async def api_modify_password(request, *, user_id, password0, password1, password2): if request.__user__ is None: raise APIPermissionError('You must login first!') if not user_id or not user_id.strip(): raise APIValueError('user_id', 'user_id can not be empty.') if not password0 or not password0.strip(): raise APIValueError('password0', 'old password can not be empty.') if not password1 or not RE_SHA1.match(password1): raise APIValueError('password1', 'Invalid new password.') if not password2 or not RE_SHA1.match(password2): raise APIValueError('password2', 'Invalid confirmimg password.') user = await User.find(user_id) if user is None: raise APIResourceNotFoundError('User not found') # 检查密码 sha1 = hashlib.sha1() sha1.update(user_id.encode('utf-8')) sha1.update(b':') sha1.update(password0.encode('utf-8')) if user.password != sha1.hexdigest(): raise APIValueError('password', 'Invalid old password.') # 修改密码 sha1_password = '******' % (user_id, password1) user.password = hashlib.sha1(sha1_password.encode('utf-8')).hexdigest() await user.update() return dict(user_id=user_id)
async def api_delete_category(id, request): if request.__user__ is None or not request.__user__.admin: raise APIPermissionError('Only admin can do this!') cat = await Category.find(id) if cat is None: raise APIResourceNotFoundError('Category') await cat.remove() return dict(id=id)
async def api_delete_user(id, request): if request.__user__ is None or not request.__user__.admin: raise APIPermissionError('Only admin can do this!') user = await User.find(id) if user is None: raise APIResourceNotFoundError('User') await user.remove() return dict(id=id)
async def api_delete_blog(request, *, id): if request.__user__ is None or not request.__user__.admin: raise APIPermissionError('Only admin can do this!') blog = await Blog.find(id) if blog is None: raise APIResourceNotFoundError('Blog') await blog.remove() return dict(id=id)
async def api_create_comment(id, request, *, content): user = request.__user__ if user is None or not user.admin: raise APIPermissionError('Only admin can do this!') if not content or not content.strip(): raise APIValueError('comment', 'Comment can not be empty.') blog = await Blog.find(id) if blog is None: raise APIResourceNotFoundError('Blog') comment = Comment(blog_id=blog.id, user_id=user.id, user_name=user.name, user_image=user.image, content=content.strip()) await comment.save() return comment