def f(request): method = request.method # 根据query的id获取todo对象 # 因为是与todo id匹配,所以todo id一定会通过GET或者POST放在request中 # 比如 edit 是 GET,update 是 POST if method == 'GET': todo_id = int(request.query['id']) elif method == 'POST': todo_id = int(request.form()['id']) # 如果都不是,直接重定向到/todo else: return redirect('/todo') t = Todo.find_by(id=todo_id) # todo对象对应的uid t_uid = t.user_id # 获取当前用户id u = current_user(request) # 当前用户uid与todo uid不匹配 if u.id != t_uid: return redirect('/todo') # 如果当前用户id与todo的uid一致 else: return next_func(request)
def edit(request): """ todo edit 的路由函数 """ headers = { 'Content-Type': 'text/html', } uname = current_user(request) u = User.find_by(username=uname) if u is None: return redirect('/login') # 得到当前编辑的 todo 的 id todo_id = int(request.query.get('id', -1)) t = Todo.find_by(id=todo_id) if t.user_id != u.id: return redirect('/login') # if todo_id < 1: # return error(404) # 替换模板文件中的标记字符串 body = template('todo_edit.html') body = body.replace('{{todo_id}}', str(t.id)) body = body.replace('{{todo_title}}', str(t.title)) # 下面 3 行可以改写为一条函数, 还把 headers 也放进函数中 header = response_with_headers(headers) r = header + '\r\n' + body return r.encode(encoding='utf-8')
def register(request): form = request.form() u, result = User.register(form) log('register post', result) if u.is_guest(): return redirect('/user/register/view?result={}'.format(result)) else: return redirect('/user/login/view?result={}'.format(result))
def login(request): form = request.form() user, result = User.login(form) if user.is_guest(): return redirect('/user/login/view?result={}'.format(result)) else: session_id = Session.add(user_id=user.id) return redirect('/user/login/view?result={}'.format(result), session_id)
def register(request): if request.method == 'POST': form = request.form() if User.validate_register(form): return redirect('/login') else: return redirect('/register') else: body = render_template('register.html') return http_response(body)
def login(request): log('login, headers', request.headers) log('login, cookies', request.cookies) form = request.form() user, result = User.login(form) if user.is_guest(): return redirect('/user/login/view?result={}'.format(result)) else: session_id = Session.add(user_id=user.id) return redirect('/user/login/view?result={}'.format(result), session_id)
def todo_delete(request): username = current_user(request) u = User.find_by(username=username) todo_id = int(request.query.get('id', -1)) t = Todo.find_by(id=todo_id) if t.user_id != u.id: # 如果 todo 的 user_id 不是 对应的 user 的 id, 无法删除该 todo return redirect('/login') Todo.remove(todo_id) return redirect('/todo')
def todo_delete(request): todo_id = request.query.get('todo_id', '') cookie = request.cookies.get(' user', '') c = Cookie.find_by(cookie=cookie) todo = Todo.find_by(id=int(todo_id)) if todo and todo.username != c.name: log("==========================u.username != usname") return redirect('/login') if todo_id: Todo.delete(id=int(todo_id)) return redirect('/todo')
def comment_delete(request): u = current_user(request) comment_id = int(request.query.get('id', -1)) comment = Comment.find_by(id=comment_id) weibo = Weibo.find_by(id=comment.weibo_id) # 若当前用户为 comment 作者 或 相应的微博作者,允许删除 if u.id in (comment.user_id, weibo.user_id): comment.delete(comment.id) return redirect('/weibo/index?user_id={}'.format(u.id)) # 否则直接重定向到当前用户微博页面 else: return redirect('/weibo/index?user_id={}'.format(u.id))
def user_register(request): """ 注册页面的路由函数 """ if request.method == 'POST': form = request.form() if User.register(form): return redirect('/user/login') else: return redirect('/register') body = template('register.html') return http_response(body)
def register(request): """ 注册页面的路由函数 """ form = request.form() u, result = User.register(form) log('register post', result) if u.is_guest(): return redirect('/user/register/view?result={}'.format(quote(result))) return redirect('/user/login/view?result={}'.format(quote(result)))
def update(request): uname = current_user(request) u = User.find_by(username=uname) if u is None: return redirect('/login') if request.method == 'POST': form = request.form() todo_id = int(form.get('id', -1)) t = Todo.find_by(id=todo_id) t.title = form.get('title', t.title) t.save() return redirect('/todo')
def delete_todo(request): uname = current_user(request) u = User.find_by(username=uname) if u is None: return redirect('/login') todo_id = int(request.query.get('id', -1)) t = Todo.find_by(id=todo_id) if t.user_id != u.id: return redirect('/login') if t is not None: t.remove() return redirect('/todo')
def update_user_password(request): """ 更新用户密码 """ u = current_user(request) old_password = request.form().get('old_password') # 若输入的旧密码与当前用户密码一致,允许更新密码 if u.password == User.salted_password(old_password): u.update(request.form().get('new_password')) return redirect('/login') # 否则重定向到首页 else: return redirect('/')
def admin_update(request): u = current_user(request) # 设定用户id=1是管理员进行权限验证 if u.id != 1: return redirect('/login') form = request.form() print(form.get('id', -1)) user_id = int(form.get('id', -1)) user_password = form.get('password', '') user = User.find_by(id=user_id) user.password = user.salted_password(user_password) user.save() return redirect('/admin/users')
def comment_delete(request): # 获取comment id form = request.form() if 'cid' in request.query: c_id = request.query['cid'] elif 'cid' in form: c_id = form['cid'] else: return redirect('/weibo/index') # 根据comment id删除评论 Comment.delete(int(c_id)) return redirect('/weibo/index')
def register(request) -> bytes: if request.method == 'POST': form = request.form() user, result = User.register(form) if user.is_guest(): return redirect('/todo/register?result={}'.format(result)) else: session_id = Session.save(user.id) header = { 'Set-Cookie': 'session_id={}; HttpOnly; path=/'.format(session_id) } return redirect('/', header) else: return redirect('/todo/register')
def register(request): """ 注册页面的处理函数 注册成功后返回首页 注册失败则返回注册页面重新注册 """ form = request.form() u, result = User.register(form) log('register post', result) if u.is_guest(): return redirect('/user/register/view?result={}'.format(result)) else: return redirect('/')
def todo_edit(request): """ 编辑页面显示 """ headers = { 'Content-Type': 'text/html', } username = current_user(request) u = User.find_by(username=username) # 得到当前编辑的 todo 的 id # 此时页面的 url 含有 query ?id=1, request.query 解析为了一个字典 todo_id = request.query.get('id', -1) if todo_id == -1: # 没找到, 反正错误页面 return error(request) t = Todo.find_by(id=int(todo_id)) if t.user_id != u.id: # 如果 todo 的 user_id 不是 对应的 user 的 id, 无法修改该 todo return redirect('/login') body = template('todo_edit.html') body = body.replace('{{todo_id}}', str(t.id)) body = body.replace('{{todo_title}}', str(t.title)) header = response_with_headers(headers) response = header + '\r\n' + body return response.encode('utf-8')
def login(request): """ 登录页面的路由函数 """ log('login, headers', request.headers) log('login, cookies', request.cookies) user_current = current_user(request) log('current user', user_current) form = request.form() user, result = User.login(form) if user.is_guest(): return redirect('/user/login/view?result={}'.format(result)) else: session_id = Session.add(user_id=user.id) return redirect('/user/login/view?result={}'.format(result), session_id)
def delete(request): weibo_id = int(request.query['id']) Weibo.delete(weibo_id) cs = Comment.all(weibo_id=weibo_id) for c in cs: Comment.delete(c.id) return redirect('/weibo/index')
def route_login(request): """ 登录页面的路由函数 """ log('login, cookies', request.cookies) if request.method == 'POST': form = request.form() u = User(form) if u.validate_login(): session_id = random_str() u = User.find_by(username=u.username) s = Session.new(dict( session_id=session_id, user_id=u.id, )) s.save() log('session', s) headers = { 'Set-Cookie': 'sid={}'.format(session_id) } # 登录后定向到 / return redirect('/', headers) # 显示登录页面 body = template('login.html') return http_response(body)
def register(request): form = request.form() u, result = User.register(form) log('register post', result) return redirect('/user/register/view?result={}'.format(quote(result)))
def add(request): u = current_user(request) form = request.form() Todo.add(form, u.id) # 浏览器发送数据过来被处理后, 重定向到首页 # 浏览器在请求新首页的时候, 就能看到新增的数据了 return redirect('/todo/index')
def comment_delete(request): # 删除评论 # 判断当前用户是否有权限 comment_id = int(request.query['id']) # 只有评论用户和评论所属的微博的用户都能删除评论 Comment.delete(comment_id) return redirect('/weibo/index')
def route_register(request): """ 注册的处理函数, 返回主页的响应 """ if request.method == 'POST': form = request.form() user = User.new(form) if user.validate_register(): user.save() # 为登录用户的 cookie 有效期设置为 1 年 headers = add_session_headers(user, expired_month=12) return redirect('/', headers) else: return redirect('/login') body = template('login.html') return http_response(body)
def delete(request): """ 删除 todo """ todo_id = int(request.query['id']) Todo.delete(todo_id) return redirect('/todo/index')
def f(request): u = current_user(request) if u.id == User.guest().id: log('非注册用户 redirect') return redirect('/login') else: return route_function(request)
def comment_add(request): u = current_user(request) form = request.form() form['user_id'] = u.id # log('comment_add+form', form) Comment.new(form) return redirect('/weibo/index')
def f(request): u = current_user(request) log('admin', u) if u.is_admin(): return nxt_func(request) else: return redirect('/login')