def post(self): user = users.get_current_user() if not user: return self.write("Please login before you're allowed to post a topic.") title = self.request.get("title") text = self.request.get("text") new_topic = Topic(title=title, content=text, author_email=user.email()) new_topic.put() # put() saves the object in Datastore return self.write("Topic successfully created!")
def post(self): email = users.get_current_user().email() # cgi disables option to post html or javascript in form fields title = cgi.escape(self.request.get("title")) content = cgi.escape(self.request.get("content")) # user_id can't be retrived from google.appengine.api new_topic = Topic(user_id=email, title=title, content=content) # save topic to database new_topic.put() new_topic_id = new_topic.key.id() return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def post(self): user = users.get_current_user() if not user: return self.write( "Please login before you're allowed to post a topic.") title = self.request.get("title") text = self.request.get("text") new_topic = Topic(title=title, content=text, author_email=user.email()) new_topic.put() # put() saves the object in Datastore return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def post(self): user = users.get_current_user() csrf_token = self.request.get("csrf_token") mem_token = memcache.get(key=csrf_token) if not mem_token: return self.write("Hacker at the doors") title = self.request.get("title") text = self.request.get("text") new_topic = Topic(title=title, content=text, author_email=user.email()) new_topic.put() return self.redirect_to("topic-details", topic_id=new_topic.key.id())
def test_topic_add_handler(self): # GET get = self.testapp.get('/topic/add') self.assertEqual(get.status_int, 200) # POST csrf_token = str(uuid.uuid4()) # convert UUID to string memcache.add(key=csrf_token, value=True, time=600) title = "Some new topic" content = "This is a new topic. Just for testing purposes." params = {"title": title, "content": content, "csrf_token": csrf_token} post = self.testapp.post('/topic/add', params) # do a POST request self.assertEqual( post.status_int, 302 ) # 302 means "redirect" - this is what we do at the end of POST method in TopicAdd handler topic = Topic.query().get( ) # get the topic create by this text (it's the only one in this fake database) self.assertEqual( topic.title, title) # check if topic title is the same as we wrote above self.assertEqual(topic.content, content)
def test_comment_delete_handler(self): # POST test topic via '/topic/add' csrf_token = str(uuid.uuid4()) memcache.add(key=csrf_token, value=True, time=600) title = "Some new topic" content = "This is a new topic. Just for testing purposes." params = {"title": title, "content": content, "csrf_token": csrf_token} post = self.testapp.post('/topic/add', params) self.assertEqual(post.status_int, 302) # POST test comment via '/topic/details/<topic_id>' content = "This is a new comment. Just for testing purposes." params = {"content": content, "csrf_token": csrf_token} topic = Topic.query().get() # topic_id is extracted from request when creating comment via TopicDetails handler # Comment.save_comment(topic_id, content) post = self.testapp.post('/topic/details/' + str(topic.key.id()), params) self.assertEqual(post.status_int, 302) # Delete comment via '/comment/delete/<comment_id>' comment = Comment.query().get() params = {"csrf_token": csrf_token} post = self.testapp.post('/comment/delete/' + str(comment.key.id()), params, {'referer': '/user-comments'}) self.assertEqual(post.status_int, 302) # check if comment.deleted field was set to True self.assertEqual(comment.deleted, True) post = self.testapp.post('/comment/delete/' + str(comment.key.id()), params, {'referer': '/topic/details/' + str(topic.key.id())}) self.assertEqual(post.status_int, 302)
def get(self): time_limit = datetime.now() - timedelta(days=1) latest_topics = Topic.query( Topic.create_time > time_limit).fetch() latest_topics_text = "" for topic in latest_topics: latest_topics_text = ", </br>".join(topic.title) subscriptions = SubscriptionLatestTopics.query().fetch() subscribers_list = [] for subscription in subscriptions: subscribers_list.append(subscription.user_id) if subscribers_list: for subscriber in subscribers_list: taskqueue.add(url="/task/send-latest-topics-mail", params={ "latest_topics_text": latest_topics_text, "receiver": subscriber, })
def get(self): # fetch saves data to topics variable so the next database query # doesn't have to be performed if needed topics = Topic.query( Topic.deleted == False).order(-Topic.create_time).fetch() params = {"topics": topics} return self.render_template_with_csrf("home.html", params)
def get(self): time_delete = datetime.now() - timedelta(days=30) topics_to_delete = Topic.query( Topic.deleted == True, Topic.deleted_time != None, Topic.deleted_time < time_delete).fetch() for topic in topics_to_delete: topic.key.delete()
def test_topic_details_handler(self): # Create test topic title = "Some new topic" content = "This is a new topic. Just for testing purposes." topic = Topic(user_id=os.environ['USER_EMAIL'], title=title, content=content) topic.put() # GET topic = Topic.query().get() get = self.testapp.get('/topic/details/' + str(topic.key.id())) self.assertEqual(get.status_int, 200) self.assertEqual(topic.title, title) # POST # 1. POST test comment via '/topic/details/<topic_id>' csrf_token = str(uuid.uuid4()) memcache.add(key=csrf_token, value=True, time=600) content = "This is a new comment. Just for testing purposes." params = {"content": content, "csrf_token": csrf_token} # topic_id is extracted from request when creating comment via TopicDetails handler # Comment.save_comment(topic_id, content) post = self.testapp.post('/topic/details/' + str(topic.key.id()), params) self.assertEqual(post.status_int, 302) comment = Comment.query().get() self.assertEqual(comment.content, content) # 2. POST test subscription via '/topic/details/<topic_id>' params = {"csrf_token": csrf_token} # topic_id is extracted from request when creating comment via TopicDetails handler # Subscription.save_comment(topic_id, user_id) post = self.testapp.post('/topic/details/' + str(topic.key.id()), params) self.assertEqual(post.status_int, 302) subscription = Subscription.query().get() self.assertEqual(subscription.user_id, os.environ['USER_EMAIL'])
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() if topic.author_email == user.email() or users.is_current_user_admin(): topic.deleted = True topic.put() return self.redirect_to("main-page")
def get(self, topic_id): csrf_token = str(uuid.uuid4()) memcache.add(key=csrf_token, value=True, time=600) topic = Topic.get_by_id(int(topic_id)) comment = Comment.query(Comment.topic_id == topic.key.id()).order( Comment.created).fetch() params = {"topic": topic, "comment": comment, "csrf_token": csrf_token} return self.render_template("topic_details.html", params=params)
def post(self): user = users.get_current_user() if not user: return self.write( "Please login before you're allowed to post a topic.") csrf_token = self.request.get("csrf_token") mem_token = memchace.get(key=csrf_token) if not mem_token: return self.write("You are evil attacker...") title = self.request.get("title") text = self.request.get("text") new_topic = Topic(title=title, content=text, author_email=user.email()) new_topic.put() # put() saves the object in Datastore return self.redirect_to("topic_details", topic_id=new_topic.key.id())
def test_topic_delete_handler(self): # Create test topic title = "Some new topic" content = "This is a new topic. Just for testing purposes." topic = Topic(user_id=os.environ['USER_EMAIL'], title=title, content=content) topic.put() # Delete test topic via '/topic/delete/<topic_id>' csrf_token = str(uuid.uuid4()) memcache.add(key=csrf_token, value=True, time=600) topic = Topic.query().get() params = {"csrf_token": csrf_token} post = self.testapp.post('/topic/delete/' + str(topic.key.id()), params) self.assertEqual(post.status_int, 302) # check if topic.deleted field was set to True self.assertEqual(topic.deleted, True)
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) comments = comments = Comment.query(Comment.topic_id == topic.key.id(), Comment.deleted == False).order( Comment.created).fetch() csrf_token = str(uuid.uuid4()) # convert UUID to string memcache.add(key=csrf_token, value=True, time=600) params = { "topic": topic, "comments": comments, "csrf_token": csrf_token } return self.render_template("topic_details.html", params=params)
def post(self, topic_id): csrf_token = self.request.get("csrf_token") mem_token = memcache.get( key=csrf_token) # find if this CSRF exists in memcache if not mem_token: # if token does not exist in memcache, write the following message return self.write("Attack attempt detected...") user = users.get_current_user() if not user: return self.write( "Please login before you're allowed to post a topic.") topic = Topic.get_by_id(int(topic_id)) text = self.request.get("comment") Comment.create(content=text, user=user, topic=topic) return self.redirect_to("topic_details", topic_id=topic.key.id())
def post(self, topic_id): user = users.get_current_user() time = datetime.datetime.now() csrf_token = self.request.get("csrf_token") mem_token = memcache.get(key=csrf_token) if mem_token: return self.write("Hacker at the doors") comment = self.request.get("comment") topic = Topic.get_by_id(int(topic_id)) new_comment = Comment(content=comment, topic_id=topic.key.id(), author_email=user.email(), topic_title=topic.title, created=time) new_comment.put() return self.redirect_to("topic-details", topic_id=topic.key.id())
def create(self, db: Session, *, obj_in: dict) -> Optional[Topic]: """ 创建主贴信息 :params userid: 用户id :params ip: ip :params sectionid: 主贴id :params title: 标题 :params content: 主题内容 :params file_path: 文件路径(图片、视频、音频、文档) :return: 主贴信息 """ db_obj = Topic(userid=obj_in.get("userid"), ip=obj_in.get("ip"), sectionid=obj_in.get("sectionid"), title=obj_in.get("title"), content=obj_in.get("content"), file_path=obj_in.get("file_path")) db.add(db_obj) db.commit() db.refresh(db_obj) return db_obj
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) # get comments comments = (Comment.query( Comment.topic_id == topic_id, Comment.deleted == False).order(-Comment.create_time).fetch() ) params = { "topic": topic, "comments": comments } user = users.get_current_user() if user: subscribed = Subscription.query( Subscription.user_id == user.email(), Subscription.topic_id == topic_id).fetch() if subscribed: params["subscribed"] = True return self.render_template_with_csrf("topic_details.html", params)
def get(self, topic_id): topic = Topic.get_by_id(int(topic_id)) params = {"topic": topic} return self.render_template("topic_details.html", params=params)
def get(self): topic = Topic.query().fetch() params = {"topics": topic} return self.render_template("main.html", params=params)
def get(self, topic_id): detail = Topic.get_by_id(int(topic_id)) params = {"details": detail} return self.render_template("topic_podrobnosti.html", params=params)
def topic_add(): form = request.form topic = Topic(form) topic.save() red.set(topic.id, 1) return redirect(url_for('forum.topic_all', nid=topic.node_id))
def get(self): topic = Topic.query().fetch() user = users.get_current_user() params = {"topics": topic, "user": user} return self.render_template("main.html", params=params)
def post(self, topic_id): Topic.delete_topic(topic_id) return self.redirect_to("main-page")
def get(self): topics = Topic.query(Topic.deleted == False).fetch() params = {"topics": topics} return self.render_template("main.html", params=params)