def create_user(): data = request.get_json() if not data: return bad_request('You must post JSON data') message = {} if 'username' not in data or not data.get('username', None): message['username'] = '******' pattern = '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' if 'email' not in data or not re.match(pattern, data.get('email', None)): message['email'] = 'Please provide a valid email address.' if 'password' not in data or not data.get('password', None): message['password'] = '******' if User.query.filter_by(username=data.get('username', None)).first(): message['username'] = '******' if User.query.filter_by(email=data.get('email', None)).first(): message['email'] = 'Please provide a different email' if message: return bad_request(message) user = User() user.from_dict(data, new_user=True) db.session.add(user) db.session.commit() response = jsonify(user.to_dict()) response.status_code = 201 # HTTP协议要求201响应包含一个值为新资源URL的Location头部 response.headers['Location'] = url_for('api.get_user', id=user.id) return response
def updata_role(id): """修改一个角色""" role = Role.query.get_or_404(id) json_data = request.json if not json_data: return bad_request("You must post a Json data") # 校验数据 message = {} if 'slug' not in json_data or not json_data.get('slug'): message['slug'] = 'Please provide a valid slug' if 'name' not in json_data or not json_data.get('name'): message['name'] = 'Please provide a valid name' r = Role.query.filter_by(slug=json_data.get('slug', None)).first() if r and r.id != role.id: print(r.id) print(role.id) message['slug'] = 'Please use a different slug' if message: return bad_request(message) permission = 0 for perm in json_data.get('permission', 0): permission += perm role.from_dict(json_data) db.session.commit() return jsonify(role.to_dict())
def create_post(): """创建一篇文章""" json_data = request.json if not json_data: return bad_request('You must post Json data') message = {} if 'title' not in json_data and not json_data.get('title'): message['title'] = 'Title is required.' elif len(json_data.get('title')) > 255: message['title'] = 'Title must less than 255 characters.' if 'body' not in json_data and not json_data.get('body'): message['body'] = 'Body is required' if message: return bad_request(message) # 构建post对象 post = Post() post.from_dict(json_data) post.author = g.current_user # 通过 auth.py 中 verify_token() 传递过来的(同一个request中,需要先进行 Token 认证) db.session.add(post) db.session.commit() response = jsonify(post.to_dict()) response.status_code = 201 # HTTP协议要求201响应包含一个值为新资源URL的Location头部 response.headers['Location'] = url_for('api.get_post', id=post.id) return response
def create_message(): """发送一条私信""" json_data = request.json if not json_data: return bad_request('You must post JSON data') if 'body' not in json_data and not json_data.get('body'): return bad_request('body is required') if 'recipient_id' not in json_data and not json_data.get('recipient_id'): return bad_request('recipient_id is required') user = User.query.get_or_404(json_data['recipient_id']) if g.current_user == user: return bad_request('You cannot send private message to yourself.') if user.is_blocking(g.current_user): return bad_request('You are in the blacklist of {}'.format(user.name if user.name else user.username)) message = Message() message.from_dict(json_data) message.sender = g.current_user message.recipient = user db.session.add(message) db.session.commit() user.add_notification('unread_messages_count',user.new_recived_messages()) response = jsonify(message.to_dict()) response.status_code = 201 response.headers['Location'] = url_for('api.get_message', id=message.id) return response
def update_user(id): user = User.query.get_or_404(id) data = request.get_json() if not data: return bad_request("you must post JSON data.") message = {} if 'username' in data and not data.get('username', None): message['username'] = '******' pattern = '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' if 'email' in data and not re.match(pattern, data.get('email', None)): message['email'] = 'Please provide a valid email address.' if 'username' in data and data['username'] != user.username and \ User.query.filter_by(username=data['username']).first(): message['username'] = '******' if 'email' in data and data['email'] != user.email and \ User.query.filter_by(email=data['email']).first(): message['email'] = 'Please use a different email address.' if message: return bad_request(message) user.from_dict(data, new_user=False) db.session.commit() return jsonify(user.to_dict())
def login(): data = request.get_json() or {} if 'username' not in data or 'password' not in data: return bad_request('参数错误') user = User.query.filter_by(username=data['username']).first() if user is None or not user.check_password(data['password']): return bad_request('密码或用户名错误') return jsonify({"userinfo": user.to_dict(), "token": user.encoded_token()})
def reset_password_request(): """请求重置密码,需要填写时的邮箱""" json_data = request.json if not json_data: return bad_request("You must post Json data") message = {} if 'confirm_email_base_url' not in json_data.get( 'confirm_email_base_url').strip(): message[ 'confirm_email_base_url'] = "Plase provide a valid confirm email base url" pattern = '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' if 'email' not in json_data and re.match(pattern, json_data.get('email')): message['email'] = "Please provide a valid email address." if message: return bad_request(message) user = User.query.filter_by(email=json_data.get('email')).first() if g.current_user != user: return bad_request("Please provide a valid email address") if user: token = user.generate_reset_password_jwt() text_body = ''' Dear {0}, To reset your password click on the following link: {1} If you have not requested a password reset simply ignore this message. Sincerely, The Madblog Team Note: replies to this email address are not monitored. '''.format(user.username, json_data.get('confirm_email_base_url') + token) html_body = ''' <p>Dear {0},</p> <p>To reset your password <a href="{1}">click here</a>.</p> <p>Alternatively, you can paste the following link in your browser's address bar:</p> <p><b>{1}</b></p> <p>If you have not requested a password reset simply ignore this message.</p> <p>Sincerely,</p> <p>The Madblog Team</p> <p><small>Note: replies to this email address are not monitored.</small></p> '''.format(user.username, json_data.get('confirm_email_base_url') + token) send_email('[Madblog] Reset Your Password', sender=current_app.config['MAIL_SENDER'], recipients=[user.username], text_body=text_body, html_body=html_body) return jsonify({ 'status': 'success', 'message': 'An email with instructions to reset your password has been sent to you.' })
def follow(id): """关注用户一个用户""" user = User.query.get_or_404(id) if g.current_user == user: return bad_request("You cannot follow youself") if g.current_user.is_following(user): return bad_request("You have already followed that user") g.current_user.follow(user) db.session.commit() return jsonify({ 'status': 'success', 'message': 'you are now following {}'.format(id) })
def unfollow(id): """取消关注一个用户""" user = User.query.get_or_404(id) if g.current_user == user: return bad_request('You cannot follow yourself.') if not g.current_user.is_following(user): return bad_request('You are not following this user.') g.current_user.unfollow(user) db.session.commit() return jsonify({ 'status': 'success', 'message': 'You are not following {} anymore.'.format(id) })
def create_user(): data = request.get_json() or {} if 'username' not in data or 'email' not in data or 'password' not in data: return bad_request('参数错误') if User.query.filter_by(username=data['username']).first(): return bad_request('该用户名已被注册') if User.query.filter_by(username=data['email']).first(): return bad_request('邮箱已被注册') user = User(username=data['username'], email=data['email']) user.set_password(data['password']) db.session.add(user) db.session.commit() return jsonify(user.to_dict())
def add_slot_i(iid): t_from = request.args.get('t_from', -1) t_to = request.args.get('t_to', -1) if Interviewer.check_existence_by_id(iid): if is_slot_legal(t_from, t_to): t_from = int(t_from) t_to = int(t_to) Interviewer.add_slot_by_id(iid, t_from, t_to) slots = Interviewer.get_slots_by_id(iid) return api_encoder(slots) else: return bad_request('Slot is illegal') else: return bad_request('Interviewer not exists')
def add_slot_c(cid): t_from = request.args.get('t_from', -1) t_to = request.args.get('t_to', -1) if Candidate.check_existence_by_id(cid): if is_slot_legal(t_from, t_to): t_from = int(t_from) t_to = int(t_to) Candidate.add_slot_by_id(cid, t_from, t_to) slots = Candidate.get_slots_by_id(cid) return api_encoder(slots) else: return bad_request('Slot is illegal') else: return bad_request('Candidate not exists')
def get_matching_for_candidate(cid): iids_raw = request.args.get('iids', []) iids = api_decoder(iids_raw) if Candidate.check_existence_by_id(cid): if type(iids) is list and len(iids) > 0: if Interviewer.check_all_existence_by_id(iids): print(cid, iids) ms = Candidate.get_matching_by_id(cid, iids) print(ms) return api_encoder(ms) else: return bad_request('Candidate not exists') return bad_request('Iids is illegal')
def confirm(token): """确认邮箱是有效的""" if g.current_user.confirmed: return bad_request('You have already confirmed your account.') if g.current_user.verify_confirm_jwt(token): g.current_user.ping() db.session.commit() token = g.current_user.get_jwt() return jsonify({ 'status': 'success', 'message': 'You have confirmed your account. Thanks!', 'token': token }) else: return bad_request('The confirmation link is invalid or has expired.')
def update_message(id): """修改一条私信""" message = Message.query.get_or_404(id) if g.current_user != message.sender: return error_response(403) json_data = request.json if not json_data: return bad_request('You must post JSON data.') if 'body' not in json_data or not json_data.get('body'): return bad_request('Body is required.') message.from_dict(json_data) db.session.commit() return jsonify(message.to_dict())
def unblock(id): """解除拉黑一个用户""" user = User.query.get_or_404(id) if g.current_user == user: return bad_request('You cannot unblock yourself.') if not g.current_user.is_blocking(user): return bad_request('You are not blocking this user.') g.current_user.unblock(user) db.session.commit() return jsonify({ 'status': 'success', 'message': 'You are now unblocking {}'.format( user.name if user.name else user.username) })
def block(id): """拉黑一个用户""" user = User.query.get_or_404(id) if g.current_user == user: return bad_request('You cannot block yourself.') if g.current_user.is_blocking(user): return bad_request('You have already blocked that user') g.current_user.block(user) db.session.commit() return jsonify({ 'status': 'success', 'message': "You are now blocking {}".format( user.name if user.name else user.username) })
def send_messages(): """群发短信""" if g.current_user.get_task_in_process('send_messages'): return bad_request('上一个群发私信的后台任务尚未结束') else: json_data = request.json if not json_data: return bad_request('You must post Json data.') if 'body' not in json_data and not json_data.get('body'): return bad_request({'message': 'Body is required'}) g.current_user.lanuch_tasks('send_messages', '....正在群发短信', kwrags={ 'user_id': g.current_user.id, 'body': json_data.get('body') }) return jsonify(message='正在运行群发私信后台任务')
def create_user(): data = request.get_json() or { } # request.get_json() extract the JSON from the request and return it as python structure # ensure that I've got all the information if 'firstname' not in data or 'lastname ' not in data or 'email' not in data or 'password' not in data: return bad_request('must include firstname, lastname, email, password' ) # return error to client if User.query.filter_by(email=data['email']).first(): return bad_request('please use a different email ! ') user = User() user.form_dict(data, new_user=True) # new_user: to accepts the password filed db.session.add(user) db.seesion.commit() response = jsonify(user.to_dict()) response.status_code = 201 response.headers['Location'] = url_for('api.get_user', id=user.id) return response
def update_user(id): user = User.query.get_or_404(id) data = request.get_json() or {} if 'username' not in data or 'email' not in data: return bad_request('参数错误') setattr(user, 'email', data['email']) setattr(user, 'username', data['username']) db.session.commit() return jsonify(user.to_dict())
def update_user(id): user = User.query.get_or_404(id) data = request.get_json() or {} if 'email' in data and data['email'] != user.email and \ User.query.filter_by(email=data['email']).first(): return bad_request('please use a different email address') user.form_dict(data, new_user=False) db.session.commit() return jsonify(user.to_dict())
def reset_password(token): '''用户点击邮件中的链接,通过验证 JWT 来重置对应的账户的密码''' json_data = request.json if not json_data: return bad_request('You must post JSON data.') if 'password' not in json_data: return bad_request('Please provide a valid password') user = User.verify_reset_password_jwt(token) if not user: return bad_request( 'The reset password link is invalid or has expired.') user.password = json_data.get('password') db.session.commit() return jsonify({ 'status': 'success', 'message': 'You password has been reset.' })
def get_user_history_messages(id): """获取用户与某人的消息记录""" user = User.query.get_or_404(id) if g.current_user != user: return error_response(403) page = request.args.get('page', 1, type=int) per_page = min( request.args.get('per_page', current_app.config['MESSAGES_PER_PAGE'], type=int), 100) from_id = request.args.get('from', type=int) if not from_id: return bad_request("You must provide the user id of opposite site") # 对方发给我的message q1 = Message.query.filter(Message.sender_id == from_id, Message.recipient_id == user.id) # 我给对方发送的message q2 = Message.query.filter(Message.sender_id == user.id, Message.recipient_id == from_id) # 按时间正序排序 history_messages = q1.union(q2).order_by(Message.timestamp) data = Message.to_collection_dict(history_messages, page, per_page, 'api.get_user_history_messages', id=id) recived_message = [ item for item in data['items'] if item['sender']['id'] != id ] sent_message = [ item for item in data['items'] if item['sender']['id'] == id ] last_read_time = user.last_messages_read_time or datetime(1900, 0, 0) new_count = 0 for item in recived_message: if item['timestamp'] > last_read_time: item['is_new'] = True new_count += 1 # 未读的私信个数 if new_count > 0: user.last_messages_read_time = recived_message[-1]['timestamp'] db.session.commit() user.add_notification('unread_message_count', user.new_recived_messages()) db.session.commit() messages = recived_message + sent_message messages.sort(key=data['items'].index) data['items'] = messages return jsonify(data)
def update_comment(id): """修改单个评论""" comment = Comment.query.get_or_404(id) if g.current_user != comment.author and g.current_user != comment.post.author: return error_response(403) json_data = request.json if not json_data: return bad_request('You must post JSON data.') comment.from_dict(json_data) db.session.commit() return jsonify(comment.to_dict())
def create_comment(): """发布一条评论""" json_data = request.json if not json_data: return bad_request('You must post JSON data.') if 'body' not in json_data or not json_data.get('body').strip(): return bad_request('Body is required.') if 'post_id' not in json_data or not json_data.get('post_id'): return bad_request('Post id is required.') post = Post.query.get_or_404(int(json_data.get('post_id'))) comment = Comment() comment.from_dict(json_data) comment.author = g.current_user comment.post = post db.session.add(comment) db.session.commit() # 获取当前评论所有的祖先评论的作者 users = set() users.add(comment.post.author) if comment.parent: ancestors_authors = {c.author for c in comment.get_ancestors()} users = users | ancestors_authors # 给所有的祖先评论作者发送通知 for u in users: u.add_notification('unread_recived_comments_count', u.new_recived_comments()) db.session.commit() response = jsonify(comment.to_dict()) response.status_code = 201 # 201响应的请求头中要包含一个location response.headers['Location'] = url_for('api.get_comment', id=comment.id) # 给用户发送新评论的通知 post.author.add_notification('unread_recived_comments_count', post.author.new_recived_comments()) return response
def wrapper(*args, **kw): print('---', req.headers['Authorization']) if req.headers['Authorization']: token = req.headers['Authorization'].split(' ')[1] try: data = jwt.decode(bytes(token, encoding="utf8"), Config.SECRET_KEY, algorithms="HS256") g.state = data return func(*args, **kw) except Exception as e: print(e) return bad_request(str(e))
def update_post(id): """更新一篇文章""" post = Post.query.get_or_404(id) if g.current_user.id != post.author_id: return error_response(403) json_data = request.json if not json_data: return bad_request("you must post Json data") message = {} if 'title' not in json_data and not json_data.get("title"): message["title"] = "title is required" elif len(json_data["title"]) > 255: message["title"] = "title must less than 255" if "body" not in json_data and not json_data.get("body"): message["body"] = "body is required" if message: return bad_request(message) post.from_dict(json_data) db.session.add(post) db.session.commit() return jsonify(post.to_dict())
def update_user(id): """修改单个用户""" user = User.query.get_or_404(id) json_data = request.json if not json_data: return bad_request('you must Post a data') message = dict() if 'username' in json_data and not json_data.get('username', None): message['username'] = '******' pattern = re.compile( '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' ) if 'email' in json_data and not re.match(pattern, json_data.get('email', None)): message['email'] = 'Please provide a valid email address' if 'username' in json_data and json_data['username'] != user.username and \ User.query.filter_by(username=json_data.get('username', None)).first(): message['username'] = '******' if 'email' in json_data and json_data['email'] != user.email and \ User.query.filter_by(email=json_data.get('email', None)).first(): message['username'] = '******' if message: # 返回错误信息 return bad_request(message) # 修改模型属性并提交 user.from_dict(data=json_data) db.session.commit() return jsonify(user.to_dict())
def create_roles(): """创建角色""" json_data = request.json if json_data is None: return bad_request('You must Post JSON data') # 校验数据 message = {} if 'slug' not in json_data or not json_data.get('slug'): message['slug'] = 'Please provide a valid slug' if 'name' not in json_data or not json_data.get('name'): message['name'] = 'Please provide a valid name' if Role.query.filter_by(slug=json_data.get('slug', None)).first(): message['slug'] = 'Please use a different slug.' if message: return bad_request(message) permission = 0 for perm in json_data.get('permission', 0): permission += perm json_data['permission'] = permission role = Role() role.from_dict(json_data) db.session.add(role) db.session.commit() response = jsonify({role.to_dict()}) response.status_code = 201 response.headers['Location'] = url_for('api.get_roles', id=role.id) return response
def create_user(): """创建一个用户""" json_data = request.json # 接收请求数据 if not json_data: return bad_request('You must post Json data') message = {} # 设置错误消息 if 'username' not in json_data or not json_data.get('username', None): message['username'] = '******' # 邮箱正则匹配 pattern = '^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$' if 'email' not in json_data or not re.match(pattern, json_data.get('email', None)): message['email'] = 'please provide a email address' if 'password' not in json_data or not json_data.get('password', None): message['password'] = '******' if User.query.filter_by(username=json_data.get('username', None)).first(): message['username'] = '******' if User.query.filter_by(email=json_data.get('email', None)).first(): message['email'] = 'Please use a different email address.' # 返回错误消息 if message: return bad_request(message) user = User() user.from_dict(data=json_data, new_user=True) # 注册用户数据 db.session.add(user) db.session.commit() # 保存至数据库 token = user.generate_confirmed_jwt() if not json_data.get('confirm_email_base_url'): confirm_url = 'http://127.0.0.1:5000/api/confirm/' + token else: confirm_url = json_data.get('confirm_email_base_url') text_body = ''' Dear {}, Welcome to Madblog! To confirm your account please click on the following link: {} Sincerely, The Madblog Team Note: replies to this email address are not monitored. '''.format(user.username, confirm_url) html_body = ''' <p>Dear {0},</p> <p>Welcome to <b>Madblog</b>!</p> <p>To confirm your account please <a href="{1}">click here</a>.</p> <p>Alternatively, you can paste the following link in your browser's address bar:</p> <p><b>{1}</b></p> <p>Sincerely,</p> <p>The Madblog Team</p> <p><small>Note: replies to this email address are not monitored.</small></p> '''.format(user.username, confirm_url) send_email('[Madblog] Confirm Your Account', sender=current_app.config['MAIL_SENDER'], recipients=[user.email], text_body=text_body, html_body=html_body) response = jsonify(user.to_dict()) response.status_code = 201 # HTTP协议要求201响应包含一个值为新资源URL的Location头部 response.headers['Location'] = url_for('api.get_user', id=user.id) return response