Exemple #1
0
 def get(user, resource_id):
     with app.db.get_session() as sess:
         instances = sess.query(model).filter(
             model.id == resource_id).all()
         if not instances:
             return web.StatusErrorResponse(message='资源不存在')
         instance = instances[0]
         if not user.id == instance.author_id:
             return web.StatusErrorResponse(message='没有权限')
         return web.StatusSuccessResponse(data=instance)
Exemple #2
0
 def put(user, resource_id, data):
     with app.db.get_session() as sess:
         instances = sess.query(
             DAL.Draft).filter(model.id == resource_id).all()
         if not instances:
             return web.StatusErrorResponse(message='资源不存在')
         instance = instances[0]
         if not user.id == instance.author_id:
             return web.StatusErrorResponse(message='没有权限')
         update_attrs(instance, data)
         return web.StatusSuccessResponse(message='修改成功')
Exemple #3
0
 def send_file(self, id):
     info = self.db.get(id)
     if info:
         if info['absolute_filepath']:
             return web.send_file(info['absolute_filepath'])
         return web.send_file(self._truepath(info['relative_filepath']))
     else:
         return web.StatusErrorResponse(message='File Not Found.').jsonify()
Exemple #4
0
 def do_send_sms(target):
     if not utils.checkPhone(target):
         self.log('电话号码错误:%s' % target)
         if self.app.debug:
             raise
         return web.StatusErrorResponse(message='不是正确的电话号码')
     try:
         code = self.send_sms_code_to(target)
     except:
         print('发送号码时出现错误')
         if self.app.debug:
             raise
         return web.StatusErrorResponse(message='发送号码时出现错误')
     session['sms_code'] = code
     session['phone_number'] = target
     self.state_manager.push(target,
                             code,
                             timedelta=TIME.SMS_CODE_TIMEDELTA)
     return web.StatusSuccessResponce(message='短信验证码已发送')
Exemple #5
0
        def do_register(type, phone, validation_code, password,
                        password_confirm, email):
            method = request.method
            if method == 'GET':
                return self.register_page()
            elif method == 'POST':
                if type == 'phone':
                    if not (phone and validation_code and password
                            and password_confirm):
                        return web.StatusErrorResponse(message="表单不完整")
                    target, code = retrieve_from_session(
                        ' phone_number,sms_code')
                    if not (target == phone and validation_code == code):
                        return web.StatusErrorResponse(message='手机号码错误或验证码错误')
                    if not self.state_manager.get(phone, validation_code):
                        return web.StatusErrorResponse(message="发生错误,可能验证码已超时")
                    user_id = generate_random_id()
                    user = self.User(id=user_id)
                    self.log('user:'******'phone',
                                              identifier=phone,
                                              credential=password)
                    with self.db.get_session(autofill=True) as sess:
                        exist = sess.query(self.UserAuth).filter(
                            self.UserAuth.identity_type == 'phone',
                            self.UserAuth.identifier == phone).count()
                        if exist:
                            return web.StatusErrorResponse(message='该手机号码已被注册')
                        sess.add(user)
                        sess.add(user_auth)
                        self.log('regitster:', user, user_auth)
                        return web.ActionRedirect(location=self.login_url)

                elif type == 'email':
                    target, code = retrieve_from_session('email,email_code')
                    if not (target == email and code == validation_code):
                        return web.StatusErrorResponse(message='验证码错误或邮箱错误')
                    if not self.state_manager.get(target, code):
                        return web.StatusErrorResponse(message='验证码超时')
                    user = self.User()
                    user_auth = self.UserAuth(user_id=user.id,
                                              identity_type='email',
                                              identifier=email,
                                              credential=password)
                    with self.db.get_session() as sess:
                        exist = sess.query(self.UserAuth).filter(
                            self.UserAuth.identity_type == 'email',
                            self.UserAuth.identifier == email).count()
                        if exist:
                            return web.StatusErrorResponse(message='该邮箱已被注册')
                        sess.add(user)
                        sess.add(user_auth)
                        sess.commit()
                        return web.ActionRedirect(location=self.login_url)
Exemple #6
0
 def do_publish_article(article_id, user):
     context = Context(user=user, article=None)
     assert article_id, user
     if not user.is_own_article(article_id):
         return pages.NoPermissionPage().render(context=context)
     if not self.document_engine.is_private(article_id):
         return web.StatusErrorResponse(
             message='你不能发布该文章,该文章可能已经发布').jsonify()
     url = self.document_engine.publish(user, article_id)
     # return web.ActionRedirect(location=url, message='发布成功!').jsonify()
     return pages.PublishSuccessPage(
         message='发布成功!', link=url,
         link_text='点击前往查看').render(context=context)
Exemple #7
0
 def do_send_email_code(target):
     if not utils.checkEmail(target):
         print('邮箱地址错误:%s' % (target))
         if self.app.debug:
             raise
         return web.StatusErrorResponse(message='不是正确的邮箱地址')
     try:
         code = self.send_email_code(target)
         if code is None:
             print("邮件发送失败")
         elif self.app.debug:
             print('成功发送验证码%s至%s' % (code, target))
     except:
         print('发送邮件验证码时出现错误')
         if self.app.debug:
             raise
         return web.StatusErrorResponse(message='发送邮件验证码时出现错误')
     session['email_code'] = code
     session['email'] = target
     self.state_manager.push(target,
                             code,
                             timedelta=TIME.EMIAL_CODE_TIMEDELTA)
     return web.StatusSuccessResponce(message='邮箱验证码已发送')
Exemple #8
0
 def do_auth_callback_qq(code, state):
     if not self.state_manager.check_key(state):
         return web.StatusErrorResponse(message='该请求可能已过期')
     url = 'https://graph.qq.com/oauth2.0/token'
     body = {
         'grant_type': 'authorization_code',
         'client_id': self.qq_auth_config.appid,
         'client_secret': self.qq_auth_config.appkey,
         'code': code,
         'redirect_uri': self.qq_auth_config.redirect_uri
     }
     response = requests.get(url, params=body)  # 发送GET请求
     token = response.text
     requests.session().close()  # 关闭请求
     return web.redirect(self.auth_qq_callback_url + '/token?' + token)
Exemple #9
0
 def do_login_post(type,
                   phone,
                   validation_code,
                   password,
                   email,
                   redirect_url=self.home_url):
     if type == 'phone':
         if not (phone and password):
             return web.StatusErrorResponse(message='缺失手机号码或密码')
         with self.db.get_session() as sess:
             exist = sess.query(self.UserAuth).filter(
                 self.UserAuth.identity_type == 'phone',
                 self.UserAuth.identifier == phone,
                 self.UserAuth.credential == password).all()
             if not exist:
                 return web.StatusErrorResponse(message='手机号码或密码错误')
             user_auth = exist[0]
             login_key = gen_random_key()
             self.log('login', login_key, user_auth)
             self.state_manager.push('login_key',
                                     login_key,
                                     user_auth.user_id,
                                     timedelta=TIME.MONTH)
             session['login_key'] = login_key
             return web.ActionRedirect(redirect_url)
     elif type == 'phone-code':
         if not (phone and validation_code):
             return web.StatusErrorResponse(message='缺失手机号码或验证码')
         target, code = retrieve_from_session(' phone_number,sms_code')
         if not (target == phone and validation_code == code):
             return web.StatusErrorResponse(message='手机号码错误或验证码错误')
         if not self.state_manager.get(target, code):
             return web.StatusErrorResponse(message='验证码超时')
         with self.db.get_session() as sess:
             exist = sess.query(self.UserAuth).filter(
                 self.UserAuth.identity_type == 'phone',
                 self.UserAuth.identifier == phone,
             ).all()
             if not exist:
                 return web.StatusErrorResponse(message='该手机号码尚未注册')
             user_auth = exist[0]
             login_key = gen_random_key()
             self.state_manager.push('login_key',
                                     login_key,
                                     user_auth.user_id,
                                     timedelta=TIME.MONTH)
             session['login_key'] = login_key
             return web.ActionRedirect(redirect_url)
     elif type == 'email':
         if not (email and password):
             return web.StatusErrorResponse(message='缺失邮箱地址或密码')
         with self.db.get_session() as sess:
             exist = sess.query(self.UserAuth).filter(
                 self.UserAuth.identity_type == 'email',
                 self.UserAuth.identifier == email).all()
             if not exist:
                 return web.StatusErrorResponse(
                     message='邮箱地址错误,您是否还未注册?')
             user_auth = exist[0]
             if not user_auth.credential == password:
                 return web.StatusErrorResponse(message='邮箱地址或密码错误')
             login_key = gen_random_key()
             self.state_manager.push('login_key',
                                     login_key,
                                     user_auth.user_id,
                                     timedelta=TIME.MONTH)
             session['login_key'] = login_key
             return web.ActionRedirect(redirect_url)