def deploy(): """ 执行部署任务 :return: """ # 清空数据库 # TODO # 为MongoDB 添加专用自增序列尾值记录表 add_mongo_counters() # 默认角色添加 Role.insert_default_roles() # 权限数据库索引与默认数据添加 Permission.create_table_indexes() Permission.insert_defaults_permissions() # 权限角色关系数据库索引与默认数据添加 PermissionsRoles.create_table_indexes() PermissionsRoles.insert_defaults_permissions_roles() # 文章数据库索引 Post.create_table_indexes() # 用户数据库索引 User.create_table_indexes() # 设置数据库索引与默认数据添加 Setting.insert_default_settings() # 标签数据库索引 Tag.create_table_indexes() # 评论数据库索引 Comment.create_table_indexes()
def user_homepage_paged(user_id, page): author = User.get_user_by_id(user_id) if not author: abort(404) pagenation = User.get_user_posts_pagenation(user_id, page=page) posts = pagenation.items if pagenation else [] return render_template("author.html", author=author, posts=posts, pagenation=pagenation)
def login(): """ 登录 api 接口 :return: 结果 json """ # POST username/password username = request.form.get('username') # TODO 可采用邮箱登录 password = request.form.get('password') # print(request.form) if not username or not password: # parameters are invalid return value_error(u"无效的用户名或密码") try: user = User(name=username) if user and user.verify_password(password): # login_manager 保存登录状态 login_user(user, remember=True) # TODO 可让用户选择是否保存登录状态 # ajax response # 生成 token tokens = user.generate_access_token() tokens.update(success=1, message=u'登录成功') response = jsonify(tokens) response.status_code = 200 return response else: return value_error(u"用户名或密码错误") except: return action_failed(u'查找用户失败')
def user_homepage(user_id): author = User.get_user_by_id(user_id) if not author: abort(404) pagenation = User.get_user_posts_pagenation(user_id) posts = pagenation.items if pagenation else [] return render_template( 'author.html', author=author, posts=posts, pagenation=pagenation) # TODO /考虑使用用户名或昵称替代用户 id 作为链接标识
def user_homepage(user_id): author = User.get_user_by_id(user_id) if not author: abort(404) pagenation = User.get_user_posts_pagenation(user_id) posts = pagenation.items if pagenation else [] return render_template( "author.html", author=author, posts=posts, pagenation=pagenation ) # TODO /考虑使用用户名或昵称替代用户 id 作为链接标识
def user_homepage_paged(user_id, page): author = User.get_user_by_id(user_id) if not author: abort(404) pagenation = User.get_user_posts_pagenation(user_id, page=page) posts = pagenation.items if pagenation else [] return render_template('author.html', author=author, posts=posts, pagenation=pagenation)
def register(): """ 注册 api 接口 :return: 结果 json """ # POST username/email/password username = request.form.get('username') email = request.form.get('email') password = request.form.get('password') if not username or not email or not password: # parameters are invalid return value_error(u"无效的用户名,邮箱或密码") try: user = User.add_user(name=username, email=email, password=password) if user: # 异步发送邮件 send_mail(email, Setting.get_setting('blog_name', 'Plog')+u'注册确认邮件', 'auth/emails/register_confirm', username=username, blogname=Setting.get_setting('blog_name', 'Plog'), token=user.generate_confirmation_token()) # ajax response response = jsonify({'success': 1, 'message': u'注册成功'}) response.status_code = 200 return response else: return value_error(u'用户名或邮箱已存在') except Exception, e: print(e) return action_failed(u'添加用户失败')
def register(): """ 注册 api 接口 :return: 结果 json """ # POST username/email/password username = request.form.get('username') email = request.form.get('email') password = request.form.get('password') if not username or not email or not password: # parameters are invalid return value_error(u"无效的用户名,邮箱或密码") try: user = User.add_user(name=username, email=email, password=password) if user: # 异步发送邮件 send_mail(email, Setting.get_setting('blog_name', 'Plog') + u'注册确认邮件', 'auth/emails/register_confirm', username=username, blogname=Setting.get_setting('blog_name', 'Plog'), token=user.generate_confirmation_token()) # ajax response response = jsonify({'success': 1, 'message': u'注册成功'}) response.status_code = 200 return response else: return value_error(u'用户名或邮箱已存在') except Exception, e: print(e) return action_failed(u'添加用户失败')
def verify_password(username, password): authorization = request.headers.get('Authorization', '').split(' ') bearer = authorization[1] if len(authorization) > 1 else '' if bearer: g.current_user = User.verify_access_token(bearer) g.token_used = True return g.current_user is not None if username == '': g.current_user = AnonymousUser() return True user = User(username=username) if not user or not user.user_id: return False g.current_user = user g.token_used = False return user.verify_password(password)
def confirm_email(): """ 确认邮箱页面 """ token = request.args.get('token', '') if token and User.confirm(token): message = u"邮箱验证成功, 您的账户现在已激活" else: message = u"验证失败,您的链接有误或者已过期, 请重新申请验证邮箱" return render_template('utils/pure.html', message=message, title=u"确认邮箱")
def find_pass(): """ 找回密码页面 """ form = FindPassForm() email = None if form.validate_on_submit(): email = form.email.data form.email.data = '' user = User(email=email) if user and user.user_id: token = user.generate_reset_token(expiration=600) send_mail(email, Setting.get_setting('blog_name', 'Plog')+u'找回您的密码', 'auth/emails/find_pass', username=user.nickname or user.name, blogname=Setting.get_setting('blog_name', 'Plog'), token=token) message = u"我们已经发送一封密码重置邮件至您提供的邮箱, 请登录你的邮箱点击密码重置链接设置你的账户新密码" else: message = u"您提供的邮箱不存在, 请重新提交" return render_template('utils/pure.html', message=message, title=u"找回密码") # TODO post redirect return render_template('auth/find_pass.html', form=form)
def article_detail(post_id): post = Post.get_post(post_id) if not post or not post.post_id or post.status != 'published': abort(404) author = User(user_id=post.author_id) comment_form = CommentForm() return render_template('article.html', post=post, author=author, comment_form=comment_form)
def grant_token(): username = request.form.get('username') or request.args.get('username') password = request.form.get('password') or request.args.get('password') if not username or not password: # parameters are invalid return value_error(u"无效的用户名或密码") try: user = User(name=username) if user and user.verify_password(password): # ajax response # 生成 token tokens = user.generate_access_token() tokens.update(success=1, message=u'登录成功') response = jsonify(tokens) response.status_code = 200 return response else: return value_error(u"用户名或密码错误") except: return action_failed(u'查找用户失败')
def find_pass(): """ 找回密码页面 """ form = FindPassForm() email = None if form.validate_on_submit(): email = form.email.data form.email.data = '' user = User(email=email) if user and user.user_id: token = user.generate_reset_token(expiration=600) send_mail(email, Setting.get_setting('blog_name', 'Plog') + u'找回您的密码', 'auth/emails/find_pass', username=user.nickname or user.name, blogname=Setting.get_setting('blog_name', 'Plog'), token=token) message = u"我们已经发送一封密码重置邮件至您提供的邮箱, 请登录你的邮箱点击密码重置链接设置你的账户新密码" else: message = u"您提供的邮箱不存在, 请重新提交" return render_template('utils/pure.html', message=message, title=u"找回密码") # TODO post redirect return render_template('auth/find_pass.html', form=form)
def reset_pass(): """ 重设密码页面 """ form = ResetPassForm() if form.validate_on_submit(): password = form.password.data form.password.data = '' form.password2.data = '' token = request.args.get('token', '') if User.reset_user_password(token, password): # TODO flask message flash(u'您的密码已经重设, 请使用新密码登录') return redirect('auth.login') else: message = u"重设密码失败, 您的链接有误或者已过期, 请重新申请" return render_template('utils/pure.html', message=message, title=u"重设密码") # TODO post redirect return render_template('auth/reset_pass.html', form=form)
def refresh_token(): refresh = request.form.get('refresh_token') or request.args.get('refresh_token') new_token = User.refresh_access_token(refresh) if new_token and isinstance(new_token, dict): return jsonify(new_token) return jsonify({'grant_token': url_for('api.grant_token', _external=True)})