def delete_url(url_id):
#check_admin()
url = Url.get(url_id)
if url is None:
raise APIResourceNotFoundError('url')
close_url(url)
raise seeother('/index')
def callback():
i = ctx.request.input(code="")
code = i.code
client = _create_client()
r = client.request_access_token(code)
logging.info("access token: %s" % json.dumps(r))
access_token, expires_in, uid = r.access_token, r.expires_in, r.uid
client.set_access_token(access_token, expires_in)
u = client.users.show.get(uid=uid)
logging.info("got user: %s" % uid)
users = db.select("select * from users where id=?", uid)
user = dict(
name=u.screen_name,
image_url=u.avatar_large or u.profile_image_url,
statuses_count=u.statuses_count,
friends_count=u.friends_count,
followers_count=u.followers_count,
verified=u.verified,
verified_type=u.verified_type,
auth_token=access_token,
expired_time=expires_in,
)
if users:
db.update_kw("users", "id=?", uid, **user)
else:
user["id"] = uid
db.insert("users", **user)
_make_cookie(uid, access_token, expires_in)
raise seeother("/")
def callback():
i = ctx.request.input(code='')
code = i.code
client = _create_client()
r = client.request_access_token(code)
logging.info('access token: %s' % json.dumps(r))
access_token, expires_in, uid = r.access_token, r.expires_in, r.uid
client.set_access_token(access_token, expires_in)
u = client.users.show.get(uid=uid)
logging.info('got user: %s' % uid)
users = db.select('select * from users where id=?', uid)
user = dict(name=u.screen_name, \
image_url=u.avatar_large or u.profile_image_url, \
statuses_count=u.statuses_count, \
friends_count=u.friends_count, \
followers_count=u.followers_count, \
verified=u.verified, \
verified_type=u.verified_type, \
auth_token=access_token, \
expired_time=expires_in)
if users:
db.update_kw('users', 'id=?', uid, **user)
else:
user['id'] = uid
db.insert('users', **user)
_make_cookie(uid, access_token, expires_in)
raise seeother('/')
def auth_signin():
'''
Redirect to sina sign in page.
'''
ctx.response.set_cookie(COOKIE_REDIRECT, _get_referer())
client = APIClient(app_key=APP_KEY, app_secret=APP_SECRET, redirect_uri=CALLBACK)
raise seeother(client.get_authorize_url())
def attachments():
i = ctx.request.input(action='', page='1', size='20')
if i.action == 'delete':
delete_attachment(i.id)
raise seeother('attachments')
page = int(i.page)
size = int(i.size)
num = db.select_int('select count(id) from attachments where website_id=?',
ctx.website.id)
if page < 1:
raise APIValueError('page', 'page invalid.')
if size < 1 or size > 100:
raise APIValueError('size', 'size invalid.')
offset = (page - 1) * size
atts = db.select(
'select * from attachments where website_id=? order by id desc limit ?,?',
ctx.website.id, offset, size + 1)
next = False
if len(atts) > size:
atts = atts[:-1]
next = True
return Template('templates/attachments.html',
attachments=atts,
page=page,
previous=page > 2,
next=next)
def callback():
i = ctx.request.input(code='')
code = i.code
client = _create_client()
r = client.request_access_token(code)
logging.info('access token: %s' % json.dumps(r))
access_token, expires_in, uid = r.access_token, r.expires_in, r.uid
client.set_access_token(access_token, expires_in)
u = client.users.show.get(uid=uid)
logging.info('got user: %s' % uid)
users = db.select('select * from users where id=?', uid)
user = dict(name=u.screen_name, \
image_url=u.avatar_large or u.profile_image_url, \
statuses_count=u.statuses_count, \
friends_count=u.friends_count, \
followers_count=u.followers_count, \
verified=u.verified, \
verified_type=u.verified_type, \
auth_token=access_token, \
expired_time=expires_in)
if users:
db.update_kw('users', 'id=?', uid, **user)
else:
user['id'] = uid
db.insert('users', **user)
_make_cookie(uid, access_token, expires_in)
raise seeother('/')
def articles():
i = ctx.request.input(action='', page='1')
if i.action == 'edit':
article = _get_article(i.id)
return Template('templates/articleform.html',
form_title=_('Edit Article'),
form_action='/api/articles/update',
categories=_get_categories(),
static=False,
**article)
if i.action == 'delete':
api_delete_article()
raise seeother('articles')
page = int(i.page)
previous = page > 1
next = False
articles = _get_articles(page, 51, published_only=False)
if len(articles) == 51:
articles = articles[:-1]
next = True
return Template('templates/articles.html',
page=page,
previous=previous,
next=next,
categories=_get_categories(),
articles=articles)
def index_interceptor(next):
logging.info('try to check user from session cookie...')
user = ctx.request.user
if user is not None:
logging.info('user is not None...')
return next()
raise seeother('/signin')
def pages():
i = ctx.request.input(action='')
if i.action=='edit':
page = _get_page(i.id)
return Template('/templates/articleform.html', form_title=_('Edit Page'), form_action='/api/pages/update', static=True, **page)
if i.action=='delete':
api_delete_page()
raise seeother('pages')
return Template('templates/pages.html', pages=_get_pages())
def signout():
delete_session_cookie()
redirect = ctx.request.get('redirect', '')
if not redirect:
redirect = ctx.request.header('REFERER', '')
if not redirect or redirect.find('/admin/')!=(-1) or redirect.find('/signin')!=(-1):
redirect = '/'
logging.debug('signed out and redirect to: %s' % redirect)
raise seeother(redirect)
def auth_signin():
'''
Redirect to sina sign in page.
'''
ctx.response.set_cookie(COOKIE_REDIRECT, _get_referer())
client = APIClient(app_key=APP_KEY,
app_secret=APP_SECRET,
redirect_uri=CALLBACK)
raise seeother(client.get_authorize_url())
def signout():
delete_session_cookie()
redirect = ctx.request.get('redirect', '')
if not redirect:
redirect = ctx.request.header('REFERER', '')
if not redirect or redirect.find('/admin/')!=(-1) or redirect.find('/signin')!=(-1):
redirect = '/'
logging.debug('signed out and redirect to: %s' % redirect)
raise seeother(redirect)
def auth_callback():
'''
Callback from sina, then redirect to previous url.
'''
code = ctx.request.input(code='').code
if not code:
raise seeother('/s/auth_failed')
client = APIClient(app_key=APP_KEY,
app_secret=APP_SECRET,
redirect_uri=CALLBACK)
r = client.request_access_token(code)
access_token = r.access_token
expires = r.expires_in
uid = r.uid
# get user info:
client.set_access_token(access_token, expires)
account = client.users.show.get(uid=uid)
image = account.get(u'profile_image_url', u'about:blank')
logging.info('got account: %s' % str(account))
name = account.get('screen_name', u'') or account.get('name', u'')
id = u'weibo_%s' % uid
user = auth.fn_load_user(id)
if user:
# update user if necessary:
db.update('update user set name=?, oauth_image=?, oauth_access_token=?, oauth_expires=? where id=?', \
name, image, access_token, expires, id)
else:
db.insert('user', \
id = id, \
name = name, \
oauth_access_token = access_token, \
oauth_expires = expires, \
oauth_url = u'http://weibo.com/u/%s' % uid, \
oauth_image = image, \
admin = False)
# make a signin cookie:
cookie_str = auth.make_session_cookie(id, access_token, expires)
logging.info('will set cookie: %s' % cookie_str)
redirect = ctx.request.cookie(COOKIE_REDIRECT, '/')
ctx.response.set_cookie(auth.COOKIE_AUTH, cookie_str, expires=expires)
ctx.response.delete_cookie(COOKIE_REDIRECT)
raise seeother(redirect)
def auth_from_weibo():
provider = 'SinaWeibo'
p = sns.create_client(provider)
redirect = _get_redirect(excludes='/auth/')
callback = 'http://%s/auth/callback/weibo?redirect=%s' % (
ctx.request.host, urllib.quote(redirect))
jscallback = ctx.request.get('jscallback', '')
if jscallback:
callback = '%s&jscallback=%s' % (callback, jscallback)
raise seeother(p.get_authorize_url(callback))
def categories():
i = ctx.request.input(action='')
if i.action=='add':
return Template('templates/categoryform.html', form_title=_('Add Category'), form_action='/api/categories/create')
if i.action=='edit':
cat = _get_category(i.id)
return Template('templates/categoryform.html', form_title=_('Edit Category'), form_action='/api/categories/update', **cat)
if i.action=='delete':
api_delete_category()
raise seeother('categories')
return Template('templates/categories.html', categories=_get_categories())
def open_url(url_id):
#check_admin()
url = Url.get(url_id)
if url is None:
raise APIResourceNotFoundError('url')
##之前不是关闭状态
if url.status != 0:
raise APIResourceNotFoundError('url')
url.status = 1
url.update()
raise seeother('/index')
def auth_callback():
'''
Callback from sina, then redirect to previous url.
'''
code = ctx.request.input(code='').code
if not code:
raise seeother('/s/auth_failed')
client = APIClient(app_key=APP_KEY, app_secret=APP_SECRET, redirect_uri=CALLBACK)
r = client.request_access_token(code)
access_token = r.access_token
expires = r.expires_in
uid = r.uid
# get user info:
client.set_access_token(access_token, expires)
account = client.users.show.get(uid=uid)
image = account.get(u'profile_image_url', u'about:blank')
logging.info('got account: %s' % str(account))
name = account.get('screen_name', u'') or account.get('name', u'')
id = u'weibo_%s' % uid
user = auth.fn_load_user(id)
if user:
# update user if necessary:
db.update('update user set name=?, oauth_image=?, oauth_access_token=?, oauth_expires=? where id=?', \
name, image, access_token, expires, id)
else:
db.insert('user', \
id = id, \
name = name, \
oauth_access_token = access_token, \
oauth_expires = expires, \
oauth_url = u'http://weibo.com/u/%s' % uid, \
oauth_image = image, \
admin = False)
# make a signin cookie:
cookie_str = auth.make_session_cookie(id, access_token, expires)
logging.info('will set cookie: %s' % cookie_str)
redirect = ctx.request.cookie(COOKIE_REDIRECT, '/')
ctx.response.set_cookie(auth.COOKIE_AUTH, cookie_str, expires=expires)
ctx.response.delete_cookie(COOKIE_REDIRECT)
raise seeother(redirect)
def manage_interceptor(next):
"""
:param next:
:return: :raise seeother:
"""
user = ctx.request.user
if user:
localauth = LocalAuth.find_first('where user_id=?', user.user_id)
if localauth.user_admin:
return next()
raise seeother('/signin')
def pages():
i = ctx.request.input(action='')
if i.action == 'edit':
page = _get_page(i.id)
return Template('/templates/articleform.html',
form_title=_('Edit Page'),
form_action='/api/pages/update',
static=True,
**page)
if i.action == 'delete':
api_delete_page()
raise seeother('pages')
return Template('templates/pages.html', pages=_get_pages())
def close_url(url_id):
#check_admin()
url = Url.get(url_id)
if url is None:
raise APIResourceNotFoundError('url')
##之前不是关闭状态
if url.status != 1:
raise APIResourceNotFoundError('url')
url.status = 0
##todo:这里还有很多事情要做,比如关闭监听,需要删除之前抓的网页
url.update()
raise seeother('/index')
def _manage(app, func):
if ctx.user is None:
raise seeother('/auth/signin')
mod = _apps.get(app, None)
if mod is None:
raise notfound()
fn = getattr(mod, func, None)
if fn is None:
raise notfound()
r = fn()
if isinstance(r, Template):
r.model['__user__'] = ctx.user
r.model['__apps__'] = _apps_list
return r
def _manage(app, func):
if ctx.user is None:
raise seeother('/auth/signin')
mod = _apps.get(app, None)
if mod is None:
raise notfound()
fn = getattr(mod, func, None)
if fn is None:
raise notfound()
r = fn()
if isinstance(r, Template):
r.model['__user__'] = ctx.user
r.model['__apps__'] = _apps_list
return r
def articles():
i = ctx.request.input(action='', page='1')
if i.action=='edit':
article = _get_article(i.id)
return Template('templates/articleform.html', form_title=_('Edit Article'), form_action='/api/articles/update', categories=_get_categories(), static=False, **article)
if i.action=='delete':
api_delete_article()
raise seeother('articles')
page = int(i.page)
previous = page > 1
next = False
articles = _get_articles(page, 51, published_only=False)
if len(articles)==51:
articles = articles[:-1]
next = True
return Template('templates/articles.html', page=page, previous=previous, next=next, categories=_get_categories(), articles=articles)
def categories():
i = ctx.request.input(action='')
if i.action == 'add':
return Template('templates/categoryform.html',
form_title=_('Add Category'),
form_action='/api/categories/create')
if i.action == 'edit':
cat = _get_category(i.id)
return Template('templates/categoryform.html',
form_title=_('Edit Category'),
form_action='/api/categories/update',
**cat)
if i.action == 'delete':
api_delete_category()
raise seeother('categories')
return Template('templates/categories.html', categories=_get_categories())
def do_signin():
i = ctx.request.input(remember='')
email = i.email.strip().lower()
passwd = i.passwd
remember = i.remember
if not email or not passwd:
return dict(email=email, remember=remember, error=_('Bad email or password'))
us = db.select('select id, passwd from users where email=?', email)
if not us:
return dict(email=email, remember=remember, error=_('Bad email or password'))
u = us[0]
if passwd != u.passwd:
logging.debug('expected passwd: %s' % u.passwd)
return dict(email=email, remember=remember, error=_('Bad email or password'))
expires = time.time() + _SESSION_COOKIE_EXPIRES if remember else None
make_session_cookie(u.id, passwd, expires)
ctx.response.delete_cookie(_COOKIE_SIGNIN_REDIRECT)
raise seeother(ctx.request.cookie(_COOKIE_SIGNIN_REDIRECT, '/'))
def attachments():
i = ctx.request.input(action='', page='1', size='20')
if i.action=='delete':
delete_attachment(i.id)
raise seeother('attachments')
page = int(i.page)
size = int(i.size)
num = db.select_int('select count(id) from attachments where website_id=?', ctx.website.id)
if page < 1:
raise APIValueError('page', 'page invalid.')
if size < 1 or size > 100:
raise APIValueError('size', 'size invalid.')
offset = (page - 1) * size
atts = db.select('select * from attachments where website_id=? order by id desc limit ?,?', ctx.website.id, offset, size+1)
next = False
if len(atts)>size:
atts = atts[:-1]
next = True
return Template('templates/attachments.html', attachments=atts, page=page, previous=page>2, next=next)
def auth_callback_weibo():
provider = 'SinaWeibo'
p = sns.create_client(provider)
callback = 'http://%s/manage/setting/auth_callback_weibo' % ctx.request.host
i = ctx.request.input(code='', state='')
code = i.code
if not code:
raise IOError('missing code')
state = i.state
r = p.request_access_token(code, callback)
thirdpart_id = r['uid']
info = p.users.show.get(uid=thirdpart_id)
name = info['screen_name']
auth_id = '%s-%s' % (provider, thirdpart_id)
auth_token = r['access_token']
expires_time = r['expires']
db.update('delete from snstokens where auth_provider=?', provider)
SNSTokens(auth_id=auth_id, auth_provider=provider, auth_name=name, auth_token=auth_token, expires_time=expires_time).insert()
raise seeother('/manage/setting/snstokens')
def do_signin():
i = ctx.request.input(remember='')
email = i.email.strip().lower()
passwd = i.passwd
remember = i.remember
if not email or not passwd:
return dict(email=email,
remember=remember,
error=_('Bad email or password'))
us = db.select('select id, passwd from users where email=?', email)
if not us:
return dict(email=email,
remember=remember,
error=_('Bad email or password'))
u = us[0]
if passwd != u.passwd:
logging.debug('expected passwd: %s' % u.passwd)
return dict(email=email,
remember=remember,
error=_('Bad email or password'))
expires = time.time() + _SESSION_COOKIE_EXPIRES if remember else None
make_session_cookie(u.id, passwd, expires)
ctx.response.delete_cookie(_COOKIE_SIGNIN_REDIRECT)
raise seeother(ctx.request.cookie(_COOKIE_SIGNIN_REDIRECT, '/'))
def auth_callback_weibo():
provider = 'SinaWeibo'
p = sns.create_client(provider)
callback = 'http://%s/manage/setting/auth_callback_weibo' % ctx.request.host
i = ctx.request.input(code='', state='')
code = i.code
if not code:
raise IOError('missing code')
state = i.state
r = p.request_access_token(code, callback)
thirdpart_id = r['uid']
info = p.users.show.get(uid=thirdpart_id)
name = info['screen_name']
auth_id = '%s-%s' % (provider, thirdpart_id)
auth_token = r['access_token']
expires_time = r['expires']
db.update('delete from snstokens where auth_provider=?', provider)
SNSTokens(auth_id=auth_id,
auth_provider=provider,
auth_name=name,
auth_token=auth_token,
expires_time=expires_time).insert()
raise seeother('/manage/setting/snstokens')
def manage_index():
raise seeother('/manage/comments')
def manage_interceptor(next):
user = ctx.request.user
if user and user.admin:
return next()
raise seeother('/signin')
def signout():
ctx.response.delete_cookie(_COOKIE_NAME)
raise seeother('/')
def signin():
if ctx.request.user:
raise seeother('/')
return dict()
def signin():
client = _create_client()
raise seeother(client.get_authorize_url())
def signout():
ctx.response.set_cookie(_COOKIE, "deleted", max_age=0)
raise seeother("/")
def manage_index():
raise seeother('/manage/requests')
def _wrapper(*args, **kw):
u = ctx.user
if u and u.role<=role:
return func(*args, **kw)
raise seeother('/auth/signin')
def auth_callback_weibo():
provider = 'SinaWeibo'
p = sns.create_client(provider)
redirect = _get_redirect(excludes='/auth/')
callback = 'http://%s/auth/callback/%s' % (ctx.request.host, provider)
i = ctx.request.input(code='', state='')
code = i.code
if not code:
raise IOError('missing code')
state = i.state
r = p.request_access_token(code, callback)
thirdpart_id = r['uid']
auth_id = '%s-%s' % (provider, thirdpart_id)
auth_token = r['access_token']
expires = r['expires']
user = None
auser = AuthUsers.select_one('where auth_id=?', auth_id)
if auser:
# already signed in before:
auser.auth_token = auth_token
auser.expires = expires
auser.update()
user = Users.get_by_id(auser.user_id)
make_session_cookie(provider, auser._id, auth_token, expires)
else:
# not signed in before, so try to get info:
info = p.users.show.get(uid=thirdpart_id)
user_id = db.next_id()
email = info['email'] if 'email' in info else '%s@tmp' % user_id
name = info['screen_name']
image_url = info['profile_image_url']
user = Users(_id=user_id,
role=ROLE_GUEST,
binds=provider,
email=email,
name=name,
image_url=image_url,
passwd='')
auser = AuthUsers( \
user_id = user_id, \
auth_id = auth_id, \
auth_provider = provider, \
auth_token = auth_token, \
expires_time = expires \
)
with db.transaction():
user.insert()
auser.insert()
make_session_cookie(provider, auser._id, auth_token, expires)
jscallback = ctx.request.get('jscallback', '')
if jscallback:
ctx.response.write(
r'''<html><body><script>
window.opener.%s({'id': '%s', 'name': '%s', 'image_url': '%s'});
self.close();
</script></body></html>''' %
(jscallback, user._id, user.name.replace('\'', '\\\'').replace(
'\n', '').replace('\r', ''), user.image_url))
return
raise seeother('/')
def auth_signout():
'''
Sign out and redirect to previous page.
'''
ctx.response.delete_cookie(auth.COOKIE_AUTH)
raise seeother(_get_referer())
def redirect_wikipage(pid):
p = _get_wikipage(pid)
if p is None:
raise notfound()
raise seeother('/wiki/%s/%s' % (p.wiki_id, pid))
def index():
raise seeother('/manage/')
def manage_index():
raise seeother('/manage/requests')
def manage_index():
raise seeother('/manage/pageviews')
def index():
raise seeother('/manage/')
def manage_interceptor(next):
logging.info('MANAGE_INTERCEPTOR')
user = ctx.request.user
if user and user.admin:
return next()
raise seeother('/signin')
def manage_index():
raise seeother('/manage/reviews')
def signout():
ctx.response.set_cookie(_COOKIE, 'deleted', max_age=0)
raise seeother('/')
def auth_signout():
'''
Sign out and redirect to previous page.
'''
ctx.response.delete_cookie(auth.COOKIE_AUTH)
raise seeother(_get_referer())
def manage_index():
raise seeother('/manage/comments')
def signin():
client = _create_client()
raise seeother(client.get_authorize_url())
def register():
if ctx.request.user:
raise seeother('/')
return dict()
def signout():
ctx.response.set_cookie(_COOKIE, 'deleted', max_age=0)
raise seeother('/')
def manage_index():
raise seeother('/task_list')
def manage_index():
raise seeother('/manage/blogs')
def signout():
ctx.response.delete_cookie(_COOKIE_NAME)
raise seeother('/')
def manage_interceptor(next):
# 对URL/manage/进行拦截,检查当前用户是否是管理员身份
user = ctx.request.user
if user and user.admin:
return next()
raise seeother('/signin')
def manage_interceptor(next):
user = ctx.request.user
if user and user.admin:
return next()
raise seeother('/signin')
def manage_index():
raise seeother('/manage/posts')
