def post(self, request): """openid绑定用户逻辑""" # 接收表单数据 mobile = request.POST.get('mobile') password = request.POST.get('password') sms_code = request.POST.get('sms_code') openid_sign = request.POST.get('openid') # 校验 if all([mobile, password, sms_code, openid_sign]) is False: return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 短信验证码校验 # 创建redis连接对象 redis_conn = get_redis_connection('verify_codes') # 将redis中的短信验证码获取来, sms_code_server_bytes = redis_conn.get('sms_%s' % mobile) # 短信验证码从redis获取出来之后就从redis数据库删除: 让它是一次性 redis_conn.delete('sms_%s' % mobile) # 判断redis中是否获取到短信验证码(判断是否过期) if sms_code_server_bytes is None: return http.JsonResponse({ 'code': RETCODE.SMSCODERR, 'errmsg': '短信验证码已过期' }) # 从redis获取出来的数据注意类型问题 sms_code_server = sms_code_server_bytes.decode() # 判断短信验证码是否填写正确 if sms_code != sms_code_server: return http.JsonResponse({ 'code': RETCODE.SMSCODERR, 'errmsg': '短信验证码输入错误' }) # 对openid进行解密 openid = check_openid_signature(openid_sign) if openid is None: return http.HttpResponseForbidden('openid无效') try: # 以mobile字段进行查询user表 # 如果查询到了,说明此手机号在美多商城之前已经注册, 老用户 user = User.objects.get(mobile=mobile) # 如果是已存在的老用户,就去校验用户密码是否正确 if user.check_password(password) is False: return http.HttpResponseForbidden('绑定的用户信息填写不正确') except User.DoesNotExist: with transaction.atomic(): # 如果没有查询到,说明此手机号是新的, 创建一个新的user user = User.objects.create_user(username=mobile, password=password, mobile=mobile) with transaction.atomic(): # 新增oauth_qq表的一个记录 OAuthQQUser.objects.create(user=user, openid=openid) # 绑定完成即代表登录成, login(request, user) response = redirect(request.GET.get('state') or '/') response.set_cookie('username', user.username, max_age=settings.SESSION_COOKIE_AGE) return response
def json_settings_handler(request, id, model_class, view_path): content_type = 'application/json' try: user_id = get_user_id_from_hatohol_server(request) except (NoHatoholUser, NoHatoholSession): return http.HttpResponseForbidden(content_type=content_type) if request.method == 'POST': unicode_body = smart_text(request.body, encoding=request.encoding) model = model_class(user_id=user_id, settings_json=unicode_body) try: model.full_clean() except ValidationError as e: return http.HttpResponseBadRequest(json.dumps(e.messages), content_type=content_type) model.save() response = http.HttpResponse(to_json(model), content_type=content_type, status=201) response['Location'] = reverse('hatohol.views.graphs', args=[model.id]) return response elif request.method == 'PUT': if id is None: message = 'id is required' return http.HttpResponseBadRequest(to_json(message), content_type=content_type) try: unicode_body = smart_text(request.body, encoding=request.encoding) model = model_class.objects.get(id=id) if model.user_id != user_id: return http.HttpResponseForbidden(content_type=content_type) model.settings_json = unicode_body model.full_clean() model.save() return http.HttpResponse(to_json(model), content_type=content_type) except model_class.DoesNotExist: return http.HttpResponseNotFound(content_type=content_type) except ValidationError as e: return http.HttpResponseBadRequest(json.dumps(e.messages), content_type=content_type) elif request.method == 'DELETE': if id is None: message = 'id is required' return http.HttpResponseBadRequest(to_json(message), content_type=content_type) try: model = model_class.objects.get(id=id) except model_class.DoesNotExist: return http.HttpResponseNotFound() else: if model.user_id != user_id: return http.HttpResponseForbidden(content_type=content_type) model.delete() return http.HttpResponse() else: if id: try: model = model_class.objects.get(id=id) except model_class.DoesNotExist: return http.HttpResponseNotFound() if model.user_id != user_id: return http.HttpResponseForbidden(content_type=content_type) response = model else: models = model_class.objects.filter(user_id=user_id).order_by('id') response = models return http.HttpResponse(to_json(response), content_type=content_type)
def put(self, request): """修改购物车""" # 接受 校验参数 json_dict = json.loads(request.body.decode()) sku_id = json_dict.get('sku_id') count = json_dict.get('count') selected = json_dict.get('selected', True) if not all([sku_id, count]): return http.HttpResponseForbidden('缺少必传参数') try: sku = SKU.objects.get(id=sku_id) except SKU.DoseNotExist: return http.HttpResponseForbidden('sku_id不正确') # 判断counts是否是数字 try: count = int(count) except Exception as e: logger.error(e) return http.HttpResponseForbidden('count不正确') if selected: if not isinstance(selected, bool): return http.HttpResponseForbidden('selected不正确') user = request.user if user.is_authenticated: redis_conn = get_redis_connection('carts') pl = redis_conn.pipeline() pl.hset('carts_%s' % user.id, sku_id, count) if selected: pl.sadd('selected_%s' % user.id, sku_id) else: pl.srem('selected_%s' % user.id, sku_id) pl.execute() cart_sku = { 'id': sku_id, 'count': count, 'selected': selected, 'name': sku.name, 'default_image_url': sku.default_image.url, 'price': sku.price, 'amount': sku.price * count } return http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': 'ok', 'cart_sku': cart_sku }) else: cart_str = request.COOKIES.get('carts') if cart_str: cart_dict = str_to_dict(cart_str) else: cart_dict = {} cart_dict[sku_id] = {'count': count, 'selected': selected} cookie_cart_str = dict_to_str(cart_dict) cart_sku = { 'id': sku_id, 'count': count, 'selected': selected, 'name': sku.name, 'default_image_url': sku.default_image.url, 'price': sku.price, 'amount': sku.price * count } response = http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': 'ok', 'cart_sku': cart_sku }) response.set_cookie('carts', cookie_cart_str) return response
def categories(request, locale_code): if not _permission_to_edit_locale(request, locale_code): return http.HttpResponseForbidden() cats = list(Category.objects.order_by('application')) strings = dict( Translation.objects.filter(id__in=[c.name_id for c in cats], locale=locale_code).values_list( 'id', 'localized_string')) # Category ID to localized string map for checking for changes. category_names = dict([(c.id, strings.get(c.name_id)) for c in cats]) # Category ID to model object to avoid extra SQL lookups on POST. category_objects = dict([(c.id, c) for c in cats]) # Initial data to pre-populate forms. initial = [ dict(id=c.id, name=strings.get(c.name_id), application=c.application_id) for c in cats ] # Group categories by application, and sort by name within app groups. categories = [] category_no_app = None for key, group in groupby(cats, lambda c: c.application_id): sorted_cats = sorted(group, key=lambda c: c.name) if key: categories.append((key, sorted_cats)) else: category_no_app = (key, sorted_cats) if category_no_app: # Put app-less categories at the bottom. categories.append(category_no_app) formset = CategoryFormSet(request.POST or None, initial=initial) # Category ID to form mapping. form_map = dict((form.initial['id'], form) for form in formset.forms) if request.method == 'POST' and formset.is_valid(): for form in formset: pk = form.cleaned_data.get('id') name = form.cleaned_data.get('name') if category_names.get(pk) != None and name != category_names[pk]: # Name changed, let's save it. cat = category_objects.get(pk) if not cat: continue cat.name = {locale_code: name} cat.save() return redirect( reverse('localizers.categories', kwargs=dict(locale_code=locale_code))) data = { 'locale_code': locale_code, 'userlang': product_details.languages[locale_code], 'categories': categories, 'formset': formset, 'form_map': form_map, 'apps': amo.APP_IDS, 'types': amo.ADDON_TYPE, } return jingo.render(request, 'localizers/categories.html', data)
def process_request(self, request): User = get_user_model() ENABLE_DJANGO_LOGIN = settings.ENABLE_DJANGO_LOGIN SESSION_EXPIRY_SSO = 3600 if settings.SESSION_EXPIRY_SSO: SESSION_EXPIRY_SSO = settings.SESSION_EXPIRY_SSO if (request.path.startswith('/logout') or request.path.startswith('/ledger/logout')) \ and 'HTTP_X_LOGOUT_URL' in request.META and request.META['HTTP_X_LOGOUT_URL']: logout(request) return http.HttpResponseRedirect(request.META['HTTP_X_LOGOUT_URL']) if VERSION < (2, 0): user_auth = request.user.is_authenticated() else: try: user_auth = request.user.is_authenticated if user_auth is True: pass if ENABLE_DJANGO_LOGIN is True: if 'HTTP_REMOTE_USER' in request.META: if len(request.META['HTTP_REMOTE_USER']) > 3: response = HttpResponse( "<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Error: SSO detected as enabled. ENABLE_DJANGO_LOGIN should be set to False when sso is enabled.</h1><br></center><script></script>" ) return response else: pass if request.user.email.lower( ) != request.META['HTTP_REMOTE_USER'].lower(): response = HttpResponse( "<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Wait one moment please...</h1><br><img src='/static/ledger_api/images/ajax-loader-spinner.gif'></center><script> location.reload();</script>" ) response.delete_cookie('sessionid') return response except: print("user_auth request user does not exist") response = HttpResponse( "<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Wait one moment please...</h1><br><img src='/static/ledger_api/images/ajax-loader-spinner.gif'></center><script> location.reload();</script>" ) response.delete_cookie('sessionid') return response #print ("AM I AUTH") #print (user_auth) if not user_auth and 'HTTP_REMOTE_USER' in request.META and request.META[ 'HTTP_REMOTE_USER']: attributemap = { 'username': '******', 'last_name': 'HTTP_X_LAST_NAME', 'first_name': 'HTTP_X_FIRST_NAME', 'email': 'HTTP_X_EMAIL', } for key, value in attributemap.items(): if value in request.META: attributemap[key] = request.META[value] if hasattr(settings, 'ALLOWED_EMAIL_SUFFIXES' ) and settings.ALLOWED_EMAIL_SUFFIXES: allowed = settings.ALLOWED_EMAIL_SUFFIXES if isinstance(settings.ALLOWED_EMAIL_SUFFIXES, basestring): allowed = [settings.ALLOWED_EMAIL_SUFFIXES] if not any([ attributemap['email'].lower().endswith(x) for x in allowed ]): return http.HttpResponseForbidden() exists_in_ledger = False if attributemap['email'] and User.objects.filter( email__iexact=attributemap['email']).exists(): user = User.objects.filter( email__iexact=attributemap['email'])[0] exists_in_ledger = True else: user = User() # connect to ledger and align local cache account json_response = {} try: data = urllib.parse.urlencode(attributemap) data = data.encode('utf-8') with urllib.request.urlopen( settings.LEDGER_API_URL + "/ledgergw/remote/user/" + attributemap['email'] + "/" + settings.LEDGER_API_KEY + "/", data) as url: json_response = json.loads(url.read().decode()) except Exception as e: print("Error Connecting to Ledger GW") print(e) response = HttpResponse( "<h1>Error Connecting to Ledger GW</h1>") return response if 'user' in json_response: attributemap['ledger_id'] = json_response['user']['ledgerid'] attributemap['ledger_data'] = json_response['user'] attributemap['is_superuser'] = json_response['user'][ 'is_superuser'] attributemap['is_staff'] = json_response['user']['is_staff'] attributemap['ledger_groups'] = json_response['user']['groups'] else: messages.error( request, 'Unable to Update User Information from Ledger') user.__dict__.update(attributemap) user.save() if exists_in_ledger is False: response = HttpResponse( "<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Wait one moment please</h1><br><img src='/static/ledger_api/images/ajax-loader-spinner.gif'></center><script> location.reload();</script>" ) response.delete_cookie('sessionid') return response user.backend = 'django.contrib.auth.backends.ModelBackend' request.session.set_expiry(SESSION_EXPIRY_SSO) login(request, user)
def put(self, request, address_id): """修改收货地址逻辑""" # 对address_id进行校验 try: address = Address.objects.get(id=address_id, user=request.user, is_deleted=False) except Address.DoesNotExist: return http.HttpResponseForbidden('修改收货地址失败') # 接收请求体数据 json_dict = json.loads( request.body.decode()) # json.loads()函数是将字符串转化为字典 title = json_dict.get('title') receiver = json_dict.get('receiver') province_id = json_dict.get('province_id') city_id = json_dict.get('city_id') district_id = json_dict.get('district_id') place = json_dict.get('place') mobile = json_dict.get('mobile') tel = json_dict.get('tel') email = json_dict.get('email') # 校验 if all([ title, receiver, province_id, city_id, district_id, place, mobile ]) is False: return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('参数mobile有误') if tel: if not re.match( r'^(0[0-9]{2,3}-)?([2-9][0-9]{6,7})+(-[0-9]{1,4})?$', tel): return http.HttpResponseForbidden('参数tel有误') if email: if not re.match( r'^[a-z0-9][\w\.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$', email): return http.HttpResponseForbidden('参数email有误') # 修改 try: # Address.objects.filter(id=address_id).update( # title=title, # receiver=receiver, # province_id=province_id, # city_id=city_id, # district_id=district_id, # place=place, # mobile=mobile, # tel=tel, # email=email # ) address.title = title address.receiver = receiver address.province_id = province_id address.city_id = city_id address.district_id = district_id address.place = place address.mobile = mobile address.tel = tel address.email = email address.save() except DatabaseError as e: logger.error(e) return http.HttpResponseForbidden('修改收货地址失败') # 把新增的address模型对象转换成字典,并响应给前端 address_dict = { 'id': address.id, 'title': address.title, 'receiver': address.receiver, 'province_id': address.province_id, 'province': address.province.name, 'city_id': address.city_id, 'city': address.city.name, 'district_id': address.district_id, 'district': address.district.name, 'place': address.place, 'mobile': address.mobile, 'tel': address.tel, 'email': address.email, } return http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': '修改收货地址成功', 'address': address_dict })
def post(self, request): """保存订单信息和订单商品信息""" # 获取数据 json_dict = json.loads(request.body) address_id = json_dict.get('address_id') pay_method = json_dict.get('pay_method') # 校验参数 if not all([address_id, pay_method]): return http.HttpResponseForbidden('缺少必传参数') try: address = Address.objects.get(id=address_id, is_deleted=False) except Exception as e: return http.HttpResponseForbidden('参数address_id错误') try: pay_method = int(pay_method) except Exception as e: return http.HttpResponseForbidden('参数pay_method错误') if pay_method not in [ OrderInfo.PAY_METHODS_ENUM['CASH'], OrderInfo.PAY_METHODS_ENUM['ALIPAY'] ]: return http.HttpResponseForbidden('参数pay_method错误') # 获取登录用户 user = request.user # 生成订单信息 order_id = timezone.now().strftime('%Y%m%d%H%M%S') + ('%09d' % user.id) if pay_method == OrderInfo.PAY_METHODS_ENUM['CASH']: status = OrderInfo.ORDER_STATUS_ENUM['UNSEND'] else: status = OrderInfo.ORDER_STATUS_ENUM['UNPAID'] # 定义一个事务 with transaction.atomic(): # 创建事务保存点 save_id = transaction.savepoint() try: order = OrderInfo.objects.create(order_id=order_id, user=user, address=address, total_count=0, total_amount=Decimal('0.00'), freight=Decimal('10.00'), pay_method=pay_method, status=status) # 连接数据库 redis_conn = get_redis_connection('carts') # 获取redis.hash中的购物车数据 redis_cart = redis_conn.hgetall('carts_%s' % user.id) # 获取redis.map中的选中状态 cart_selected = redis_conn.smembers('selected_%s' % user.id) # 将redis中的数据包装成大字典 cart_dict = {} for sku_id in cart_selected: cart_dict[int(sku_id)] = int(redis_cart[sku_id]) for sku_id in cart_dict: while True: # 判断库存是否充足 sku = SKU.objects.get(id=sku_id) count = cart_dict[sku_id] origin_stock = sku.stock origin_sales = sku.sales if count > origin_stock: # 如果库存不足,回滚并响应 transaction.savepoint_rollback(save_id) return http.JsonResponse({ 'code': RETCODE.STOCKERR, 'errmsg': '库存不足' }) # 修改sku库存和销量 new_stock = origin_stock - count new_sales = origin_sales + count # 乐观锁:如果相同,表示没人修改,可以更新库存,否则表示别人抢过资源,不再执行库存更新 result = SKU.objects.filter(id=sku_id, stock=origin_stock).update( stock=new_stock, sales=new_sales) if result == 0: continue # 循环提交订单 # 修改SPU销量 sku.spu.sales += count sku.spu.save() # 保存订单商品信息 OrderGoods.objects.create( order=order, sku=sku, count=count, price=sku.price, ) # 保存商品订单中总价和总数量 order.total_count += count order.total_amount += (sku.price * count) # 下单成功或者失败就跳出循环 break # 添加邮费和保存订单信息 order.total_amount += order.freight order.save() except Exception as e: transaction.savepoint_rollback(save_id) return http.JsonResponse({ 'code': RETCODE.DBERR, 'errmsg': '下单失败' }) else: # 提交订单成功,显式的提交一次事务 transaction.savepoint_commit(save_id) # 清除购物车中已结算的商品 pl = redis_conn.pipeline() pl.hdel('carts_%s' % user.id, *cart_selected) pl.srem('selected_%s' % user.id, *cart_selected) pl.execute() # 响应提交订单结果 return http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': '下单成功', 'order_id': order.order_id })
def moderation(request, *args, **kwargs): if request.user.role not in user_models.get_internal_roles(): return http.HttpResponseForbidden() employee_obj = get_moderation_object(**kwargs) if employee_obj.updated == False: context = { 'title': 'Moderation', 'object': employee_obj } return render(request, 'employee/moderation_done.html', context) formsets = [] person_form = employee_forms.ModerationPersonCreateForm(instance=employee_obj.user.person_user_set, prefix='pers') person_form.helper = FormHelper() person_form.helper.form_tag = False pchildren = lgc_models.Child.objects.filter(person=employee_obj.user.person_user_set).all() this_url = str(reverse_lazy('employee-moderation', kwargs={'pk':employee_obj.id})) ChildrenFormSet = modelformset_factory(employee_models.Child, form=employee_forms.ChildCreateForm2, can_delete=True) DocumentFormSet = modelformset_factory(lgc_models.Document, form=employee_forms.DocumentFormSet, can_delete=False, extra=0) context = { 'title': 'Moderation', 'person_form': person_form, 'object': employee_obj, 'formsets': [], 'formsets_form': None, } person_common_view = lgc_views.PersonCommonView() if request.GET.get('reject') == '1': person_common_view.copy_related_object(employee_obj.user.person_user_set, employee_obj, employee_obj) save_employee_obj(request, employee_obj) person_common_view.clear_related_objects(employee_obj.employee_child_set.all()) for child in employee_obj.user.person_user_set.child_set.all(): emp_child = employee_models.Child() person_common_view.copy_related_object(child, emp_child, emp_child) emp_child.person = employee_obj emp_child.person_child = child emp_child.save() for doc in employee_obj.user.person_user_set.document_set.all(): if doc.deleted: doc.deleted = False doc.save() elif doc.added: try: lgc_models.delete_person_doc(employee_obj.user.person_user_set, doc) except Exception as e: log.error(e) messages.error(self.request, _('Cannot remove user files.')) messages.success(request, _('Moderation has been rejected.')) return redirect('employee-moderations') if request.method == 'POST': employee_form = ( employee_forms.ModerationEmployeeUpdateForm(request.POST, instance=employee_obj, prefix='emp') ) employee_form.helper = FormHelper() employee_form.helper.form_tag = False employee_form.helper.form_id = 'employee_form_id' context['employee_form'] = employee_form docs = None valid = True if request.POST.get('docs-TOTAL_FORMS'): docs = DocumentFormSet(request.POST, prefix='docs') if not docs.is_valid(): messages.error(request, _('Invalid document form.')) valid = False if request.POST.get('children-TOTAL_FORMS'): try: set_formset(request, context, ChildrenFormSet, None, pchildren, _('Children'), 'children', 'children_id') except: messages.error(request, _('Invalid children form')) valid = False set_formsets_form(context) if not check_form(request, context, employee_obj, employee_form, this_url): messages.error(request, _('Invalid form.')) valid = False if valid: if len(context['formsets']): formset = context['formsets'][0] else: formset = None if handle_docs_formset(request, docs, employee_obj) < 0: return redirect('employee-moderations') old_person = lgc_models.Person() lgc_models.copy_doc_path_attributes(employee_obj.user.person_user_set, old_person) person_common_view.copy_related_object(employee_form.instance, employee_obj.user.person_user_set, employee_form.instance) employee_obj.user.person_user_set.version += 1 with transaction.atomic(): save_employee_obj(request, employee_form.instance) lgc_models.rename_person_doc_dir(old_person, employee_obj.user.person_user_set) employee_obj.user.first_name = employee_form.instance.first_name employee_obj.user.last_name = employee_form.instance.last_name employee_obj.user.save() employee_obj.user.person_user_set.save() save_formset(employee_obj, formset) messages.success(request, _('Moderation successfully submitted.')) return redirect('employee-moderations') employee_form = employee_forms.ModerationEmployeeUpdateForm(instance=employee_obj, prefix='emp') employee_form.helper = FormHelper() employee_form.helper.form_tag = False doc_qs = lgc_models.Document.objects.filter(person=employee_obj.user.person_user_set) doc_qs = doc_qs.filter(added=True)|doc_qs.filter(deleted=True) if len(doc_qs): context['docs'] = DocumentFormSet(queryset=doc_qs, prefix='docs') context['doc_download_url'] = 'lgc-download-file' echildren = employee_models.Child.objects.filter(person=employee_obj) if objs_diff(echildren.all(), pchildren): set_formset(request, context, ChildrenFormSet, echildren, pchildren, _('Children'), 'children', 'children_id') set_formsets_form(context) context['employee_form'] = employee_form return render(request, 'employee/moderation.html', context)
def cancel_session(request): req_headers = request.headers try: user_token = req_headers['Authorization'] except KeyError: return http.HttpResponseBadRequest( '\'security token\' needs a resolvable definition ' + 'provided as request header component') req_body = json.loads(request.body) ''' try: user_id = req_body['user_id'] except KeyError: return http.HttpResponseBadRequest('\'user ID\' needs a resolvable definition ' + 'provided as request data component') ''' try: host_ip = req_body['host_ip'] except KeyError: return http.HttpResponseBadRequest( '\'host ip address\' needs a resolvable definition ' + 'provided as request data component') ''' try: current_user = Employee.objects.get(id=user_id) except ObjectDoesNotExist: return http.HttpResponseNotFound('User ID is not valid.\nSession opening refused') ''' try: current_session = RealTimeRecognitionControl.objects.get( host_ip_address=host_ip) current_user = current_session.current_user except ObjectDoesNotExist: return http.HttpResponseNotFound( 'Host ip address is not valid.\nSession closing refused') if current_user.token != user_token: return http.HttpResponseForbidden( 'Attempted request from non-authorized user account\n' + 'Session closing refused') ''' try: session = RealTimeRecognitionControl.objects.get(host_ip_address=host_ip) except ObjectDoesNotExist: return http.HttpResponseNotFound('Host ip address is not valid.\nSession closing refused') print('p22') #host_ip = request.GET['host_ip'] #session = None try: session = RealTimeRecognitionControl.objects.get(host_ip_address=host_ip) except ObjectDoesNotExist: return http.HttpResponseNotFound('User host address is not valid.\nCancel attempt failed') ''' stasis_pid = current_session.stasis_pid ws_pid = current_session.websocket_pid time.sleep(0.5) os.kill(ws_pid, signal.SIGTERM) time.sleep(0.5) os.kill(stasis_pid, signal.SIGTERM) time.sleep(0.5) os.kill(ws_pid, signal.SIGKILL) time.sleep(0.5) os.kill(stasis_pid, signal.SIGKILL) current_session.stasis_pid = 1 current_session.websocket_pid = 1 current_session.current_user = None current_session.save() return http.HttpResponse(status=200)
def process_request(self, request): if request.META['REMOTE_ADDR'] in BLOCKED_IPS: return http.HttpResponseForbidden('<h1>Forbidden</h1>')
def get(self, request, mobile): # 接收参数 image_code_client = request.GET.get('image_code') uuid = request.GET.get('uuid') # 创建连接到redis的对象 redis_conn = get_redis_connection('verify_code') # 校验参数 if not all([image_code_client, uuid]): return http.HttpResponseForbidden('缺少必传参数') # 避免频繁发送短信验证码 send_flag = redis_conn.get('send_flag_%s' % mobile) if send_flag: return http.JsonResponse({ 'code': RETCODE.THROTTLINGERR, 'errmsg': '发送短信过于频繁' }) # 提取图形验证码 image_code_server = redis_conn.get('img_%s' % uuid) if not image_code_server: return http.JsonResponse({ 'code': RETCODE.IMAGECODEERR, 'errmsg': '图形验证码已失效' }) # 删除图形验证码 redis_conn.delete('img_%s' % uuid) # 对比图形验证码 image_code_server = image_code_server.decode() if image_code_server.lower() != image_code_client.lower(): return http.JsonResponse({ 'code': RETCODE.IMAGECODEERR, 'errmsg': '输入图形验证码有误' }) # 生成短信验证码 sms_code = '%06d' % random.randint(0, 999999) logger.info(sms_code) # # 保存短信验证码 # redis_conn.setex('sms_%s' % mobile, constants.IMAGE_CODE_REDIS_EXPIRES, sms_code) # # # 保存发送短信验证码的标记 # redis_conn.setex('send_flag_%s' % mobile, constants.SEND_SMS_CODE_INTERVAL, 1) # 创建redis管道 pl = redis_conn.pipeline() # 将redis请求添加到队列 # 保存短信验证码 pl.setex('sms_%s' % mobile, constants.IMAGE_CODE_REDIS_EXPIRES, sms_code) # 保存发送短信验证码的标记 pl.setex('send_flag_%s' % mobile, constants.SEND_SMS_CODE_INTERVAL, 1) # 执行请求 pl.execute() # # 发送短信验证码 # CCP().send_template_sms('17301768520', [sms_code, constants.IMAGE_CODE_REDIS_EXPIRES / 60], 1) # 使用celery发送短信验证码 send_sms_code.delay(mobile, sms_code) # 响应结果 return http.JsonResponse({'code': RETCODE.OK, 'errmsg': '发送短信成功'})
def post(self, request): """美多商城用户绑定到openid""" # 1.接收参数 mobile = request.POST.get('mobile') pwd = request.POST.get('password') sms_code_client = request.POST.get('sms_code') openid = request.POST.get('openid') # 2.判空正则校验 图片验证 短信验证 # 判断参数是否齐全 if not all([mobile, pwd, sms_code_client]): return http.HttpResponseForbidden('缺少必传参数') # 判断手机号是否合法 if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 判断密码是否合格 if not re.match(r'^[0-9A-Za-z]{8,20}$', pwd): return http.HttpResponseForbidden('请输入8-20位的密码') # # 判断短信验证码是否一致 # redis_conn = get_redis_connection('sms_code') # sms_code_server = redis_conn.get('sms_%s' % mobile) # if sms_code_server is None: # return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'}) # if sms_code_client != sms_code_server.decode(): # return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'}) # # 解密出openid 再判断openid是否有效 # openid = SecretOauth().loads(openid).get('openid') # if not openid: # return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'}) # 3.判断user是否存在 try: user = User.objects.get(mobile=mobile) except Exception as e: # 没注册--> 新注册一个 user = User.objects.create_user(username=mobile, mobile=mobile, password=pwd) else: # 注册了--> 校验密码 if not user.check_password(pwd): return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'}) # 4.绑定openid try: OAuthQQUser.objects.create(user=user, openid=openid) except Exception as e: return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'}) # 5.重定向到首页 # 保持登录状态 login(request, user) # 重定向到首页 设置首页用户名 response = redirect(reverse('contents:index')) # 购物车合并 # cookie--未登录--笔记本1 黄色2 黑色3 银色1 # redis----登录---笔记本3 黄色2 黑色1 # 合并结果--- 1 2 3 1 response = merge_cart_cookie_to_redis(request, user, response) response.set_cookie('username', user.username, max_age=24 * 14 * 3600) return response
def preview(request, pk): symbols_upload = get_object_or_404(models.SymbolsUpload, pk=pk) if not request.user.is_superuser: if symbols_upload.user != request.user: return http.HttpResponseForbidden('Not yours') return http.HttpResponse(symbols_upload.content, content_type='text/plain')
def get(self, request, *args, **kwargs): if not request.user.is_staff: return http.HttpResponseForbidden() return super(RegistryView, self).get(request, *args, **kwargs)
def post(self, request): """注册逻辑""" # 接收请求体表单数据 query_dict = request.POST # 获取 username password password2 mobile sms_code allow username = query_dict.get('username') password = query_dict.get('password') password2 = query_dict.get('password2') mobile = query_dict.get('mobile') sms_code_client = query_dict.get('sms_code') allow = query_dict.get( 'allow' ) # 没有指定复选框中的value时如果勾选 'on', 没勾选None 如果前端指定了value值勾选就传递的是value中的值 # 校验 # if all(query_dict.dict().values()): # 判断里面可迭代对象中的每个元素是否有为None '', {}, [], False,如果有就返回False if all([username, password, password2, mobile, sms_code_client, allow ]) is False: return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^[a-zA-Z0-9_-]{5,20}$', username): return http.HttpResponseForbidden('请输入5-20个字符的用户名') if not re.match(r'^[0-9A-Za-z]{8,20}$', password): return http.HttpResponseForbidden('请输入8-20位的密码') if password != password2: return http.HttpResponseForbidden('两次密码输入的不一致') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('请输入正确的手机号码') # 短信验证码校验后期补充 # 创建redis连接对象 redis_conn = get_redis_connection('verify_code') # 获取短信验证码 sms_code_server = redis_conn.get('sms_code_%s' % mobile) # 让短信验证码只能用一次 redis_conn.delete('sms_code_%s' % mobile) # 判断是否过期 if sms_code_server is None: return http.HttpResponseForbidden('短信验证码过期') # 判断用户短信验证码是否输入正确 if sms_code_client != sms_code_server.decode(): return http.HttpResponseForbidden('短信验证码输入错误') # 创建一个新用户 # user = User.objects.create(password=password) # user.set_password(password) # user.save() user = User.objects.create_user(username=username, password=password, mobile=mobile) # 状态保持(记录用户登录状态) login(request, user) response = redirect('/') # redirect 重定向 response.set_cookie('username', user.username, max_age=settings.SESSION_COOKIE_AGE) # 用户注册成功即代表登录成功 # 响应,重定向到首页 # return http.HttpResponse('注册成功,跳转到首页') return response
def wrapper(request, *args, **kw): if acl.action_allowed(request, 'Editors', '%'): return func(request, *args, **kw) else: return http.HttpResponseForbidden()
def post(self, request): # 判断用户收货地址上限 不能多于20个 user = request.user # 查询当前登录用户未逻辑删除的收货地址数量 count = Address.objects.filter(user=user, is_deleted=False).count() # user.addresses.filter(is_deleted=False).count() if count >= 20: return http.JsonResponse({ 'code': RETCODE.MAXNUM, 'errmsg': '收货地址超限' }) # 接收请求体数据 json_dict = json.loads(request.body.decode()) title = json_dict.get('title') receiver = json_dict.get('receiver') province_id = json_dict.get('province_id') city_id = json_dict.get('city_id') district_id = json_dict.get('district_id') place = json_dict.get('place') mobile = json_dict.get('mobile') tel = json_dict.get('tel') email = json_dict.get('email') # 校验 if all([ title, receiver, province_id, city_id, district_id, place, mobile ]) is False: return http.HttpResponseForbidden('缺少必传参数') if not re.match(r'^1[3-9]\d{9}$', mobile): return http.HttpResponseForbidden('参数mobile有误') if tel: if not re.match( r'^(0[0-9]{2,3}-)?([2-9][0-9]{6,7})+(-[0-9]{1,4})?$', tel): return http.HttpResponseForbidden('参数tel有误') if email: if not re.match( r'^[a-z0-9][\w\.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$', email): return http.HttpResponseForbidden('参数email有误') # try: # Area.objects.get(id=province_id) # 新增 try: address = Address.objects.create(user=user, title=title, receiver=receiver, province_id=province_id, city_id=city_id, district_id=district_id, place=place, mobile=mobile, tel=tel, email=email) except DatabaseError as e: logger.error(e) return http.HttpResponseForbidden('添加收货地址失败') # 如果用户还没有默认收货地址,把当前新增的收货地址设置为用户的默认收货地址 if user.default_address is None: user.default_address = address user.save() # 把新增的address模型对象转换成字典,并响应给前端 address_dict = { 'id': address.id, 'title': address.title, 'receiver': address.receiver, 'province_id': address.province_id, 'province': address.province.name, 'city_id': address.city_id, 'city': address.city.name, 'district_id': address.district_id, 'district': address.district.name, 'place': address.place, 'mobile': address.mobile, 'tel': address.tel, 'email': address.email, } return http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': '添加收货地址成功', 'address': address_dict })
def record(request): # The rate limiting is done up on the client, but if things go wrong # we can just turn the percentage down to zero. if get_collect_timings(): return django_statsd_record(request) return http.HttpResponseForbidden()
def post(self, request): """保存订单信息和订单商品信息""" #获取当前要保存的订单数据 json_dict = json.loads(request.body.decode()) address_id = json_dict.get('address_id') pay_method = json_dict.get('pay_method') #校验参数 if not all([address_id, pay_method]): return http.HttpResponseForbidden('缺少必传参数') #判断address_id是否正确 try: address = Address.objects.get(id=address_id) except Exception: return http.HttpResponseForbidden('参数address_id错误') #判断pay_method是否正确 if pay_method not in [ OrderInfo.PAY_METHODS_ENUM['CASH'], OrderInfo.PAY_METHODS_ENUM['ALIPAY'] ]: return http.HttpResponseForbidden('参数pay_method错误') # 开启一个事务 with transaction.atomic(): # 创建事务保存点 save_id = transaction.savepoint() # 暴力回滚 try: #获取登陆用户 user = request.user #生成订单编号:年月日时分秒+用户编号 order_id = timezone.localtime().strftime('%Y%m%d%H%M%S') + ( '%09d' % user.id) #保存订单基本信息 OrderInfo(一) order = OrderInfo.objects.create( order_id=order_id, user=user, address=address, total_count=0, total_amount=Decimal('0'), freight=Decimal('10.00'), pay_method=pay_method, status=OrderInfo.ORDER_STATUS_ENUM['UNPAID'] if pay_method == OrderInfo.PAY_METHODS_ENUM['ALIPAY'] else OrderInfo.ORDER_STATUS_ENUM['UNSEND']) # 从 redis 读取购物车中被勾选的商品信息 redis_conn = get_redis_connection('carts') item_dict = redis_conn.hgetall('carts_%s' % user.id) cart_selected = redis_conn.smembers('selected_%s' % user.id) carts = {} for sku_id in cart_selected: carts[int(sku_id)] = int(item_dict[sku_id]) #获取选中山东商品id: sku_ids = carts.keys() #遍历购物车中被勾选的商品信息 for sku_id in sku_ids: # TODO1: 增加的代码: 增加一个死循环 while True: #查询SKU信息 sku = SKU.objects.get(id=sku_id) # TODO2: 增加的代码: 读取原始库存 origin_stock = sku.stock origin_sales = sku.sales #判断SKU库存 sku_count = carts[sku.id] if sku_count > sku.stock: # 出错就回滚 transaction.savepoint_rollback(save_id) return http.JsonResponse({ 'code': RETCODE.STOCKERR, 'errmsg': '库存不足' }) # TODO3: 增加的代码: 乐观锁更新库存和销量 # 计算差值 new_stock = origin_stock - sku_count new_sales = origin_sales + sku_count result = SKU.objects.filter(id=sku_id, stock=origin_stock).update( stock=new_stock, sales=new_sales) # 如果下单失败,但是库存足够时, # 继续下单,直到下单成功或者库存不足为止 if result == 0: continue #SKU减少库存,增加销量 sku.stock -= sku_count sku.sales += sku_count sku.save() #修改SPU销量 sku.goods.sales += sku_count sku.goods.save() #保存订单商品信息 OrderGoods(多) OrderGoods.objects.create(order=order, sku=sku, count=sku_count, price=sku.price) #保存订单商品中总价和总数量 order.total_count += sku_count order.total_amount += (sku_count * sku.price) # TODO4: 增加的代码: # 下单成功或者失败就跳出循环 break #添加邮费和保存订单信息 order.total_amount += order.freight order.save() except Exception as e: logger.error(e) transaction.savepoint_rollback(save_id) return http.JsonResponse({ 'code': RETCODE.DBERR, 'errmsg': '下单失败' }) #提交订单成功,提交一次事务 transaction.savepoint_commit(save_id) # 清除购物车中已结算的商品 pl = redis_conn.pipeline() pl.hdel('carts_%s' % user.id, *cart_selected) pl.srem('selected_%s' % user.id, *cart_selected) pl.execute() # 响应提交订单结果 return http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': '下单成功', 'order_id': order.order_id })
def post(self, request): """保存订单信息和订单商品信息""" # 获取当前要保存的订单数据 json_dict = json.loads(request.body.decode()) address_id = json_dict.get('address_id') pay_method = json_dict.get('pay_method') # 校验参数 user = request.user if not user.is_authenticated: return http.HttpResponseForbidden('缺少必传参数') if not all([address_id, pay_method]): return http.HttpResponseForbidden('缺少必传参数') # 判断address_id是否合法 try: # address = Address.objects.get(id=address_id) address = Address.objects.get(id=address_id) except Exception: return http.HttpResponseForbidden('参数address_id错误') # 判断pay_method是否合法 # if pay_method not in [OrderInfo.PAY_METHODS_ENUM['CASH'], OrderInfo.PAY_METHODS_ENUM['ALIPAY']]: # return http.HttpResponseForbidden('参数pay_method错误') if pay_method not in [OrderInfo.PAY_METHODS_ENUM['CASH'], OrderInfo.PAY_METHODS_ENUM['ALIPAY']]: return http.HttpResponseForbidden('参数pay_method错误') with transaction.atomic(): tra1 = transaction.savepoint() try: date = time.localtime()[0:-1] date = ''.join([str(i) for i in date]) order_id = date + '%09d'%user.id orderinfo = OrderInfo.objects.create( order_id=order_id, user = user, address = address, total_count = 0, total_amount = Decimal(0.00), freight = Decimal(10.00), pay_method = pay_method, status = OrderInfo.ORDER_STATUS_ENUM['UNPAID'] if pay_method == OrderInfo.PAY_METHODS_ENUM['ALIPAY'] else OrderInfo.ORDER_STATUS_ENUM['UNSEND']) conn_redis = get_redis_connection('carts') str_dict = conn_redis.hgetall('carts_%s'%user.id) str_list = conn_redis.smembers('selected_%s' % user.id) for sku_id in str_list: while True: count = int(str_dict[sku_id]) sku = SKU.objects.get(id=sku_id) if count> sku.stock: transaction.rollback(using=tra1) return http.JsonResponse({'code':1, 'errmsg':'error'}) reault = SKU.objects.get(id=sku_id, stock=sku.stock).update(stock=sku.stock-count,sales=sku.sales+count) if reault == 0: continue # sku.stock -= count # sku.save() # sku.spu.sales += count # sku.spu.save() # sku.goods.sales += count # sku.goods.save() OrderGoods.objects.create(order = orderinfo, sku = sku, count = count, price = sku.price) orderinfo.total_amount += sku.price*count orderinfo.total_count += count break orderinfo.total_count += 10 orderinfo.save() except Exception as e: print(e) transaction.rollback(tra1) return http.JsonResponse({'code': 1, 'errmsg': 'e'}) transaction.savepoint_commit(tra1) return http.JsonResponse({'code': 0, 'errmsg': '下单成功', 'order_id': orderinfo.order_id})
def _wrapped(request, *a, **kw): try: status = 200 headers = {} ret = f(request, *a, **kw) if isinstance(ret, tuple): if len(ret) == 3: ret, status, headers = ret else: ret, status = ret # Some errors are not exceptions. :\ if isinstance(ret, http.HttpResponseNotAllowed): blob = _dump_json({ 'error': 405, 'message': 'HTTP method not allowed.' }) return http.HttpResponse(blob, status=405, content_type=JSON) # Allow HttpResponses to go straight through. if isinstance(ret, http.HttpResponse): return ret blob = _dump_json(ret) response = http.HttpResponse(blob, status=status, content_type=content_type) for k in headers: response[k] = headers[k] return response except http.Http404 as e: blob = _dump_json({ 'error': 404, 'message': compat.text_type(e), }) logger.warning('Not found: %s', request.path, extra={ 'status_code': 404, 'request': request, }) return http.HttpResponseNotFound(blob, content_type=JSON) except PermissionDenied as e: logger.warning('Forbidden (Permission denied): %s', request.path, extra={ 'status_code': 403, 'request': request, }) blob = _dump_json({ 'error': 403, 'message': compat.text_type(e), }) return http.HttpResponseForbidden(blob, content_type=JSON) except BadRequest as e: blob = _dump_json({ 'error': 400, 'message': compat.text_type(e), }) return http.HttpResponseBadRequest(blob, content_type=JSON) except Exception as e: exc_data = { 'error': 500, 'message': 'An error occurred', } if settings.DEBUG: exc_data['message'] = compat.text_type(e) exc_data['traceback'] = traceback.format_exc() blob = _dump_json(exc_data) # Generate the usual 500 error email with stack trace and full # debugging information logger.error('Internal Server Error: %s', request.path, exc_info=True, extra={ 'status_code': 500, 'request': request }) # Here we lie a little bit. Because we swallow the exception, # the BaseHandler doesn't get to send this signal. It sets the # sender argument to self.__class__, in case the BaseHandler # is subclassed. got_request_exception.send(sender=BaseHandler, request=request) return http.HttpResponseServerError(blob, content_type=JSON)
def put(self, request): json_dict = json.loads(request.body.decode()) sku_id = json_dict.get('sku_id') count = json_dict.get('count') selected = json_dict.get('selected') if all([sku_id, count]) is False: return http.HttpResponseForbidden('缺少必传参数') try: sku_model = SKU.objects.get(id=sku_id) except SKU.DoesNotExist: return http.HttpResponseForbidden('sku_id不存在') try: count = int(count) except Exception: return http.HttpResponseForbidden('类型有误') if isinstance(selected, bool) is False: return http.HttpResponseForbidden('类型有误') user = request.user if user.is_authenticated: redis_conn = get_redis_connection('carts') pl = redis_conn.pipeline() pl.hset('carts_%s' % user.id, sku_id, count) if selected: pl.sadd('selected_%s' % user.id, sku_id) else: pl.srem('selected_%s' % user.id, sku_id) pl.execute() cart_sku = { 'id': sku_model.id, 'name': sku_model.name, 'price': str(sku_model.price), 'default_image_url': sku_model.default_image.url, 'selected': selected, 'count': count, 'amount': str(sku_model.price * count) } response = http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': '修改购物车数据成功', 'cart_sku': cart_sku }) return response else: cart_str = request.COOKIES.get('carts') if cart_str: cart_dict = pickle.loads(base64.b64decode(cart_str.encode())) else: return http.JsonResponse({ 'code': RETCODE.DBERR, 'errmsg': 'cookie数据没有获取到' }) """ { 16: {'count': 2, 'selected': True} } """ cart_dict[sku_id] = {'count': count, 'selected': selected} cart_str = base64.b64encode(pickle.dumps(cart_dict)).decode() cart_sku = { 'id': sku_model.id, 'name': sku_model.name, 'price': str(sku_model.price), 'default_image_url': sku_model.default_image.url, 'selected': selected, 'count': count, 'amount': str(sku_model.price * count) } response = http.JsonResponse({ 'code': RETCODE.OK, 'errmsg': '修改购物车数据成功', 'cart_sku': cart_sku }) response.set_cookie('carts', cart_str) return response
def post(self, request): ''' 接收用户发过来的注册信息, 保存到mysql :param request: :return: ''' # 1.接收参数 username = request.POST.get('username') password = request.POST.get('password') password2 = request.POST.get('password2') mobile = request.POST.get('mobile') allow = request.POST.get('allow') sms_code_client = request.POST.get('sms_code') # 2.检验参数(总体检验 + 单个检验) if not all([username, password, password2, mobile, allow]): return http.HttpResponseForbidden('缺少必传参数') # 单个检验 if not re.match(r'^[a-zA-Z0-9_-]{5,20}$', username): return http.HttpResponseForbidden('用户名不符合5-20位的格式') if not re.match(r'^[a-zA-Z0-9]{8,20}$', password): return http.HttpResponseForbidden('密码不符合8-20位的格式') if password != password2: return http.HttpResponseForbidden('两次输入密码不一致') if not re.match(r'^1[3456789]\d{9}$', mobile): return http.HttpResponseForbidden('手机号不符合') if allow != 'on': return http.HttpResponseForbidden('请勾选用户协议') # 2.1 链接redis redis_conn = get_redis_connection('verify_code') # 2.2 获取redis中的短信验证码 sms_code_server = redis_conn.get('sms_code_%s' % mobile) if sms_code_server is None: return render(request, 'register.html', {'sms_code_errmsg': '无效的短信验证码'}) # 2.3 判断两个验证码是否一致 if sms_code_server.decode() != sms_code_client: return render(request, 'register.html', {'sms_code_errmsg': '前端输入的短信验证码有误'}) # 3.往mysql存(User) try: user = User.objects.create_user(username=username, password=password, mobile=mobile) except DatabaseError: return render(request, 'register.html', {'register_errmsg': '保存数据失败'}) # 保持状态: login(request, user) response = redirect(reverse('contents:index')) # 往cookie中写入username response.set_cookie('username', user.username, max_age=3600 * 24 * 15) # 4.返回结果 # return http.HttpResponse('保存成功,跳转到首页') return response
def process_request(self, request): referer_url = request.META.get('HTTP_REFERER','') for allowed_referer in settings.ALLOWED_REFERER_URL: if referer_url.startswith(allowed_referer): return None return http.HttpResponseForbidden('<h1>Forbidden</h1>')
def status(request, addon_id, addon): appeal_form = forms.AppAppealForm(request.POST, product=addon) upload_form = NewWebappVersionForm(request.POST or None, is_packaged=True, addon=addon, request=request) publish_form = forms.PublishForm( request.POST if 'publish-app' in request.POST else None, addon=addon) if request.method == 'POST': if 'resubmit-app' in request.POST and appeal_form.is_valid(): if not addon.is_rated(): # Cannot resubmit without content ratings. return http.HttpResponseForbidden( 'This app must obtain content ratings before being ' 'resubmitted.') appeal_form.save() create_comm_note(addon, addon.latest_version, request.user, appeal_form.data['notes'], note_type=comm.RESUBMISSION) if addon.vip_app: handle_vip(addon, addon.latest_version, request.user) messages.success(request, _('App successfully resubmitted.')) return redirect(addon.get_dev_url('versions')) elif 'upload-version' in request.POST and upload_form.is_valid(): upload = upload_form.cleaned_data['upload'] ver = Version.from_upload(upload, addon) # Update addon status now that the new version was saved. addon.update_status() res = run_validator(ver.all_files[0].file_path) validation_result = json.loads(res) # Escalate the version if it uses prerelease permissions. escalate_prerelease_permissions(addon, validation_result, ver) # Set all detected features as True and save them. keys = [ 'has_%s' % feature.lower() for feature in validation_result['feature_profile'] ] data = defaultdict.fromkeys(keys, True) # Set "Smartphone-Sized Displays" if it's a mobile-only app. qhd_devices = (set((mkt.DEVICE_GAIA, )), set( (mkt.DEVICE_MOBILE, )), set(( mkt.DEVICE_GAIA, mkt.DEVICE_MOBILE, ))) mobile_only = (addon.latest_version and addon.latest_version.features.has_qhd) if set(addon.device_types) in qhd_devices or mobile_only: data['has_qhd'] = True # Update feature profile for this version. ver.features.update(**data) messages.success(request, _('New version successfully added.')) log.info('[Webapp:%s] New version created id=%s from upload: %s' % (addon, ver.pk, upload)) if addon.vip_app: handle_vip(addon, ver, request.user) return redirect(addon.get_dev_url('versions.edit', args=[ver.pk])) elif 'publish-app' in request.POST and publish_form.is_valid(): publish_form.save() return redirect(addon.get_dev_url('versions')) ctx = { 'addon': addon, 'appeal_form': appeal_form, 'is_tarako': addon.tags.filter(tag_text=QUEUE_TARAKO).exists(), 'publish_form': publish_form, 'upload_form': upload_form, } # Used in the delete version modal. if addon.is_packaged: versions = addon.versions.values('id', 'version') version_strings = dict((v['id'], v) for v in versions) version_strings['num'] = len(versions) ctx['version_strings'] = json.dumps(version_strings) if addon.status == mkt.STATUS_REJECTED: try: entry = (AppLog.objects.filter( addon=addon, activity_log__action=mkt.LOG.REJECT_VERSION.id).order_by( '-created'))[0] except IndexError: entry = None # This contains the rejection reason and timestamp. ctx['rejection'] = entry and entry.activity_log return render(request, 'developers/apps/status.html', ctx)
def download(request): if request.user.is_authenticated: return http.HttpResponseForbidden( content="Forbidden; Please access downloadable resources directly") else: return http.HttpResponseForbidden(content="Forbidden; Please Login")
def post(self, request): """添加购物车""" # 接受 校验参数 json_dict = json.loads(request.body.decode()) sku_id = json_dict.get('sku_id') count = json_dict.get('count') selected = json_dict.get('selected', True) if not all([sku_id, count]): return http.HttpResponseForbidden('缺少必传参数') try: SKU.objects.get(id=sku_id) except SKU.DoseNotExist: return http.HttpResponseForbidden('sku_id不正确') # 判断counts是否是数字 try: count = int(count) except Exception as e: logger.error(e) return http.HttpResponseForbidden('count不正确') if selected: if not isinstance(selected, bool): return http.HttpResponseForbidden('selected不正确') # 判断用户书否登陆 user = request.user if user.is_authenticated: # 用户登陆的话操作 redis 购物车 # carts_user_id: {sku_id1: count, sku_id3: count, sku_id5: count, ...} # selected_user_id: [sku_id1, sku_id3, ...] redis_conn = get_redis_connection('carts') pl = redis_conn.pipeline() # 新增购物车数据 # 当要添加到购物车的商品已存在时,对商品数量进行累加计算。 # 当要添加到购物车的商品不存在时,向hash中新增field和value即可。 # 这里hincrby:主动count+1,hash 结构 键 属性 值 pl.hincrby('carts_%s' % user.id, sku_id, count) # 新增选中的状态 if selected: pl.sadd('selected_%s' % user.id, sku_id) pl.execute() return http.JsonResponse({'code': RETCODE.OK, 'errmsg': 'ok'}) else: # 用户未登录的话操作 cookie 购物车 """ { 11: { "count": "1", "selected": "True" }, 22: { "count": "3", "selected": "True" }, } """ cart_str = request.COOKIES.get('carts') # 如果操作过cookie购物车 if cart_str: # 转成字典数据 cart_dict = str_to_dict(cart_str) # 没有操作的话 else: cart_dict = {} # 判断要加入的购物车商品是否已经存在在购物车中 # 当要添加到购物车的商品已存在时,对商品数量进行累加计算。 if sku_id in cart_dict.keys(): origin_count = cart_dict.get(sku_id).get('count') count += origin_count # 当要添加到购物车的商品不存在时,向JSON中新增field和value即可。 cart_dict[sku_id] = {'count': count, 'selected': selected} # 把dict数据序列化 cookie_cart_str = dict_to_str(cart_dict) # 设置到cookie中 response = http.JsonResponse({'code': RETCODE.OK, 'errmsg': 'ok'}) response.set_cookie('carts', cookie_cart_str) return response
def updateDatabaseCSV(request): if request.user.is_authenticated: if request.method == "POST": _file = request.FILES['file'] _dest = './temp/{}_{}'.format(request.user, int(time.time())) # Preliminary check on document validate_file = FileValidator( max_size=52428800, content_types=('text/plain', 'text/csv')) # 52428800 B = 50 MiB try: validate_file(_file) except ValidationError as e: return http.HttpResponse(status=500, content=e) if not os.path.exists('./temp'): try: os.makedirs('./temp') except OSError as e: return http.HttpResponse(status=500, content=e) try: with open(_dest + ".csv", 'wb+') as destination: for chunk in _file.chunks(): destination.write(chunk) # https://stackoverflow.com/a/4992124/3211506 (Does not catch KeyboardInterrupt, etc.) except Exception as e: # Remove file if exists if os.path.isfile(_dest + ".csv"): os.remove(_dest + ".csv") return http.HttpResponse(status=500, content=e) # Import the CSV # delete = True, and no log files since we don't want to clog up the server di = importCSV.DatabaseImporter(_dest + ".csv", request.user.username, True, None) try: di.parse() except (importCSV.ImporterError, AssertionError) as e: di.clean() return http.HttpResponse(status=500, content=e) except Exception as e: di.clean() return http.HttpResponse( status=500, content="Unknown Parsing/Update Error: {}".format(e)) di.clean() return http.HttpResponse(content="OK") else: # If not POST, we generate a template for the csv m = mapping.Mapping() _csvT = m.generateTemplate() # https://stackoverflow.com/a/1158750/3211506 _res = http.HttpResponse(content=_csvT, content_type='text/csv') _res['Content-Disposition'] = 'attachment; filename={}'.format( smart_str("template.csv")) return _res else: return http.HttpResponseForbidden(content="Forbidden; Please Login")
def _wrapped(request, *a, **kw): try: status = 200 headers = {} ret = f(request, *a, **kw) if isinstance(ret, tuple): if len(ret) == 3: ret, status, headers = ret else: ret, status = ret # Some errors are not exceptions. :\ if isinstance(ret, http.HttpResponseNotAllowed): blob = json.dumps({ 'error': 405, 'message': 'HTTP method not allowed.' }) return http.HttpResponse(blob, status=405, content_type=JSON) blob = json.dumps(ret) response = http.HttpResponse(blob, status=status, content_type=JSON) for k in headers: response[k] = headers[k] return response except http.Http404 as e: blob = json.dumps({ 'error': 404, 'message': unicode(e), }) logger.warning('Not found: %s', request.path, extra={ 'status_code': 404, 'request': request, }) return http.HttpResponseNotFound(blob, content_type=JSON) except PermissionDenied as e: logger.warning('Forbidden (Permission denied): %s', request.path, extra={ 'status_code': 403, 'request': request, }) blob = json.dumps({ 'error': 403, 'message': unicode(e), }) return http.HttpResponseForbidden(blob, content_type=JSON) except BadRequest as e: blob = json.dumps({ 'error': 400, 'message': unicode(e), }) return http.HttpResponseBadRequest(blob, content_type=JSON) except Exception as e: blob = json.dumps({ 'error': 500, 'message': unicode(e), }) logger.exception(unicode(e)) # Here we lie a little bit. Because we swallow the exception, the # BaseHandler doesn't get to send this signal. It sets the sender # argument to self.__class__, in case the BaseHandler is # subclassed. got_request_exception.send(sender=BaseHandler, request=request) return http.HttpResponseServerError(blob, content_type=JSON)
def process_request(self, request): """ Check for denied User-Agents and rewrite the URL based on settings.APPEND_SLASH and settings.PREPEND_WWW """ # Check for denied User-Agents if 'HTTP_USER_AGENT' in request.META: for user_agent_regex in settings.DISALLOWED_USER_AGENTS: if user_agent_regex.search(request.META['HTTP_USER_AGENT']): logger.warning('Forbidden (User agent): %s', request.path, extra={ 'status_code': 403, 'request': request }) return http.HttpResponseForbidden('<h1>Forbidden</h1>') # Check for a redirect based on settings.APPEND_SLASH # and settings.PREPEND_WWW host = request.get_host() old_url = [host, request.path] new_url = old_url[:] if (settings.PREPEND_WWW and old_url[0] and not old_url[0].startswith('www.')): new_url[0] = 'www.' + old_url[0] # Append a slash if APPEND_SLASH is set and the URL doesn't have a # trailing slash and there is no pattern for the current path if settings.APPEND_SLASH and (not old_url[1].endswith('/')): urlconf = getattr(request, 'urlconf', None) if (not urlresolvers.is_valid_path(request.path_info, urlconf) and urlresolvers.is_valid_path("%s/" % request.path_info, urlconf)): new_url[1] = new_url[1] + '/' if settings.DEBUG and request.method == 'POST': raise RuntimeError(( "" "You called this URL via POST, but the URL doesn't end " "in a slash and you have APPEND_SLASH set. Django can't " "redirect to the slash URL while maintaining POST data. " "Change your form to point to %s%s (note the trailing " "slash), or set APPEND_SLASH=False in your Django " "settings.") % (new_url[0], new_url[1])) if new_url == old_url: # No redirects required. return if new_url[0]: newurl = "%s://%s%s" % (request.scheme, new_url[0], urlquote(new_url[1])) else: newurl = urlquote(new_url[1]) if request.META.get('QUERY_STRING', ''): if six.PY3: newurl += '?' + request.META['QUERY_STRING'] else: # `query_string` is a bytestring. Appending it to the unicode # string `newurl` will fail if it isn't ASCII-only. This isn't # allowed; only broken software generates such query strings. # Better drop the invalid query string than crash (#15152). try: newurl += '?' + request.META['QUERY_STRING'].decode() except UnicodeDecodeError: pass return http.HttpResponsePermanentRedirect(newurl)