def post(self, book_id):
# 如果用户之前已经评了分,这里默认无法再评分
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
parser.add_argument('book_score', type=float, required=True)
args = parser.parse_args()
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
book_score = float(args.get('book_score'))
cursor.execute(
"SELECT Book_score, Book_score_num from Books where book_id = '%d'"
% book_id)
result = cursor.fetchone()
book_s = result['Book_score']
book_s_n = result['Book_score_num']
new_book_s = (book_s * book_s_n + book_score) / (book_s_n + 1.0)
cursor.execute(
"UPDATE Books set Book_score_num = Book_score_num + 1, Book_score = '%f' where Book_id = '%d'"
% (new_book_s, book_id))
connection.commit()
cursor.execute("SELECT Book_score from Books where Book_id = '%d'" %
book_id)
result = cursor.fetchone()
connection.commit()
return {'result': result}
def post(self, movie_id):
# 如果用户之前已经评了分,这里默认无法再评分
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
parser.add_argument('movie_score', type=float, required=True)
args = parser.parse_args()
token = args.get('token')
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
movie_score = float(args.get('movie_score'))
cursor.execute(
"SELECT Movie_score, Movie_score_num from Movies where Movie_id = '%d'"
% movie_id)
result = cursor.fetchone()
movie_s = result['Movie_score']
movie_s_n = result['Movie_score_num']
new_movie_s = (movie_s * movie_s_n + movie_score) / (movie_s_n + 1.0)
cursor.execute(
"UPDATE Movies set Movie_score_num = Movie_score_num + 1, Movie_score = '%f' where Movie_id = '%d'"
% (new_movie_s, movie_id))
connection.commit()
cursor.execute("SELECT Movie_score from Movies where Movie_id = '%d'" %
movie_id)
result = cursor.fetchone()
connection.commit()
return {'result': result}
def post(self):
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
parser.add_argument('old_password', type=str, required=True)
parser.add_argument('new_password', type=str, required=True)
args = parser.parse_args(strict=True)
# 前端记得验证两次密码不同
token = args.get('token')
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
old_p = args.get('old_password')
new_p = args['new_password']
new_p_hash = generate_password_hash(new_p,
method='pbkdf2:sha1',
salt_length=8)
cursor.execute("SELECT User_password FROM User WHERE User_id = '%d' " %
user_id)
result = cursor.fetchone()['User_password']
connection.commit()
if result is None:
return {'message': 'User does not exist.'}, 403
if check_password_hash(result, old_p):
cursor.execute(
"UPDATE User set User_password = '******' WHERE User_id = '%d' " %
(new_p_hash, user_id))
connection.commit()
return {'result': {'message': 'Modify successfully.'}}
else:
return {'message': 'The old password is wrong.'}, 403
def post(self, group_content_id):
parser = RequestParser()
parser.add_argument("token",
type=str,
location="headers",
required=True)
args = parser.parse_args(strict=True)
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute(
"SELECT * FROM Group_Contents WHERE Group_content_id like '%s' " %
(group_content_id, ))
result = cursor.fetchone()
connection.commit()
if result is None:
abort_if_doesnt_exist("Group_content_id")
group_id = result['Group_id']
cursor.execute("SELECT * FROM Groups WHERE Group_id like '%s' " %
(group_id, ))
result = cursor.fetchone()
if result['User_id'] != user_id:
return {'message': 'Unauthorized.'}, 401
cursor.execute(
"DELETE FROM Group_Contents WHERE Group_content_id like '%s' " %
(group_content_id, ))
connection.commit()
return {'result': {'message': 'Delete success.'}}
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('name', type=str, required=True)
parser.add_argument("password", type=str, required=True)
parser.add_argument("email", type=str, required=True)
parser.add_argument("phonenum", type=str, required=True)
parser.add_argument("motto", type=str)
req = parser.parse_args(strict=True)
name = req['name']
password = req['password']
pwhash = generate_password_hash(password,
method='pbkdf2:sha1',
salt_length=8)
email = req['email']
phonenum = req['phonenum']
motto = req['motto']
cursor.execute(
"INSERT INTO `User` (User_password,User_name,User_email,User_phonenum,User_authority,User_motto) VALUES ('%s','%s','%s','%s',1,'%s')"
% (pwhash, name, email, phonenum, motto))
connection.commit()
cursor.execute("SELECT User_id FROM User WHERE User_name LIKE '%s'" %
(name))
result = cursor.fetchone()
token = create_token(result['User_id'])
connection.commit()
return {'result': {'token': token}}
def get(self):
cursor.execute(
"SELECT Topic_id FROM Topic_Contents GROUP BY Topic_id ORDER BY COUNT(Topic_Content_id) DESC"
)
result = cursor.fetchmany(2)
connection.commit()
cursor.execute(
"SELECT * FROM Topics WHERE Topic_id = '%d' or Topic_id = '%d'" %
(result[0]['Topic_id'], result[1]['Topic_id']))
result = cursor.fetchall()
connection.commit()
return {'result': result}
def get(self):
parser = reqparse.RequestParser()
parser.add_argument("keywords",
type=str,
location="args",
required=True)
req = parser.parse_args(strict=True)
keywords = '%' + req.get("keywords") + '%'
cursor.execute("SELECT * FROM Books WHERE Book_name LIKE '%s' " %
(keywords))
result = cursor.fetchall()
connection.commit()
return {'result': result}
def get(self):
parser = reqparse.RequestParser()
parser.add_argument("keywords",
type=str,
location="args",
required=True)
req = parser.parse_args(strict=True)
keywords = '%' + req.get("keywords") + '%'
cursor.execute(
"SELECT * FROM Group_Contents WHERE Group_content_title LIKE '%s' OR Group_content_content LIKE '%s' "
% (keywords, keywords))
result = cursor.fetchall()
connection.commit()
for i in result:
i['Create_time'] = str(i['Create_time'])
return {'result': result}
def get(self):
parser = RequestParser()
parser.add_argument('token',
type=str,
location="headers",
required=True)
args = parser.parse_args(strict=True)
token = args.get('token')
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute("SELECT * FROM User_Topic WHERE User_id = %d" %
(user_id))
result = cursor.fetchall()
connection.commit()
return {"result": result}
def post(self):
parser = RequestParser()
parser.add_argument('user_email', type=str, required=True)
args = parser.parse_args(strict=True)
email = args.get('user_email')
cursor.execute("SELECT * FROM User WHERE User_email = '%s'" % email)
connection.commit()
result = cursor.fetchone()
if result is None:
return {'message': 'Wrong email.'}, 403
send_email(
'[豆辛瓜辛] Reset Your Password',
sender=app.config['ADMINS'][0],
recipients=[email], # templates中内容暂时用于测试
text_body=render_template('reset_password.txt', user=result),
html_body=render_template('reset_password.html', user=result))
def get(self):
parser = reqparse.RequestParser()
parser.add_argument("token",
type=str,
location="headers",
required=True)
req = parser.parse_args(strict=True)
token = req['token']
user_id = verify_token(token)
if user_id is not None:
cursor.execute(
"SELECT User_id,User_name,User_email,User_phonenum,User_authority,User_motto FROM User WHERE User_id LIKE '%s'"
% (user_id))
result = cursor.fetchone()
connection.commit()
return {'result': result}
else:
return {'message': 'Illegal token.'}, 403
def post(self):
parser = RequestParser()
parser.add_argument('new_password', type=str, required=True)
parser.add_argument('token',
type=str,
location="headers",
required=True)
args = parser.parse_args(strict=True)
token = args.get('token')
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
n_pw = args.get('new_password')
n_pwhash = generate_password_hash(n_pw)
cursor.execute(
"UPDATE User set User_password = '******' where User_id = '%d'" %
(n_pwhash, user_id))
connection.commit()
return {'message': 'Reset successfully.'}
def post(self, book_comment_id):
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
parser.add_argument('type', type=int, required=True)
args = parser.parse_args()
token = args["token"]
approve_type = args['type']
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
if approve_type != -1 and approve_type != 1:
return {'message': 'Illegal type(not -1 or 1).'}, 400
cursor.execute(
"SELECT Type FROM Book_Comment_Approvals WHERE Book_comment_id = %d AND User_id = %d"
% (book_comment_id, user_id))
result = cursor.fetchone()
if result != None:
connection.commit()
return {'message': 'duplicate approve or disapprove.'}, 403
cursor.execute(
"INSERT INTO Book_Comment_Approvals(Book_comment_id,User_id,type) VALUES(%d,%d,%d)"
% (book_comment_id, user_id, approve_type))
if approve_type == 1:
temp_str = "Book_comment_approve"
else:
temp_str = "Book_comment_disapprove"
cursor.execute("UPDATE Book_Comments \
SET %s = %s + 1 \
WHERE Book_comment_id = %d" % (
temp_str,
temp_str,
book_comment_id,
))
connection.commit()
cursor.execute(
"SELECT * FROM Book_Comments WHERE Book_comment_id = %d " %
(book_comment_id))
result = cursor.fetchone()
result['Create_time'] = str(result['Create_time'])
return {'result': result}
def get(self, topic_id):
cursor.execute("SELECT * FROM Topics WHERE Topic_id LIKE '%s'" %
(topic_id))
result = cursor.fetchone()
if result is None:
abort_if_doesnt_exist("Topic_id")
cursor.execute(
"SELECT Topic_content_id,Topic_content_content,Topic_content_image,Topic_id,Create_time,`User`.User_id,`User`.User_name FROM Topic_Contents,`User`\
WHERE Topic_id = %d AND Topic_Contents.User_id=`User`.User_id" %
(topic_id))
content = cursor.fetchall()
connection.commit()
for i in content:
i['Create_time'] = str(i['Create_time'])
return {
'result': {
'info': result,
'contents': content,
}
}
def get(self, group_id):
cursor.execute("SELECT * FROM Groups WHERE Group_id LIKE '%s'" %
(group_id))
result = cursor.fetchone()
if result is None:
abort_if_doesnt_exist("Group_id")
cursor.execute(
"SELECT Group_content_id,Group_content_content,Group_content_title,Group_id,Group_content_image,Create_time,\
Is_highlighted,Is_pinned,`User`.User_id,`User`.User_name FROM Group_Contents,`User`\
WHERE Group_id=%d and Group_Contents.User_id=User.User_id ORDER BY Is_pinned DESC"
% (group_id))
content = cursor.fetchall()
connection.commit()
for i in content:
i['Create_time'] = str(i['Create_time'])
return {
'result': {
'info': result,
'contents': content,
}
}
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('name', type=str, required=True)
parser.add_argument("password", type=str, required=True)
req = parser.parse_args(strict=True)
name = req['name']
password = req['password']
cursor.execute("SELECT * FROM User WHERE User_name LIKE '%s'" % name)
result = cursor.fetchone()
connection.commit()
if result is None:
return {
'message': 'Login error, incorrect password or username.'
}, 403
if check_password_hash(result['User_password'], password):
token = create_token(result['User_id'])
return {'result': {'token': token}}
else:
return {
'message': 'Login error, incorrect password or username.'
}, 403
def get(self, book_id):
cursor.execute("SELECT * FROM Books WHERE Book_id LIKE '%s'" %
(book_id))
result = cursor.fetchone()
if result is None:
abort_if_doesnt_exist("Book_id")
cursor.execute(
"SELECT Book_comment_id,Book_comment_title,Book_comment_approve,Book_comment_disapprove,Book_comment_content,\
Book_id,Create_time,`User`.User_id,`User`.User_name FROM Book_Comments,`User`\
WHERE Book_id= %d and Book_Comments.User_id=User.User_id" %
(book_id))
content = cursor.fetchall()
connection.commit()
for i in content:
i['Create_time'] = str(i['Create_time'])
return {
'result': {
'info': result,
'comments': content,
}
}
def post(self, group_id): # 点击按钮进行参与,post请求
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
args = parser.parse_args(strict=True)
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute(
"SELECT * FROM User_Group where User_id = %d and Group_id = %d" %
(user_id, group_id))
result = cursor.fetchone()
connection.commit()
if result is not None:
return {'message': 'You have joined the group before.'}, 403
cursor.execute("INSERT INTO User_Group values('%d', '%d')" %
(group_id, user_id))
connection.commit()
cursor.execute(
"SELECT * from User_Group where User_id = '%d' and Group_id = '%d'"
% (user_id, group_id))
result = cursor.fetchone()
connection.commit()
return {'result': result}
def post(self, book_comment_id):
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
parser.add_argument('book_report_title', type=str, required=True)
parser.add_argument('book_report_reason', type=str, required=True)
args = parser.parse_args()
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
report_t = args.get('book_report_title')
report_r = args.get('book_report_reason')
cursor.execute(
"INSERT INTO Book_Reports(Book_report_title, Book_report_reason, User_id, Book_comment_id) \
values('%s', '%s', '%d', '%d')" %
(report_t, report_r, user_id, book_comment_id))
connection.commit()
cursor.execute("SELECT LAST_INSERT_ID()")
connection.commit()
result = cursor.fetchone()['LAST_INSERT_ID()']
cursor.execute(
"SELECT * FROM Book_Reports WHERE Book_report_id = '%d'" % result)
connection.commit()
result = cursor.fetchone()
result['Create_time'] = str(result['Create_time'])
return {'result': result}
def post(self, book_id):
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
parser.add_argument('book_comment_content', type=str, required=True)
parser.add_argument('book_comment_title', type=str, required=True)
args = parser.parse_args(strict=True)
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
book_com = args.get('book_comment_content')
book_com_t = args.get('book_comment_title')
cursor.execute(
"INSERT into Book_Comments(Book_comment_title, Book_comment_approve, Book_comment_disapprove, \
Book_comment_content, User_id, Book_id) \
values('%s','%d','%d','%s','%d','%d')" %
(book_com_t, 0, 0, book_com, user_id, book_id))
connection.commit()
cursor.execute("SELECT LAST_INSERT_ID()")
connection.commit()
result = cursor.fetchone()['LAST_INSERT_ID()']
cursor.execute(
"SELECT * FROM Book_Comments where Book_comment_id = '%d'" %
result)
result = cursor.fetchone()
connection.commit()
result['Create_time'] = str(result['Create_time'])
return {'result': result}
def get(self):
parser = RequestParser()
parser.add_argument('token',
type=str,
location="headers",
required=True)
args = parser.parse_args(strict=True)
token = args.get('token')
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute("SELECT * FROM Movie_Reports WHERE User_id = %d" %
(user_id))
result_m = cursor.fetchall()
for i in result_m:
i['Create_time'] = str(i['Create_time'])
cursor.execute("SELECT * FROM Book_Reports WHERE User_id = %d" %
(user_id))
result_b = cursor.fetchall()
for i in result_b:
i['Create_time'] = str(i['Create_time'])
connection.commit()
return {"result": {"books": result_b, "movies": result_m}}
def get(self):
cursor.execute(
"SELECT Book_comment_id,Book_comment_title,Book_comment_approve,Book_comment_disapprove,Book_comment_content,\
Book_id,Create_time,`User`.User_id,`User`.User_name FROM Book_Comments,`User`\
WHERE Book_Comments.User_id=User.User_id")
resultb = cursor.fetchall()
connection.commit()
cursor.execute(
"SELECT Movie_comment_id,Movie_comment_title,Movie_comment_approve,Movie_comment_disapprove,Movie_comment_content,\
Movie_id,Create_time,`User`.User_id,`User`.User_name FROM Movie_Comments,`User`\
WHERE Movie_Comments.User_id=User.User_id")
resultm = cursor.fetchall()
connection.commit()
for i in resultb:
i['Create_time'] = str(i['Create_time'])
for i in resultm:
i['Create_time'] = str(i['Create_time'])
return {
'result': {
'book_comments': resultb,
'movie_comments': resultm,
}
}
def post(self, group_id):
parser = RequestParser()
parser.add_argument("token",
type=str,
location="headers",
required=True)
parser.add_argument('group_apply_content', type=str, required=True)
args = parser.parse_args(strict=True)
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
group_apply_content = args['group_apply_content']
cursor.execute(
"INSERT into Group_Apply(Group_apply_content,Group_id,User_id)\
VALUES('%s',%d,%d)" % (group_apply_content, group_id, user_id))
connection.commit()
cursor.execute("SELECT LAST_INSERT_ID()")
result = cursor.fetchone()['LAST_INSERT_ID()']
cursor.execute("SELECT * FROM Group_Apply where Group_apply_id = %d" %
result)
result = cursor.fetchone()
connection.commit()
return {'result': result}
def post(self, group_id):
parser = RequestParser()
parser.add_argument("token",
type=str,
location="headers",
required=True)
parser.add_argument('group_content_title', type=str, required=True)
parser.add_argument('group_content_content', type=str, required=True)
parser.add_argument('group_content_image', type=str)
args = parser.parse_args(strict=True)
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute(
"SELECT * FROM User_Group where User_id = %d and Group_id = %d" %
(user_id, group_id))
result = cursor.fetchone()
connection.commit()
if result is None:
return {'message': 'You have not joined the group.'}, 403
group_content_title = args['group_content_title']
group_content_content = args['group_content_content']
group_content_image = args['group_content_image']
cursor.execute(
"INSERT into Group_Contents(Group_content_title, Group_content_content, Group_id, \
User_id, Group_content_image,Is_highlighted,Is_pinned) \
values('%s','%s',%d,%d,'%s',0,0)" %
(group_content_title, group_content_content, group_id, user_id,
group_content_image))
connection.commit()
cursor.execute("SELECT LAST_INSERT_ID()")
result = cursor.fetchone()['LAST_INSERT_ID()']
cursor.execute(
"SELECT * FROM Group_Contents where Group_content_id = %d" %
result)
result = cursor.fetchone()
connection.commit()
result['Create_time'] = str(result['Create_time'])
return {'result': result}
def delete(self, book_comment_id):
parser = RequestParser()
parser.add_argument('token',
type=str,
location='headers',
required=True)
args = parser.parse_args()
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute(
"SELECT Type FROM Book_Comment_Approvals WHERE Book_comment_id = %d AND User_id = %d"
% (book_comment_id, user_id))
result = cursor.fetchone()
if result == None:
connection.commit()
abort_if_doesnt_exist("book_comment_id")
approve_type = result['Type']
cursor.execute(
"DELETE FROM Book_Comment_Approvals WHERE Book_comment_id = %d AND User_id = %d "
% (book_comment_id, user_id))
if approve_type == 1:
temp_str = "Book_comment_approve"
else:
temp_str = "Book_comment_disapprove"
cursor.execute("UPDATE Book_Comments \
SET %s = %s - 1 \
WHERE Book_comment_id = %d" %
(temp_str, temp_str, book_comment_id))
connection.commit()
cursor.execute(
"SELECT * FROM Book_Comments WHERE Book_comment_id = %d " %
(book_comment_id))
result = cursor.fetchone()
result['Create_time'] = str(result['Create_time'])
connection.commit()
return {'result': result}
def post(self, topic_id):
parser = RequestParser()
parser.add_argument("token",
type=str,
location="headers",
required=True)
parser.add_argument('topic_content_content', type=str, required=True)
parser.add_argument('topic_content_image', type=str)
args = parser.parse_args(strict=True)
token = args["token"]
user_id = verify_token(token)
if user_id is None:
return {'message': 'Illegal token.'}, 403
cursor.execute(
"SELECT * FROM User_Topic where User_id = %d and Topic_id = %d" %
(user_id, topic_id))
result = cursor.fetchone()
connection.commit()
if result is None:
return {'message': 'You have not joined the topic.'}, 403
topic_content_content = args['topic_content_content']
topic_content_image = args['topic_content_image']
cursor.execute(
"INSERT into Topic_Contents( Topic_content_content, Topic_id, \
User_id, Topic_content_image) \
values('%s',%d,%d,'%s')" %
(topic_content_content, topic_id, user_id, topic_content_image))
connection.commit()
cursor.execute("SELECT LAST_INSERT_ID()")
result = cursor.fetchone()['LAST_INSERT_ID()']
cursor.execute(
"SELECT * FROM Topic_Contents where Topic_content_id = %d" %
result)
result = cursor.fetchone()
connection.commit()
result['Create_time'] = str(result['Create_time'])
return {'result': result}
def get(self):
cursor.execute('SELECT * FROM Groups;')
connection.commit()
return {'result': cursor.fetchall()}
def alive():
cursor.execute("SELECT * FROM phones")
cursor.fetchone()
connection.commit()
print('interval execute.')
