def check(req=None, delete=False): # 输入校验 if not req: return False if not (('id' in req) and ('answer' in req)): return False # 提取记录 _id = req['id'] db = getSession() veri = db.query(Verification).filter(Verification.id == _id).first() if not veri: return False # 检查时效 timestamp = veri.timestamp passed_time = int(str(time.time()).replace('.', '')[0:13]) - int(timestamp) passed_time = int(passed_time / 1000 / 60) if passed_time > 5: return False # 检查答案 if str(veri.answer) != str(req['answer']): return False # 验证成功,删除验证码 db.delete(veri) db.commit() db.close() return True
def check(req=None,delete=False): if not req: return False # 檢查參數是否齊全 if not(('id' in req) and ('answer' in req)): return False # 查找驗證碼記錄 _id = req['id'] db = getSession() veri = db.query(Verification).filter(Verification.id == _id).first() if not veri: return False # 檢查驗證碼是否過期 timestamp = veri.timestamp passed_time = int(str(time.time()).replace('.','')[0:13]) - int(timestamp) passed_time = int(passed_time/1000/60) if passed_time > 5: return False # 檢查驗證碼是否正確 if str(veri.answer) != str(req['answer']): return False if delete: # 刪除數據 db.delete(veri) db.commit() # 通過驗證 return True
def history_json(): auth = request.args.get('auth') user_id = auth.split('->')[0] password = auth.split('->')[1] db = getSession() user = db.query(User).filter(User.id == user_id).first() print(user) if not(user.password == password): abort(401) db.delete(user) db.commit() history = db.query(Article).filter(Article.user_id == user_id).all() print(history) print('删除历史') if not history: pass else: print('删除日记') for i in history: db.delete(i) db.commit() return jsonify({ 'ok': True, 'message': '再会' })
def get(): number_list = ['0','1','2','3','4','5','6','7','8','9'] num1 = random.choice(number_list) num2 = random.choice(number_list) operators = ['+','-','*'] opt = random.choice(operators) question = num1+opt+num2 answer = eval(num1+opt+num2) timestamp = int(str(time.time()).replace('.','')[0:13]) _id = string_to_md5(timestamp,mix=True) print(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(timestamp))) # write to database db = getSession() veri = Verification(id=_id,timestamp=timestamp,question=question,answer=answer) db.add(veri) db.commit() return jsonify({ 'ok':True, 'data':{ 'id':_id, 'timestamp':timestamp, 'answer':answer, 'question':question } })
def get(): # 准备一个随机问题 number_list = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'] num1 = random.choice(number_list) num2 = random.choice(number_list) operators = ['+', '-', '*'] opt = random.choice(operators) # 准备一条验证记录 timestamp = int(str(time.time()).replace('.', '')[0:13]) _id = string_to_md5(timestamp, mix=True) question = num1 + opt + num2 answer = eval(num1 + opt + num2) # 写入记录到数据库 db = getSession() veri = Verification(id=_id, timestamp=timestamp, question=question, answer=answer) db.add(veri) db.commit() db.close() # 启动另外一个线程来清理过期验证码 Thread(target=clean).start() # 返回生成记录的唯一标识 return jsonify({'ok': True, 'data': {'id': _id}})
def history(): auth = request.json['auth'] user_id = auth.split('->')[0] db = getSession() # 提取用户记录 history = db.query(Article.id, Article.timestamp, Article.content).filter( Article.user_id == user_id).order_by(Article.timestamp.desc()).all() if not history: return jsonify({ 'ok': False, }), 404 return jsonify({'ok': True, 'data': {'history': history}})
def clean(): try: db = getSession() timenow = int(str(time.time()).replace('.', '')[0:13]) overdue = db.query(Verification).filter( (timenow - Verification.timestamp) > 300000).all() for i in overdue: db.delete(i) db.commit() db.close() # print('过期验证码清理完成') return True except: return False
def getImg(*args, **kwargs): # 校验输入 if '_id' in kwargs: _id = kwargs['_id'] # 查询记录 db = getSession() veri = db.query(Verification).filter(Verification.id == _id).first() db.close() if not veri: return jsonify({'ok': False, 'message': '该记录已失效'}) # 调用字符转图片函数生成验证码的图片并返回 return send_file(text_to_png(veri.question + '='), mimetype='image/png') else: return jsonify({'ok': False, 'message': '参数错误'})
def use(): if request.method == 'OPTIONS': return '' req = request.json # print(req) # 檢查參數是否齊全 if not(('id' in req) and ('answer' in req)): return jsonify({ 'ok':False, 'message':'不要非法侵入本站喔。' }) # 查找驗證碼記錄 _id = req['id'] db = getSession() veri = db.query(Verification).filter(Verification.id == _id).first() if not veri: return jsonify({ 'ok':False, 'message':'該驗證碼不存在。' }) # 檢查驗證碼是否過期 timestamp = veri.timestamp passed_time = int(str(time.time()).replace('.','')[0:13]) - int(timestamp) passed_time = int(passed_time/1000/60) # print (passed_time) if passed_time > 5: return jsonify({ 'ok':False, 'message':'{0}分鍾過去了,你需要重新請求驗證碼。'.format(passed_time) }) # 檢查驗證碼是否正確 # print(veri.answer,req['answer']) if str(veri.answer) != str(req['answer']): return jsonify({ 'ok':False, 'message':'驗證失敗,請檢查輸入。' }) # 通過驗證 return jsonify({ 'ok':True, 'message':'驗證通過。' })
def history_json(): auth = request.args.get('auth') user_id = auth.split('->')[0] db = getSession() history = db.query(Article.id, Article.timestamp, Article.content).filter( Article.user_id == user_id).order_by(Article.timestamp.desc()).all() if not history: abort(404) # print (history) s = bytes(json.dumps(history), encoding="utf8") f = BytesIO() f.write(s) f.seek(0) return send_file(f, cache_timeout=600, mimetype='application/octet-stream', as_attachment=True, attachment_filename='history.json')
def save(): # 校验输入 auth = request.json['auth'] user_id = auth.split('->')[0] content = None try: content = request.json['content'] except: abort(400) if len(content) > 200: return jsonify({'ok': False, 'message': '字数超过限定'}), 500 db = getSession() # 新建 def new(): _id = string_to_md5(user_id, mix=True) arti = Article(id=_id, user_id=user_id, timestamp=int(str(time.time()).replace('.', '')[0:13]), content=content) db.add(arti) db.commit() return jsonify({'ok': True}) # 提取用户最新记录 latest = db.query(Article).filter(Article.user_id == user_id).order_by( Article.timestamp.desc()).first() if not latest: return new() # 最新一条记录是否今天,如果不是今天就新建。 if timestamp_to_yymmdd(latest.timestamp) != timestamp_to_yymmdd(): return new() # 如果是同一天就更新 else: latest.content = content db.commit() return jsonify({'ok': True})
def check_auth(auth): _id = None _hash = None try: _id = auth.split('->')[0] _hash = auth.split('->')[1] except: return False if _id and _hash: db = getSession() is_user = db.query(User).filter(User.id == _id).first() if not is_user: return False elif not (is_user.password == _hash): return False else: return True else: return False
def history_upload(): # 校验输入 auth = request.json['auth'] user_id = auth.split('->')[0] history = None try: history = request.json['history'] except: abort(400) db = getSession() # 新建 def new(item): _id = item[0] _timestamp = item[1] _content = item[2] arti = Article(id=_id, user_id=user_id, timestamp=_timestamp, content=_content) db.add(arti) db.commit() for i in history: if len(i[2]) > 200: return jsonify({'ok': False, 'message': '字数超过限定'}), 400 else: # 尝试提取记录 article = db.query(Article).filter(Article.user_id == user_id, Article.id == i[0]).first() if not article: try: new(i) except: return jsonify({'ok': False, 'message': '无法跨账户导入'}), 500 else: continue return jsonify({'ok': True})
def login(): # 校验输入 data = None try: data = request.json if not check_item_in_dict(['id', 'answer', 'mail', 'password', 'timestamp'], data): return jsonify({ 'ok': False, 'message': '参数错误' }), 500 except: return jsonify({ 'ok': False, 'message': '非法请求' }), 400 # 查询记录 db = getSession() _id = string_to_md5(data['mail'], mix=False) # 检查用户是否存在 is_user = db.query(User).filter(User.id == _id).first() if not is_user: return jsonify({ 'ok': False, 'message': '该邮箱尚未注册' }) # 检查密码是否正确 password = string_to_md5(data['password']) if (password != is_user.password): return jsonify({ 'ok': False, 'message': '密码错误' }) return jsonify({ 'ok': True, 'data': { 'auth': is_user.id + '->' + is_user.password } })
def signup(): # 校验输入 data = None try: data = request.json if not check_item_in_dict(['id', 'answer', 'mail', 'password', 'timestamp'], data): return jsonify({ 'ok': False, 'message': '参数错误' }), 500 except: return jsonify({ 'ok': False, 'message': '非法请求' }), 400 db = getSession() _id = string_to_md5(data['mail'], mix=False) is_user = db.query(User.mail).filter(User.id == _id).first() if is_user: return jsonify({ 'ok': False, 'message': '该邮箱已注册' }) # 新建记录 try: mail = data['mail'] password = string_to_md5(data['password']) name = data['mail'].split('@')[0] user = User(id=_id, mail=mail, password=password, name=name, config='') db.add(user) db.commit() return jsonify({ 'ok': True }) except: return jsonify({ 'ok': False, 'message': '预料之外的错误' })
def reset_password(): # 校验输入 data = None try: data = request.json if not check_item_in_dict(['id', 'answer', 'mail', 'password', 'timestamp', 'code'], data): return jsonify({ 'ok': False, 'message': '参数错误' }), 500 except: return jsonify({ 'ok': False, 'message': '非法请求' }), 400 db = getSession() _id = string_to_md5(data['mail'], mix=False) is_user = db.query(User).filter(User.id == _id).first() if not is_user: return jsonify({ 'ok': False, 'message': '该邮箱尚未注册' }) # 更新密码记录 if is_user.password == data['code']: password = string_to_md5(data['password']) is_user.password = password db.commit() return jsonify({ 'ok': True }) else: return jsonify({ 'ok': False, 'message': '校验码已失效' })
def today(): auth = request.json['auth'] user_id = auth.split('->')[0] db = getSession() # 提取用户最新记录 latest = db.query(Article).filter(Article.user_id == user_id).order_by( Article.timestamp.desc()).first() if not latest: abort(404) # 最新一条记录是否今天,如果不是今天就返回空内容。 if timestamp_to_yymmdd(latest.timestamp) != timestamp_to_yymmdd(): abort(404) # 最新一条记录以存在,且记录时间是今天时,返回该记录内容 return jsonify({ 'ok': True, 'data': { 'content': latest.content, 'timestamp': latest.timestamp } })
def get_password_reset_code(): # 校验输入 data = None try: data = request.json if not check_item_in_dict(['id', 'answer', 'mail'], data): return jsonify({ 'ok': False, 'message': '参数错误' }), 500 except: return jsonify({ 'ok': False, 'message': '非法请求' }), 400 db = getSession() _id = string_to_md5(data['mail'], mix=False) is_user = db.query(User).filter(User.id == _id).first() if not is_user: return jsonify({ 'ok': False, 'message': '该邮箱尚未注册' }) # 准备数据 reset_link = '{}#/forget?mail={}&code={}'.format( config.app['web_addr'], is_user.mail, is_user.password) content = render_template('reset_password.html', link=reset_link, name=is_user.name) subject = '重置梗概轻日记的密码' # 启动新线程来发送邮件 Thread(target=mail.send, args=( {'name': is_user.name, 'mail': is_user.mail}, content, subject)).start() return jsonify({ 'ok': True })