def super_logsBackup():
""" 返回errlogs.txt和数据库备份文件的属性
:return: json结果
"""
is_exists, backup_dir = createDirFile(db_backup_dir)
global serverlogs_path
serverlogs_path = backup_dir
filelistinfo = []
if is_exists:
filelist = User_Action.fileList(backup_dir)
for file in filelist:
filelistinfo.append(User_Action.fileListInfo(backup_dir, file))
return jsonify(code="0", msg="用户文件获取成功", data=filelistinfo)
else:
return jsonify(code="-1", msg="服务端文件路径错误")
def register():
"""判断为新用户,新用户注册,需要结合传递过来的邮箱(邮箱要唯一)以及邮箱验证码,用户名(唯一)和密码
:return: json结果
"""
if request.method == "POST":
email = request.form.get("email", type=str, default="")
username = request.form.get("username", type=str, default="")
passwd = request.form.get("passwd", type=str, default="")
capture = request.form.get("capture", type=str, default="")
# 用户名,密码,验证码, 邮箱为空
if not (username and passwd and email and capture):
code = "-1"
msg = "用户输入了空参数"
# 查询本地是否有同名用户名和邮箱
else:
# 本地数据库不存在已注册相关用户名和邮箱信息,核实验证码注册
if not DB_Sync.exist_UserName_email(username, email):
captureCode = DB_Sync.query_redis_Capture(
email) # 如果email没找到,capturecode为None而不是""
if captureCode == capture:
code = "0"
msg = "注册成功"
# 新用户写入数据库
# 先对用户密码加密,需要盐
salt = create_Salt()
passwd = computePW(passwd, salt)
# 新用户入库
isOk = DB_Sync.sync_redis_insert(username, passwd, salt,
email)
if not isOk:
code = "-1"
msg = "新用户注册入库失败"
else:
# 刷新同步到redis
DB_Sync.refresh_redis(username)
session['isLogin'] = True
session['username'] = username
# 最后创建该用户的文件夹
iscreate, user_home_str = User_Action.create_user_homedir(
username)
if iscreate:
logger.info("为新注册用户%s创建文件夹成功" % username)
else:
logger.error("为新注册用户%s创建文件夹失败" % username)
else:
code = "-1"
msg = "验证码失效或错误"
# 本地已存在相关信息用户信息
else:
code = "-1"
msg = "用户名或邮箱已存在,请重新输入"
else:
code = '-1'
msg = '{} Method is not allowed !'.format(request.method)
resp = jsonify(code=code, msg=msg)
resp.set_cookie("datetime", getlocaltime())
return resp
def super_Handle_LogDB():
""" super清空errlogs.txt和删除db备份文件(正常来说应该保留最近一次备份的不允许删除,本项目不考虑此情况)
:return: json结果
"""
filename = request.form.get("filename", type=str, default="")
username = request.form.get("username", type=str, default="")
if session.get("isLogin") and session.get("username") == username:
result = DB_Sync.query_redis(username)
usertype = result["data"]["USER_TYPE"]
userlock = result["data"]["USER_LOCK"]
# 超级用户且没有被人为锁定
if usertype == "super" and userlock == 0:
# 如果是日志则清空
if filename == serverlogs_name:
if cleanLogging():
code = "0"
msg = "文件清空成功"
logger.info("%s用户删除日志成功,具有权限为%s,锁定为%d" %
(username, usertype, userlock))
else:
code = "1"
msg = "文件异常,无法清除"
logger.error("%s用户删除日志失败,原因:文件异常,无法清除" % username)
# 如果是备份文件则删除
else:
global serverlogs_path
User_Action.fileDelete(serverlogs_path +
r'\{}'.format(filename))
code = "0"
msg = "文件删除成功"
logger.info("%s用户删除文件%s成功,具有权限为%s,锁定为%d" %
(username, filename, usertype, userlock))
else:
code = "-1"
msg = "您没有权限执行该操作"
else:
code = "-1"
msg = "您当前不处于登录状态,请先登录"
resp = jsonify(code=code, msg=msg)
resp.set_cookie("datetime", getlocaltime())
return resp
def userFilesInfo():
username = request.args.get("username")
if session.get('username') == username and session.get('isLogin'):
result = DB_Sync.query_redis(username)
userlock = result['data']['USER_LOCK']
if userlock == 0:
userfiles_info = []
# 返回该用户下的文件列表
user_file_list = User_Action.user_file_list(username)
if user_file_list:
# 根据文件列表去获取文件的属性
for li in user_file_list:
userfiles_info.append(
User_Action.user_file_info(username, li))
return jsonify(code="0", msg="用户文件获取成功", data=userfiles_info)
else:
logger.error("%s用户文件夹为空" % username)
return jsonify(code="1", msg="用户文件获取失败")
else:
return abort(401)
else:
return jsonify(code="-1", msg="您当前不处于登录状态,请先登录")
def deleteUSER():
""" 管理员或者super用户在用户管理界面删除其他用户(低权限用户)
:return:
"""
tup = ("user", "admin", "super") # 用下标 0, 1, 2 来比较权限的大小!!
# 当前修改者属性
username = request.form.get("username", type=str, default="")
# 被修改者的属性
othername = request.form.get('othername', type=str, default="")
otheremail = request.form.get("otheremail", type=str, default="")
result = DB_Sync.query_redis(othername)
# print(result)
othertype = result["data"]["USER_TYPE"]
# 判断当前用户是否在线
if session.get("username") == username and session.get('isLogin'):
# 获取当前用户的权限和锁定情况
result = DB_Sync.query_redis(username)
usertype = result["data"]["USER_TYPE"]
userlock = result["data"]["USER_LOCK"]
# 判断当前用户是否有权限删除,自己删除不了自己
if userlock == 0 and tup.index(usertype) > tup.index(othertype):
is_delete = DB_Sync.sync_redis_delete(othername, otheremail)
if is_delete:
code = "0"
msg = "用户账号注销成功"
logger.info("%s管理员注销%s用户成功" % (username, othername))
# 用户删除成功时候,删除用户目录
if User_Action.remove_user_homedir(username):
logger.warning("注销删除%s用户文件目录数据成功" % username)
else:
logger.error("注销删除%s用户文件目录数据失败" % username)
else:
code = "-1"
msg = "用户账号注销失败"
logger.error("%s管理员注销%s用户失败" % (username, othername))
else:
code = "1"
msg = "您没有权限执行操作"
else:
code = "-1"
msg = "您当前不处于登录状态,请先登录"
resp = jsonify(code=code, msg=msg)
resp.set_cookie("datetime", getlocaltime())
return resp
def deleteUserFile():
username = request.form.get("username", type=str, default="")
filename = request.form.get("filename", type=str, default="")
if username == "" or filename == "":
return jsonify(code="-1", msg="用户名或者文件名为空")
# 当前用户处于登陆状态
if session.get("username") == username and session.get("isLogin"):
if User_Action.remove_user_file(username, filename):
code = "0"
msg = "文件删除成功"
else:
code = "-1"
msg = "文件删除失败"
else:
code = "1"
msg = "当前处于非登陆状态,请先登录"
resp = jsonify(code=code, msg=msg)
resp.set_cookie("datetime", getlocaltime())
return resp
def eraseUSER():
""" 清空redis数据并删除本地数据库用户信息,同步redis
:return: json结果
"""
username = request.form.get("username", type=str, default="")
email = request.form.get("email", type=str, default="")
captureCode = request.form.get("capture", type=str, default="")
# 判断是否处于登录状态
if session["isLogin"] and session.get("username") == username:
# 判断验证码是否正确
isConsist = DB_Sync.is_consistent(email, username)
if captureCode == DB_Sync.query_redis_Capture(email) and isConsist:
# 删除redis数据,然后删除本地mysql数据
isDelete = DB_Sync.sync_redis_delete(username, email)
if isDelete:
code = "0"
msg = "用户账号注销成功"
session["isLogin"] = False
# 清除服务器数据
session.clear()
logger.info("%s用户账号注销成功" % username)
# 用户删除成功时候,删除用户目录
if User_Action.remove_user_homedir(username):
logger.warning("注销删除%s用户文件目录数据成功" % username)
else:
logger.error("注销删除%s用户文件目录数据失败" % username)
else:
code = "-1"
msg = "用户账号注销失败"
logger.warning("%s用户账户注销失败" % username)
else:
code = "-1"
msg = "验证码不一致"
logger.info("%s用户输入验证码不一致" % username)
# 当前不是处于登录状态
else:
code = "-1"
msg = "您当前不处于登录状态,请先登录"
logger.warning("%s用户删除数据失败,原因:当前处于非登录状态" % username)
resp = jsonify(code=code, msg=msg)
resp.set_cookie("datetime", getlocaltime())
return resp
def downLoadFile():
""" 下载用户名下的文件
http://127.0.0.1:9999/download_file?username=Allen&filename=b.pdf
:return:
"""
if request.method == "POST":
username = request.form.get("username")
filename = request.form.get("filename")
if request.method == "GET":
# 对于get其实flask会自动解析urldecode,因此如果前端请求用户名(本项目用户名前端有要求不含特殊字符)或者文件名不做处理的话,后端解析可能会导致出错
# 例如前端请求filename=”我的C++笔记.md“ 后端解析filename的值就会变成 “我的C 笔记.md"
# 因为+号被转义成%2B表示空格(可以通过query_string看到),我们可以对转义后的字符%2B进行替换成+
# 但是个人不推荐这么做,因为: 1. 复杂,类似转义字符有"+、空格、/、%、#、&、="等,每个都需要整个字符考虑;2. 转义替换顺序有要求。顺序不当,可能会产生新的转义问题
# 因而推荐前端进行url参数转义类似javascript的encodeURIComponent等,可以保证按照正常的解析不会出错
username = request.args.get("username")
filename = request.args.get("filename")
# 有该文件
# User_Action.create_user_rootdir()
if username and filename:
result = DB_Sync.query_redis(username)
userlock = result['data']['USER_LOCK']
# 如果前端请求带字符串格式就需要用eval去掉引号""
# username = eval(username)
# filename = eval(filename)
is_exists, file_directory = User_Action.query_user_file(
username, filename)
# print("isexists, dictory", is_exists, file_directory)
if userlock == 0:
if is_exists:
return send_from_directory(
directory=file_directory,
filename=filename.encode('utf-8').decode('utf-8'),
as_attachment=True)
else:
return abort(404)
else:
return abort(401)
else:
return abort(404)
:return: json结果
"""
task_id = request.args.get('task_id')
global spider_file_status
global spider_file_name
# 数据爬取完毕,准备好了
if session.get(
'task_id'
) == task_id and spider_file_status and spider_file_name != "":
# 这次请求成功,状态改为False。为了下次使用
spider_file_status = False
# 任务完成清除task_id
session.pop("task_id")
return jsonify(code="0", msg="爬取完毕,下载或查看文件列表", data=spider_file_name)
# 数据未准备好
else:
if spider_file_name != "":
return jsonify(code="1", msg="数据未准备好,请稍等")
else:
# 解决当爬取异常的时候前端还在请求状态的问题
return jsonify(code="-1", msg="爬取异常,请联系管理员")
# 初始运行时候调用
# User_Action.create_user_rootdir()
# timed_task()
if __name__ == "__main__":
User_Action.create_user_rootdir()
timed_task()
app.run(host='127.0.0.1', port=9999, debug=False, threaded=True)