def post(self, catalog, name, title, summary, tags, content):
"""
创建文章
$input:
catalog?str: 目录
title?str: 标题
name?str&optional: 名称
summary?str&optional: 摘要
tags:
- str
content?str: 内容
$output:
id?str: ID
"""
if not name:
name = title[:32]
if not summary:
summary = content[:160]
id = "/".join([g.user["id"], catalog, name])
resp = db.run(r.table("article").insert({
"id": id,
"author": g.user["id"],
"catalog": catalog,
"name": name,
"title": title,
"summary": summary,
"tags": tags,
"content": content,
"date_create": arrow.utcnow().datetime,
"date_modify": arrow.utcnow().datetime
}))
if resp["errors"]:
abort(400, "Conflict", "创建失败: %s" % resp["first_error"])
return {"id": id}
def patch(self, id, **kwargs):
"""
增量修改文章基本信息
$input:
id?str: ID
title?str&optional: 标题
summary?str&optional: 摘要
tags:
- &optional
- str
content?str&optional: 内容
$output: @message
$error:
400.ArticleNotFound: 文章不存在
403.PermissionDeny: 只能修改自己的文章
"""
kwargs = clear_empty(kwargs)
q = r.table("article").get(id)
art = db.run(q)
if not art:
abort(400, "ArticleNotFound", "文章不存在")
if art["author"] != g.user["id"]:
abort(403, "PermissionDeny", "只能修改自己的文章")
db.run(q.update({
**kwargs,
"date_modify": arrow.utcnow().datetime
}))
return {"message": "OK"}
def post_login(self, account, password):
"""
登录
$input:
account?str: 用户ID或邮箱
password?str: 密码
$output: @user
$error:
403.UserNotFound: 帐号不存在
403.WrongPassword: 密码错误
"""
user = db.run(r.table("user").get(account))
if not user:
user = db.first(r.table("user").get_all(account, index="email"))
if not user:
abort(403, "UserNotFound", "帐号不存在")
self.check_password(user, password)
db.run(
r.table("user")
.get(user["id"])
.update({
"lastlogin_date": arrow.utcnow().datetime,
"lastlogin_ip": request.remote_addr,
"lastlogin_ua": request.headers.get('User-Agent'),
"timestamp": arrow.utcnow().timestamp
})
)
g.token = {"type": "login", "id": user["id"]}
return user
def post_signup(self, id, email, password):
"""
注册
$input:
id?str: 用户ID
email?email&optional: 邮箱
password?str: 密码
$output: @message
$error:
400.IDConflict: 用户ID已存在
400.EmailConflict: 邮箱已存在
"""
if db.run(r.table("user").get(id)):
abort(400, "IDConflict", "%s already exists" % id)
if email and db.first(r.table("user").get_all(email, index="email")):
abort(400, "EmailConflict", "%s already exists" % email)
db.run(r.table("user").insert({
"id": id,
"email": email,
"pwdhash": gen_pwdhash(password),
"role": "normal",
"date_create": arrow.utcnow().datetime,
"date_modify": arrow.utcnow().datetime,
"timestamp": arrow.utcnow().timestamp
}))
return {"message": "OK"}
def post_reset(self, token, password):
"""
重置密码
$input:
token?str: 重置链接中的Token
password?str: 密码
$output: @message
$error:
403.InvalidToken: Token无效
"""
token = auth.decode_token(token)
if token is None or token.get("type") != "reset":
abort(403, "InvalidToken", "Token无效")
user = db.run(r.table("user").get(token["id"]))
if (
user is None
or "timestamp" not in token
or user["timestamp"] != token["timestamp"]
):
abort(403, "InvalidToken", "Token无效")
db.run(
r.table("user")
.get(token["id"])
.update({
"pwdhash": gen_pwdhash(password),
"timestamp": arrow.utcnow().timestamp
})
)
return {"message": "OK"}
def post_forgot(self, email):
"""
忘记密码,Token有效时间为2小时
$input:
email?email: 邮箱
$output: @message
$error:
400.UserNotFound: 用户不存在
"""
user = db.first(r.table("user").get_all(email, index="email"))
if not user:
abort(400, "UserNotFound", "用户不存在")
token = auth.encode_token({
"type": "reset",
"id": user["id"],
"exp": arrow.utcnow().replace(hours=2).timestamp,
"timestamp": user["timestamp"]
})
token = token.decode("ascii")
msg = Message("PurePage重置密码", recipients=[email])
msg.html = render_template(
"user-reset.html", token=token, userid=user["id"])
mail.send(msg)
return {"message": "重置链接已发送至邮箱,请查收"}
def get(self, id):
"""
查看用户信息
$input:
id?str: ID
$output: @user
"""
user = db.run(r.table("user").get(id))
if not user:
abort(404, "NotFound", "用户不存在")
return user
def delete(self, id):
"""
删除帐号
$input:
id?str: ID
$output: @message
"""
user = db.run(r.table("user").get(id))
if user and user["role"] == "root":
abort(403, "PermissionDeny", "root帐号无法删除")
db.run(r.table("user").get(id).delete())
return {"message": "OK"}
def get(self, account):
"""
查找帐号
$input:
account?str: 用户名或邮箱
$output: @user
$error:
404.NotFound: 用户不存在
"""
user = db.run(r.table("user").get(account))
if not user:
user = db.first(r.table("user").get_all(account, index="email"))
if not user:
abort(404, "NotFound", "用户不存在")
return user
def get(self, id):
"""
获取一篇文章
$input:
id?str: ID
$output:
$self@article: 文章信息
content?str: 内容
$error:
404.NotFound: 文章不存在
"""
article = db.run(r.table("article").get(id))
if not article:
abort(404, "NotFound", "文章不存在")
return article
def put(self, id, role, email):
"""
修改帐号信息
$input:
id?str: 用户ID
role?str: 角色
email?email: 邮箱
$output: @message
"""
if role == "root":
abort(403, "PermissionDeny", "不能设为root帐号")
db.run(
r.table("user").get(id).update({
"role": role,
"email": email,
"date_modify": arrow.utcnow().datetime,
"timestamp": arrow.utcnow().timestamp
})
)
return {"message": "OK"}
def check_password(self, user, password):
if not user:
abort(403, "UserNotFound", "帐号不存在")
if not check_password_hash(user["pwdhash"], password):
abort(403, "WrongPassword", "密码错误")
