/
main.py
130 lines (103 loc) · 3.34 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
import sys
import web
from models.article import Article
from settings.web_settings import render
from apis.ueditor_api import UploadImage, UploadFile, UploadScrawl, GetRemoteImage, UploadVideo, ListImage, ListFile
if sys.getdefaultencoding() != 'utf-8':
reload(sys)
sys.setdefaultencoding('utf-8')
API_PORT = 12345
urls = (
'/', 'Index',
'/view/(\d+)', 'View',
'/new', 'New',
'/delete/(\d+)', 'Delete',
'/edit/(\d+)', 'Edit',
# '/imgs/(.*)', 'Imgs',
'/ue_uploadimage', UploadImage,
'/ue_uploadfile', UploadFile,
'/ue_uploadscrawl', UploadScrawl,
'/ue_getremoteimage', GetRemoteImage,
'/ue_uploadvideo', UploadVideo,
'/ue_listimage', ListImage,
'/ue_listfile', ListFile,
'/upload/(.*)', 'Download'
)
def start_api_server():
sys.argv.append('0.0.0.0:%s' % API_PORT)
app = web.application(urls, globals())
app.run()
class Index(object):
def GET(self):
posts = Article.get_posts()
return render.index(posts)
class View(object):
def GET(self, id):
post = Article.get_post(int(id))
return render.view(post)
class New(object):
form = web.form.Form(
web.form.Textbox('article_title', web.form.notnull,
size=30,
description=u'文章标题'),
web.form.Textarea('article_content', web.form.notnull,
rows=30, cols=80,
description=u'文章内容'),
web.form.Button(u'提交')
)
def GET(self):
form = self.form()
return render.new(form)
def POST(self):
form = self.form()
if not form.validates():
return render.new(form)
Article.new_post(form.d.article_title, form.d.article_content)
raise web.seeother('/')
class Delete(object):
def POST(self, id):
Article.del_post(int(id))
raise web.seeother('/')
class Edit(object):
def GET(self, id):
post = Article.get_post(int(id))
form = New.form()
form.fill(post)
return render.edit(post, form)
def POST(self, id):
form = New.form()
post = Article.get_post(int(id))
if not form.validates():
return render.edit(post, form)
Article.update_post(int(id), form.d.article_title, form.d.article_content)
raise web.seeother('/')
class Imgs(object):
def GET(self, name):
ext = name.split(".")[-1]
cType = {
"png": "images/png",
"jpg": "images/jpeg",
"gif": "images/gif",
"ico": "images/x-icon"
}
if name in os.listdir('imgs'):
web.header("Content-Type", cType[ext])
return open('imgs/%s' % name, "rb").read()
else:
raise web.notfound()
# 访问/upload/这个静态目录
# 这种写法仅测试用,会存在任意文件读取漏洞,详见http://drops.xmd5.com/static/drops/papers-5040.html
class Download(object):
def GET(self, filepath):
try:
with open("./upload/%s" % filepath, "rb") as f:
content = f.read()
return content
except:
return web.notfound("Sorry, the file you were looking for was not found.")
if __name__ == '__main__':
article = Article()
start_api_server()