def kf_group_interfaces_manage_ban_profile(group_id, kick_id, profile_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
selectResult = model.member.select().where(
(model.member.group == group_id) &
(model.member.user == kick_id) &
(model.member.is_disabled == False)
)
if not selectResult:
raise Exceptions.InvalidRequestData()
selectResult = selectResult.get()
profile = model.profile.select().where(
(model.profile.uuid == profile_id) &
(model.profile.createby == user_uuid)
)
if not profile:
raise Exceptions.InvalidRequestData()
ban = model.banner(
user=kick_id,
profile=profile.get().profile_id,
create_time=datetime.datetime.now(),
group=group_id,
until=datetime.datetime.fromtimestamp(
time.time() + float(int(data.get("after"))))
)
ban.save()
return Response(status=204)
def kf_group_interfaces_report_join(group_id):
if not request.is_json:
raise Exceptions.InvalidToken()
data = request.json
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
if not model.group.select().where(model.group.uuid == group_id):
raise Exceptions.InvalidToken()
group = G.get_group(group_id)
if group.joinway not in ["public_join", "public_join_review"]:
raise Exceptions.InvalidToken()
if model.member.select().where(
(model.member.is_disabled == False) &
(model.member.user == user_uuid) &
(model.member.group == group.id)
):
raise Exceptions.InvalidToken()
if group.joinway == "public_join":
new = model.member(user=user_uuid, group=group_id,
permission="common_user")
new.save()
return Response(json.dumps(model.kf_format_group_public(group)), mimetype='application/json; charset=utf-8')
if group.joinway == "public_join_review":
review = model.review(user=user_uuid, group=group.id)
review.save()
return Response(json.dumps({
"reviewId": review.id
}), mimetype='application/json; charset=utf-8')
if group.joinway == 'private':
raise Exceptions.InvalidToken()
def kf_group_interfaces_manager_checkjoin_length(group_id, extra=None):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
if not extra:
length = model.review.select().where(
(model.review.group == group_id)
).count()
else:
if extra not in ["non-enabled", "enabled", "accessed", "non-accessed"]:
raise Exceptions.InvalidRequestData()
length = model.review.select().where(
(model.review.group == group_id) &
{
"non-enabled": (model.review.isEnable == False),
"enabled": (model.review.isEnable == True),
"accessed": (model.review.isAccessed == True),
"non-accessed": (model.review.isAccessed == False)
}[extra]
).count()
return Response(json.dumps({
"length": length
}), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_create():
if request.is_json:
data = request.json
name = data.get("name")
joinway = data.get("joinway", "public_join")
if joinway not in ["public_join", "public_join_review", "private"]:
raise Exceptions.InvalidToken()
if not re.match(r"[a-zA-Z0-9\u4E00-\u9FA5_-]{4,16}$", name):
raise Exceptions.InvalidToken()
if model.group.select().where(model.group.name == name):
raise Exceptions.InvalidToken()
accessToken = data.get("accessToken")
clientToken = data.get("clientToken")
if not accessToken:
raise Exceptions.InvalidToken()
if Token.is_validate_strict(accessToken, clientToken):
raise Exceptions.InvalidToken()
token = Token.gettoken_strict(accessToken, clientToken)
user_uuid = model.getuser_uuid(token.get("user")).uuid
new_group = model.group(name=name, creater=user_uuid, manager=user_uuid,
create_date=datetime.datetime.now(), joinway=joinway)
new_group.save()
new_manager = model.member(
user=user_uuid, group=new_group.id, permission="super_manager")
return Response(json.dumps({
"groupId": new_group.uuid,
"timestamp": new_group.create_date.timestamp()
}), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_checkban(group_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
try:
page = int(data.get("range", 1))
except ValueError:
return Response(json.dumps({
'error': "ForbiddenOperationException",
'errorMessage': "Invalid request args."
}), status=403, mimetype='application/json; charset=utf-8')
return Response(json.dumps([
(lambda x: {
"create": x.create_time.timestamp(),
"until": x.until.timestamp(),
"length": x.until.timestamp() - x.create_time.timestamp(),
["user", "profile"][bool(x.profile)]: [x.profile, x.user][bool(x.profile)],
"uuid": x.user
})(i) for i in model.banner.select().where(model.banner.group == group_id)[15*(page - 1):15 * page]
]), mimetype='application/json; charset=utf-8')
def kf_message_alreadyRead():
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
return Response(json.dumps([{
"title": i.title,
"body": i.body
} for i in model.message.select().where((model.message.to == user_uuid) & (model.message.is_read == True))]), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_list():
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
Response(json.dumps([(lambda x:{
"id": x.id,
"name": x.name,
"create_date": x.create_date.timestamp()
})(i) for i in model.member.select().where(
(model.member.is_disabled == False) &
(model.member.user == user_uuid)
)]), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_manager_down(group_id, user_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
G.is_super_manager(group_id, user_id)
selectResult = G.isManager(group_id, user_id)
selectResult.permission = "common_user"
selectResult.managedown_number += 1
selectResult.save()
return Response(status=204)
def kf_group_interfaces_manage_setting_change(group_id, setting_name):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
group = G.get_group(group_id)
manager = G.isManager(group_id, user_uuid)
if setting_name not in [
"joinway", "name", "enable_yggdrasil", "enable_invite",
"enable_public_joinhistory", "enable_public_memberlist"
]:
raise Exceptions.InvalidRequestData()
value = data.get("change_value")
if setting_name == "joinway":
if value not in ["public_join", "public_join_review", "private"]:
raise Exceptions.InvalidRequestData()
group.joinway = value
if setting_name == "name":
if not re.match(r"[a-zA-Z0-9\u4E00-\u9FA5_-]{4,16}$", value):
raise Exceptions.InvalidRequestData()
group.name = value
if setting_name == "enable_yggdrasil":
if not type(value) == bool:
raise Exceptions.InvalidRequestData()
group.enable_yggdrasil = value
if setting_name == "enable_invite":
if not type(value) == bool:
raise Exceptions.InvalidRequestData()
group.enable_invite = value
if setting_name == "enable_public_joinhistory":
if not type(value) == bool:
raise Exceptions.InvalidRequestData()
group.enable_public_joinhistory = value
if setting_name == "enable_public_memberlist":
if not type(value) == bool:
raise Exceptions.InvalidRequestData()
group.enable_public_memberlist = value
group.save()
return Response(status=204)
def kf_group_interfaces_manage(group_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = model.member.select().where(
(model.member.group == group_id) &
(model.member.user == user_uuid) &
(model.member.is_disabled == False)
)
if not selectResult:
raise Exceptions.InvalidToken()
selectResult = selectResult.get()
return Response(status=[403, 204][selectResult.permission in ['manager', 'super_manager']])
def kf_group_interfaces_manage_checkjoin_non_accessed(group_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
return Response(json.dumps([(lambda x: {
"id": x.id,
"user": x.user,
"time": x.time.timestamp(),
"enabled": x.isEnabled,
})(i) for i in model.review.select().where(
(model.review.group == group_id) &
(model.review.isAccessed == False)
)]), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_setting(group_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
group = G.get_group(group_id)
selectResult = G.isManager(group_id, user_uuid)
return Response(json.dumps({
"name": group.name,
"joinway": group.joinway,
"enable": {
"yggdrasil": group.enable_yggdrasil,
"invite": group.enable_invite,
"public_joinhistory": group.enable_public_joinhistory,
"public_memberlist": group.enable_public_memberlist
}
}), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_checkjoin_refuse(group_id, review_id):
data = G.autodata(request)
token = G.auto_verify(request)
user = model.getuser_uuid(token.get("user"))
user_uuid = user.uuid
group = G.get_group(group_id)
manager = G.isManager(group_id, user_uuid)
selectResult = model.review.select().where(
(model.review.id == review_id) &
(model.review.group == group_id)
)
if not selectResult:
raise Exceptions.InvalidToken()
selectResult = selectResult.get()
if selectResult.isEnable != True:
raise Exceptions.InvalidRequestData()
selectResult.isEnable = False
selectResult.isAccessed = False
for i in model.member.select().where(
(model.member.group == selectResult.group) &
((model.member.permission == "manager") | (model.member.permission == "super_manager")) &
(model.member.is_disabled == True) &
(model.member.user != manager.uuid)
):
model.message(
to=i.user,
title="用户 %(user)s 面向组 %(group)s 的加组申请被拒绝" % (
[user.uuid, user.username][bool(user.username)], group.name),
body="用户 %(user)s 面向组 %(group)s 的加组申请被组管理员 %(manager)s 拒绝" % ([user.uuid, user.username][bool(
user.username)], group.name, [manager.uuid, manager.username][bool(manager.username)]),
extra=json.dumps({
"user": user_uuid,
"group": group.id,
"manager": manager.uuid
})
)
return Response(status=204)
def kf_group_interfaces_manage_kick(group_id, kick_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
selectResult = model.member.select().where(
(model.member.group == group_id) &
(model.member.user == kick_id) &
(model.member.is_disabled == False)
)
if not selectResult:
raise Exceptions.InvalidRequestData()
selectResult = selectResult.get()
selectResult.is_disabled = True
selectResult.move_times += 1
selectResult.be_kicked_times_total += 1
selectResult.save()
return Response(status=204)
def kf_group_interfaces_manage_checkjoin_info(group_id, review_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
selectResult = model.review.select().where(
(model.review.id == review_id) &
(model.review.group == group_id)
)
if not selectResult:
raise Exceptions.InvalidToken()
selectResult = selectResult.get()
return Response(json.dumps({
"id": selectResult.id,
"user": selectResult.user,
"time": selectResult.time.timestamp(),
"enabled": selectResult.isEnabled,
"accessed": selectResult.isAccessed
}), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_checkban_user(group_id, user_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
selectResult = G.isManager(group_id, user_uuid)
if model.member.select().where(
(model.member.group == group_id) &
(model.member.user == user_id) &
(model.member.is_disabled == False)
):
raise Exceptions.InvalidToken()
return Response(json.dumps([
(lambda x: {
"create": x.create_time.timestamp(),
"until": x.until.timestamp(),
"length": x.until.timestamp() - x.create_time.timestamp(),
[b"user", "profile"][bool(x.profile)]: [b"INSTEAD", x.profile][not bool(x.profile)],
"uuid": x.user
})(i) for i in model.banner.select().where((model.banner.group == group_id) & (model.banner.user == user_id))
], skipkeys=True), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_signout(group_id):
data = G.autodata(request)
token = G.auto_verify(request)
user_uuid = model.getuser_uuid(token.get("user")).uuid
if not model.group.select().where(model.group.uuid == group_id):
raise Exceptions.InvalidToken()
group: model.group = G.get_group(group_id)
known = G.get_member(group_id, user_uuid)
if known.permission == "super_manager":
if not data.get("force"):
raise Exceptions.InvalidToken()
else:
manager_result = model.member.select().where(
(model.member.is_disabled == False) &
(model.member.permission == "manager") &
(model.member.group == group_id)
)
if manager_result:
# 有其他管理员可以被任命为组管理员
# 随!机!选!择!
manager_selected = manager_result[random.randint(
0, len(manager_result) - 1)]
manager_result.permission = "super_manager"
manager_result.save()
model.message(
to=manager_result.user,
title='您已成为组 "%(groupname)s" 的组管理员' % (group.name),
body='因该组的原组管理员的退出, 您已成为该组的组管理员.',
extra=json.dumps({
"type": "group"
})
)
else:
# 通知一波然后删掉, 解散的组不需要
now_member = model.member.select().where(
(model.member.is_disabled == False) &
(model.member.group == group_id) &
(model.member.user != user_uuid)
)
for i in now_member:
model.message(
to=i.user,
title='您已被清理出组 "%(groupname)s"' % (group.name),
body="因该组的原组管理员的退出, 您已被清理出该组."
).save()
model.member.delete().where(model.member.group == group_id).execute()
else:
known.is_disabled = True
known.move_times += 1
known.save()
manager_result = model.member.select().where(
(model.member.is_disabled == False) &
((model.member.permission == "manager") | (model.member.permission == "super_manager")) &
(model.member.group == group_id)
)
for i in manager_result:
model.message(
to=i.user,
title='%(user)s 退出组 "%(groupname)s"' % (
model.getuser_uuid(user_uuid).username, group.name),
body="因该成员的主动申请, 该成员已退出该组."
).save()
return Response(status=204)
def getuser_byaccessToken(self, accessToken):
result = self.CacheObject.get(self._format(accessToken))
if not result:
return False
return model.getuser_uuid(result)
def group_refresh(group_id):
group.get_group(group_id)
if request.is_json:
data = request.json
Can = False
AccessToken = data.get('accessToken')
ClientToken = data.get("clientToken",
str(uuid.uuid4()).replace("-", ""))
IReturn = {}
if 'clientToken' in data:
OldToken = Token.gettoken_strict(AccessToken,
data.get("clientToken"))
else:
OldToken = Token.gettoken_strict(AccessToken)
if not OldToken:
raise Exceptions.InvalidToken()
group.token_is_group(OldToken, group_id)
if int(time.time()) >= OldToken.get("createTime") + (
config.TokenTime.RefrushTime * config.TokenTime.TimeRange):
model.log_yggdrasil(operational="authserver.refrush",
user=OldToken.get("user"),
otherargs=json.dumps(
{"clientToken": data.get("clientToken")}),
IP=request.remote_addr,
time=datetime.datetime.now(),
successful=False).save()
raise Exceptions.InvalidToken()
User = model.getuser_uuid(OldToken.get("user"))
group.get_member(group_id, User.uuid)
TokenSelected = OldToken.get("bind")
if TokenSelected:
TokenProfile = model.getprofile_uuid(TokenSelected).get()
else:
TokenProfile = {}
if 'selectedProfile' in data:
PostProfile = data['selectedProfile']
needuser = model.getprofile_id_name(PostProfile['id'],
PostProfile['name'])
if not needuser: # 验证客户端提供的角色信息
raise Exceptions.IllegalArgumentException()
# 角色不存在.
else:
needuser = needuser.get()
# 验证完毕,有该角色.
if OldToken.get('bind'): # 如果令牌本来就绑定了角色
model.log_yggdrasil(operational="authserver.refrush",
user=User.uuid,
otherargs=json.dumps({
"clientToken":
data.get("clientToken")
}),
IP=request.remote_addr,
time=datetime.datetime.now(),
successful=False).save()
error = {
'error':
'IllegalArgumentException',
'errorMessage':
"Access token already has a profile assigned."
}
return Response(json.dumps(error),
status=400,
mimetype='application/json; charset=utf-8')
if needuser.createby != OldToken.get("user"): # 如果角色不属于用户
model.log_yggdrasil(operational="authserver.refrush",
user=User.uuid,
otherargs=json.dumps({
"clientToken":
data.get("clientToken")
}),
IP=request.remote_addr,
time=datetime.datetime.now(),
successful=False).save()
error = {
'error':
"ForbiddenOperationException",
'errorMessage':
"Attempting to bind a token to a role that does not belong to its corresponding user."
}
return Response(json.dumps(error),
status=403,
mimetype='application/json; charset=utf-8')
TokenSelected = model.findprofilebyid(PostProfile['id']).uuid
IReturn['selectedProfile'] = model.format_profile(
model.findprofilebyid(PostProfile['id']), unsigned=True)
Can = True
NewAccessToken = str(uuid.uuid4()).replace('-', '')
cache_token.set(NewAccessToken, {
"clientToken": OldToken.get('clientToken'),
"bind": TokenSelected,
"user": OldToken.get("user"),
"group": group_id,
"createTime": int(time.time())
},
ttl=config.TokenTime.RefrushTime *
config.TokenTime.TimeRange)
cache_token.delete(AccessToken)
IReturn['accessToken'] = NewAccessToken
IReturn['clientToken'] = OldToken.get('clientToken')
if TokenProfile and not Can:
IReturn['selectedProfile'] = model.format_profile(TokenProfile,
unsigned=True)
if 'requestUser' in data:
if data['requestUser']:
IReturn['user'] = model.format_user(User)
User.last_login = datetime.datetime.now()
model.log_yggdrasil(operational="authserver.refrush",
user=User.uuid,
otherargs=json.dumps(
{"clientToken": data.get("clientToken")}),
IP=request.remote_addr,
time=datetime.datetime.now()).save()
return Response(json.dumps(IReturn),
mimetype='application/json; charset=utf-8')
