def api_access_token():
"""
GET:
客户端获取/刷新AccessToken (必须使用SecretToken验证通过)
如果请求头中带有ClientId 则使用客户端提供的ClientId, 否则创建新的ClientId
:return:
"""
data = rest_token_auth.create_access_token()
return response_format(data)
def sys_host_connection_test():
"""
PUT:
服务器连接测试
host_ip:<str>
:return:
"""
data = sys_host_connect_test()
return response_format(data)
def user_public():
"""
GET:
获取用户公开信息
user_id:<str>
is_basic:<int>, 0或1,默认1. 为1时只获取最基本的用户信息
:return:
"""
data = public_profile()
return response_format(data)
def api_plug_goods_sales():
'''
GET:
'''
if request.c_method == "PUT":
data = update_quantity()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405}
return response_format(data)
def api_audit_rule_key():
'''
GET:
获取审核规则的所有key与说明, 也就config设置中的audit
:return:
'''
keys = get_config("name_audit", "AUDIT_PROJECT_KEY")
data = {"keys":keys}
return response_format(data)
def sys_host_cmd_exec():
"""
PUT:
命令执行
host_ip:<str>
cmd:<str>, 要执行的Linux 命令,如果没有则自动执行主机保存的常用命令
:return:
"""
data = sys_host_exec_cmd()
return response_format(data)
def api_sys_log():
'''
GET:
获取文件日志
name:<str>,日志名称
ip:<str>,要获取哪个主机的日志
page:<int>
:return:
'''
data = sys_log()
return response_format(data)
def api_account_password_reset():
'''
PUT:
账户密码重设
now_password:<str>,目前使用的密码
password:<str>, 新密码
password2:<str>, 再次确认新密码
:return:
'''
data = account_password_reset()
return response_format(data)
def internal_server_error(e):
"""
处理服务器错误
:param e:
:return:
"""
try:
code = e.code
except BaseException:
code = 500
msg_type = "w"
msg = gettext("An error occurred. Please contact the administrator")
if code == 401:
msg = gettext("Permission denied")
elif code == 404:
msg = gettext("The api does not exist or has been deprecated")
elif code == 500:
msg = gettext("Server error")
msg_type = "e"
elif isinstance(code, int) and code // 500 == 1:
msg = gettext(
"Server error, please check whether the third-party plug-in is normal"
)
msg_type = "e"
data = {
"http_status": code,
"custom_status": None,
"request_id": g.weblog_id,
"msg": msg,
"msg_type": msg_type
}
if request.path.startswith(api.url_prefix):
return response_format(data)
else:
g.site_global = dict(g.site_global,
**get_global_site_data(req_type="view"))
path = "{}/pages/{}.html".format(
# get_config("theme", "CURRENT_THEME_NAME"),
g.get_config("theme", "CURRENT_THEME_NAME"),
code)
absolute_path = os.path.abspath("{}/{}".format(
theme_view.template_folder, path))
if not os.path.isfile(absolute_path):
# 主题不存在<e.code>错误页面(如404页面),使用系统自带的页面
path = "{}/module/exception/{}.html".format(
admin_view.template_folder, code)
return render_absolute_path_template(path, data=data), 404
return render_template(path, data=data), code
def handle_osr_token_error(e):
data = {
"custom_status": e.code,
"msg": e.description,
"msg_type": "e",
"error_id": 40104,
"help": gettext(
"Please add the 'OSR-RestToken' or 'X-CSRFToken' request header,"
" the specific use please refer to the osroom system documentation:"
" http://osroom.com")}
return response_format(data)
def api_post_access():
'''
GET:
获取post数据统计
days:<int>
'''
if request.c_method == "GET":
data = post_access()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405}
return response_format(data)
def api_comment_access():
"""
GET:
获取comment数据统计
days:<int>
"""
if request.c_method == "GET":
data = comment_access()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def decorated_function(*args, **kwargs):
custom_login_required = custom_url_login_auth()
if custom_login_required and current_user.is_anonymous:
return redirect(get_config("login_manager", "LOGIN_VIEW"))
custom_per = custom_url_permissions()
if custom_per:
r = current_user.can(custom_per)
if not r:
keys = " or ".join(get_permission_key(custom_per))
return response_format({"msg": gettext('Permission denied,requires "{}" permission').format(
keys), "msg_type": "w", "http_status": 401})
return f(*args, **kwargs)
def api_account_email():
"""
PUT
账户邮件修改
email:<email>, 要绑定的新邮箱
new_email_code:<str>, 新邮箱收取到的验证码,用于保证绑定的邮箱时用户自己的
current_email_code:<str>, 当前邮箱收取的验证码,用于保证邮箱修改是用户自己发起
password:<str>, 账户的登录密码
:return:
"""
data = email_update()
return response_format(data)
def get_role_permissions():
'''
GET:
获取所有的权限表
:return:
'''
data = []
for k, v in CONFIG["permission"].items():
if not re.search(r"^__.*__$", k):
data.append((k, v["value"], v["info"]))
data = {"permissions": sorted(data, key=lambda x: x[1])}
return response_format(data)
def api_search():
"""
GET:
搜索(暂不支持全文搜索), 只能搜索文章, 用户
keyword:<str>, Search keywords
target:<str>, 可选"post" 或 "user". 不使用此参数则搜索所有可选目标
page:<int>,第几页,默认第1页
pre:<int>, 每页多少条
"""
data = search_process()
return response_format(data)
def api_account_basic():
'''
用户基础设置
PUT:
编辑用户基础设置
username:<str>, 新的用户名
custom_domain:<str>, 个性域名
editor:<str>, 'rich_text' or 'markdown' 如果你有多个文本编辑器的话,可以加入这个选项
:return:
'''
data = user_basic_edit()
return response_format(data)
def api_get_theme_names():
"""
GET:
获取当前所有主题名称
:return:
"""
if request.c_method == "GET":
data = get_theme_names()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def api_adm_send_msg():
"""
POST
发送消息
title:<title>,标题
content:<str>,正文
content_html:<str>,正文html
send_type:<array>,发送类型on_site, email, sms . 如:["email"], 也可以同时发送多个个["email", "on_site"]
username:<array>, 接收信息的用户名, 如["test", "test2"]
:return:
"""
data = send_msg()
return response_format(data)
def api_adm_user():
"""
GET:
1. 获取指定ID的用户基本信息
id:<str> , user id
2.分页获取所有用户
status:<str>,用户状态,"normal" or "inactive" or "cancelled"
page:<int>,第几页,默认第1页
pre:<int>, 每页查询多少条
keyword:<str>, Search keywords, 搜索的时候使用
PUT:
1.编辑用户
id:<str>, user id
role_id:<str>, role id
active:<int>, 0 or 1
2.激活或冻结用户
op:<str>, 为"activation"
active:<int>, 0 or 1, 0为冻结, 1为激活
ids:<array>
3.恢复用户,将状态改为未删除
op:<str>, 为"restore"
ids:<array>
DELETE:
删除用户,非数据库删除
ids:<array>
"""
if request.c_method == "GET":
if request.argget.all('id'):
data = user()
else:
data = users()
elif request.c_method == "PUT":
if request.argget.all('op') == "restore":
data = user_restore()
elif request.argget.all('op') == "activation":
data = user_activation()
else:
data = user_edit()
elif request.c_method == "DELETE":
data = user_del()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def api_adm_install_requs():
"""
插件需求包安装
PUT:
插件需求包安装
plugin_name:<str>, 插件名
:return:
"""
if request.c_method == "PUT":
data = install_require_package()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def api_account_password_retrieve():
'''
PUT:
忘记密码,重设
获取验证码,只需要传回参数email,return回一个{code:{'_id':'', str:'',time:'' }}
设置新密码,需要全部参数
email_code:<str>, 邮件中收到的验证码
email:<str>, 邮箱
password:<str>, 新密码
password:<str>, 再次确认密码
:return:
'''
data = account_password_retrieve()
return response_format(data)
def api_search_logs():
"""
GET:
获取用户的搜索历史
number:<int>, 获取最后的多少条历史, 默认10, 最大20
"""
if request.c_method == "GET":
data = get_search_logs()
elif request.c_method == "DELETE":
data = clear_search_logs()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def api_post_op():
"""
PUT:
喜欢文章
action:<str>, 可以是like(点赞文章)
id:<str>, post id
"""
if request.c_method == "PUT":
if request.argget.all('action') == "like":
data = post_like()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405}
return response_format(data)
def api_adm_user_del():
"""
DELETE:
永久删除用户,数据库中删除
ids:<array>
permanent:<int> 0 or 1, 0:非数据库删除,只是把状态改成"删除状态",为1:表示永久删除,
"""
if request.c_method == "DELETE":
data = user_del()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def api_sign_in_third_party(platform):
'''
PUT & POST & GET:
第三方平台授权登录回调
platform: 平台名称:可以是wechat, qq, github, sina_weibo, alipay, facebook, twitter等
可在sys_config.py文件中配置LOGIN_PLATFORM
:return:
'''
s, r = arg_verify(reqargs=[("platform", platform)], only=LOGIN_PLATFORM)
if not s:
data = r
else:
data = third_party_sign_in(platform)
return response_format(data)
def handle_login_error(e):
data = {"http_status": e.code, "msg":gettext("Not logged in"), "error_msg": e.description, "msg_type": "e",
"to_url":get_config("login_manager", "LOGIN_VIEW"),
"error_id": 40105}
if request.headers.get('OSR-RestToken'):
data["to_url"] = get_config("login_manager", "LOGIN_VIEW")
if request.path.startswith(api.url_prefix):
# api 响应Json数据
return response_format(data)
# 页面, 跳转到登录
if request.path.startswith("/osr-admin"):
return redirect(DEFAULT_ADMIN_LOGIN_PAGE)
else:
return redirect(data["to_url"])
def api_adm_comment():
"""
GET:
获取评论
status:<str>,"is_issued"(正常发布) or "not_audit"(等待审核) or "unqualified"(未通过审核) or "user_remove"(用户删除的)
keyword:<str>,搜索关键字
sort:<array>,排序, 1表示升序, -1表示降序.如:
按时间降序 [{"issue_time":-1}]
按时间升序 [{"issue_time": 1}]
先后按赞(like)数降序, 评论数降序,pv降序, 发布时间降序
[{"like": -1},{"issue_time": -1}]
默认时按时间降序, 也可以用其他字段排序
page:<int>,第几页,默认第1页
pre:<int>, 每页查询多少条, 默认是config.py配制文件中配制的数量
:return:
PATCH or PUT:
1.人工审核comment, 带上参数score
op:<str>, "audit"
ids:<array>, comment id
score:<int>, 0-10分
2.恢复comment, 只能恢复管理员移入待删除的comment, is_delete为2的comment
op:<str>, "restore"
ids:<array>, comment id
DELETE:
删除comment
ids:<array>, comment id
pending_delete:<int>, 1: is_delete为2, 标记为永久删除, 0:从数据库删除数据
:return:
"""
if request.c_method == "GET":
data = adm_comments()
elif request.c_method in ["PUT", "PATCH"]:
if request.argget.all("op") == "audit":
data = adm_comment_audit()
elif request.argget.all("op") == "restore":
data = adm_comment_restore()
elif request.c_method == "DELETE":
data = adm_comment_delete()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
def api_user_post_op():
'''
POST:
内容发布
title:<str>, 标题
content:<str>, 内容(比如:富文本的html内容),将会保存到数据库中
conetent_text:<str>, 纯文本内容
editor:<str>, 使用的编辑器类型, "markdown" or "rich_text"
tags:<array>, 标签
category:<str>, post category id. post分类
cover_url:<str>,文章封面图url,默认为空
issue_way:<str>, 可选'issue' or 'save'. 发布或者保存为草稿
PUT or PATCH:
1.内容修改
id:<str>, 编辑已有的文章需要传入id, 新建文章不需要
title:<str>, 标题
content:<str>, 内容(比如:富文本的html内容),将会保存到数据库中
conetent_text:<str>, 纯文本内容
editor:<str>, 使用的编辑器类型, "markdown" or "rich_text"
tags:<array>, 标签
category:<str>, post category id. post分类
issue_way:<str>, 可选'issue' or 'save'. 发布或者保存为草稿
2.恢复回收站的post
op:<str>, restore
ids:<array>, posts id
DELETE:
删除post
ids:<array>, posts id
recycle:<int>,1 or 0, 1:则移入回收站, 0: 则直接标记为永久删除, 管理员才可见
'''
if request.c_method == "POST":
data = post_issue()
elif request.c_method in ["PUT","PATCH"]:
if request.argget.all('op') == "restore":
data = post_restore()
else:
data = post_issue()
elif request.c_method == "DELETE":
data = post_delete()
else:
data = {"msg_type":"w", "msg":METHOD_WARNING, "http_status":405}
return response_format(data)
def api_permission():
"""
GET:
1.获取系统的权限数据详情
pre:<int>,每页获取几条数据,默认10
page:<int>,第几页,默认1
keyword:<str>,搜索关键字
is_details:<int>, 必须是1
2.只获取系统的全部权限的value, name, explain, 以及已使用的权重位置
不填任何参数
POST:
添加一个权限
name:<str>, 名称
position:<int>, 二进制中的位置
explain:<str>,说明
is_default:<int>, 0表示不作为默认权限, 1表示作为默认权限之一
PUT:
更新权限
id:<str>,id
name:<str>, 名称
position:<int>, 二进制中的位置
explain:<str>,说明
is_default:<int>, 0表示不作为默认权限, 1表示作为默认权限之一
DELETE:
删除手动添加的页面路由
ids:<array>
:return:
"""
if request.c_method == "GET":
if request.argget.all("id"):
data = permission()
elif request.argget.all("is_details"):
data = permissions_details()
else:
data = permissions()
elif request.c_method == "POST":
data = add_per()
elif request.c_method == "PUT":
data = edit_per()
elif request.c_method == "DELETE":
data = delete_per()
else:
data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
return response_format(data)
