def get(self): """/blog资源,参数是 1.num|limit(int, str), 限制列出数据数量,另外可设置为all,列出所有blog, 全局参数。 2.sort(str), 数据排序, 全局参数。 3.blogId(int), 查询某一个id的文章, 独立参数。 4.get_catalog_list(bool), 列出博客所有目录,独立参数。 5.get_sources_list(bool), 列出博客所有类型,独立参数。 6.get_catalog_data(str), 查询博客某目录下的num个文章。 7.get_sources_data(str), 查询博客某类型下的num个文章。 8.get_index_only(bool),仅仅查询所有博客标题、ID、创建时间。 9.get_user_blog(str),查询某用户的所有博客。 """ num = request.args.get('num', request.args.get('limit', 10)) LIMIT = '' if num in ("all", "All") else "LIMIT " + str(num) sort = request.args.get('sort', 'desc') blogId = request.args.get('blogId') get_catalog_list = True if request.args.get("get_catalog_list") in ("true", "True", True) else False get_sources_list = True if request.args.get("get_sources_list") in ("true", "True", True) else False get_catalog_data = request.args.get("get_catalog_data") get_sources_data = request.args.get("get_sources_data") get_index_only = True if request.args.get("get_index_only") in ("true", "True", True) else False get_user_blog = request.args.get("get_user_blog") res = {"url": request.url, "msg": None, "data": None, "code": 0} logger.debug({"num": num, "blogId": blogId, "get_catalog_list": get_catalog_list, "get_sources_list": get_sources_list, "get_catalog_data": get_catalog_data, "get_sources_data": get_sources_data}) if get_sources_data: if get_sources_data.lower()[:3] == "ori": get_sources_data = '原创' elif get_sources_data.lower()[:3] == "rep": get_sources_data = '转载' elif get_sources_data.lower()[:3] == "tra": get_sources_data = '翻译' #Original reproduced translation if get_index_only: sql = "SELECT id,title,create_time,update_time FROM team.blog ORDER BY id %s %s" %(sort, LIMIT) logger.info("SELECT title only SQL: %s" %sql) try: data = mysql2().query(sql) except Exception,e: logger.error(e, exc_info=True) res.update(data=[], msg="Only title query fail", code=7) else: res.update(data=data) logger.info(res) return res
def post(self): """create token, with post data: 1. username, 2. password, return token """ code = 1030 res = {"url": request.url, "msg": None, 'code': code} _Pd = postData(request, res) logger.debug({"Token:tool:postData": _Pd}) try: username, password, email, res = _Pd.get("data")[0], _Pd.get( "data")[1], _Pd.get("data")[2], _Pd.get("res") except (AttributeError, IndexError), e: res.update({'msg': "Server Error", "code": 500}) logger.error(res) logger.error(e) return res
def post(self): """login and registry, with url args: 1. action=log/reg, default is log; post data: 1. username, 2. password, 3. email,可选, 不用做系统登录, 如果有则会做正则检测不符合格式则弹回请求. """ res = {"url": request.url, "msg": None, "data": None} _Pd = postData(request, res) logger.debug({"Token:tool:postData": _Pd}) try: username, password, email, res = _Pd.get("data")[0], _Pd.get( "data")[1], _Pd.get("data")[2], _Pd.get("res") except (AttributeError, IndexError), e: res.update({'msg': "Server Error", "code": 500}) logger.error(res) logger.error(e) return res
def get(self): """Public func, no token, with url args: 1. num, 展现的数量,默认是10条,可为all 2. username|email, 用户名或邮箱,数据库主键,唯一。 3. token, if true, display token info. 返回数据样例,{'msg':'success or error(errmsg)', 'code':'http code', 'data':data} """ res = {"code": 200, "msg": None, "data": None} username = request.args.get("username") sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.OAuth b ON a.username = b.oauth_username WHERE a.username=%s" if username: data = mysql2().get(sql, username) if not data: sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.LAuth b ON a.username = b.lauth_username WHERE a.username=%s" data = mysql2().get(sql, username) logger.info(username) logger.info(sql) logger.debug(data) res.update(data=data) return res
def index(): pids = mysql.get("SELECT * FROM project") logger.debug(pids) return render_template('index.html', title='SaintIC Projects Information', time=time.strftime("%Y-%m-%d"), pids=pids, pidnums=len(pids), version=__version__)
def delete(self): """delete user, with url args: 1. token, must match username, 2. username, must match token, And, operator must have administrator rights. """ #from pub.config.BLOG import AdminGroup AdminGroup = config.BLOG.get('AdminGroup') res = {"url": request.url, "msg": None, "data": None, "code": 200} token = request.args.get('token', None) username = request.args.get('username', None) if not token: res.update({ 'msg': 'No token', "code": 1020 }) #code:1020, 请求参数无token logger.warn(res) return res if not username: res.update({ 'msg': 'No username', "code": 1021 }) #code:1021, 请求参数无username logger.warn(res) return res if not username in AdminGroup: res.update({ 'msg': 'The user does not have permission!', "code": 1022 }) #code:1022, 请求的username不在配置文件的AdminGroup组,没有删除权限 logger.error(res) return res ReqData = dbUser(username, token=True) logger.debug({"User:delete:ReqData": ReqData}) if ReqData: _DBtoken = ReqData.get('token') _DBuser = ReqData.get('username') if _DBtoken != token: res.update({ 'msg': 'token miss match!', 'code': 1023 }) #code:1023, 请求的token参数与数据库token值不匹配 logger.error(res) return res sql = "DELETE FROM user WHERE username='******'" % username logger.info({"User:delete:SQL": sql}) try: if hasattr(mysql, 'delete'): mysql.delete(sql) else: mysql.execute(sql) except Exception, e: res.update({ 'code': 1024, 'msg': 'Delete user failed' }) #code:1024, delete user from mysql, it's error logger.error(res) return res else: res.update({ 'code': 0, 'msg': 'Delete success', 'data': { 'delete username': username } }) #token match username, deleter ok
class User(Resource): """User resource, url is /user, /user/. 1. #get: Get user 2. #post: Create user, registry and login 3. #put: Update user profile 4. #delete: Delete user """ def get(self): """Public func, no token, with url args: 1. num, 展现的数量,默认是10条,可为all 2. username|email, 用户名或邮箱,数据库主键,唯一。 3. token, if true, display token info. 返回数据样例,{'msg':'success or error(errmsg)', 'code':'http code', 'data':data} """ res = {"code": 200, "msg": None, "data": None} username = request.args.get("username") sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.OAuth b ON a.username = b.oauth_username WHERE a.username=%s" if username: data = mysql2().get(sql, username) if not data: sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.LAuth b ON a.username = b.lauth_username WHERE a.username=%s" data = mysql2().get(sql, username) logger.info(username) logger.info(sql) logger.debug(data) res.update(data=data) return res def post(self): """login and registry, with url args: 1. action=log/reg, default is log; post data: 1. username, 2. password, 3. email,可选, 不用做系统登录, 如果有则会做正则检测不符合格式则弹回请求. """ res = {"url": request.url, "msg": None, "data": None} _Pd = postData(request, res) logger.debug({"Token:tool:postData": _Pd}) try: username, password, email, res = _Pd.get("data")[0], _Pd.get( "data")[1], _Pd.get("data")[2], _Pd.get("res") except (AttributeError, IndexError), e: res.update({'msg': "Server Error", "code": 500}) logger.error(res) logger.error(e) return res if not username or not password: logger.debug({ "User:post:request.json(user, pass)": (username, password), "res": res.update({ 'msg': 'Invaild username or password', 'code': 1016 }) }) #code:1016, 请求的username或password为空。 return res else: res.update({'data': {'username': username, 'email': email}}) #define username and password length(can be from config.py) if len(username) < 5 or len(password) < 5: res.update({ 'msg': 'username or password length of at least 5', 'code': 1010 }) #code:1010, username/password length < 5 logger.warn(res) return res if chinese_check.search(unicode( username)): #reload(sys), and set defaultencoding('utf8') res.update({ 'msg': 'username contains Chinese, not allowed!', 'code': 1019 }) #code:1019,请求的username含有中文 logger.error(res) return res if email and mail_check.match(email) == None: logger.debug( { "User:post:request.json": email, "res": res.update({ 'msg': "email format error", 'code': 1017 }) } ) #when email has set, otherwise, pass `if...abort`. The code:1017, email format error in request.json. return res #Start Action with (log, reg) _MD5pass = md5(password) action = request.args.get("action") #log or reg (登录or注册) ReqData = dbUser(username, password=True, uid=True) #ReqData is True(user is exists), it's dict, eg:{'username': u'xxxxx', 'password': u'xxxxxxxxxx'} logger.debug({"request.action": action, 'ReqData': ReqData}) if action == 'log': #When `ReqData` is True, has user, it's right, continue login if not ReqData: res.update({ 'msg': 'User not exists', 'code': 1018 }) #code:1018, 登录请求时,请求中的username在数据库中获取不到信息(没有此用户)。 logger.warn(res) return res try: _DBuser = ReqData.get('username') _DBpass = ReqData.get('password') res['data']['uid'] = ReqData.get('id') except AttributeError, e: logger.error(e) res.update({ 'msg': 'User not exists', 'code': 1018 }) #code:1018, 登录请求时,请求中的username在数据库中获取不到信息(没有此用户)。 logger.warn(res) return res else: logger.debug({ 'ReqUser': username, 'ReqPassMD5': _MD5pass, 'DBuser': _DBuser, 'DBpass': _DBpass }) if _MD5pass == _DBpass: res.update({ 'msg': 'Password authentication success at sign in', 'code': 0 }) #code:0, it's successful else: res.update({ 'msg': 'Password authentication failed at sign in', 'code': 1011 }) #code:1011, request pass != mysql pass logger.info(res) return res