def before_request():
g.user = None
try:
if 'id' in session:
g.user = User.get(User.id == session['id'])
except User.DoesNotExist:
g.user = None
if "test" in request.headers:
g.user = User.get(User.id == request.headers.get("test"))
def index(response):
form_id = response.get_field('form_id', 'front')
if form_id == 'front':
response.write(LOGIN_HTML)
elif form_id == 'login':
user = response.get_field('user')
try:
user = User.get(user=user)
set_user(response, user)
response.redirect('/profile')
except DoesNotExistError:
response.redirect('/')
elif form_id == 'signup':
user = response.get_field('user')
passwd1 = response.get_field('passwd1')
#passwd2 = response.get_field('passwd2')
first = response.get_field('first')
last = response.get_field('last')
dob = response.get_field('dob')
logger.info('adding user {} ({} {}) with passwd {}'.format(user, first, last, passwd1))
if user and first and last and passwd1:
try:
user = User.add(user=user, passwd=passwd1, first=first, last=last, dob=dob)
set_user(response, user)
response.redirect('/profile')
except IntegrityError:
response.write(LOGIN_HTML)
else:
response.write(LOGIN_HTML)
def get_user_rating():
name = request.args.get('name')
if name is None:
abort(400)
fmt = request.args.get('format', 'json')
try:
user = User.get(User.user == name)
except User.DoesNotExist:
abort(404)
if fmt == 'xml':
def quoteattr(s):
return '"{0}"'.format(str(s)
.replace('&', '&')
.replace('<', '<')
.replace('>', '>')
.replace('"', '"'))
xml = '<?xml version="1.0" encoding="UTF-8"?>\n<mmwatch>\n'
for field in (
('name', user.user.encode('utf-8')),
('rank', user.rank),
('edits', user.edits),
('joined', user.joined.isoformat())
):
xml = xml + ' <{0} value={1} />\n'.format(field[0], quoteattr(field[1]))
xml = xml + '</mmwatch>'
return Response(xml, mimetype='application/xml')
return jsonify(name=user.user, rank=user.rank, edits=user.edits, joined=user.joined.isoformat())
def get_userinfo(email):
try:
userinfo = User.get(User.email == email)
except Exception:
return False
else:
return userinfo
def get_token(login: hug.types.text, password: hug.types.text):
try:
user = User.get(login=login,
password=hashlib.sha1(password.encode()).hexdigest())
return {'token': user.token.token}
except User.DoesNotExist:
raise HTTPError(HTTP_404)
def get_changesets():
if 'osm_token' not in session:
return jsonify(error='Log in please')
user = User.get(User.uid == session['osm_uid'])
today = datetime.utcnow().date()
since = today - today.resolution * 2
resp = openstreetmap.get('changesets?user={}&time={}'.format(
user.uid, since.strftime('%Y-%m-%d')))
if resp.status != 200:
return jsonify(error='Error connecting to OSM API')
result = []
for ch in resp.data:
chtime = datetime.strptime(ch.get('created_at'), '%Y-%m-%dT%H:%M:%SZ')
if chtime.date() < today - today.resolution:
continue
chdata = {'id': int(ch.get('id')), 'time': ch.get('created_at')}
if chtime.date() == today:
hdate = 'Today'
elif chtime.date() == today - today.resolution:
hdate = 'Yesterday'
else:
hdate = chtime.strftime('%d.%m')
chdata['htime'] = hdate + ' ' + chtime.strftime('%H:%M')
for tag in ch.findall('tag'):
if tag.get('k') == 'created_by':
chdata['editor'] = tag.get('v')
elif tag.get('k') == 'comment':
chdata['comment'] = tag.get('v')
result.append(chdata)
return jsonify(changesets=result)
def index(response):
form_id = response.get_field('form_id', 'front')
if form_id == 'front':
response.write(LOGIN_HTML)
elif form_id == 'login':
user = response.get_field('user')
try:
user = User.get(user=user)
set_user(response, user)
response.redirect('/profile')
except DoesNotExistError:
response.redirect('/')
elif form_id == 'signup':
user = response.get_field('user')
passwd1 = response.get_field('passwd1')
#passwd2 = response.get_field('passwd2')
first = response.get_field('first')
last = response.get_field('last')
dob = response.get_field('dob')
logger.info('adding user {} ({} {}) with passwd {}'.format(
user, first, last, passwd1))
if user and first and last and passwd1:
try:
user = User.add(user=user,
passwd=passwd1,
first=first,
last=last,
dob=dob)
set_user(response, user)
response.redirect('/profile')
except IntegrityError:
response.write(LOGIN_HTML)
else:
response.write(LOGIN_HTML)
def join():
if request.method == 'GET':
return render_template('join.html')
username = request.form.get('username')
password = request.form.get('password')
email = request.form.get('email')
if not username:
flash('Please input username')
return redirect(url_for('join'))
elif not password:
flash('Please input password')
return redirect(url_for('join'))
elif not email:
flash('Please input email')
return redirect(url_for('join'))
try:
# use the .get() method to quickly see if a user with that name exists
user = User.get(username=username)
flash('That username is already taken')
except User.DoesNotExist:
# if not, create the user and store the form data on the new model
user = User.create(username=username,
password=md5(password).hexdigest(),
email=email,join_date=datetime.datetime.now())
# mark the user as being 'authenticated' by setting the session vars
auth_user(user)
return redirect(url_for('homepage'))
def auth():
api_key = None
if 'p' in request.form:
api_key = request.form['p']
elif 'k' in request.form:
api_key = request.form['k']
if api_key is None:
return '-1'
try:
User.get(User.username == request.form['e']
and User.api_key == api_key)
# Who knows what these fields mean.
return '0,{api_key},,0'.format(api_key=api_key)
except DoesNotExist:
return '-1'
def wrap(*args, **kwargs):
try:
user = User.get(User.api_key == request.form['k'])
g.user = user
except (KeyError, DoesNotExist):
return jsonify(status='not authorized'), 403
return f(*args, **kwargs)
def wrap(*args, **kwargs):
try:
user = User.get(User.api_key == request.form['k'])
g.user = user
except (KeyError, DoesNotExist):
return jsonify(status='not authorized'), 403
return f(*args, **kwargs)
def userinfo(uid):
user = get_user()
if user and user.name == uid:
return redirect(url_for('front'))
try:
quser = User.get(User.name == uid)
return render_template('userinfo.html', user=user, quser=quser)
except User.DoesNotExist:
return 'Wrong user id'
def update_password(email, new_password):
try:
userinfo = User.get(User.email == email)
userinfo.password = new_password
userinfo.save()
except Exception:
return False
else:
return userinfo
def userinfo(uid):
user = get_user()
try:
quser = User.get(User.name == uid)
return render_template('userinfo.html',
user=user,
quser=quser,
lang=g.lang)
except User.DoesNotExist:
return 'Wrong user id'
def post(response):
user = get_user(response)
if user is None:
return
profile_id = response.get_field('profile_id')
wall = User.get(id=profile_id)
msg = response.get_field('msg')
user.add_post(wall, msg)
render_wall(response, wall.id)
def ban_roadblock_author(_bot: Bot, query: CallbackQuery) -> None:
if query.message.chat.id == mods_chat:
nmaps_message = retrieve_roadblock(mods_id=query.message.message_id)
else:
nmaps_message = retrieve_roadblock(roads_id=query.message.message_id)
query.edit_message_text(BOT_USER_BANNED.format(query.from_user.name,
query.from_user.id),
parse_mode='markdown')
with db_session:
U.get(user_id=nmaps_message.author).banned = True
def route_register_api():
if g.user:
raise APIError("Already logged in!")
params = {k:v for k, v in request.values.items() if k in ["username", "password", "email"]}
if not all(params.values()):
raise APIError("Missing required paramaters!")
try:
User.get((User.username == params["username"]) | (User.email == params["email"]))
raise APIError("User with that username/email already exists!")
except User.DoesNotExist: pass
u = User(username=params["username"], email=params["email"])
u.password = User.hash_password(params["password"])
session["id"] = u.save()
return APIResponse()
def post(response):
user = get_user(response)
if user is None:
return
profile_id = response.get_field('profile_id')
wall = User.get(id=profile_id)
msg = response.get_field('msg')
user.add_post(wall, msg)
render_wall(response, wall.id)
def get_changesets():
if 'osm_token' not in session:
return jsonify(error='Log in please')
user = User.get(User.uid == session['osm_uid'])
try:
result = ch.get_user_changesets(user, openstreetmap, lang=g.lang)
except Exception as e:
import logging
logging.error('Error getting user changesets: %s', e)
return jsonify(error='Error connecting to OSM API')
return jsonify(changesets=result[:10])
def get_user():
if 'osm_uid' in session:
try:
return User.get(User.uid == session['osm_uid'])
except User.DoesNotExist:
# Logging user out
if 'osm_token' in session:
del session['osm_token']
if 'osm_uid' in session:
del session['osm_uid']
return None
def get_user(response):
user_id = response.get_secure_cookie('user_id')
user = None
if user_id is None:
response.redirect('/')
else:
try:
user = User.get(id=int(user_id))
except DoesNotExistError:
response.redirect('/')
return user
def get_user(response):
user_id = response.get_secure_cookie('user_id')
user = None
if user_id is None:
response.redirect('/')
else:
try:
user = User.get(id=int(user_id))
except DoesNotExistError:
response.redirect('/')
return user
def delete_user_by_id(id):
try:
user = User.get(id)
db.session.delete(user)
db.session.commit()
return json.dumps({'success': True, 'data': user}), 200
except:
return json.dumps({
'success': False,
'error': 'Unable to delete user'
}), 400
def update_subscription(_bot: Bot, update: Update) -> None:
user_id = update.effective_user.id
if not User.get(user_id=user_id).is_subscribed():
subscribe_user(user_id)
update.message.reply_text(BOT_SUBSCRIBED_USR,
reply_markup=get_keyboard(update))
else:
unsubscribe_user(user_id)
update.message.reply_text(BOT_UNSUBSCRIBED_USR,
reply_markup=get_keyboard(update))
def oauth():
resp = openstreetmap.authorized_response()
if resp is None:
return 'Denied. <a href="' + url_for('login') + '">Try again</a>.'
session['osm_token'] = (
resp['oauth_token'],
resp['oauth_token_secret']
)
user_details = openstreetmap.get('user/details').data
uid = int(user_details[0].get('id'))
session['osm_uid'] = uid
try:
User.get(User.uid == uid)
except User.DoesNotExist:
User.create(uid=uid)
if session.get('next'):
redir = session['next']
del session['next']
else:
redir = url_for('front')
return redirect(redir)
def route_register():
if g.user:
return redirect("/", code=302)
if request.method == "GET":
return render_template("register.html")
params = {k:v for k, v in request.values.items() if k in ["username", "password", "email"]}
if not all(params.values()):
return redirect("/", code=302)
try:
User.get((User.username == params["username"]) | (User.email == params["email"]))
return redirect("/", code=302)
except User.DoesNotExist: pass
u = User(username=params["username"], email=params["email"])
u.password = User.hash_password(params["password"])
session["id"] = u.save()
g.user = u
return redirect("/", code=302)
def new_roadblock(bot: Bot, message: Message) -> None:
if banned(message.from_user) or message.chat_id == roads_chat \
or spam(message):
return
user_id = message.from_user.id
with db_session:
U.get(user_id=user_id).roadblocks_count += 1
user = bot.get_chat_member(mods_chat, user_id)
if user['status'] in ('creator', 'administrator', 'member'):
bypass_moderators(bot, message)
return
message.reply_text(BOT_MSG_ACCEPT.format(message.from_user.name))
msg = BOT_REQUEST_CHECK.format(message.from_user.name)
mods_message = bot.send_message(mods_chat, msg, reply_markup=mods_keyboard)
message.forward(mods_chat)
with db_session:
Roadblock(author=message.from_user.id,
chat_id=message.chat_id,
chat_message_id=message.message_id,
mods_message_id=mods_message.message_id)
def profile(response, profile_id=None):
user = get_user(response)
if user is None:
return
if profile_id is None:
profile = user
else:
profile = User.get(id=profile_id)
content = open('static/html_plates/profile.html', 'rU').read()
content = content.replace('<% first_name %>', profile.first)
content = content.replace('<% last_name %>', profile.last)
content = content.replace('<% profile_id %>', str(profile.id))
response.write(content)
def profile(response, profile_id=None):
user = get_user(response)
if user is None:
return
if profile_id is None:
profile = user
else:
profile = User.get(id=profile_id)
content = open('static/html_plates/profile.html', 'rU').read()
content = content.replace('<% first_name %>', profile.first)
content = content.replace('<% last_name %>', profile.last)
content = content.replace('<% profile_id %>', str(profile.id))
response.write(content)
def route_api_login():
user = request.values.get("user")
pw = request.values.get("password")
if not user or not pw:
raise APIError("Invalid Paramaters")
try:
u = User.get(User.username == user)
except User.DoesNotExist:
raise APIError("Incorrect Username")
if not u.check_password(pw):
raise APIError("Incorrect Password")
session["id"] = u.id
return APIResponse()
def list_files():
putative_key = request.args.get('k') or request.form.get('k')
try:
user = User.get(User.api_key == putative_key)
except DoesNotExist:
user = None
if user is None:
return jsonify(status='not authorized'), 403
else:
return jsonify(
status='pshuu~',
files={
f.id: {'original_filename': f.original_filename,
'upload_time': f.upload_time,
'url': url_for_file(f)
}
for f in File.select().where(File.user == user)})
def login():
if request.method == "POST":
email = request.form['email']
password = request.form['password']
x = User.get(User.email == email, User.password == password)
x = "yyyy"
# if x:
# session["names"] = x.capitalize()
# session["names"] = x
# # session["names"]=x.names
session["names"] = x
session["id"] = x
session["logged_in"] = True
return redirect(url_for('home'))
else:
# flash("Wrong username or password")
return render_template('login.html')
def list_files():
putative_key = request.args.get('k') or request.form.get('k')
try:
user = User.get(User.api_key == putative_key)
except DoesNotExist:
user = None
if user is None:
return jsonify(status='not authorized'), 403
else:
return jsonify(status='pshuu~',
files={
f.id: {
'original_filename': f.original_filename,
'upload_time': f.upload_time,
'url': url_for_file(f)
}
for f in File.select().where(File.user == user)
})
def cas_handler():
service = request.args.get('service')
ticket = request.args.get('ticket')
if service == None or ticket == None:
return redirect('http://home.ustc.edu.cn/~pengdinglan/cas_market/',
code=302)
service = urllib.parse.quote(service, safe='')
ticket = urllib.parse.quote(ticket, safe='')
request_url = 'https://passport.ustc.edu.cn/serviceValidate?ticket=%s&service=%s' % (
ticket, service)
validate_res = str(urllib.request.urlopen(request_url).read())
if validate_res.find('not recognized') != -1:
return render_template('cas_failed.html',
msg='登陆失败,请稍后再试',
active='cas')
re_user = re.compile('<cas:user>(.*)</cas:user>')
m = re_user.search(validate_res)
if not m:
return render_template('cas_failed.html',
msg='登陆失败,请稍后再试',
active='cas')
student_id = m.group(1)
if student_id[0] not in ['p', 'P']:
return render_template('cas_failed.html', msg='请使用学号登陆', active='cas')
student_id = student_id.upper()
try:
user = User.get(User.student_id == student_id)
login_user(user)
if not user.has_registered:
return redirect('/register', code=302)
else:
return redirect('/myitems', code=302)
except DoesNotExist:
user = User.create(name='',
student_id=student_id,
phone='',
is_admin=False,
has_registered=False)
user.save()
login_user(user)
return redirect('/register', code=302)
def login():
if request.method == 'GET':
return render_template('login.html')
username = request.form.get('username')
password = request.form.get('password')
if not username:
flash('Please input username')
return redirect(url_for('login'))
elif not password:
flash('Please input password')
return redirect(url_for('login'))
try:
user = User.get(
username=username,
password=md5(password).hexdigest()
)
except User.DoesNotExist:
flash('The username or password is incorrect')
return redirect(url_for('login'))
else:
auth_user(user)
return redirect(url_for('homepage'))
def route_login():
if g.user:
return redirect("/", code=302)
if request.method == "GET":
return render_template("login.html")
user = request.values.get("user")
pw = request.values.get("password")
if not user or not pw:
raise APIError("Invalid Paramaters")
try:
u = User.get(User.username == user)
except User.DoesNotExist:
raise APIError("Incorrect Username")
if not u.check_password(pw):
raise APIError("Incorrect Password")
session["id"] = u.id
return redirect("/", code=302)
def admin_checkout_handler():
if not current_user.is_admin:
abort(401)
if request.method == 'GET':
users = User.select()
return render_template('admin.html', active='admin', users=users)
elif request.method == 'POST':
req_data = request.get_json(force=True)
try:
action = req_data['action']
id_ = int(req_data['id'])
if action == 'newadmin':
user = User.get(User.id_ == id_)
else:
item = Item.get((Item.id_ == id_) & (Item.is_deleted == False))
except DoesNotExist:
return jsonify({'status': 'notfound'}), 404
except:
return jsonify({'status': 'badrequest'}), 400
if action == 'checkout':
if item.has_saled:
return jsonify({'status': 'hassaled'}), 404
item.has_saled = True
item.save()
elif action == 'receive':
if item.sale_self:
return jsonify({'status': 'saleself'}), 400
if item.has_given_staff:
return jsonify({'status': 'hasgiven'}), 404
item.has_given_staff = True
item.save()
elif action == 'newadmin':
user.is_admin = True
user.save()
else:
return jsonify({'status': 'badrequest'}), 400
return jsonify({'status': 'ok'})
def load(cls, user_id):
user: User = User.get(user_id=user_id)
return cls.parse_base64(user.data)
def load_user(user_id):
try:
user = User.get(User.id_ == int(user_id))
return user
except DoesNotExist:
return None
def unsubscribe_user(user_id: int) -> None:
User.get(user_id=user_id).subscribed = False
def subscribe_user(user_id: int) -> None:
User.get(user_id=user_id).subscribed = True
def get_user():
if 'osm_uid' in session:
return User.get(User.uid == session['osm_uid'])
return None
def get_session_user():
username = session.get('username',None)
if username:
user = User.get(User.username==username)
return user
return None
def wrapped_admins(bot, update, *args, **kwargs):
with db_session:
if User.get(user_id=update.effective_user.id).is_admin():
return f(bot, update, *args, **kwargs)
def get_scraper(user_id) -> ScraperBase:
"""Scraper factory"""
user: User = User.get(user_id=user_id)
config = get_user_config(user_id)
return get_module(user.university).Scraper(config)
def render_wall(response, wall_id):
for post in Post.iter(wall=wall_id):
author = User.get(id=post.user)
response.write("<hr><h4>%s</h4><p>%s</p>" % (author.fullname(), post.msg))
def forget_me(update: Update, context: CallbackContext):
monitor.stop_monitor(update, context, interactive=False)
user: User = User.get(user_id=update.effective_user.id)
logger.info(f'deleting user `{user.user_id}`')
user.delete_instance()
update.effective_chat.send_message('删除成功!使用 /start 以重新开始')
def get_user(user_social_id):
try:
return User.get(User.social_id == user_social_id)
except User.DoesNotExist:
return None
