Exemplo n.º 1
0
def api_access_token():
    """
    GET:
        客户端获取/刷新AccessToken (必须使用SecretToken验证通过)
        如果请求头中带有ClientId 则使用客户端提供的ClientId, 否则创建新的ClientId
    :return:
    """

    data = rest_token_auth.create_access_token()
    return response_format(data)
Exemplo n.º 2
0
def sys_host_connection_test():
    """
    PUT:
        服务器连接测试
        host_ip:<str>
    :return:
    """

    data = sys_host_connect_test()
    return response_format(data)
Exemplo n.º 3
0
def user_public():
    """
    GET:
        获取用户公开信息
        user_id:<str>
        is_basic:<int>, 0或1,默认1. 为1时只获取最基本的用户信息
        :return:
    """
    data = public_profile()
    return response_format(data)
Exemplo n.º 4
0
def api_plug_goods_sales():
    '''
    GET:

    '''
    if request.c_method == "PUT":
        data = update_quantity()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405}
    return response_format(data)
Exemplo n.º 5
0
def api_audit_rule_key():

    '''
    GET:
        获取审核规则的所有key与说明, 也就config设置中的audit
        :return:
    '''
    keys = get_config("name_audit", "AUDIT_PROJECT_KEY")
    data = {"keys":keys}
    return response_format(data)
Exemplo n.º 6
0
def sys_host_cmd_exec():
    """
    PUT:
        命令执行
        host_ip:<str>
        cmd:<str>, 要执行的Linux 命令,如果没有则自动执行主机保存的常用命令
    :return:
    """

    data = sys_host_exec_cmd()
    return response_format(data)
Exemplo n.º 7
0
def api_sys_log():
    '''
    GET:
        获取文件日志
        name:<str>,日志名称
        ip:<str>,要获取哪个主机的日志
        page:<int>
        :return:
    '''
    data = sys_log()
    return response_format(data)
Exemplo n.º 8
0
def api_account_password_reset():
    '''
    PUT:
        账户密码重设
        now_password:<str>,目前使用的密码
        password:<str>, 新密码
        password2:<str>, 再次确认新密码
        :return:
    '''
    data = account_password_reset()
    return response_format(data)
Exemplo n.º 9
0
def internal_server_error(e):
    """
    处理服务器错误
    :param e:
    :return:
    """
    try:
        code = e.code
    except BaseException:
        code = 500
    msg_type = "w"
    msg = gettext("An error occurred. Please contact the administrator")
    if code == 401:
        msg = gettext("Permission denied")

    elif code == 404:
        msg = gettext("The api does not exist or has been deprecated")

    elif code == 500:
        msg = gettext("Server error")
        msg_type = "e"

    elif isinstance(code, int) and code // 500 == 1:
        msg = gettext(
            "Server error, please check whether the third-party plug-in is normal"
        )
        msg_type = "e"

    data = {
        "http_status": code,
        "custom_status": None,
        "request_id": g.weblog_id,
        "msg": msg,
        "msg_type": msg_type
    }

    if request.path.startswith(api.url_prefix):
        return response_format(data)
    else:
        g.site_global = dict(g.site_global,
                             **get_global_site_data(req_type="view"))
        path = "{}/pages/{}.html".format(
            # get_config("theme", "CURRENT_THEME_NAME"),
            g.get_config("theme", "CURRENT_THEME_NAME"),
            code)
        absolute_path = os.path.abspath("{}/{}".format(
            theme_view.template_folder, path))
        if not os.path.isfile(absolute_path):
            # 主题不存在<e.code>错误页面(如404页面),使用系统自带的页面
            path = "{}/module/exception/{}.html".format(
                admin_view.template_folder, code)
            return render_absolute_path_template(path, data=data), 404

        return render_template(path, data=data), code
Exemplo n.º 10
0
 def handle_osr_token_error(e):
     data = {
         "custom_status": e.code,
         "msg": e.description,
         "msg_type": "e",
         "error_id": 40104,
         "help": gettext(
             "Please add the 'OSR-RestToken' or 'X-CSRFToken' request header,"
             " the specific use please refer to the osroom system documentation:"
             " http://osroom.com")}
     return response_format(data)
Exemplo n.º 11
0
def api_post_access():
    '''
    GET:
        获取post数据统计
        days:<int>

    '''
    if request.c_method == "GET":
        data = post_access()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405}
    return response_format(data)
Exemplo n.º 12
0
def api_comment_access():
    """
    GET:
        获取comment数据统计
        days:<int>

    """
    if request.c_method == "GET":
        data = comment_access()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 13
0
 def decorated_function(*args, **kwargs):
     custom_login_required = custom_url_login_auth()
     if custom_login_required and current_user.is_anonymous:
         return redirect(get_config("login_manager", "LOGIN_VIEW"))
     custom_per = custom_url_permissions()
     if custom_per:
         r = current_user.can(custom_per)
         if not r:
             keys = " or ".join(get_permission_key(custom_per))
             return response_format({"msg": gettext('Permission denied,requires "{}" permission').format(
                 keys), "msg_type": "w", "http_status": 401})
     return f(*args, **kwargs)
Exemplo n.º 14
0
def api_account_email():
    """
    PUT
        账户邮件修改
        email:<email>, 要绑定的新邮箱
        new_email_code:<str>, 新邮箱收取到的验证码,用于保证绑定的邮箱时用户自己的
        current_email_code:<str>, 当前邮箱收取的验证码,用于保证邮箱修改是用户自己发起
        password:<str>, 账户的登录密码

        :return:
    """
    data = email_update()
    return response_format(data)
Exemplo n.º 15
0
def get_role_permissions():
    '''
    GET:
        获取所有的权限表
        :return:
    '''

    data = []
    for k, v in CONFIG["permission"].items():
        if not re.search(r"^__.*__$", k):
            data.append((k, v["value"], v["info"]))
    data = {"permissions": sorted(data, key=lambda x: x[1])}
    return response_format(data)
Exemplo n.º 16
0
def api_search():
    """
    GET:
        搜索(暂不支持全文搜索), 只能搜索文章, 用户
        keyword:<str>, Search keywords
        target:<str>, 可选"post" 或 "user". 不使用此参数则搜索所有可选目标
        page:<int>,第几页,默认第1页
        pre:<int>, 每页多少条

    """

    data = search_process()
    return response_format(data)
Exemplo n.º 17
0
def api_account_basic():
    '''
    用户基础设置
    PUT:
        编辑用户基础设置
        username:<str>, 新的用户名
        custom_domain:<str>, 个性域名
        editor:<str>, 'rich_text' or 'markdown' 如果你有多个文本编辑器的话,可以加入这个选项
    :return:
    '''

    data = user_basic_edit()
    return response_format(data)
Exemplo n.º 18
0
def api_get_theme_names():
    """
    GET:
        获取当前所有主题名称

    :return:
    """

    if request.c_method == "GET":
        data = get_theme_names()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 19
0
def api_adm_send_msg():
    """
    POST
        发送消息
        title:<title>,标题
        content:<str>,正文
        content_html:<str>,正文html
        send_type:<array>,发送类型on_site, email, sms . 如:["email"], 也可以同时发送多个个["email", "on_site"]
        username:<array>, 接收信息的用户名, 如["test", "test2"]
    :return:
    """
    data = send_msg()
    return response_format(data)
Exemplo n.º 20
0
def api_adm_user():
    """
    GET:
        1. 获取指定ID的用户基本信息
        id:<str> , user id

        2.分页获取所有用户
        status:<str>,用户状态,"normal" or "inactive" or "cancelled"
        page:<int>,第几页,默认第1页
        pre:<int>, 每页查询多少条
        keyword:<str>, Search keywords, 搜索的时候使用
    PUT:
        1.编辑用户
        id:<str>, user id
        role_id:<str>, role id
        active:<int>, 0 or 1

        2.激活或冻结用户
        op:<str>, 为"activation"
        active:<int>, 0 or 1, 0为冻结, 1为激活
        ids:<array>

        3.恢复用户,将状态改为未删除
        op:<str>, 为"restore"
        ids:<array>

    DELETE:
        删除用户,非数据库删除
        ids:<array>
    """
    if request.c_method == "GET":
        if request.argget.all('id'):
            data = user()
        else:
            data = users()

    elif request.c_method == "PUT":
        if request.argget.all('op') == "restore":
            data = user_restore()
        elif request.argget.all('op') == "activation":
            data = user_activation()
        else:
            data = user_edit()

    elif request.c_method == "DELETE":
        data = user_del()

    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 21
0
def api_adm_install_requs():
    """
    插件需求包安装
    PUT:
        插件需求包安装
        plugin_name:<str>, 插件名

    :return:
    """
    if request.c_method == "PUT":
        data = install_require_package()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 22
0
def api_account_password_retrieve():
    '''
    PUT:
        忘记密码,重设
        获取验证码,只需要传回参数email,return回一个{code:{'_id':'', str:'',time:'' }}
        设置新密码,需要全部参数
        email_code:<str>, 邮件中收到的验证码
        email:<str>, 邮箱
        password:<str>, 新密码
        password:<str>, 再次确认密码
        :return:
    '''
    data = account_password_retrieve()
    return response_format(data)
Exemplo n.º 23
0
def api_search_logs():
    """
    GET:
        获取用户的搜索历史
        number:<int>, 获取最后的多少条历史, 默认10, 最大20

    """
    if request.c_method == "GET":
        data = get_search_logs()
    elif request.c_method == "DELETE":
        data = clear_search_logs()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 24
0
def api_post_op():
    """
    PUT:
        喜欢文章
        action:<str>, 可以是like(点赞文章)
        id:<str>, post id

    """
    if request.c_method == "PUT":
        if request.argget.all('action') == "like":
            data = post_like()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "http_status": 405}
    return response_format(data)
Exemplo n.º 25
0
def api_adm_user_del():
    """

    DELETE:
        永久删除用户,数据库中删除
        ids:<array>
        permanent:<int> 0 or 1, 0:非数据库删除,只是把状态改成"删除状态",为1:表示永久删除,

    """

    if request.c_method == "DELETE":
        data = user_del()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 26
0
def api_sign_in_third_party(platform):
    '''
    PUT & POST & GET:
        第三方平台授权登录回调
        platform: 平台名称:可以是wechat, qq, github, sina_weibo, alipay, facebook, twitter等
                可在sys_config.py文件中配置LOGIN_PLATFORM
        :return:
    '''

    s, r = arg_verify(reqargs=[("platform", platform)], only=LOGIN_PLATFORM)
    if not s:
        data = r
    else:
        data = third_party_sign_in(platform)
    return response_format(data)
Exemplo n.º 27
0
        def handle_login_error(e):
            data = {"http_status": e.code, "msg":gettext("Not logged in"), "error_msg": e.description, "msg_type": "e",
                    "to_url":get_config("login_manager", "LOGIN_VIEW"),
                    "error_id": 40105}
            if request.headers.get('OSR-RestToken'):
                data["to_url"] = get_config("login_manager", "LOGIN_VIEW")

            if request.path.startswith(api.url_prefix):
                # api 响应Json数据
                return response_format(data)
            # 页面, 跳转到登录
            if request.path.startswith("/osr-admin"):
                return redirect(DEFAULT_ADMIN_LOGIN_PAGE)
            else:
                return redirect(data["to_url"])
Exemplo n.º 28
0
def api_adm_comment():
    """
    GET:
        获取评论
        status:<str>,"is_issued"(正常发布) or "not_audit"(等待审核) or "unqualified"(未通过审核) or "user_remove"(用户删除的)
        keyword:<str>,搜索关键字

        sort:<array>,排序, 1表示升序, -1表示降序.如:
            按时间降序 [{"issue_time":-1}]
            按时间升序 [{"issue_time": 1}]
            先后按赞(like)数降序, 评论数降序,pv降序, 发布时间降序
            [{"like": -1},{"issue_time": -1}]
            默认时按时间降序, 也可以用其他字段排序

        page:<int>,第几页,默认第1页
        pre:<int>, 每页查询多少条, 默认是config.py配制文件中配制的数量
        :return:
    PATCH or PUT:
        1.人工审核comment, 带上参数score
        op:<str>, "audit"
        ids:<array>, comment id
        score:<int>, 0-10分

        2.恢复comment, 只能恢复管理员移入待删除的comment, is_delete为2的comment
        op:<str>,  "restore"
        ids:<array>, comment id

    DELETE:
        删除comment
        ids:<array>, comment id
        pending_delete:<int>, 1: is_delete为2, 标记为永久删除, 0:从数据库删除数据
        :return:
    """
    if request.c_method == "GET":
        data = adm_comments()

    elif request.c_method in ["PUT", "PATCH"]:
        if request.argget.all("op") == "audit":
            data = adm_comment_audit()
        elif request.argget.all("op") == "restore":
            data = adm_comment_restore()

    elif request.c_method == "DELETE":
        data = adm_comment_delete()

    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)
Exemplo n.º 29
0
def api_user_post_op():

    '''
    POST:
        内容发布
        title:<str>, 标题
        content:<str>, 内容(比如:富文本的html内容),将会保存到数据库中
        conetent_text:<str>, 纯文本内容
        editor:<str>, 使用的编辑器类型, "markdown" or "rich_text"
        tags:<array>, 标签
        category:<str>, post category id. post分类
        cover_url:<str>,文章封面图url,默认为空
        issue_way:<str>, 可选'issue' or 'save'. 发布或者保存为草稿


    PUT or PATCH:
        1.内容修改
        id:<str>, 编辑已有的文章需要传入id, 新建文章不需要
        title:<str>, 标题
        content:<str>, 内容(比如:富文本的html内容),将会保存到数据库中
        conetent_text:<str>, 纯文本内容
        editor:<str>, 使用的编辑器类型, "markdown" or "rich_text"
        tags:<array>, 标签
        category:<str>, post category id. post分类
        issue_way:<str>, 可选'issue' or 'save'. 发布或者保存为草稿

        2.恢复回收站的post
        op:<str>, restore
        ids:<array>, posts id

    DELETE:
        删除post
        ids:<array>, posts id
        recycle:<int>,1 or 0, 1:则移入回收站, 0: 则直接标记为永久删除, 管理员才可见

    '''
    if request.c_method == "POST":
        data = post_issue()
    elif request.c_method in ["PUT","PATCH"]:
        if request.argget.all('op') == "restore":
            data = post_restore()
        else:
            data = post_issue()
    elif request.c_method == "DELETE":
        data = post_delete()
    else:
        data = {"msg_type":"w", "msg":METHOD_WARNING, "http_status":405}
    return response_format(data)
Exemplo n.º 30
0
def api_permission():
    """
    GET:
        1.获取系统的权限数据详情
        pre:<int>,每页获取几条数据,默认10
        page:<int>,第几页,默认1
        keyword:<str>,搜索关键字
        is_details:<int>, 必须是1

        2.只获取系统的全部权限的value, name, explain, 以及已使用的权重位置
        不填任何参数

    POST:
        添加一个权限
        name:<str>, 名称
          position:<int>, 二进制中的位置
          explain:<str>,说明
        is_default:<int>, 0表示不作为默认权限, 1表示作为默认权限之一
    PUT:
        更新权限
        id:<str>,id
        name:<str>, 名称
          position:<int>, 二进制中的位置
          explain:<str>,说明
        is_default:<int>, 0表示不作为默认权限, 1表示作为默认权限之一

    DELETE:
        删除手动添加的页面路由
        ids:<array>
    :return:
    """

    if request.c_method == "GET":
        if request.argget.all("id"):
            data = permission()
        elif request.argget.all("is_details"):
            data = permissions_details()
        else:
            data = permissions()
    elif request.c_method == "POST":
        data = add_per()
    elif request.c_method == "PUT":
        data = edit_per()
    elif request.c_method == "DELETE":
        data = delete_per()
    else:
        data = {"msg_type": "w", "msg": METHOD_WARNING, "custom_status": 405}
    return response_format(data)