def f(request):
method = request.method
# 根据query的id获取todo对象
# 因为是与todo id匹配,所以todo id一定会通过GET或者POST放在request中
# 比如 edit 是 GET,update 是 POST
if method == 'GET':
todo_id = int(request.query['id'])
elif method == 'POST':
todo_id = int(request.form()['id'])
# 如果都不是,直接重定向到/todo
else:
return redirect('/todo')
t = Todo.find_by(id=todo_id)
# todo对象对应的uid
t_uid = t.user_id
# 获取当前用户id
u = current_user(request)
# 当前用户uid与todo uid不匹配
if u.id != t_uid:
return redirect('/todo')
# 如果当前用户id与todo的uid一致
else:
return next_func(request)
def edit(request):
"""
todo edit 的路由函数
"""
headers = {
'Content-Type': 'text/html',
}
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
# 得到当前编辑的 todo 的 id
todo_id = int(request.query.get('id', -1))
t = Todo.find_by(id=todo_id)
if t.user_id != u.id:
return redirect('/login')
# if todo_id < 1:
# return error(404)
# 替换模板文件中的标记字符串
body = template('todo_edit.html')
body = body.replace('{{todo_id}}', str(t.id))
body = body.replace('{{todo_title}}', str(t.title))
# 下面 3 行可以改写为一条函数, 还把 headers 也放进函数中
header = response_with_headers(headers)
r = header + '\r\n' + body
return r.encode(encoding='utf-8')
def register(request):
form = request.form()
u, result = User.register(form)
log('register post', result)
if u.is_guest():
return redirect('/user/register/view?result={}'.format(result))
else:
return redirect('/user/login/view?result={}'.format(result))
def login(request):
form = request.form()
user, result = User.login(form)
if user.is_guest():
return redirect('/user/login/view?result={}'.format(result))
else:
session_id = Session.add(user_id=user.id)
return redirect('/user/login/view?result={}'.format(result),
session_id)
def register(request):
if request.method == 'POST':
form = request.form()
if User.validate_register(form):
return redirect('/login')
else:
return redirect('/register')
else:
body = render_template('register.html')
return http_response(body)
def login(request):
log('login, headers', request.headers)
log('login, cookies', request.cookies)
form = request.form()
user, result = User.login(form)
if user.is_guest():
return redirect('/user/login/view?result={}'.format(result))
else:
session_id = Session.add(user_id=user.id)
return redirect('/user/login/view?result={}'.format(result), session_id)
def todo_delete(request):
username = current_user(request)
u = User.find_by(username=username)
todo_id = int(request.query.get('id', -1))
t = Todo.find_by(id=todo_id)
if t.user_id != u.id:
# 如果 todo 的 user_id 不是 对应的 user 的 id, 无法删除该 todo
return redirect('/login')
Todo.remove(todo_id)
return redirect('/todo')
def todo_delete(request):
todo_id = request.query.get('todo_id', '')
cookie = request.cookies.get(' user', '')
c = Cookie.find_by(cookie=cookie)
todo = Todo.find_by(id=int(todo_id))
if todo and todo.username != c.name:
log("==========================u.username != usname")
return redirect('/login')
if todo_id:
Todo.delete(id=int(todo_id))
return redirect('/todo')
def comment_delete(request):
u = current_user(request)
comment_id = int(request.query.get('id', -1))
comment = Comment.find_by(id=comment_id)
weibo = Weibo.find_by(id=comment.weibo_id)
# 若当前用户为 comment 作者 或 相应的微博作者,允许删除
if u.id in (comment.user_id, weibo.user_id):
comment.delete(comment.id)
return redirect('/weibo/index?user_id={}'.format(u.id))
# 否则直接重定向到当前用户微博页面
else:
return redirect('/weibo/index?user_id={}'.format(u.id))
def user_register(request):
"""
注册页面的路由函数
"""
if request.method == 'POST':
form = request.form()
if User.register(form):
return redirect('/user/login')
else:
return redirect('/register')
body = template('register.html')
return http_response(body)
def register(request):
"""
注册页面的路由函数
"""
form = request.form()
u, result = User.register(form)
log('register post', result)
if u.is_guest():
return redirect('/user/register/view?result={}'.format(quote(result)))
return redirect('/user/login/view?result={}'.format(quote(result)))
def update(request):
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
if request.method == 'POST':
form = request.form()
todo_id = int(form.get('id', -1))
t = Todo.find_by(id=todo_id)
t.title = form.get('title', t.title)
t.save()
return redirect('/todo')
def delete_todo(request):
uname = current_user(request)
u = User.find_by(username=uname)
if u is None:
return redirect('/login')
todo_id = int(request.query.get('id', -1))
t = Todo.find_by(id=todo_id)
if t.user_id != u.id:
return redirect('/login')
if t is not None:
t.remove()
return redirect('/todo')
def update_user_password(request):
"""
更新用户密码
"""
u = current_user(request)
old_password = request.form().get('old_password')
# 若输入的旧密码与当前用户密码一致,允许更新密码
if u.password == User.salted_password(old_password):
u.update(request.form().get('new_password'))
return redirect('/login')
# 否则重定向到首页
else:
return redirect('/')
def admin_update(request):
u = current_user(request)
# 设定用户id=1是管理员进行权限验证
if u.id != 1:
return redirect('/login')
form = request.form()
print(form.get('id', -1))
user_id = int(form.get('id', -1))
user_password = form.get('password', '')
user = User.find_by(id=user_id)
user.password = user.salted_password(user_password)
user.save()
return redirect('/admin/users')
def comment_delete(request):
# 获取comment id
form = request.form()
if 'cid' in request.query:
c_id = request.query['cid']
elif 'cid' in form:
c_id = form['cid']
else:
return redirect('/weibo/index')
# 根据comment id删除评论
Comment.delete(int(c_id))
return redirect('/weibo/index')
def register(request) -> bytes:
if request.method == 'POST':
form = request.form()
user, result = User.register(form)
if user.is_guest():
return redirect('/todo/register?result={}'.format(result))
else:
session_id = Session.save(user.id)
header = {
'Set-Cookie': 'session_id={}; HttpOnly; path=/'.format(session_id)
}
return redirect('/', header)
else:
return redirect('/todo/register')
def register(request):
"""
注册页面的处理函数
注册成功后返回首页
注册失败则返回注册页面重新注册
"""
form = request.form()
u, result = User.register(form)
log('register post', result)
if u.is_guest():
return redirect('/user/register/view?result={}'.format(result))
else:
return redirect('/')
def todo_edit(request):
"""
编辑页面显示
"""
headers = {
'Content-Type': 'text/html',
}
username = current_user(request)
u = User.find_by(username=username)
# 得到当前编辑的 todo 的 id
# 此时页面的 url 含有 query ?id=1, request.query 解析为了一个字典
todo_id = request.query.get('id', -1)
if todo_id == -1:
# 没找到, 反正错误页面
return error(request)
t = Todo.find_by(id=int(todo_id))
if t.user_id != u.id:
# 如果 todo 的 user_id 不是 对应的 user 的 id, 无法修改该 todo
return redirect('/login')
body = template('todo_edit.html')
body = body.replace('{{todo_id}}', str(t.id))
body = body.replace('{{todo_title}}', str(t.title))
header = response_with_headers(headers)
response = header + '\r\n' + body
return response.encode('utf-8')
def login(request):
"""
登录页面的路由函数
"""
log('login, headers', request.headers)
log('login, cookies', request.cookies)
user_current = current_user(request)
log('current user', user_current)
form = request.form()
user, result = User.login(form)
if user.is_guest():
return redirect('/user/login/view?result={}'.format(result))
else:
session_id = Session.add(user_id=user.id)
return redirect('/user/login/view?result={}'.format(result),
session_id)
def delete(request):
weibo_id = int(request.query['id'])
Weibo.delete(weibo_id)
cs = Comment.all(weibo_id=weibo_id)
for c in cs:
Comment.delete(c.id)
return redirect('/weibo/index')
def route_login(request):
"""
登录页面的路由函数
"""
log('login, cookies', request.cookies)
if request.method == 'POST':
form = request.form()
u = User(form)
if u.validate_login():
session_id = random_str()
u = User.find_by(username=u.username)
s = Session.new(dict(
session_id=session_id,
user_id=u.id,
))
s.save()
log('session', s)
headers = {
'Set-Cookie': 'sid={}'.format(session_id)
}
# 登录后定向到 /
return redirect('/', headers)
# 显示登录页面
body = template('login.html')
return http_response(body)
def register(request):
form = request.form()
u, result = User.register(form)
log('register post', result)
return redirect('/user/register/view?result={}'.format(quote(result)))
def add(request):
u = current_user(request)
form = request.form()
Todo.add(form, u.id)
# 浏览器发送数据过来被处理后, 重定向到首页
# 浏览器在请求新首页的时候, 就能看到新增的数据了
return redirect('/todo/index')
def comment_delete(request):
# 删除评论
# 判断当前用户是否有权限
comment_id = int(request.query['id'])
# 只有评论用户和评论所属的微博的用户都能删除评论
Comment.delete(comment_id)
return redirect('/weibo/index')
def route_register(request):
"""
注册的处理函数, 返回主页的响应
"""
if request.method == 'POST':
form = request.form()
user = User.new(form)
if user.validate_register():
user.save()
# 为登录用户的 cookie 有效期设置为 1 年
headers = add_session_headers(user, expired_month=12)
return redirect('/', headers)
else:
return redirect('/login')
body = template('login.html')
return http_response(body)
def delete(request):
"""
删除 todo
"""
todo_id = int(request.query['id'])
Todo.delete(todo_id)
return redirect('/todo/index')
def f(request):
u = current_user(request)
if u.id == User.guest().id:
log('非注册用户 redirect')
return redirect('/login')
else:
return route_function(request)
def comment_add(request):
u = current_user(request)
form = request.form()
form['user_id'] = u.id
# log('comment_add+form', form)
Comment.new(form)
return redirect('/weibo/index')
def f(request):
u = current_user(request)
log('admin', u)
if u.is_admin():
return nxt_func(request)
else:
return redirect('/login')
