def get(user, resource_id): with app.db.get_session() as sess: instances = sess.query(model).filter( model.id == resource_id).all() if not instances: return web.StatusErrorResponse(message='资源不存在') instance = instances[0] if not user.id == instance.author_id: return web.StatusErrorResponse(message='没有权限') return web.StatusSuccessResponse(data=instance)
def put(user, resource_id, data): with app.db.get_session() as sess: instances = sess.query( DAL.Draft).filter(model.id == resource_id).all() if not instances: return web.StatusErrorResponse(message='资源不存在') instance = instances[0] if not user.id == instance.author_id: return web.StatusErrorResponse(message='没有权限') update_attrs(instance, data) return web.StatusSuccessResponse(message='修改成功')
def send_file(self, id): info = self.db.get(id) if info: if info['absolute_filepath']: return web.send_file(info['absolute_filepath']) return web.send_file(self._truepath(info['relative_filepath'])) else: return web.StatusErrorResponse(message='File Not Found.').jsonify()
def do_send_sms(target): if not utils.checkPhone(target): self.log('电话号码错误:%s' % target) if self.app.debug: raise return web.StatusErrorResponse(message='不是正确的电话号码') try: code = self.send_sms_code_to(target) except: print('发送号码时出现错误') if self.app.debug: raise return web.StatusErrorResponse(message='发送号码时出现错误') session['sms_code'] = code session['phone_number'] = target self.state_manager.push(target, code, timedelta=TIME.SMS_CODE_TIMEDELTA) return web.StatusSuccessResponce(message='短信验证码已发送')
def do_register(type, phone, validation_code, password, password_confirm, email): method = request.method if method == 'GET': return self.register_page() elif method == 'POST': if type == 'phone': if not (phone and validation_code and password and password_confirm): return web.StatusErrorResponse(message="表单不完整") target, code = retrieve_from_session( ' phone_number,sms_code') if not (target == phone and validation_code == code): return web.StatusErrorResponse(message='手机号码错误或验证码错误') if not self.state_manager.get(phone, validation_code): return web.StatusErrorResponse(message="发生错误,可能验证码已超时") user_id = generate_random_id() user = self.User(id=user_id) self.log('user:'******'phone', identifier=phone, credential=password) with self.db.get_session(autofill=True) as sess: exist = sess.query(self.UserAuth).filter( self.UserAuth.identity_type == 'phone', self.UserAuth.identifier == phone).count() if exist: return web.StatusErrorResponse(message='该手机号码已被注册') sess.add(user) sess.add(user_auth) self.log('regitster:', user, user_auth) return web.ActionRedirect(location=self.login_url) elif type == 'email': target, code = retrieve_from_session('email,email_code') if not (target == email and code == validation_code): return web.StatusErrorResponse(message='验证码错误或邮箱错误') if not self.state_manager.get(target, code): return web.StatusErrorResponse(message='验证码超时') user = self.User() user_auth = self.UserAuth(user_id=user.id, identity_type='email', identifier=email, credential=password) with self.db.get_session() as sess: exist = sess.query(self.UserAuth).filter( self.UserAuth.identity_type == 'email', self.UserAuth.identifier == email).count() if exist: return web.StatusErrorResponse(message='该邮箱已被注册') sess.add(user) sess.add(user_auth) sess.commit() return web.ActionRedirect(location=self.login_url)
def do_publish_article(article_id, user): context = Context(user=user, article=None) assert article_id, user if not user.is_own_article(article_id): return pages.NoPermissionPage().render(context=context) if not self.document_engine.is_private(article_id): return web.StatusErrorResponse( message='你不能发布该文章,该文章可能已经发布').jsonify() url = self.document_engine.publish(user, article_id) # return web.ActionRedirect(location=url, message='发布成功!').jsonify() return pages.PublishSuccessPage( message='发布成功!', link=url, link_text='点击前往查看').render(context=context)
def do_send_email_code(target): if not utils.checkEmail(target): print('邮箱地址错误:%s' % (target)) if self.app.debug: raise return web.StatusErrorResponse(message='不是正确的邮箱地址') try: code = self.send_email_code(target) if code is None: print("邮件发送失败") elif self.app.debug: print('成功发送验证码%s至%s' % (code, target)) except: print('发送邮件验证码时出现错误') if self.app.debug: raise return web.StatusErrorResponse(message='发送邮件验证码时出现错误') session['email_code'] = code session['email'] = target self.state_manager.push(target, code, timedelta=TIME.EMIAL_CODE_TIMEDELTA) return web.StatusSuccessResponce(message='邮箱验证码已发送')
def do_auth_callback_qq(code, state): if not self.state_manager.check_key(state): return web.StatusErrorResponse(message='该请求可能已过期') url = 'https://graph.qq.com/oauth2.0/token' body = { 'grant_type': 'authorization_code', 'client_id': self.qq_auth_config.appid, 'client_secret': self.qq_auth_config.appkey, 'code': code, 'redirect_uri': self.qq_auth_config.redirect_uri } response = requests.get(url, params=body) # 发送GET请求 token = response.text requests.session().close() # 关闭请求 return web.redirect(self.auth_qq_callback_url + '/token?' + token)
def do_login_post(type, phone, validation_code, password, email, redirect_url=self.home_url): if type == 'phone': if not (phone and password): return web.StatusErrorResponse(message='缺失手机号码或密码') with self.db.get_session() as sess: exist = sess.query(self.UserAuth).filter( self.UserAuth.identity_type == 'phone', self.UserAuth.identifier == phone, self.UserAuth.credential == password).all() if not exist: return web.StatusErrorResponse(message='手机号码或密码错误') user_auth = exist[0] login_key = gen_random_key() self.log('login', login_key, user_auth) self.state_manager.push('login_key', login_key, user_auth.user_id, timedelta=TIME.MONTH) session['login_key'] = login_key return web.ActionRedirect(redirect_url) elif type == 'phone-code': if not (phone and validation_code): return web.StatusErrorResponse(message='缺失手机号码或验证码') target, code = retrieve_from_session(' phone_number,sms_code') if not (target == phone and validation_code == code): return web.StatusErrorResponse(message='手机号码错误或验证码错误') if not self.state_manager.get(target, code): return web.StatusErrorResponse(message='验证码超时') with self.db.get_session() as sess: exist = sess.query(self.UserAuth).filter( self.UserAuth.identity_type == 'phone', self.UserAuth.identifier == phone, ).all() if not exist: return web.StatusErrorResponse(message='该手机号码尚未注册') user_auth = exist[0] login_key = gen_random_key() self.state_manager.push('login_key', login_key, user_auth.user_id, timedelta=TIME.MONTH) session['login_key'] = login_key return web.ActionRedirect(redirect_url) elif type == 'email': if not (email and password): return web.StatusErrorResponse(message='缺失邮箱地址或密码') with self.db.get_session() as sess: exist = sess.query(self.UserAuth).filter( self.UserAuth.identity_type == 'email', self.UserAuth.identifier == email).all() if not exist: return web.StatusErrorResponse( message='邮箱地址错误,您是否还未注册?') user_auth = exist[0] if not user_auth.credential == password: return web.StatusErrorResponse(message='邮箱地址或密码错误') login_key = gen_random_key() self.state_manager.push('login_key', login_key, user_auth.user_id, timedelta=TIME.MONTH) session['login_key'] = login_key return web.ActionRedirect(redirect_url)