def get_available_rooms(): campus = request.args.get('campus') building = request.args.get('building') time = request.args.get('time') date_str = request.args.get('date') if not date_str: date = datetime.date.today() else: date = datetime.date(*map(int, date_str.split('-'))) # vip 可以选择日期,普通用户只能选择时间 if not campus: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing campus parameter') if not building: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing building parameter') if not time: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing time parameter') return generate_success_response( entity_service.get_available_rooms(campus, building, date, time))
def report_unavailable_room(): room_id_encoded = request.args.get("room_id") time = request.args.get("time") date_str = request.args.get("date") date = datetime.date(*map(int, date_str.split('-'))) # 运营策略:报告获得他人认同可以加积分 if not room_id_encoded: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing room_id parameter') if not time: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing time parameter') if not date_str: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing date parameter') try: resource_type, room_id = decrypt(room_id_encoded, resource_type=RTYPE_ROOM) except ValueError: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'invalid room_id') entity_service.report_unavailable_room(room_id, date, time, *get_ut_uid()) return generate_success_response(None)
def accept_grant(grant_id: int): action = request.args.get('action') if not action: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "action not found") if action == 'accept': return generate_success_response(user_service.accept_grant(grant_id, g.user_id)) elif action == 'reject': return generate_success_response(user_service.reject_grant(grant_id, g.user_id)) else: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "invalid action")
def apply_grant(): to_user_id_encoded = request.args.get('to_user_id') if not to_user_id_encoded: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "mising to_user_id") to_uid = decrypt(to_user_id_encoded, resource_type=RTYPE_STUDENT)[1] user_service.new_grant_request(g.user_id, to_uid) return generate_success_response(None)
def email_verification(): """邮件验证-设置密码 错误码: 4104 验证请求不存在(内部异常) 4105 当前VerificationRequest的状态并非STATUS_TKN_PASSED(排除网络卡了导致客户端没收到响应其实已经注册成功的情况) 4106 密码过弱 """ request_id = session.get(SESSION_EMAIL_VER_REQ_ID, None) if not request_id: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "无效请求,请重新点击邮件中的链接") password = request.form.get("password") if not password: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请输入密码") username = user_service.register_by_email_set_password(request_id, password) return generate_success_response({"token": user_service.issue_token(username)})
def login(): """登录并获得token 可能的错误码: 4000 用户名或密码错误 4100 用户不存在 4101 密码错误 """ username = request.form.get("username") password = request.form.get("password") if not username: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请填写用户名") if not password: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请填写密码") if not user_service.check_password(username, password): raise exceptions.WrongPassword return generate_success_response({"token": user_service.issue_token(username)})
def handle_biz_exception(error: base_exceptions.BizException): if request.path.startswith("/mobile"): if isinstance(error, base_exceptions.InternalError): logger.error(repr(error)) # 业务错误的status_message可以对外展示 actual_error = {'status_message_overwrite': error.status_message} return generate_error_response(None, error.status_code, **actual_error)
def multi_people_schedule(): people_encoded = request.args.get('people') date = request.args.get('date') uid = get_logged_in_uid() if not people_encoded: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing people parameter') if not date: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing date parameter') people_list = [decrypt(people)[1] for people in people_encoded.split(',')] date = datetime.date(*map(int, date.split('-'))) schedule = entity_service.multi_people_schedule(people_list, date, uid) return generate_success_response(schedule)
def get_calendar_token(id_sec: str, semester: str): """ :param id_sec: 加密后的学号或教工号 :param semester: 学期,如 2018-2019-1 错误码: 4000 请求无效 4003 无权访问 """ try: res_type, res_id = encryption.decrypt(id_sec) except ValueError: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '用户ID无效') if res_type == encryption.RTYPE_STUDENT: if not user_service.has_access(res_id, g.username)[0]: return generate_error_response(None, api_helpers.STATUS_CODE_PERMISSION_DENIED, '无权访问该用户课表') student = entity_service.get_student_timetable(res_id, semester) if not student: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '学生不存在') token = calendar_service.get_calendar_token(resource_type=res_type, identifier=student.student_id, semester=semester) else: teacher = entity_service.get_teacher_timetable(res_id, semester) if not teacher: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '教师不存在') token = calendar_service.get_calendar_token(resource_type=res_type, identifier=teacher.teacher_id, semester=semester) ics_url = url_for('calendar.ics_download', calendar_token=token, _external=True) ics_webcal = ics_url.replace('https', 'webcal').replace('http', 'webcal') return generate_success_response({'token': token, 'ics_url': ics_url, 'ics_url_webcal': ics_webcal})
def register_by_email(): """通过邮箱验证注册 错误码: 4000 用户名未填写 4102 已经注册过了 5000 内部错误 todo:加限流 """ identifier = request.args.get("identifier") if not identifier: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请填写用户名") user_service.register_by_email(identifier) return generate_success_response(None)
def email_verification_check(): """验证邮箱token 错误码: 4000 token缺失 4102 用户已存在,token无效 4103 token无效 """ # todo 这里发出去的邮箱里面的链接还是网页版的,要换一下 email_token = request.args.get("token") if not email_token: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "token参数缺失") request_id = user_service.register_by_email_token_check(email_token) session[SESSION_EMAIL_VER_REQ_ID] = request_id return generate_success_response(None)
def internal_server_error(error): if request.path.startswith("/mobile"): # 对于非业务错误,生产环境中不进行返回,其他环境中可返回 actual_error = { 'status_message_overwrite': f"server internal error: {repr(error.original_exception)}" } if not is_production() else {} return generate_error_response( None, api_helpers.STATUS_CODE_INTERNAL_ERROR, **actual_error) if plugin_available("sentry"): return render_template( 'common/error.html', message=MSG_INTERNAL_ERROR, event_id=g.sentry_event_id, public_dsn=sentry.client.get_public_dsn('https')) return f"<h4>500 Error: {repr(error.original_exception)}</h4><br>You are seeing this page because Sentry is not available."
def multi_people_schedule_search(): keyword = request.args.get('keyword') if not keyword: return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, 'missing keyword parameter') print([request.cookies.get('e_session')]) search_result = entity_service.search(keyword) uid = get_logged_in_uid() print(f"session:{session.values()} \n uid:{uid}") items = [] for s in search_result.students: eligible = False groups = re.findall(r'\d+', s.klass) if len(groups) > 0: if int(groups[0][:2]) + 5 >= datetime.date.today().year - 2000: eligible = True else: eligible = True if eligible: items.append( SearchResultItem( s.name, s.deputy + s.klass, "student", s.student_id_encoded, *user_service.has_access(s.student_id, uid, False))) items.extend([ SearchResultItem(t.name, t.unit + t.title, "teacher", t.teacher_id_encoded, *user_service.has_access(t.teacher_id, uid, False)) for t in search_result.teachers ]) return generate_success_response({ 'items': items, 'keyword': keyword, 'is_guest': True if uid is None else False })
def page_not_found(error): if request.path.startswith('/mobile'): return generate_error_response( None, api_helpers.STATUS_CODE_INVALID_REQUEST, "no such API") return render_template('common/error.html', message=MSG_404)