def blog(blog_id):
blog = Blogs.get(blog_id)
if not blog:
raise notfound()
if blog.tags:
blog.xtags = blog.tags.split(',')
rps = Blogs.find_by('order by created desc limit ?', 3)
return dict(blog=blog, rps=rps)
def _get_blogs_by_page(page_index=1, page_size=None):
total = Blogs.count_all()
if page_size:
page = Page(total, page_index, page_size=page_size)
else:
page = Page(total, page_index)
blogs = Blogs.find_by('order by created desc limit ?,?', page.offset, page.limit)
return blogs, page
def api_modify_blog(blog_id):
check_admin()
blog = Blogs.get(blog_id)
if not blog:
raise APIValueError(blog_id, 'blog is not exist.')
i= ctx.request.input(title='', tags='', content='')
title = i['title'].strip()
tags = i['tags'].strip()
content = i['content'].strip()
if not title:
raise APIValueError('title', 'title can not be empty.')
if not content:
raise APIValueError('content', 'content can not be empty.')
summary = _get_summary(content)
blog.title = title
blog.summary = summary
blog.content = content
blog.tags = tags
blog.update()
db.execute('delete from `tags` where `blog`=?', blog_id)
tags = tags.split(',')
if tags:
sql = "INSERT INTO `tags` (`tag`, `blog`) VALUES {}".format(', '.join(map(
lambda x: "('{}', '{}')".format(x, blog_id), tags
)))
db.execute(sql)
return dict(id=blog_id)
def create_blog_api():
user = g.get('user', None)
if user is None:
return redirect(url_for('login'))
else:
if user.admin:
name = request.form['name'].encode('utf8')
summary = request.form['summary'].encode('utf8')
content = request.form['content'].encode('utf8')
user_id = request.form['user_id'].encode('utf8')
user_name = request.form['user_name'].encode('utf8')
user_image = request.form['user_image'].encode('utf8')
sess = DBSession()
blog = Blogs(user_id=user_id,
user_name=user_name,
user_image=user_image,
name=name,
summary=summary,
content=content)
sess.add(blog)
sess.commit()
sess.close()
return 'ok'
else:
return redirect(url_for('login'))
def addBlog():
new_blogTitle = request.form['blog_Title']
new_blogEntry = request.form['blog_NewEntry']
# grab current user
owner = Users.query.filter_by(username=session['username']).first()
title_Error = ''
entry_Error = ''
if new_blogTitle == '':
title_Error = 'Title is empty'
if new_blogEntry == '':
entry_Error = 'Entry is empty'
if (title_Error != '') or (entry_Error != ''):
return render_template('newpost.html',
title_Error = title_Error,
entry_Error = entry_Error)
else:
blog = Blogs(title=new_blogTitle, body=new_blogEntry, owner_id=owner.id)
db.session.add(blog)
db.session.commit()
return redirect('/blog?id='+str(blog.id))
def api_delete_blog(blog_id):
check_admin()
blog = Blogs.get(blog_id)
if blog is None:
raise APIResourceNotFound('Blog')
blog.delete()
return dict(id=blog_id)
def api_modify_blog(blog_id):
check_admin()
blog = Blogs.get(blog_id)
if not blog:
raise APIValueError(blog_id, 'blog is not exist.')
i= ctx.request.input(title='', tags='', content='')
title = i['title'].strip()
tags = i['tags'].strip()
content = i['content'].strip()
if not title:
raise APIValueError('title', 'title can not be empty.')
if not content:
raise APIValueError('content', 'content can not be empty.')
summary = _get_summary(content)
blog.title = title
blog.summary = summary
blog.content = content
blog.tags = tags
blog.update()
db.execute('delete from `tags` where `blog`=?', blog_id)
if tags:
for tag in tags.split(','):
tag = Tags(tag=tag, blog=blog_id)
tag.insert()
return dict(id=blog_id)
def blog(blog_id):
blog = Blogs.get(blog_id)
if blog is None:
raise notfound()
blog.html_content = markdown2.markdown(blog.content)
comments = Comments.find_by(
'where blog_id=? order by created_at desc limit 1000', blog_id)
return dict(blog=blog, comments=comments, user=ctx.request.user)
def api_delete_blog(blog_id):
check_admin()
blog = Blogs.get(blog_id)
if not blog:
raise APIValueError(blog_id, 'blog is not exist.')
blog.delete()
db.execute('delete from `tags` where `blog`=?', blog_id)
return dict(id=blog_id)
def feed():
blogs = Blogs.find_by('order by created desc limit ?', 10)
for blog in blogs:
if blog.tags:
blog.xtags = blog.tags.split(',')
url = configs.get('blog_url')
user = User.find_first('')
ctx.response.content_type = 'application/xml'
return dict(blogs=blogs, url=url, user=user)
def api_create_blog():
check_admin()
i= ctx.request.input(title='', tags='', content='')
title = i['title'].strip()
tags = i['tags'].strip()
content = i['content'].strip()
if not title:
raise APIValueError('title', 'title can not be empty.')
if not content:
raise APIValueError('content', 'content can not be empty.')
summary = _get_summary(content)
blog = Blogs(title=title, tags=tags, summary=summary, content=content)
id = blog.insert_id()
if tags:
for tag in tags.split(','):
tag = Tags(tag=tag, blog=id)
tag.insert()
return dict(id=id)
def archives():
years = db.select('select distinct `year` from `blogs` order by created desc')
if not years:
raise notfound()
xblogs = list()
for y in years:
blogs = Blogs.find_by('where `year` = ? order by created desc', y.get('year'))
xblogs.append(blogs)
return dict(xblogs=xblogs)
def manage_blogs_edit(blog_id):
blog = Blogs.get(blog_id)
if blog is None:
raise notfound()
return dict(id=blog.id,
name=blog.name,
summary=blog.summary,
content=blog.content,
action='/api/blogs/%s' % blog_id,
redirect='/manage/blogs',
user=ctx.request.user)
def api_create_blog():
check_admin()
i= ctx.request.input(title='', tags='', content='')
title = i['title'].strip()
tags = i['tags'].strip()
content = i['content'].strip()
if not title:
raise APIValueError('title', 'title can not be empty.')
if not content:
raise APIValueError('content', 'content can not be empty.')
summary = _get_summary(content)
blog = Blogs(title=title, tags=tags, summary=summary, content=content)
id = blog.insert_id()
tags = tags.split(',')
if tags:
sql = "INSERT INTO `tags` (`tag`, `blog`) VALUES {}".format(', '.join(map(
lambda x: "('{}', '{}')".format(x, id), tags
)))
db.execute(sql)
return dict(id=id)
def api_create_blog():
check_admin()
i = ctx.request.input(name='', summary='', content='')
name = i.name.strip()
summary = i.summary.strip()
content = i.content.strip()
if not name:
raise APIValueError('name', 'name cannot be empty.')
if not summary:
raise APIValueError('summary', 'summary cannot be empty.')
if not content:
raise APIValueError('content', 'content cannot be empty.')
user = ctx.request.user
blog = Blogs(user_id=user.id,
user_name=user.name,
name=name,
summary=summary,
content=content)
blog.insert()
return blog
def api_blogs(*, page='1', tag='%'):
# 注意 一般传输过程中 需要将str 的字符串改为int
page_index = get_page_index(page)
if tag != '%':
blogs = yield from Blogs.find_all('tag like ?', [tag],
OrderBy='created_time desc')
if blogs:
article_nums = len(blogs)
else:
article_nums = 0
else:
article_nums = yield from Blogs.findNumber('count(id)')
p = Page(article_count=article_nums, index=page_index)
blogs = yield from Blogs.find_all(OrderBy='created_time desc',
limit=(p.offset, p.limit))
p = Page(article_count=article_nums, index=page_index)
if article_nums == 0:
return dict(page=p, blogs=())
return dict(page=p, blogs=blogs)
def get_allcomt():
comts = yield from Comment.find_all(OrderBy='created_time desc')
if comts:
for comt in comts:
comt.content = safe_str(comt.content)
find_blog = yield from Blogs.find(comt.blog_id)
comt['blog_title'] = find_blog.blog_title
comt.created_time = datetime_filter(comt.created_time)
else:
return dict(data='')
return dict(data=comts)
def loadblogs():
blogs = Blogs()
blogs.title = "Bienvenido!"
blogs.bintro = "Te dejo un saludo y una pequeña presentación!"
blogs.publictext = "Si estas leyendo estas líneas es por que quieres revisar el trabajo que puedo hacer como Desarrollor Full Stack. Tengo habilidades tanto en el Front como en el Back End. Recomiendo que puedas ver esta pagina como usuario registrado o loguearte como usuario administrador que tiene como correo [email protected] y clave 123456, y así podras ver todo el contenido que tengo para ti, incluyendo videos."
blogs.blogvideo = "https://www.youtube.com/embed/AOzjMEIZkrg"
blogs.privatext = "Para no tomar mucho de tu tiempo, te cuento que soy Ingeniero Comercial de la Universidad de la Universidad de los Andes y Desarrollador de Software Full Stack de 4Geeks. Cuento con más de 8 años como profesional y la habia desarrollado en el área comercial y de marketing liderando equipos de trabajos, negociaciones con todo nivel de clientes y estrategia empresarial. Lo que me incentivo a dedicarme al área tecnologica fue principalmente que en todas las empresas donde trabajé, la evaluación, implementación y administración de TICs en ellas, y al verme cada vez mas interesado en como se hacen las cosas, descubrí un mundo enorme que terminó siendo más que un pasatiempo, una pasión"
db.session.add(blogs)
db.session.commit()
print("Blogs Creados!")
def api_create_blog(request, *, blog_title, blog_tag, summary, content):
check_user_admin_flag(request)
if not blog_title or not blog_title.strip():
raise APIValueError('blog_title', 'blog_title can not be empty')
if not summary or not summary.strip():
raise APIValueError('summary', 'summary can not be empty')
if not content or not content.strip():
raise APIValueError('content', 'content can not be empty')
if not blog_tag or not blog_tag.strip():
blog_tag = '默认分类'
# 注意 这里请求了request 的user 等信息 实际上是因为在上面进行了确认
blog = Blogs(user_id=request.__user__.id,
user_name=request.__user__.name,
user_image=request.__user__.image,
blog_title=blog_title.strip(),
summary=summary.strip(),
content=content.strip(),
tag=blog_tag)
yield from blog.save()
# 现在需要新增一个 保存后返回文章链接的功能
blogs = yield from Blogs.find_all(OrderBy='created_time desc')
recent_blog = blogs[0]
blog_url = '/index.html?item=' + recent_blog['id']
return {'new_url': blog_url}
def add_blog():
request_payload = json.loads(request.data)
username = request_payload['username']
blog_content = request_payload['blog_content']
response = dict()
try:
blog = Blogs(username, blog_content)
db.session.add(blog)
db.session.commit()
response['success'] = "ok"
except:
return 'Blog can\'t be added', 400
return jsonify(response)
def post_comment(id, request, *, content):
user = request.__user__
blog = yield from Blogs.find(id)
if not content or not content.strip():
raise APIValueError('content', 'content can not be empty')
if blog is None:
raise APIValueError('BLOG',
'BLOG was not found, do not fu*k this site')
new_content = content
comment = Comment(blog_id=blog.id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=new_content)
yield from comment.save()
return dict(status='success')
def api_create_blog_comment(blog_id):
user = ctx.request.user
if user is None:
raise APIPermissionError('Need signin.')
blog = Blogs.get(blog_id)
if blog is None:
raise APIResourceNotFound('Blog')
content = ctx.request.input(content='').content.strip()
if not content:
raise APIValueError('content')
c = Comments(blog_id=blog_id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=content)
c.insert()
return dict(comment=c)
def add():
if request.method == 'GET':
articlelist = ArticleType.getlist()
return render_template('blogs/add.html',id= uuid.uuid4().__str__(),articlelist=articlelist)
form = request.form
blogs = Blogs()
blogs.title = form.get('title')
blogs.content = form.get('content')
blogs.synopsis = form.get('synopsis')
blogs.classify = form.get('classify')
blogs.state = form.get('state')
blogs.user_id = g.user.id
session = DBSession()
session.add(blogs)
session.commit()
session.close()
flash('添加成功!')
return render_template('blogs/add.html')
def api_update_blog(blog_id):
check_admin()
i = ctx.request.input(name='', summary='', content='')
name = i.name.strip()
summary = i.summary.strip()
content = i.content.strip()
if not name:
raise APIValueError('name', 'name cannot be empty.')
if not summary:
raise APIValueError('summary', 'summary cannot be empty.')
if not content:
raise APIValueError('content', 'content cannot be empty.')
blog = Blogs.get(blog_id)
if blog is None:
raise APIResourceNotFound('Blog')
blog.name = name
blog.summary = summary
blog.content = content
blog.update()
return blog
def blog_create():
user = checkUser()
if user is None:
return redirect('/')
form = BlogTextForm()
if request.method == 'GET':
return render_template(
'blog_edit.html',
form = form,
user = user,
base64=base64
)
if request.method == 'POST':
name = form.name.data
summary = form.summary.data
content = form.content.data
tag = form.tag.data
blog = Blogs(id = str(uuid1()),user_id = user.id,user_name = user.name,name = name,summary = summary,content = content,tag = tag)
db.session.add(blog)
db.session.commit()
return redirect('/myblogs')
def api_get_blog(*, id):
blog = yield from Blogs.find(id)
comments = yield from Comment.find_all('blog_id=?', [id])
# comments = yield from Comment.find_all('blog_id=?', [id], orderBy='created_time desc')
if comments:
for c in comments:
# 这里说明一下原来是str 转html 我改成text2md 如果确认没有xss 情况我换转回来
# 在我的测试下 发现 存在xss 因此 我想先进行危险字符转译 然后在markdown 解析
# 但是此时我又想 如果评论中代码需要有如<script 该如何是好? 我发现转译后 还不错具体可以看text2html的代码
# c.html_content = text2html(c['content'])
fuck_xss = text2html(c['content'])
c.html_content = markdown2.markdown(fuck_xss)
if hasattr(blog, 'content'):
blog.html_content = markdown2.markdown(blog.content)
else:
blog = dict()
blog['html_content'] = '<h1>404 not found</h1>'
blog['blog_title'] = '不好意思 你要的页面无法找到'
blog['user_name'] = '无名氏'
blog['created_time'] = '1484186522.78509'
blog['tag'] = '*'
return dict(blogs=blog, comments=comments)
def api_get_blog(blog_id):
blog = Blogs.get(blog_id)
if blog:
return blog
raise APIResourceNotFound('Blog')
def api_get_blog(blog_id):
blog = Blogs.get(blog_id)
if not blog:
raise APIValueError(blog_id, 'blog is not exist.')
return blog
def _get_blogs_by_page():
total = Blogs.count_all()
page = Page(total, _get_page_index())
blogs = Blogs.find_by('order by created_at desc limit ?,?', page.offset,
page.limit)
return blogs, page
def manage_blog_modify(blog_id):
blog = Blogs.get(blog_id)
if not blog:
raise notfound()
return dict(id=blog.id, action='/api/blogs/%s' % blog_id, redirect='/manage/blogs')
def archives_year(year):
blogs = Blogs.find_by('where `year` = ? order by created desc', year)
if not blogs:
raise notfound()
return dict(xblogs=[blogs])
def get_allblogs():
# from webframe import orm
# blogs=orm.select('select * from blogs order by created_time desc')
blogs = yield from Blogs.find_all(OrderBy='created_time desc')
return dict(data=blogs)
def _get_blogs_by_tag(tag, page_index=1):
total = Tags.count_by('where `tag` = ?', tag)
page = Page(total, int(page_index))
blogs = Blogs.find_by('where `id` in (select `blog` from tags where `tag` = ?) order by created desc limit ?,?', tag, page.offset, page.limit)
return blogs, page
def blog(id=None):
if request.method == 'GET':
if id is not None:
blog = Blogs.query.get(id)
if blog:
return jsonify(blog.serialize()), 200
else:
return jsonify({"msg": "Blog not found"}), 404
else:
blogs = Blogs.query.all()
blogs = list(map(lambda blog: blog.serialize(), blogs))
return jsonify(blogs), 200
if request.method == 'POST':
title = request.form.get('title', None)
bintro = request.form.get('bintro', None)
publictext = request.form.get('publictext', None)
privatext = request.form.get('privatext', None)
if not title or title == "":
return jsonify({"msg": "Insert the blog title"}), 400
if not bintro or bintro == "":
return jsonify({"msg": "Insert the blog introduction"}), 400
if not publictext or publictext == "":
return jsonify({"msg": "Insert the blog public text"}), 400
if not privatext or privatext == "":
return jsonify({"msg": "Insert the blog private text"}), 400
# if not blogimagen or blogimagen == "":
# return jsonify({"msg":"Debes agregar una foto para el blog"}), 400
file = request.files['blogimagen']
if file and file.filename != '' and allowed_file(
file.filename, ALLOWED_EXTENSIONS_IMAGES):
filename = secure_filename(file.filename)
file.save(
os.path.join(
os.path.join(app.config['UPLOAD_FOLDER'], 'img/blog'),
filename))
else:
return jsonify({"msg": "Incorrect File"}), 400
blogs = Blogs()
blogs.title = title
blogs.bintro = bintro
blogs.publictext = publictext
blogs.blogvideo = blogvideo
blogs.privatext = privatext
if file:
blogs.blogimagen = filename
db.session.add(blogs)
db.session.commit()
blogs = Blogs.query.all()
blogs = list(map(lambda blog: blog.serialize(), blogs))
return jsonify(blogs), 201
if request.method == 'PUT':
title = request.json.get('title', None)
bintro = request.json.get('bintro', None)
publictext = request.json.get('publictext', None)
privatext = request.json.get('privatext', None)
if not title or title == "":
return jsonify({"msg": "Insert the blog title"}), 400
if not bintro or bintro == "":
return jsonify({"msg": "Insert the blog introduction"}), 400
if not publictext or publictext == "":
return jsonify({"msg": "Insert the blog public text"}), 400
if not privatext or privatext == "":
return jsonify({"msg": "Insert the blog private text"}), 400
blogput = Blogs.query.get(id) #busca por el id
if not blogput:
return jsonify({"msg": "Not Found"
}), 404 # para no actualizar algo q no existe
blogput.title = title
blogput.bintro = bintro
blogput.publictext = publictext
blogput.privatext = privatext
db.session.commit()
blogput = Blogs.query.all()
blogput = list(map(lambda blog: blog.serialize(), blogput))
return jsonify(blogput), 200
if request.method == 'DELETE':
blog = Blogs.query.get(id)
if not blog:
return jsonify({"msg": "Blog not found"}), 404
db.session.delete(blog)
db.session.commit()
return jsonify({"msg": "Blog deleted"}), 200