topic.query().get(
) # get the topic create by this text (it's the only one in this fake database)
self.assertEqual(
topic.title,
title) # check if topic title is the same as we wrote above
self.assertEqual(topic.content, content)
def test_comment_delete_handler(self):
# POST test topic via '/topic/add'
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
title = "Some new topic"
content = "This is a new topic. Just for testing purposes."
params = {"title": title, "content": content, "csrf_token": csrf_token}
post = self.testapp.post('/topic/add', params)
self.assertEqual(post.status_int, 302)
# POST test comment via '/topic/details/<topic_id>'
content = "This is a new comment. Just for testing purposes."
params = {"content": content, "csrf_token": csrf_token}
topic = Topic.query().get()
# topic_id is extracted from request when creating comment via TopicDetails handler
# Comment.save_comment(topic_id, content)
post = self.testapp.post('/topic/details/' + str(topic.key.id()), params)
self.assertEqual(post.status_int, 302)
# Delete comment via '/comment/delete/<comment_id>'
comment = Comment.query().get()
params = {"csrf_token": csrf_token}
post = self.testapp.post('/comment/delete/' + str(comment.key.id()), params, {'referer': '/user-comments'})
self.assertEqual(post.status_int, 302)
# check if comment.deleted field was set to True
self.assertEqual(comment.deleted, True)
post = self.testapp.post('/comment/delete/' + str(comment.key.id()), params, {'referer': '/topic/details/' + str(topic.key.id())})
self.assertEqual(post.status_int, 302)
def get(self):
time_limit = datetime.now() - timedelta(days=1)
latest_topics = Topic.query(
Topic.create_time > time_limit).fetch()
latest_topics_text = ""
for topic in latest_topics:
latest_topics_text = ", </br>".join(topic.title)
subscriptions = SubscriptionLatestTopics.query().fetch()
subscribers_list = []
for subscription in subscriptions:
subscribers_list.append(subscription.user_id)
if subscribers_list:
for subscriber in subscribers_list:
taskqueue.add(url="/task/send-latest-topics-mail",
params={
"latest_topics_text": latest_topics_text,
"receiver": subscriber,
})
def get(self):
# fetch saves data to topics variable so the next database query
# doesn't have to be performed if needed
topics = Topic.query(
Topic.deleted == False).order(-Topic.create_time).fetch()
params = {"topics": topics}
return self.render_template_with_csrf("home.html", params)
def get(self):
time_delete = datetime.now() - timedelta(days=30)
topics_to_delete = Topic.query(
Topic.deleted == True,
Topic.deleted_time != None,
Topic.deleted_time < time_delete).fetch()
for topic in topics_to_delete:
topic.key.delete()
def test_topic_details_handler(self):
# Create test topic
title = "Some new topic"
content = "This is a new topic. Just for testing purposes."
topic = Topic(user_id=os.environ['USER_EMAIL'],
title=title,
content=content)
topic.put()
# GET
topic = Topic.query().get()
get = self.testapp.get('/topic/details/' + str(topic.key.id()))
self.assertEqual(get.status_int, 200)
self.assertEqual(topic.title, title)
# POST
# 1. POST test comment via '/topic/details/<topic_id>'
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
content = "This is a new comment. Just for testing purposes."
params = {"content": content, "csrf_token": csrf_token}
# topic_id is extracted from request when creating comment via TopicDetails handler
# Comment.save_comment(topic_id, content)
post = self.testapp.post('/topic/details/' + str(topic.key.id()),
params)
self.assertEqual(post.status_int, 302)
comment = Comment.query().get()
self.assertEqual(comment.content, content)
# 2. POST test subscription via '/topic/details/<topic_id>'
params = {"csrf_token": csrf_token}
# topic_id is extracted from request when creating comment via TopicDetails handler
# Subscription.save_comment(topic_id, user_id)
post = self.testapp.post('/topic/details/' + str(topic.key.id()),
params)
self.assertEqual(post.status_int, 302)
subscription = Subscription.query().get()
self.assertEqual(subscription.user_id, os.environ['USER_EMAIL'])
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
if topic.author_email == user.email() or users.is_current_user_admin():
topic.deleted = True
topic.put()
return self.redirect_to("main-page")
def get(self, topic_id):
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
topic = Topic.get_by_id(int(topic_id))
comment = Comment.query(Comment.topic_id == topic.key.id()).order(
Comment.created).fetch()
params = {"topic": topic, "comment": comment, "csrf_token": csrf_token}
return self.render_template("topic_details.html", params=params)
def post(self):
user = users.get_current_user()
if not user:
return self.write(
"Please login before you're allowed to post a topic.")
csrf_token = self.request.get("csrf_token")
mem_token = memchace.get(key=csrf_token)
if not mem_token:
return self.write("You are evil attacker...")
title = self.request.get("title")
text = self.request.get("text")
new_topic = Topic(title=title, content=text, author_email=user.email())
new_topic.put() # put() saves the object in Datastore
return self.redirect_to("topic_details", topic_id=new_topic.key.id())
def test_topic_delete_handler(self):
# Create test topic
title = "Some new topic"
content = "This is a new topic. Just for testing purposes."
topic = Topic(user_id=os.environ['USER_EMAIL'],
title=title,
content=content)
topic.put()
# Delete test topic via '/topic/delete/<topic_id>'
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value=True, time=600)
topic = Topic.query().get()
params = {"csrf_token": csrf_token}
post = self.testapp.post('/topic/delete/' + str(topic.key.id()),
params)
self.assertEqual(post.status_int, 302)
# check if topic.deleted field was set to True
self.assertEqual(topic.deleted, True)
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
comments = comments = Comment.query(Comment.topic_id == topic.key.id(),
Comment.deleted == False).order(
Comment.created).fetch()
csrf_token = str(uuid.uuid4()) # convert UUID to string
memcache.add(key=csrf_token, value=True, time=600)
params = {
"topic": topic,
"comments": comments,
"csrf_token": csrf_token
}
return self.render_template("topic_details.html", params=params)
def post(self, topic_id):
csrf_token = self.request.get("csrf_token")
mem_token = memcache.get(
key=csrf_token) # find if this CSRF exists in memcache
if not mem_token: # if token does not exist in memcache, write the following message
return self.write("Attack attempt detected...")
user = users.get_current_user()
if not user:
return self.write(
"Please login before you're allowed to post a topic.")
topic = Topic.get_by_id(int(topic_id))
text = self.request.get("comment")
Comment.create(content=text, user=user, topic=topic)
return self.redirect_to("topic_details", topic_id=topic.key.id())
def post(self, topic_id):
user = users.get_current_user()
time = datetime.datetime.now()
csrf_token = self.request.get("csrf_token")
mem_token = memcache.get(key=csrf_token)
if mem_token:
return self.write("Hacker at the doors")
comment = self.request.get("comment")
topic = Topic.get_by_id(int(topic_id))
new_comment = Comment(content=comment,
topic_id=topic.key.id(),
author_email=user.email(),
topic_title=topic.title,
created=time)
new_comment.put()
return self.redirect_to("topic-details", topic_id=topic.key.id())
def create(self, db: Session, *, obj_in: dict) -> Optional[Topic]:
"""
创建主贴信息
:params userid: 用户id
:params ip: ip
:params sectionid: 主贴id
:params title: 标题
:params content: 主题内容
:params file_path: 文件路径(图片、视频、音频、文档)
:return: 主贴信息
"""
db_obj = Topic(userid=obj_in.get("userid"),
ip=obj_in.get("ip"),
sectionid=obj_in.get("sectionid"),
title=obj_in.get("title"),
content=obj_in.get("content"),
file_path=obj_in.get("file_path"))
db.add(db_obj)
db.commit()
db.refresh(db_obj)
return db_obj
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
# get comments
comments = (Comment.query(
Comment.topic_id == topic_id,
Comment.deleted == False).order(-Comment.create_time).fetch()
)
params = {
"topic": topic,
"comments": comments
}
user = users.get_current_user()
if user:
subscribed = Subscription.query(
Subscription.user_id == user.email(),
Subscription.topic_id == topic_id).fetch()
if subscribed:
params["subscribed"] = True
return self.render_template_with_csrf("topic_details.html", params)
def get(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
params = {"topic": topic}
return self.render_template("topic_details.html", params=params)
def get(self):
topic = Topic.query().fetch()
params = {"topics": topic}
return self.render_template("main.html", params=params)
def get(self, topic_id):
detail = Topic.get_by_id(int(topic_id))
params = {"details": detail}
return self.render_template("topic_podrobnosti.html", params=params)
def topic_add():
form = request.form
topic = Topic(form)
topic.save()
red.set(topic.id, 1)
return redirect(url_for('forum.topic_all', nid=topic.node_id))
def get(self):
topic = Topic.query().fetch()
user = users.get_current_user()
params = {"topics": topic, "user": user}
return self.render_template("main.html", params=params)
def post(self, topic_id):
Topic.delete_topic(topic_id)
return self.redirect_to("main-page")
def get(self):
topics = Topic.query(Topic.deleted == False).fetch()
params = {"topics": topics}
return self.render_template("main.html", params=params)
