def all(): u = current_user() uid = u.id todos = Todo.all_todos(user_id=uid) todos_dict = [] for t in todos: todo = { 'id': t.id, 'title': t.title, 'user_id': t.user_id, 'created_time': t.created_time, 'updated_time': t.updated_time, } todos_dict.append(todo) return jsonify(todos_dict)
def index(): send_mail_result = session.pop('send_mail_result', None) send_mail_success = session.pop('send_mail_success', False) u = current_user() send_mails = Mail.all(sender_id=u.id) receive_mails = Mail.all(receiver_id=u.id) csrf_token = make_csrf_token(u) return render_template('mail/index.html', u=u, send_mails=send_mails, receive_mails=receive_mails, csrf_token=csrf_token, s_m_r=send_mail_result, s_m_s=send_mail_success)
def avatar_add(): file: FileStorage = request.files['avatar'] suffix = file.filename.split('.')[-1] if suffix not in ['gif', 'jpg', 'jpeg', 'png']: abort(400) log('不接受的后缀, {}'.format(suffix)) else: filename = '{}.{}'.format(str(uuid.uuid4()), suffix) path = os.path.join('images', filename) file.save(path) u = current_user() User.update(u.id, image='/images/{}'.format(filename)) return redirect(url_for('.profile'))
def image_add(): file = request.files['avatar'] suffix = file.filename.split('.')[-1] filename = '{}.{}'.format(str(uuid.uuid4()), suffix) path = os.path.join('images', filename) file.save(path) u = current_user() id = u.id images = dict(image='/images/{}'.format(filename), ) m = User.update(id, **images) flash('头像修改成功') return redirect(url_for('.setting'))
def f(request): log('same_user_required') u = current_user(request) if 'id' in request.query: comment_id = request.query['id'] else: form = request.json() comment_id = int(form['id']) w = Comment.one(id=int(comment_id)) z = Weibo.one(id=w.weibo_id) if w.user_id == u.id or u.id == z.user_id: return route_function(request) else: d = dict(message="权限不足") return json_response(d)
def f(request): log('weibo_owner_required') u = current_user(request) method = request.method if method == 'POST': weibo_id = request.form()['id'] else: weibo_id = request.query['id'] log('*** weibo_owner_required *** weibo_id <{}>'.format(weibo_id)) w = Weibo.one(id=int(weibo_id)) if w.user_id == u.id: return route_function(request) else: return redirect('/weibo/index')
def profile(): u = current_user() if u is None: return redirect(url_for('.index')) else: user_topics = Topic.all_current_user_topic(u.id) replied_topics = Topic.all_replied_topic(u.id) # for t in user_topics: # u = t.last_reply_user() # print('last reply user', u, u.image) board_id = int(request.args.get('board_id', -1)) return render_template('profile.html', user=u, ms=user_topics, rs=replied_topics, bid=board_id)
def add_img(): # file 是一个上传的文件对象 file = request.files['avatar'] suffix = file.filename.split('.')[-1] if valid_suffix(suffix): # 上传的文件用 secure_filename 函数过滤一下名字 # 防止这情况:../../../../../../../root/.ssh/authorized_keys # filename = secure_filename(file.filename) filename = '{}.{}'.format(str(uuid.uuid4()), suffix) file.save(os.path.join('static/user_image', filename)) u = current_user() User.update(u.id, dict( user_image='/static/user_image/{}'.format(filename) )) return redirect(url_for("index.user_detail", id=u.id))
def edit(request): headers = {'Content-Type': 'text/html'} uname = current_user(request) user = User.find_by(username=uname) todo = Todo.find_by(id=int(request.query.get('id', -1))) log('todo: ', todo, todo.user_id) if user.id != todo.user_id: return redirect('/todo') header = response_with_headers(headers) body = template('todo_edit.html') body = body.replace('{{todo_id}}', str(todo.id)).replace('{{todo_title}}', str(todo.title)) response = header + '\r\n' + body return response.encode('utf-8')
def add_img(): # file 是一个上传的文件对象 file = request.files['avatar'] suffix = file.filename.split('.')[-1] if valid_suffix(suffix): # 上传的文件一定要用 secure_filename 函数过滤一下名字 # ../../../../../../../root/.ssh/authorized_keys # filename = secure_filename(file.filename) filename = '{}.{}'.format(str(uuid.uuid4()), suffix) print('avatar path', os.path.join(config.basedir + '/user_image', filename)) file.save(os.path.join(config.basedir + '/user_image', filename)) u = current_user() u.update(dict(user_image='/uploads/{}'.format(filename))) return redirect(url_for(".profile"))
def sweep(): """清理所有已读信息""" u = current_user() owner_id = int(request.form.get('owner_id', -1)) owner = cached_user_id2user(owner_id) if owner is not None: if owner_id == u.id: read_infos = Info.all(receiver_id=owner_id, been_read=True) with data_cache.pipeline(transaction=False) as pipe: for i in read_infos: Info.delete(i) key = 'user_id_{}.received_info'.format(u.id) pipe.delete(key) pipe.execute() return redirect(url_for('.info'))
def topic_content(topic_id): topic = add_read_num(topic_id) replys = Reply.all(topic_id=topic_id) u = current_user() if not u.is_guest(): token = Csrf.one(user_id=u.id).csrf_token else: token = '' response = make_response( render_template('detail.html', topic=topic, replys=replys, user=u, token=token)) return response
def avatar_add(): u = current_user() token = request.args['token'] # if token in csrf_tokens and csrf_tokens[token] == u.id: if r.exists(token) and int(r.get(token).decode()) == u.id: file: FileStorage = request.files['avatar'] suffix = file.filename.split('.')[-1] filename = '{}.{}'.format(str(uuid.uuid4()), suffix) path = os.path.join('static/images', filename) file.save(path) User.update(u.id, image='/static/images/{}'.format(filename)) # return render_template('profile.html', user=u) r.delete(token) return redirect(url_for('.profile')) else: return 'CSRF攻击'
def add_img(): # file 上传 file = request.files['avatar'] suffix = file.filename.split('.')[-1] if valid_suffix(suffix): # 上传文件的名字要处理一下 # flask也有自带的 secure_filename 函数过滤 # filename = secure_filename(file.filename) filename = '{}.{}'.format(str(uuid.uuid4()), suffix) file.save(os.path.join('user_image', filename)) u = current_user() User.update(u.id, dict( user_image='/uploads/{}'.format(filename) )) return redirect(url_for(".setting"))
def index(): """ weibo 首页的路由函数 """ # u = current_user() # weibos = Weibo.all(user_id=u.id) # # 替换模板文件中的标记字符串 # return html_response('weibo_index.html', weibos=weibos, user=u) if 'id' in request.args: user_id = int(request.args['id']) u = User.one(id=user_id) else: u = current_user() weibos = Weibo.all(user_id=u.id) return render_template('weibo_index.html', weibos=weibos, user=u)
def update(): token = request.args.get('token') form = request.form id = int(form.get('id', -1)) name = form.get('name', '') u = current_user() t = get_token(u.id) if t.content == token and '' != name: flash_token(t) b = Theme.find(id) log('update board 用户是', u.id, u.username, b) b.name = name b.save() return redirect(url_for('board.edit')) else: abort(403)
def f(): if 'id' in request.args: log('if true', request.args) comment_id = int(request.args['id']) else: log('if false') form: dict = request.json comment_id = int(form.get('id')) u = current_user() c = Comment.find_by(id=comment_id) w = Weibo.find_by(id=c.weibo_id) if c.user_id == u.id or w.user_id == u.id: return route_function() else: d = dict(remove=False, message="权限不足") return jsonify(d)
def view(id): message: Messages = Messages.one(id=id) u = current_user() is_sender = u.id == message.sender_id is_receiver = u.id == message.receiver_id if is_receiver or is_sender: if is_receiver and not message.been_read: message.been_read = True message.save() key = 'message_id_{}.message'.format(message.id) data_cache.delete(key) return render_template('mail/detail.html', message=message, user=u) else: return abort(404)
def login_view(request): u = current_user(request) result = request.query.get('result', '') result = unquote_plus(result) if u is not None: username = u.username else: username = User.guest().username body = RenderTemplate.render( 'login.html', username=username, result=result, ) return html_response(body)
def user_detail(id): now_time = int(time.time()) u = User.one(id=id) cu = current_user() if u is None: abort(404) else: diff = now_time - int(u.created_time) diff = round(diff / 60 / 60) print(now_time, u.created_time, diff) return render_template( 'profile.html', user=cu, other=u, # time=now_time - u.created_time) time=diff)
def index(): form = request.args board_id = form.get('board_id', -1) board_id = int(board_id) if board_id == -1: # 访问主页,显示所有的ts ts = Topic.all() else: # 返回版块下的ts,无论board_id是否有效都能处理 ts = Topic.all(board_id=board_id) u = current_user() bs = Board.all() # 传入board_id是为了让点击的版块呈现选中的效果 return render_template("index.html", ts=ts, u=u, bs=bs, board_id=board_id)
def login(request): """ 登录页面的路由函数 """ log('login, headers', request.headers) log('login, cookies', request.cookies) user_current = current_user(request) log('current user', user_current) form = request.form() user, result = User.login(form) if user.is_guest(): return redirect('/user/login/view?result={}'.format(result)) else: session_id = Session.add(user_id=user.id) return redirect('/user/login/view?result={}'.format(result), session_id)
def login(): session.clear() if request.method == 'POST': form = request.form username = form.get('username') password = form.get('password') if User.validate_login(username, password): u = User.find_by(username=username) session['user_id'] = u.id returnurl = request.args.get('returnurl') flash('You were successfully logged in!', 'success') return redirect(returnurl or url_for('main.index')) else: flash('Invalid username or password!', 'danger') u = current_user() return render_template('login.html', username=u.username)
def add(): # 发电子邮件 form = request.form.to_dict() form['receiver_id'] = int(form['receiver_id']) u = current_user() form['sender_id'] = u.id r = User.one(id=form['receiver_id']) m = Message(subject=form['title'], body=form['content'], sender=admin_mail, recipients=[r.email]) mail.send(m) m = Messages.new(form) return redirect(url_for('.index'))
def profile(): u = current_user() if u is None: return redirect(url_for('.index')) else: # 获取发布的 topic topic = created_topic(u.id) # 获取参与的 topic replied = replied_topic(u.id) return render_template( 'profile.html', user=u, topic=topic, replied=replied, )
def index(): board_id = request.args.get("board_id", -1) if board_id == -1: ts = Topic.all() else: ts = Topic.find_all(board_id=board_id) bs = Board.all() u = current_user() # log("u: ", u) # log("type of u: ", type(u)) if u is not None: token = str(uuid.uuid4()) csrf_tokens[token] = u._id return render_template("topic/index.html", ts=ts, token=token, bs=bs) else: return render_template("topic/index.html", ts=ts, bs=bs)
def avatar_add(): file: FileStorage = request.files['avatar'] # file = request.files['avatar'] # filename = file.filename # ../../root/.ssh/authorized_keys # images/../../root/.ssh/authorized_keys # filename = secure_filename(file.filename) suffix = file.filename.split('.')[-1] filename = '{}.{}'.format(str(uuid.uuid4()), suffix) path = os.path.join('images', filename) file.save(path) u = current_user() User.update(u.id, image='/images/{}'.format(filename)) return redirect(url_for('.setting'))
def profile(username): user = current_user() u = User.one(username=username) if u == user: t = created_topic(u.id) topics = [i for i in reversed(t)] r = Reply.all(user_id=u.id) for i in r: print('测试', i.topic()) replys = [i for i in reversed(r)] return render_template("user_profile.html", topics=topics, replys=replys, user=u) else: return redirect(url_for('topic.index'))
def edit(request): """ /todo/edit 的路由函数 """ headers = { 'Content-Type': 'text/html', } # 找到当前登录的用户, 如果没登录, 就 redirect 到 /login uname = current_user(request) u = User.find_by(username=uname) if u is None: return redirect('/login') # 得到当前编辑的 todo 的 id,如果获取不到就设置为-1 todo_id = int(request.query.get('id', -1)) # 找到当前被编辑的条目的数据,按照当前编辑的 todo 的 id来寻找, # 比如编辑 {"id": 3, "title": "喝水", "user_id": 1},那么按照"id": 3取数据文件中查询 # 比如 t = < Todo id: (3) title: (喝水) user_id: (1) > t = Todo.find_by(id=todo_id) # log('找到当前登录用户要编辑的数据的对应id', t) # 判断被编辑的这个数据对应的用户id(t.user_id)和编辑这个数据的用户id(u.id)是否一致 # 比如 t.user_id = 1, u.id = 1 # 如果两者相等说明登录用户在修改自己的数据,不相等说明登录用户在修改别人的数据,那这个是不允许的,就重定向到登录页面 if t.user_id != u.id: return redirect('/login') # if todo_id < 1: # return error(404) # 如果 t.user_id 和 u.id 相等,先读todo_edit.html 页面 # 再替换模板文件todo_edit.html中的标记字符串{{todo_id}}为当前被编辑的todo的数据的id, # {{todo_title}}为当前被编辑的todo的数据的title body = template('todo_edit.html') body = body.replace('{{todo_id}}', str(t.id)) body = body.replace('{{todo_title}}', str(t.title)) # 下面 3 行可以改写为一条函数, 还把 headers 也放进函数中 # 通过response_with_headers拿到服务器响应,headers上面设置了,headers = {'Content-Type': 'text/html',} # 返回请求头, HTTP/1.1 200 VERY OK\r\nContent-Type: text/html\r\n header = response_with_headers(headers) # 把请求头和body拼接 """ HTTP/1.1 200 VERY OK\r\n Content-Type: text/html\r\n\r\n <html> ......... </html> """ r = header + '\r\n' + body return r.encode(encoding='utf-8')
def f(request): if 'id' in request.query: weibo_id = int(request.query['id']) else: form = request.json() weibo_id = int(form['id']) weibo = Weibo.find_by(id=weibo_id) u = current_user(request) if u.id == weibo.user_id: return api_function(request) else: d = dict( status=410, message="权限不足,请求无法执行", ) return json_response(d)