def __ensure_reloaded(self):
hlt = self.__storage.get("hookloadtime") or {}
hlt = {int(k): v for k, v in iteritems(hlt)}
myself = hlt.get(self._pid, 0)
if 0 in hlt.values() or (time() - myself) > self.__MAX_RELOAD_TIME:
self.__hooks = {}
self.__last_load_time = time()
def get_enabled_map_hooks(self):
"""Get map enabled hooks, return dict"""
return {
name: h
for name, h in iteritems(self.get_map_hooks)
if h.state == 'enabled'
}
def __last_load_time(self, timestamp):
if not isinstance(timestamp, (integer_types, float)):
raise TypeError("The value of last_load_time type error")
hlt = self.__storage.get("hookloadtime") or {}
if timestamp == 0:
hlt = {k: 0 for k, v in iteritems(hlt)}
else:
hlt[self._pid] = timestamp
self.__storage.set("hookloadtime", hlt)
def my():
res = dict(code=1, msg=None)
ak = rsp("account", g.userinfo.username)
Action = request.args.get("Action")
if Action == "updateProfile":
allowed_fields = ["nickname", "avatar"]
data = {
k: v
for k, v in iteritems(request.form.to_dict())
if k in allowed_fields
}
try:
data.update(mtime=get_current_timestamp())
g.rc.hmset(ak, data)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
#: 更新资料触发一次钩子
current_app.extensions["hookmanager"].call(
"profile_update", **data
)
elif Action == "updatePassword":
passwd = request.form.get("passwd")
repasswd = request.form.get("repasswd")
if passwd and repasswd:
if len(passwd) < 6:
res.update(msg="Password must be at least 6 characters")
else:
if passwd != repasswd:
res.update(msg="Confirm passwords do not match")
else:
try:
g.rc.hmset(ak, dict(
password=generate_password_hash(passwd),
))
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(msg="Parameter error")
elif Action == "updateUserCfg":
#: 更新用户设置,为避免覆盖ak字段,所有更新的key必须`ucfg_`开头
cfgs = request.form.to_dict()
if cfgs:
for k in cfgs:
if not k.startswith("ucfg_"):
res.update(msg="The user setting must start with `ucfg_`")
return res
try:
g.rc.hmset(ak, cfgs)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
return res
def my():
if request.method == "GET":
return abort(404)
res = dict(code=1)
ak = rsp("account", g.userinfo.username)
Action = request.args.get("Action")
if Action == "updateProfile":
allowed_fields = ["nickname", "avatar"]
data = {
k: v
for k, v in iteritems(request.form.to_dict())
if k in allowed_fields
}
try:
data.update(mtime=get_current_timestamp())
g.rc.hmset(ak, data)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
#: 更新资料触发一次钩子
current_app.extensions["hookmanager"].call(
"profile_update", **data
)
elif Action == "updatePassword":
passwd = request.form.get("passwd")
repasswd = request.form.get("repasswd")
if passwd and repasswd:
if len(passwd) < 6:
res.update(msg="Password must be at least 6 characters")
else:
if passwd != repasswd:
res.update(msg="Confirm passwords do not match")
else:
try:
g.rc.hmset(ak, dict(
password=generate_password_hash(passwd),
))
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(msg="Parameter error")
return res
def setmany(self, **mapping):
if mapping and isinstance(mapping, dict):
mapping = {k: json.dumps(v) for k, v in iteritems(mapping)}
return self._db.hmset(self.index, mapping)
def list(self):
"""list redis hash data"""
return {
k: json.loads(v)
for k, v in iteritems(self._db.hgetall(self.index))
}
def setmany(self, **mapping):
if mapping and isinstance(mapping, dict):
db = self._open()
for k, v in iteritems(mapping):
db[self.__ck(k)] = v
db.close()
def link():
res = dict(code=1, msg=None)
ltk = rsp("linktokens")
username = g.userinfo.username
def check_body():
"""校验post、put参数,返回值有效说明校验不通过"""
allow_origin = request.form.get("allow_origin")
allow_ip = request.form.get("allow_ip")
allow_ep = request.form.get("allow_ep")
allow_method = request.form.get("allow_method")
er = request.form.get("exterior_relation")
ir = request.form.get("interior_relation")
if allow_origin:
origins = parse_valid_comma(allow_origin)
if not origins or not isinstance(origins, (tuple, list)):
return "Invalid url address"
for url in origins:
if url and not check_origin(url):
return "Invalid url address"
if allow_ip:
ips = parse_valid_comma(allow_ip)
if not ips or not isinstance(ips, (tuple, list)):
return "Invalid IP address"
for ip in ips:
if ip and not check_ip(ip):
return "Invalid IP address"
if allow_ep:
eps = parse_valid_comma(allow_ep)
if not eps or not isinstance(eps, (tuple, list)):
return "Not found the endpoint"
for ep in eps:
if ep and ep not in current_app.view_functions.keys():
return "Not found the endpoint"
if allow_method:
methods = parse_valid_comma(allow_method)
if not methods or not isinstance(methods, (tuple, list)):
return "Invalid HTTP method"
for md in methods:
if md and md.upper() not in ["GET", "POST", "PUT", "DELETE"]:
return "Invalid HTTP method"
if er:
if not er_pat.match(er.strip()):
return "Invalid exterior_relation"
if ir:
if not ir_pat.match(ir.strip()):
return "Invalid interior_relation"
else:
try:
check_ir(ir)
except (ValueError, TypeError):
return "Invalid interior_relation"
if request.method == "GET":
is_mgr = is_true(request.args.get("is_mgr"))
linktokens = g.rc.hgetall(ltk)
pipe = g.rc.pipeline()
for ltid, usr in iteritems(linktokens):
if is_mgr and g.is_admin:
pipe.hgetall(rsp("linktoken", ltid))
else:
if username == usr:
pipe.hgetall(rsp("linktoken", ltid))
try:
result = pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0, data=result, count=len(result))
elif request.method == "POST":
comment = request.form.get("comment") or ""
#: 定义此引用上传图片时默认设置的相册名
album = request.form.get("album") or ""
#: 定义以下几个权限之间的允许访问条件,opt and/or/not opt
er = request.form.get("exterior_relation", "").strip()
#: 定义权限内部允许访问条件 in/not in:opt,
ir = request.form.get("interior_relation", "").strip()
#: 定义权限项及默认值,检测参数时不包含默认值
allow_origin = request.form.get("allow_origin") or ""
allow_ip = request.form.get("allow_ip") or ""
allow_ep = request.form.get("allow_ep") or "api.upload"
allow_method = request.form.get("allow_method") or "post"
#: 判断用户是否有token
ak = rsp("account", username)
if not g.rc.hget(ak, "token"):
res.update(msg="No tokens yet")
return res
cv = check_body()
if cv:
res.update(msg=cv)
return res
if allow_origin:
allow_origin = ",".join([
get_origin(url) for url in parse_valid_comma(allow_origin)
if url
])
#: 生成一个引用
LinkId = gen_uuid()
LinkSecret = generate_password_hash(LinkId)
lid = "%s:%s:%s" % (get_current_timestamp(), LinkId,
hmac_sha256(LinkId, LinkSecret))
LinkToken = b64encode(lid.encode("utf-8")).decode("utf-8")
pipe = g.rc.pipeline()
pipe.hset(ltk, LinkId, username)
pipe.hmset(
rsp("linktoken", LinkId),
dict(
LinkId=LinkId,
LinkSecret=LinkSecret,
LinkToken=LinkToken,
ctime=get_current_timestamp(),
user=username,
comment=comment,
album=album,
status=1, # 状态,1是启用,0是禁用
allow_origin=allow_origin,
allow_ip=allow_ip,
allow_ep=allow_ep,
allow_method=allow_method,
exterior_relation=er,
interior_relation=ir,
))
try:
pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0, LinkToken=LinkToken)
elif request.method == "PUT":
LinkId = request.form.get("LinkId")
Action = request.args.get("Action")
key = rsp("linktoken", LinkId)
if Action == "disable":
try:
g.rc.hset(key, "status", 0)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
return res
elif Action == "enable":
try:
g.rc.hset(key, "status", 1)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
return res
if LinkId and g.rc.exists(key):
comment = request.form.get("comment") or ""
album = request.form.get("album") or ""
er = request.form.get("exterior_relation", "").strip()
ir = request.form.get("interior_relation", "").strip()
allow_origin = request.form.get("allow_origin") or ""
allow_ip = request.form.get("allow_ip") or ""
allow_ep = request.form.get("allow_ep") or "api.upload"
allow_method = request.form.get("allow_method") or "post"
cv = check_body()
if cv:
res.update(msg=cv)
return res
if allow_origin:
allow_origin = ",".join([
get_origin(url) for url in parse_valid_comma(allow_origin)
if url
])
pipe = g.rc.pipeline()
pipe.hset(ltk, LinkId, username)
pipe.hmset(
key,
dict(
mtime=get_current_timestamp(),
comment=comment,
album=album,
allow_origin=allow_origin,
allow_ip=allow_ip,
allow_ep=allow_ep,
allow_method=allow_method,
exterior_relation=er,
interior_relation=ir,
))
try:
pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(msg="Not found the LinkId")
elif request.method == "DELETE":
LinkId = request.form.get("LinkId")
if LinkId:
pipe = g.rc.pipeline()
pipe.hdel(ltk, LinkId)
pipe.delete(rsp("linktoken", LinkId))
try:
pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(msg="Parameter error")
return res
The program configuration file, the preferred configuration item,
reads the system environment variable first.
:copyright: (c) 2019 by staugur.
:license: BSD 3-Clause, see LICENSE for more details.
"""
from os import getenv, environ
from os.path import isfile, dirname, join
from utils._compat import iteritems, Properties
ENV = join(dirname(__file__), ".env")
if isfile(ENV):
envs = Properties(ENV).getProperties()
if envs and isinstance(envs, dict):
for k, v in iteritems(envs):
if k and v:
environ[k] = v
GLOBAL = {
"ProcessName": "picbed",
# 自定义进程名.
"Host": getenv("picbed_host", "127.0.0.1"),
# 监听地址
"Port": int(getenv("picbed_port", 9514)),
# 监听端口
"LogLevel": getenv("picbed_loglevel", "DEBUG"),
def my():
res = dict(code=1, msg=None)
ak = rsp("account", g.userinfo.username)
Action = request.args.get("Action")
if Action == "updateProfile":
#: 基于资料本身进行的统一更新
allowed_fields = ["nickname", "avatar", "email"]
data = {
k: v
for k, v in iteritems(request.form.to_dict())
if k in allowed_fields
}
data.update(mtime=get_current_timestamp())
if is_true(g.userinfo.email_verified) and \
data.get("email") != g.userinfo.email:
data["email_verified"] = 0
try:
g.rc.hmset(ak, data)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
#: 更新资料触发一次钩子
current_app.extensions["hookmanager"].call("profile_update",
_kwargs=data)
elif Action == "updatePassword":
passwd = request.form.get("passwd")
repasswd = request.form.get("repasswd")
if passwd and repasswd:
if len(passwd) < 6:
res.update(msg="Password must be at least 6 characters")
else:
if passwd != repasswd:
res.update(msg="Confirm passwords do not match")
else:
try:
g.rc.hmset(
ak,
dict(password=generate_password_hash(passwd), ))
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(msg="Parameter error")
elif Action == "updateUserCfg":
#: 更新用户设置,为避免覆盖ak字段,所有更新的key必须`ucfg_`开头
cfgs = request.form.to_dict()
if cfgs:
for k in cfgs:
if not k.startswith("ucfg_"):
res.update(msg="The user setting must start with `ucfg_`")
return res
try:
g.rc.hmset(ak, cfgs)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
elif Action == "leaveMessage":
message = request.form.get("message")
if message:
try:
g.rc.hset(ak, "message", message)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
elif Action == "verifyEmail":
html = make_email_tpl("activate_email.html",
activate_url=url_for(
"front.activate",
token=generate_activate_token(
dict(
Action=Action,
username=g.userinfo.username,
email=g.userinfo.email,
)),
_external=True,
))
res = sendmail(
subject="{}邮箱验证".format(g.cfg.title_name or "picbed图床"),
message=html,
to=g.userinfo.email,
)
return res
def user():
"""Manage users.
.. versionadded:: 1.6.0
"""
res = dict(code=1, msg=None)
ak = rsp("accounts")
if request.method == "GET":
#: 查询用户
sort = request.args.get("sort") or "desc"
page = request.args.get("page") or 1
limit = request.args.get("limit") or 10
try:
page = int(page) - 1
limit = int(limit)
if page < 0:
raise ValueError
except (ValueError, TypeError):
res.update(code=2, msg="Parameter error")
else:
fds = ("username", "nickname", "avatar", "ctime", "mtime",
"is_admin", "status", "message", "email", "email_verified",
"status_reason")
pipe = g.rc.pipeline()
for u in g.rc.smembers(ak):
pipe.hmget(rsp("account", u), *fds)
pipe.scard(rsp("index", "user", u))
try:
data = pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
def fmt(d):
d, user_pics = d
d = dict(zip(fds, d))
if d.get("status") is None:
d["status"] = 1
if d.get("email_verified") is None:
d["email_verified"] = 0
d.update(
is_admin=is_true(d["is_admin"]),
ctime=int(d["ctime"]),
status=int(d.get("status", 1)),
email_verified=int(d.get("email_verified", 1)),
)
if d.get("mtime"):
d["mtime"] = int(d["mtime"])
d["pics"] = user_pics
return d
data = [fmt(d) for d in list_equal_split(data, 2)]
data = sorted(data,
key=lambda k: k.get('ctime', 0),
reverse=False if sort == "asc" else True)
count = len(data)
data = list_equal_split(data, limit)
pageCount = len(data)
if page < pageCount:
res.update(
code=0,
count=count,
data=data[page],
pageCount=pageCount,
)
else:
res.update(code=3, msg="No data")
elif request.method == "DELETE":
#: 删除用户
username = request.form.get("username")
if username:
#: 不能自己删除自己
if username == g.userinfo.username:
res.update(code=4, msg="No valid username found")
return res
if g.rc.sismember(ak, username):
pipe = g.rc.pipeline()
pipe.srem(ak, username)
pipe.delete(rsp("account", username))
#: 删除用户相关数据
# 删除图片
uk = rsp("index", "user", username)
for sha in g.rc.smembers(uk):
pipe.delete(rsp("image", sha))
pipe.delete(uk)
# 删除linktoken
lk = rsp("linktokens")
for ltid, usr in iteritems(g.rc.hgetall(lk)):
if usr == username:
pipe.hdel(lk, ltid)
pipe.delete(rsp("linktoken", ltid))
# 删除统计
pipe.delete(rsp("report", "linktokens", username))
try:
pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(code=3, msg="No valid username found")
else:
res.update(code=2, msg="No valid username found")
elif request.method == "PUT":
Action = request.args.get("Action")
username = request.form.get("username")
if Action in ("reviewOK", "reviewFail", "disable", "enable"):
if username:
if g.rc.sismember(ak, username):
#: 目前reviewFail时有用,拒绝理由
reason = ""
if Action == "reviewOK":
s = 1
elif Action == "reviewFail":
s = -2
reason = request.form.get("reason")
elif Action == "disable":
s = 0
else:
s = 1
uk = rsp("account", username)
pipe = g.rc.pipeline()
pipe.hset(uk, "status", s)
if reason:
pipe.hset(uk, "status_reason", reason)
try:
pipe.execute()
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(code=3, msg="No valid username found")
else:
res.update(code=2, msg="No valid username found")
elif Action == "admin":
adm = 1 if is_true(request.form.get("is_admin")) else 0
if username:
if username != g.userinfo.username and \
g.rc.sismember(ak, username):
try:
g.rc.hset(rsp("account", username), "is_admin", adm)
except RedisError:
res.update(msg="Program data storage service error")
else:
res.update(code=0)
else:
res.update(code=3, msg="No valid username found")
else:
res.update(code=2, msg="No valid username found")
return res
