def login():
userName = request.form['username']
pwd = request.form['passwd']
checkStr(userName, 25)
checkStr(pwd, 40)
#print(userName,pwd)
#生成hash并加盐
md = hashlib.md5()
md.update((userName + "leo" + pwd).encode('utf-8'))
hashPwd = md.hexdigest()
#查询是否已经注册
try:
db.session.commit()
detectFlag = User.query.filter_by(username=userName).first()
except Exception as e:
logger.info(e, exc_info=True)
return jsonify({'code': 500, 'msg': 'sqlserver error'})
if not detectFlag:
return jsonify({'code': 402, 'msg': 'account has not been registed'})
else:
realPwd = detectFlag.passwd
if hashPwd == realPwd:
session['username'] = userName
return jsonify({'code': 0, 'msg': 'successfully login'})
else:
return jsonify({'code': 404, 'msg': 'password wrong'})
def regist():
userName = request.form['username']
pwd = request.form['passwd']
checkStr(userName, 25)
checkStr(pwd, 40)
#生成hash并加盐
md = hashlib.md5()
md.update((userName + "leo" + pwd).encode('utf-8'))
hashPwd = md.hexdigest()
#检测是否注册
try:
db.session.commit()
detectFlag = User.query.filter_by(username=userName).first()
except Exception as e:
logger.info(e, exc_info=True)
return jsonify({'code': 500, 'msg': 'sqlserver error'})
if detectFlag == None:
try:
user = User(userName, hashPwd)
db.session.add(user)
db.session.commit()
session['username'] = userName
return jsonify({'code': 0, 'msg': 'success regist'})
except Exception as e:
logger.info(e, exc_info=True)
db.session.rollback()
return jsonify({'code': 500, 'msg': 'sqlserver error'})
else:
return jsonify({'code': 401, 'msg': 'account has been registed'})
def commentAdd():
if 'username' in session:
#csrf check
if request.headers.get('csrfToken') == session['csrf']:
pass
else:
abort(400)
userName = session['username']
bid = request.form['blogid']
content = request.form['content']
checkInt(bid)
checkStr(content, 65535)
db.session.commit()
ref_blog = db.session.query(Blog).filter(
Blog.blogid == bid).with_for_update().first()
print(ref_blog)
if not ref_blog == None:
try:
new_data = BlogComment(bid, userName, content)
ref_blog.comment_num = ref_blog.comment_num + 1
db.session.add(new_data)
db.session.commit()
return jsonify({'code': 0, 'msg': 'success add'})
except Exception as e:
logger.info(e, exc_info=True)
db.session.rollback()
return jsonify({'code': 500, 'msg': 'sqlserver error'})
else:
return jsonify({'code': 405, 'msg': "request blog not exist"})
else:
return jsonify({'code': 403, 'msg': 'please log in'})
def blogModify():
if 'username' in session:
#csrf check
if request.headers.get('csrfToken') == session['csrf']:
pass
else:
abort(400)
bid = request.form['blogid']
title = request.form['title']
content = request.form['content']
comment_num = request.form['comment_num']
checkInt(bid)
checkInt(comment_num)
checkStr(title, 40)
checkStr(content, 65535)
origin_data = Blog.query.filter_by(blogid=bid).first()
if not origin_data == None:
if origin_data.author == session['username']:
try:
origin_data.title = title
origin_data.content = content
origin_data.sub_date = datetime.datetime.now()
db.session.commit()
return jsonify({'code': 0, 'msg': 'success update'})
except Exception as e:
logger.info(e, exc_info=True)
db.session.rollback()
return jsonify({'code': 500, 'msg': 'sqlserver error'})
else:
return jsonify({
'code': 404,
'msg': "you don't have the power"
})
else:
return jsonify({'code': 405, 'msg': "request blog not exist"})
else:
return jsonify({'code': 403, 'msg': 'please log in'})
def blogAdd():
if 'username' in session:
#csrf check
if request.headers.get('csrfToken') == session['csrf']:
pass
else:
abort(400)
userName = session['username']
title = request.form['title']
content = request.form['content']
checkStr(title, 40)
checkStr(content, 65535)
try:
new_data = Blog(title, userName, content)
db.session.add(new_data)
db.session.commit()
return jsonify({'code': 0, 'msg': 'success add'})
except Exception as e:
logger.info(e, exc_info=True)
db.session.rollback()
return jsonify({'code': 500, 'msg': 'sqlserver error'})
else:
return jsonify({'code': 403, 'msg': 'please log in'})