def api_access_token(): """ GET: 客户端获取/刷新AccessToken (必须使用SecretToken验证通过) 如果请求头中带有ClientId 则使用客户端提供的ClientId, 否则创建新的ClientId :return: """ data = rest_token_auth.create_access_token() return response_format(data)
def sys_host_connection_test(): """ PUT: 服务器连接测试 host_ip:<str> :return: """ data = sys_host_connect_test() return response_format(data)
def user_public(): """ GET: 获取用户公开信息 user_id:<str> is_basic:<int>, 0或1,默认1. 为1时只获取最基本的用户信息 :return: """ data = public_profile() return response_format(data)
def api_plug_goods_sales(): ''' GET: ''' if request.c_method == "PUT": data = update_quantity() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405} return response_format(data)
def api_audit_rule_key(): ''' GET: 获取审核规则的所有key与说明, 也就config设置中的audit :return: ''' keys = get_config("name_audit", "AUDIT_PROJECT_KEY") data = {"keys":keys} return response_format(data)
def sys_host_cmd_exec(): """ PUT: 命令执行 host_ip:<str> cmd:<str>, 要执行的Linux 命令,如果没有则自动执行主机保存的常用命令 :return: """ data = sys_host_exec_cmd() return response_format(data)
def api_sys_log(): ''' GET: 获取文件日志 name:<str>,日志名称 ip:<str>,要获取哪个主机的日志 page:<int> :return: ''' data = sys_log() return response_format(data)
def api_account_password_reset(): ''' PUT: 账户密码重设 now_password:<str>,目前使用的密码 password:<str>, 新密码 password2:<str>, 再次确认新密码 :return: ''' data = account_password_reset() return response_format(data)
def internal_server_error(e): """ 处理服务器错误 :param e: :return: """ try: code = e.code except BaseException: code = 500 msg_type = "w" msg = gettext("An error occurred. Please contact the administrator") if code == 401: msg = gettext("Permission denied") elif code == 404: msg = gettext("The api does not exist or has been deprecated") elif code == 500: msg = gettext("Server error") msg_type = "e" elif isinstance(code, int) and code // 500 == 1: msg = gettext( "Server error, please check whether the third-party plug-in is normal" ) msg_type = "e" data = { "http_status": code, "custom_status": None, "request_id": g.weblog_id, "msg": msg, "msg_type": msg_type } if request.path.startswith(api.url_prefix): return response_format(data) else: g.site_global = dict(g.site_global, **get_global_site_data(req_type="view")) path = "{}/pages/{}.html".format( # get_config("theme", "CURRENT_THEME_NAME"), g.get_config("theme", "CURRENT_THEME_NAME"), code) absolute_path = os.path.abspath("{}/{}".format( theme_view.template_folder, path)) if not os.path.isfile(absolute_path): # 主题不存在<e.code>错误页面(如404页面),使用系统自带的页面 path = "{}/module/exception/{}.html".format( admin_view.template_folder, code) return render_absolute_path_template(path, data=data), 404 return render_template(path, data=data), code
def handle_osr_token_error(e): data = { "custom_status": e.code, "msg": e.description, "msg_type": "e", "error_id": 40104, "help": gettext( "Please add the 'OSR-RestToken' or 'X-CSRFToken' request header," " the specific use please refer to the osroom system documentation:" " http://osroom.com")} return response_format(data)
def api_post_access(): ''' GET: 获取post数据统计 days:<int> ''' if request.c_method == "GET": data = post_access() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405} return response_format(data)
def api_comment_access(): """ GET: 获取comment数据统计 days:<int> """ if request.c_method == "GET": data = comment_access() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def decorated_function(*args, **kwargs): custom_login_required = custom_url_login_auth() if custom_login_required and current_user.is_anonymous: return redirect(get_config("login_manager", "LOGIN_VIEW")) custom_per = custom_url_permissions() if custom_per: r = current_user.can(custom_per) if not r: keys = " or ".join(get_permission_key(custom_per)) return response_format({"msg": gettext('Permission denied,requires "{}" permission').format( keys), "msg_type": "w", "http_status": 401}) return f(*args, **kwargs)
def api_account_email(): """ PUT 账户邮件修改 email:<email>, 要绑定的新邮箱 new_email_code:<str>, 新邮箱收取到的验证码,用于保证绑定的邮箱时用户自己的 current_email_code:<str>, 当前邮箱收取的验证码,用于保证邮箱修改是用户自己发起 password:<str>, 账户的登录密码 :return: """ data = email_update() return response_format(data)
def get_role_permissions(): ''' GET: 获取所有的权限表 :return: ''' data = [] for k, v in CONFIG["permission"].items(): if not re.search(r"^__.*__$", k): data.append((k, v["value"], v["info"])) data = {"permissions": sorted(data, key=lambda x: x[1])} return response_format(data)
def api_search(): """ GET: 搜索(暂不支持全文搜索), 只能搜索文章, 用户 keyword:<str>, Search keywords target:<str>, 可选"post" 或 "user". 不使用此参数则搜索所有可选目标 page:<int>,第几页,默认第1页 pre:<int>, 每页多少条 """ data = search_process() return response_format(data)
def api_account_basic(): ''' 用户基础设置 PUT: 编辑用户基础设置 username:<str>, 新的用户名 custom_domain:<str>, 个性域名 editor:<str>, 'rich_text' or 'markdown' 如果你有多个文本编辑器的话,可以加入这个选项 :return: ''' data = user_basic_edit() return response_format(data)
def api_get_theme_names(): """ GET: 获取当前所有主题名称 :return: """ if request.c_method == "GET": data = get_theme_names() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def api_adm_send_msg(): """ POST 发送消息 title:<title>,标题 content:<str>,正文 content_html:<str>,正文html send_type:<array>,发送类型on_site, email, sms . 如:["email"], 也可以同时发送多个个["email", "on_site"] username:<array>, 接收信息的用户名, 如["test", "test2"] :return: """ data = send_msg() return response_format(data)
def api_adm_user(): """ GET: 1. 获取指定ID的用户基本信息 id:<str> , user id 2.分页获取所有用户 status:<str>,用户状态,"normal" or "inactive" or "cancelled" page:<int>,第几页,默认第1页 pre:<int>, 每页查询多少条 keyword:<str>, Search keywords, 搜索的时候使用 PUT: 1.编辑用户 id:<str>, user id role_id:<str>, role id active:<int>, 0 or 1 2.激活或冻结用户 op:<str>, 为"activation" active:<int>, 0 or 1, 0为冻结, 1为激活 ids:<array> 3.恢复用户,将状态改为未删除 op:<str>, 为"restore" ids:<array> DELETE: 删除用户,非数据库删除 ids:<array> """ if request.c_method == "GET": if request.argget.all('id'): data = user() else: data = users() elif request.c_method == "PUT": if request.argget.all('op') == "restore": data = user_restore() elif request.argget.all('op') == "activation": data = user_activation() else: data = user_edit() elif request.c_method == "DELETE": data = user_del() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def api_adm_install_requs(): """ 插件需求包安装 PUT: 插件需求包安装 plugin_name:<str>, 插件名 :return: """ if request.c_method == "PUT": data = install_require_package() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def api_account_password_retrieve(): ''' PUT: 忘记密码,重设 获取验证码,只需要传回参数email,return回一个{code:{'_id':'', str:'',time:'' }} 设置新密码,需要全部参数 email_code:<str>, 邮件中收到的验证码 email:<str>, 邮箱 password:<str>, 新密码 password:<str>, 再次确认密码 :return: ''' data = account_password_retrieve() return response_format(data)
def api_search_logs(): """ GET: 获取用户的搜索历史 number:<int>, 获取最后的多少条历史, 默认10, 最大20 """ if request.c_method == "GET": data = get_search_logs() elif request.c_method == "DELETE": data = clear_search_logs() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def api_post_op(): """ PUT: 喜欢文章 action:<str>, 可以是like(点赞文章) id:<str>, post id """ if request.c_method == "PUT": if request.argget.all('action') == "like": data = post_like() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405} return response_format(data)
def api_adm_user_del(): """ DELETE: 永久删除用户,数据库中删除 ids:<array> permanent:<int> 0 or 1, 0:非数据库删除,只是把状态改成"删除状态",为1:表示永久删除, """ if request.c_method == "DELETE": data = user_del() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def api_sign_in_third_party(platform): ''' PUT & POST & GET: 第三方平台授权登录回调 platform: 平台名称:可以是wechat, qq, github, sina_weibo, alipay, facebook, twitter等 可在sys_config.py文件中配置LOGIN_PLATFORM :return: ''' s, r = arg_verify(reqargs=[("platform", platform)], only=LOGIN_PLATFORM) if not s: data = r else: data = third_party_sign_in(platform) return response_format(data)
def handle_login_error(e): data = {"http_status": e.code, "msg":gettext("Not logged in"), "error_msg": e.description, "msg_type": "e", "to_url":get_config("login_manager", "LOGIN_VIEW"), "error_id": 40105} if request.headers.get('OSR-RestToken'): data["to_url"] = get_config("login_manager", "LOGIN_VIEW") if request.path.startswith(api.url_prefix): # api 响应Json数据 return response_format(data) # 页面, 跳转到登录 if request.path.startswith("/osr-admin"): return redirect(DEFAULT_ADMIN_LOGIN_PAGE) else: return redirect(data["to_url"])
def api_adm_comment(): """ GET: 获取评论 status:<str>,"is_issued"(正常发布) or "not_audit"(等待审核) or "unqualified"(未通过审核) or "user_remove"(用户删除的) keyword:<str>,搜索关键字 sort:<array>,排序, 1表示升序, -1表示降序.如: 按时间降序 [{"issue_time":-1}] 按时间升序 [{"issue_time": 1}] 先后按赞(like)数降序, 评论数降序,pv降序, 发布时间降序 [{"like": -1},{"issue_time": -1}] 默认时按时间降序, 也可以用其他字段排序 page:<int>,第几页,默认第1页 pre:<int>, 每页查询多少条, 默认是config.py配制文件中配制的数量 :return: PATCH or PUT: 1.人工审核comment, 带上参数score op:<str>, "audit" ids:<array>, comment id score:<int>, 0-10分 2.恢复comment, 只能恢复管理员移入待删除的comment, is_delete为2的comment op:<str>, "restore" ids:<array>, comment id DELETE: 删除comment ids:<array>, comment id pending_delete:<int>, 1: is_delete为2, 标记为永久删除, 0:从数据库删除数据 :return: """ if request.c_method == "GET": data = adm_comments() elif request.c_method in ["PUT", "PATCH"]: if request.argget.all("op") == "audit": data = adm_comment_audit() elif request.argget.all("op") == "restore": data = adm_comment_restore() elif request.c_method == "DELETE": data = adm_comment_delete() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)
def api_user_post_op(): ''' POST: 内容发布 title:<str>, 标题 content:<str>, 内容(比如:富文本的html内容),将会保存到数据库中 conetent_text:<str>, 纯文本内容 editor:<str>, 使用的编辑器类型, "markdown" or "rich_text" tags:<array>, 标签 category:<str>, post category id. post分类 cover_url:<str>,文章封面图url,默认为空 issue_way:<str>, 可选'issue' or 'save'. 发布或者保存为草稿 PUT or PATCH: 1.内容修改 id:<str>, 编辑已有的文章需要传入id, 新建文章不需要 title:<str>, 标题 content:<str>, 内容(比如:富文本的html内容),将会保存到数据库中 conetent_text:<str>, 纯文本内容 editor:<str>, 使用的编辑器类型, "markdown" or "rich_text" tags:<array>, 标签 category:<str>, post category id. post分类 issue_way:<str>, 可选'issue' or 'save'. 发布或者保存为草稿 2.恢复回收站的post op:<str>, restore ids:<array>, posts id DELETE: 删除post ids:<array>, posts id recycle:<int>,1 or 0, 1:则移入回收站, 0: 则直接标记为永久删除, 管理员才可见 ''' if request.c_method == "POST": data = post_issue() elif request.c_method in ["PUT","PATCH"]: if request.argget.all('op') == "restore": data = post_restore() else: data = post_issue() elif request.c_method == "DELETE": data = post_delete() else: data = {"msg_type":"w", "msg":METHOD_WARNING, "http_status":405} return response_format(data)
def api_permission(): """ GET: 1.获取系统的权限数据详情 pre:<int>,每页获取几条数据,默认10 page:<int>,第几页,默认1 keyword:<str>,搜索关键字 is_details:<int>, 必须是1 2.只获取系统的全部权限的value, name, explain, 以及已使用的权重位置 不填任何参数 POST: 添加一个权限 name:<str>, 名称 position:<int>, 二进制中的位置 explain:<str>,说明 is_default:<int>, 0表示不作为默认权限, 1表示作为默认权限之一 PUT: 更新权限 id:<str>,id name:<str>, 名称 position:<int>, 二进制中的位置 explain:<str>,说明 is_default:<int>, 0表示不作为默认权限, 1表示作为默认权限之一 DELETE: 删除手动添加的页面路由 ids:<array> :return: """ if request.c_method == "GET": if request.argget.all("id"): data = permission() elif request.argget.all("is_details"): data = permissions_details() else: data = permissions() elif request.c_method == "POST": data = add_per() elif request.c_method == "PUT": data = edit_per() elif request.c_method == "DELETE": data = delete_per() else: data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405} return response_format(data)