def post(self, request):
"""openid绑定用户逻辑"""
# 接收表单数据
mobile = request.POST.get('mobile')
password = request.POST.get('password')
sms_code = request.POST.get('sms_code')
openid_sign = request.POST.get('openid')
# 校验
if all([mobile, password, sms_code, openid_sign]) is False:
return http.HttpResponseForbidden('缺少必传参数')
if not re.match(r'^[0-9A-Za-z]{8,20}$', password):
return http.HttpResponseForbidden('请输入8-20位的密码')
if not re.match(r'^1[3-9]\d{9}$', mobile):
return http.HttpResponseForbidden('请输入正确的手机号码')
# 短信验证码校验
# 创建redis连接对象
redis_conn = get_redis_connection('verify_codes')
# 将redis中的短信验证码获取来,
sms_code_server_bytes = redis_conn.get('sms_%s' % mobile)
# 短信验证码从redis获取出来之后就从redis数据库删除: 让它是一次性
redis_conn.delete('sms_%s' % mobile)
# 判断redis中是否获取到短信验证码(判断是否过期)
if sms_code_server_bytes is None:
return http.JsonResponse({
'code': RETCODE.SMSCODERR,
'errmsg': '短信验证码已过期'
})
# 从redis获取出来的数据注意类型问题
sms_code_server = sms_code_server_bytes.decode()
# 判断短信验证码是否填写正确
if sms_code != sms_code_server:
return http.JsonResponse({
'code': RETCODE.SMSCODERR,
'errmsg': '短信验证码输入错误'
})
# 对openid进行解密
openid = check_openid_signature(openid_sign)
if openid is None:
return http.HttpResponseForbidden('openid无效')
try:
# 以mobile字段进行查询user表
# 如果查询到了,说明此手机号在美多商城之前已经注册, 老用户
user = User.objects.get(mobile=mobile)
# 如果是已存在的老用户,就去校验用户密码是否正确
if user.check_password(password) is False:
return http.HttpResponseForbidden('绑定的用户信息填写不正确')
except User.DoesNotExist:
with transaction.atomic():
# 如果没有查询到,说明此手机号是新的, 创建一个新的user
user = User.objects.create_user(username=mobile,
password=password,
mobile=mobile)
with transaction.atomic():
# 新增oauth_qq表的一个记录
OAuthQQUser.objects.create(user=user, openid=openid)
# 绑定完成即代表登录成,
login(request, user)
response = redirect(request.GET.get('state') or '/')
response.set_cookie('username',
user.username,
max_age=settings.SESSION_COOKIE_AGE)
return response
def json_settings_handler(request, id, model_class, view_path):
content_type = 'application/json'
try:
user_id = get_user_id_from_hatohol_server(request)
except (NoHatoholUser, NoHatoholSession):
return http.HttpResponseForbidden(content_type=content_type)
if request.method == 'POST':
unicode_body = smart_text(request.body, encoding=request.encoding)
model = model_class(user_id=user_id, settings_json=unicode_body)
try:
model.full_clean()
except ValidationError as e:
return http.HttpResponseBadRequest(json.dumps(e.messages),
content_type=content_type)
model.save()
response = http.HttpResponse(to_json(model),
content_type=content_type,
status=201)
response['Location'] = reverse('hatohol.views.graphs', args=[model.id])
return response
elif request.method == 'PUT':
if id is None:
message = 'id is required'
return http.HttpResponseBadRequest(to_json(message),
content_type=content_type)
try:
unicode_body = smart_text(request.body, encoding=request.encoding)
model = model_class.objects.get(id=id)
if model.user_id != user_id:
return http.HttpResponseForbidden(content_type=content_type)
model.settings_json = unicode_body
model.full_clean()
model.save()
return http.HttpResponse(to_json(model), content_type=content_type)
except model_class.DoesNotExist:
return http.HttpResponseNotFound(content_type=content_type)
except ValidationError as e:
return http.HttpResponseBadRequest(json.dumps(e.messages),
content_type=content_type)
elif request.method == 'DELETE':
if id is None:
message = 'id is required'
return http.HttpResponseBadRequest(to_json(message),
content_type=content_type)
try:
model = model_class.objects.get(id=id)
except model_class.DoesNotExist:
return http.HttpResponseNotFound()
else:
if model.user_id != user_id:
return http.HttpResponseForbidden(content_type=content_type)
model.delete()
return http.HttpResponse()
else:
if id:
try:
model = model_class.objects.get(id=id)
except model_class.DoesNotExist:
return http.HttpResponseNotFound()
if model.user_id != user_id:
return http.HttpResponseForbidden(content_type=content_type)
response = model
else:
models = model_class.objects.filter(user_id=user_id).order_by('id')
response = models
return http.HttpResponse(to_json(response), content_type=content_type)
def put(self, request):
"""修改购物车"""
# 接受 校验参数
json_dict = json.loads(request.body.decode())
sku_id = json_dict.get('sku_id')
count = json_dict.get('count')
selected = json_dict.get('selected', True)
if not all([sku_id, count]):
return http.HttpResponseForbidden('缺少必传参数')
try:
sku = SKU.objects.get(id=sku_id)
except SKU.DoseNotExist:
return http.HttpResponseForbidden('sku_id不正确')
# 判断counts是否是数字
try:
count = int(count)
except Exception as e:
logger.error(e)
return http.HttpResponseForbidden('count不正确')
if selected:
if not isinstance(selected, bool):
return http.HttpResponseForbidden('selected不正确')
user = request.user
if user.is_authenticated:
redis_conn = get_redis_connection('carts')
pl = redis_conn.pipeline()
pl.hset('carts_%s' % user.id, sku_id, count)
if selected:
pl.sadd('selected_%s' % user.id, sku_id)
else:
pl.srem('selected_%s' % user.id, sku_id)
pl.execute()
cart_sku = {
'id': sku_id,
'count': count,
'selected': selected,
'name': sku.name,
'default_image_url': sku.default_image.url,
'price': sku.price,
'amount': sku.price * count
}
return http.JsonResponse({
'code': RETCODE.OK,
'errmsg': 'ok',
'cart_sku': cart_sku
})
else:
cart_str = request.COOKIES.get('carts')
if cart_str:
cart_dict = str_to_dict(cart_str)
else:
cart_dict = {}
cart_dict[sku_id] = {'count': count, 'selected': selected}
cookie_cart_str = dict_to_str(cart_dict)
cart_sku = {
'id': sku_id,
'count': count,
'selected': selected,
'name': sku.name,
'default_image_url': sku.default_image.url,
'price': sku.price,
'amount': sku.price * count
}
response = http.JsonResponse({
'code': RETCODE.OK,
'errmsg': 'ok',
'cart_sku': cart_sku
})
response.set_cookie('carts', cookie_cart_str)
return response
def categories(request, locale_code):
if not _permission_to_edit_locale(request, locale_code):
return http.HttpResponseForbidden()
cats = list(Category.objects.order_by('application'))
strings = dict(
Translation.objects.filter(id__in=[c.name_id for c in cats],
locale=locale_code).values_list(
'id', 'localized_string'))
# Category ID to localized string map for checking for changes.
category_names = dict([(c.id, strings.get(c.name_id)) for c in cats])
# Category ID to model object to avoid extra SQL lookups on POST.
category_objects = dict([(c.id, c) for c in cats])
# Initial data to pre-populate forms.
initial = [
dict(id=c.id,
name=strings.get(c.name_id),
application=c.application_id) for c in cats
]
# Group categories by application, and sort by name within app groups.
categories = []
category_no_app = None
for key, group in groupby(cats, lambda c: c.application_id):
sorted_cats = sorted(group, key=lambda c: c.name)
if key:
categories.append((key, sorted_cats))
else:
category_no_app = (key, sorted_cats)
if category_no_app: # Put app-less categories at the bottom.
categories.append(category_no_app)
formset = CategoryFormSet(request.POST or None, initial=initial)
# Category ID to form mapping.
form_map = dict((form.initial['id'], form) for form in formset.forms)
if request.method == 'POST' and formset.is_valid():
for form in formset:
pk = form.cleaned_data.get('id')
name = form.cleaned_data.get('name')
if category_names.get(pk) != None and name != category_names[pk]:
# Name changed, let's save it.
cat = category_objects.get(pk)
if not cat:
continue
cat.name = {locale_code: name}
cat.save()
return redirect(
reverse('localizers.categories',
kwargs=dict(locale_code=locale_code)))
data = {
'locale_code': locale_code,
'userlang': product_details.languages[locale_code],
'categories': categories,
'formset': formset,
'form_map': form_map,
'apps': amo.APP_IDS,
'types': amo.ADDON_TYPE,
}
return jingo.render(request, 'localizers/categories.html', data)
def process_request(self, request):
User = get_user_model()
ENABLE_DJANGO_LOGIN = settings.ENABLE_DJANGO_LOGIN
SESSION_EXPIRY_SSO = 3600
if settings.SESSION_EXPIRY_SSO:
SESSION_EXPIRY_SSO = settings.SESSION_EXPIRY_SSO
if (request.path.startswith('/logout') or request.path.startswith('/ledger/logout')) \
and 'HTTP_X_LOGOUT_URL' in request.META and request.META['HTTP_X_LOGOUT_URL']:
logout(request)
return http.HttpResponseRedirect(request.META['HTTP_X_LOGOUT_URL'])
if VERSION < (2, 0):
user_auth = request.user.is_authenticated()
else:
try:
user_auth = request.user.is_authenticated
if user_auth is True:
pass
if ENABLE_DJANGO_LOGIN is True:
if 'HTTP_REMOTE_USER' in request.META:
if len(request.META['HTTP_REMOTE_USER']) > 3:
response = HttpResponse(
"<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Error: SSO detected as enabled. ENABLE_DJANGO_LOGIN should be set to False when sso is enabled.</h1><br></center><script></script>"
)
return response
else:
pass
if request.user.email.lower(
) != request.META['HTTP_REMOTE_USER'].lower():
response = HttpResponse(
"<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Wait one moment please...</h1><br><img src='/static/ledger_api/images/ajax-loader-spinner.gif'></center><script> location.reload();</script>"
)
response.delete_cookie('sessionid')
return response
except:
print("user_auth request user does not exist")
response = HttpResponse(
"<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Wait one moment please...</h1><br><img src='/static/ledger_api/images/ajax-loader-spinner.gif'></center><script> location.reload();</script>"
)
response.delete_cookie('sessionid')
return response
#print ("AM I AUTH")
#print (user_auth)
if not user_auth and 'HTTP_REMOTE_USER' in request.META and request.META[
'HTTP_REMOTE_USER']:
attributemap = {
'username': '******',
'last_name': 'HTTP_X_LAST_NAME',
'first_name': 'HTTP_X_FIRST_NAME',
'email': 'HTTP_X_EMAIL',
}
for key, value in attributemap.items():
if value in request.META:
attributemap[key] = request.META[value]
if hasattr(settings, 'ALLOWED_EMAIL_SUFFIXES'
) and settings.ALLOWED_EMAIL_SUFFIXES:
allowed = settings.ALLOWED_EMAIL_SUFFIXES
if isinstance(settings.ALLOWED_EMAIL_SUFFIXES, basestring):
allowed = [settings.ALLOWED_EMAIL_SUFFIXES]
if not any([
attributemap['email'].lower().endswith(x)
for x in allowed
]):
return http.HttpResponseForbidden()
exists_in_ledger = False
if attributemap['email'] and User.objects.filter(
email__iexact=attributemap['email']).exists():
user = User.objects.filter(
email__iexact=attributemap['email'])[0]
exists_in_ledger = True
else:
user = User()
# connect to ledger and align local cache account
json_response = {}
try:
data = urllib.parse.urlencode(attributemap)
data = data.encode('utf-8')
with urllib.request.urlopen(
settings.LEDGER_API_URL + "/ledgergw/remote/user/" +
attributemap['email'] + "/" + settings.LEDGER_API_KEY +
"/", data) as url:
json_response = json.loads(url.read().decode())
except Exception as e:
print("Error Connecting to Ledger GW")
print(e)
response = HttpResponse(
"<h1>Error Connecting to Ledger GW</h1>")
return response
if 'user' in json_response:
attributemap['ledger_id'] = json_response['user']['ledgerid']
attributemap['ledger_data'] = json_response['user']
attributemap['is_superuser'] = json_response['user'][
'is_superuser']
attributemap['is_staff'] = json_response['user']['is_staff']
attributemap['ledger_groups'] = json_response['user']['groups']
else:
messages.error(
request, 'Unable to Update User Information from Ledger')
user.__dict__.update(attributemap)
user.save()
if exists_in_ledger is False:
response = HttpResponse(
"<center><h1 style='font-family: Arial, Helvetica, sans-serif;'>Wait one moment please</h1><br><img src='/static/ledger_api/images/ajax-loader-spinner.gif'></center><script> location.reload();</script>"
)
response.delete_cookie('sessionid')
return response
user.backend = 'django.contrib.auth.backends.ModelBackend'
request.session.set_expiry(SESSION_EXPIRY_SSO)
login(request, user)
def put(self, request, address_id):
"""修改收货地址逻辑"""
# 对address_id进行校验
try:
address = Address.objects.get(id=address_id,
user=request.user,
is_deleted=False)
except Address.DoesNotExist:
return http.HttpResponseForbidden('修改收货地址失败')
# 接收请求体数据
json_dict = json.loads(
request.body.decode()) # json.loads()函数是将字符串转化为字典
title = json_dict.get('title')
receiver = json_dict.get('receiver')
province_id = json_dict.get('province_id')
city_id = json_dict.get('city_id')
district_id = json_dict.get('district_id')
place = json_dict.get('place')
mobile = json_dict.get('mobile')
tel = json_dict.get('tel')
email = json_dict.get('email')
# 校验
if all([
title, receiver, province_id, city_id, district_id, place,
mobile
]) is False:
return http.HttpResponseForbidden('缺少必传参数')
if not re.match(r'^1[3-9]\d{9}$', mobile):
return http.HttpResponseForbidden('参数mobile有误')
if tel:
if not re.match(
r'^(0[0-9]{2,3}-)?([2-9][0-9]{6,7})+(-[0-9]{1,4})?$', tel):
return http.HttpResponseForbidden('参数tel有误')
if email:
if not re.match(
r'^[a-z0-9][\w\.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$',
email):
return http.HttpResponseForbidden('参数email有误')
# 修改
try:
# Address.objects.filter(id=address_id).update(
# title=title,
# receiver=receiver,
# province_id=province_id,
# city_id=city_id,
# district_id=district_id,
# place=place,
# mobile=mobile,
# tel=tel,
# email=email
# )
address.title = title
address.receiver = receiver
address.province_id = province_id
address.city_id = city_id
address.district_id = district_id
address.place = place
address.mobile = mobile
address.tel = tel
address.email = email
address.save()
except DatabaseError as e:
logger.error(e)
return http.HttpResponseForbidden('修改收货地址失败')
# 把新增的address模型对象转换成字典,并响应给前端
address_dict = {
'id': address.id,
'title': address.title,
'receiver': address.receiver,
'province_id': address.province_id,
'province': address.province.name,
'city_id': address.city_id,
'city': address.city.name,
'district_id': address.district_id,
'district': address.district.name,
'place': address.place,
'mobile': address.mobile,
'tel': address.tel,
'email': address.email,
}
return http.JsonResponse({
'code': RETCODE.OK,
'errmsg': '修改收货地址成功',
'address': address_dict
})
def post(self, request):
"""保存订单信息和订单商品信息"""
# 获取数据
json_dict = json.loads(request.body)
address_id = json_dict.get('address_id')
pay_method = json_dict.get('pay_method')
# 校验参数
if not all([address_id, pay_method]):
return http.HttpResponseForbidden('缺少必传参数')
try:
address = Address.objects.get(id=address_id, is_deleted=False)
except Exception as e:
return http.HttpResponseForbidden('参数address_id错误')
try:
pay_method = int(pay_method)
except Exception as e:
return http.HttpResponseForbidden('参数pay_method错误')
if pay_method not in [
OrderInfo.PAY_METHODS_ENUM['CASH'],
OrderInfo.PAY_METHODS_ENUM['ALIPAY']
]:
return http.HttpResponseForbidden('参数pay_method错误')
# 获取登录用户
user = request.user
# 生成订单信息
order_id = timezone.now().strftime('%Y%m%d%H%M%S') + ('%09d' % user.id)
if pay_method == OrderInfo.PAY_METHODS_ENUM['CASH']:
status = OrderInfo.ORDER_STATUS_ENUM['UNSEND']
else:
status = OrderInfo.ORDER_STATUS_ENUM['UNPAID']
# 定义一个事务
with transaction.atomic():
# 创建事务保存点
save_id = transaction.savepoint()
try:
order = OrderInfo.objects.create(order_id=order_id,
user=user,
address=address,
total_count=0,
total_amount=Decimal('0.00'),
freight=Decimal('10.00'),
pay_method=pay_method,
status=status)
# 连接数据库
redis_conn = get_redis_connection('carts')
# 获取redis.hash中的购物车数据
redis_cart = redis_conn.hgetall('carts_%s' % user.id)
# 获取redis.map中的选中状态
cart_selected = redis_conn.smembers('selected_%s' % user.id)
# 将redis中的数据包装成大字典
cart_dict = {}
for sku_id in cart_selected:
cart_dict[int(sku_id)] = int(redis_cart[sku_id])
for sku_id in cart_dict:
while True:
# 判断库存是否充足
sku = SKU.objects.get(id=sku_id)
count = cart_dict[sku_id]
origin_stock = sku.stock
origin_sales = sku.sales
if count > origin_stock:
# 如果库存不足,回滚并响应
transaction.savepoint_rollback(save_id)
return http.JsonResponse({
'code': RETCODE.STOCKERR,
'errmsg': '库存不足'
})
# 修改sku库存和销量
new_stock = origin_stock - count
new_sales = origin_sales + count
# 乐观锁:如果相同,表示没人修改,可以更新库存,否则表示别人抢过资源,不再执行库存更新
result = SKU.objects.filter(id=sku_id,
stock=origin_stock).update(
stock=new_stock,
sales=new_sales)
if result == 0:
continue # 循环提交订单
# 修改SPU销量
sku.spu.sales += count
sku.spu.save()
# 保存订单商品信息
OrderGoods.objects.create(
order=order,
sku=sku,
count=count,
price=sku.price,
)
# 保存商品订单中总价和总数量
order.total_count += count
order.total_amount += (sku.price * count)
# 下单成功或者失败就跳出循环
break
# 添加邮费和保存订单信息
order.total_amount += order.freight
order.save()
except Exception as e:
transaction.savepoint_rollback(save_id)
return http.JsonResponse({
'code': RETCODE.DBERR,
'errmsg': '下单失败'
})
else:
# 提交订单成功,显式的提交一次事务
transaction.savepoint_commit(save_id)
# 清除购物车中已结算的商品
pl = redis_conn.pipeline()
pl.hdel('carts_%s' % user.id, *cart_selected)
pl.srem('selected_%s' % user.id, *cart_selected)
pl.execute()
# 响应提交订单结果
return http.JsonResponse({
'code': RETCODE.OK,
'errmsg': '下单成功',
'order_id': order.order_id
})
def moderation(request, *args, **kwargs):
if request.user.role not in user_models.get_internal_roles():
return http.HttpResponseForbidden()
employee_obj = get_moderation_object(**kwargs)
if employee_obj.updated == False:
context = {
'title': 'Moderation', 'object': employee_obj
}
return render(request, 'employee/moderation_done.html', context)
formsets = []
person_form = employee_forms.ModerationPersonCreateForm(instance=employee_obj.user.person_user_set,
prefix='pers')
person_form.helper = FormHelper()
person_form.helper.form_tag = False
pchildren = lgc_models.Child.objects.filter(person=employee_obj.user.person_user_set).all()
this_url = str(reverse_lazy('employee-moderation', kwargs={'pk':employee_obj.id}))
ChildrenFormSet = modelformset_factory(employee_models.Child,
form=employee_forms.ChildCreateForm2,
can_delete=True)
DocumentFormSet = modelformset_factory(lgc_models.Document,
form=employee_forms.DocumentFormSet,
can_delete=False, extra=0)
context = {
'title': 'Moderation', 'person_form': person_form, 'object': employee_obj,
'formsets': [], 'formsets_form': None,
}
person_common_view = lgc_views.PersonCommonView()
if request.GET.get('reject') == '1':
person_common_view.copy_related_object(employee_obj.user.person_user_set,
employee_obj, employee_obj)
save_employee_obj(request, employee_obj)
person_common_view.clear_related_objects(employee_obj.employee_child_set.all())
for child in employee_obj.user.person_user_set.child_set.all():
emp_child = employee_models.Child()
person_common_view.copy_related_object(child, emp_child, emp_child)
emp_child.person = employee_obj
emp_child.person_child = child
emp_child.save()
for doc in employee_obj.user.person_user_set.document_set.all():
if doc.deleted:
doc.deleted = False
doc.save()
elif doc.added:
try:
lgc_models.delete_person_doc(employee_obj.user.person_user_set, doc)
except Exception as e:
log.error(e)
messages.error(self.request, _('Cannot remove user files.'))
messages.success(request, _('Moderation has been rejected.'))
return redirect('employee-moderations')
if request.method == 'POST':
employee_form = (
employee_forms.ModerationEmployeeUpdateForm(request.POST,
instance=employee_obj,
prefix='emp')
)
employee_form.helper = FormHelper()
employee_form.helper.form_tag = False
employee_form.helper.form_id = 'employee_form_id'
context['employee_form'] = employee_form
docs = None
valid = True
if request.POST.get('docs-TOTAL_FORMS'):
docs = DocumentFormSet(request.POST, prefix='docs')
if not docs.is_valid():
messages.error(request, _('Invalid document form.'))
valid = False
if request.POST.get('children-TOTAL_FORMS'):
try:
set_formset(request, context, ChildrenFormSet, None, pchildren,
_('Children'), 'children', 'children_id')
except:
messages.error(request, _('Invalid children form'))
valid = False
set_formsets_form(context)
if not check_form(request, context, employee_obj, employee_form, this_url):
messages.error(request, _('Invalid form.'))
valid = False
if valid:
if len(context['formsets']):
formset = context['formsets'][0]
else:
formset = None
if handle_docs_formset(request, docs, employee_obj) < 0:
return redirect('employee-moderations')
old_person = lgc_models.Person()
lgc_models.copy_doc_path_attributes(employee_obj.user.person_user_set,
old_person)
person_common_view.copy_related_object(employee_form.instance,
employee_obj.user.person_user_set,
employee_form.instance)
employee_obj.user.person_user_set.version += 1
with transaction.atomic():
save_employee_obj(request, employee_form.instance)
lgc_models.rename_person_doc_dir(old_person,
employee_obj.user.person_user_set)
employee_obj.user.first_name = employee_form.instance.first_name
employee_obj.user.last_name = employee_form.instance.last_name
employee_obj.user.save()
employee_obj.user.person_user_set.save()
save_formset(employee_obj, formset)
messages.success(request, _('Moderation successfully submitted.'))
return redirect('employee-moderations')
employee_form = employee_forms.ModerationEmployeeUpdateForm(instance=employee_obj,
prefix='emp')
employee_form.helper = FormHelper()
employee_form.helper.form_tag = False
doc_qs = lgc_models.Document.objects.filter(person=employee_obj.user.person_user_set)
doc_qs = doc_qs.filter(added=True)|doc_qs.filter(deleted=True)
if len(doc_qs):
context['docs'] = DocumentFormSet(queryset=doc_qs, prefix='docs')
context['doc_download_url'] = 'lgc-download-file'
echildren = employee_models.Child.objects.filter(person=employee_obj)
if objs_diff(echildren.all(), pchildren):
set_formset(request, context, ChildrenFormSet, echildren,
pchildren, _('Children'), 'children', 'children_id')
set_formsets_form(context)
context['employee_form'] = employee_form
return render(request, 'employee/moderation.html', context)
def cancel_session(request):
req_headers = request.headers
try:
user_token = req_headers['Authorization']
except KeyError:
return http.HttpResponseBadRequest(
'\'security token\' needs a resolvable definition ' +
'provided as request header component')
req_body = json.loads(request.body)
'''
try:
user_id = req_body['user_id']
except KeyError:
return http.HttpResponseBadRequest('\'user ID\' needs a resolvable definition '
+ 'provided as request data component')
'''
try:
host_ip = req_body['host_ip']
except KeyError:
return http.HttpResponseBadRequest(
'\'host ip address\' needs a resolvable definition ' +
'provided as request data component')
'''
try:
current_user = Employee.objects.get(id=user_id)
except ObjectDoesNotExist:
return http.HttpResponseNotFound('User ID is not valid.\nSession opening refused')
'''
try:
current_session = RealTimeRecognitionControl.objects.get(
host_ip_address=host_ip)
current_user = current_session.current_user
except ObjectDoesNotExist:
return http.HttpResponseNotFound(
'Host ip address is not valid.\nSession closing refused')
if current_user.token != user_token:
return http.HttpResponseForbidden(
'Attempted request from non-authorized user account\n' +
'Session closing refused')
'''
try:
session = RealTimeRecognitionControl.objects.get(host_ip_address=host_ip)
except ObjectDoesNotExist:
return http.HttpResponseNotFound('Host ip address is not valid.\nSession closing refused')
print('p22')
#host_ip = request.GET['host_ip']
#session = None
try:
session = RealTimeRecognitionControl.objects.get(host_ip_address=host_ip)
except ObjectDoesNotExist:
return http.HttpResponseNotFound('User host address is not valid.\nCancel attempt failed')
'''
stasis_pid = current_session.stasis_pid
ws_pid = current_session.websocket_pid
time.sleep(0.5)
os.kill(ws_pid, signal.SIGTERM)
time.sleep(0.5)
os.kill(stasis_pid, signal.SIGTERM)
time.sleep(0.5)
os.kill(ws_pid, signal.SIGKILL)
time.sleep(0.5)
os.kill(stasis_pid, signal.SIGKILL)
current_session.stasis_pid = 1
current_session.websocket_pid = 1
current_session.current_user = None
current_session.save()
return http.HttpResponse(status=200)
def process_request(self, request):
if request.META['REMOTE_ADDR'] in BLOCKED_IPS:
return http.HttpResponseForbidden('<h1>Forbidden</h1>')
def get(self, request, mobile):
# 接收参数
image_code_client = request.GET.get('image_code')
uuid = request.GET.get('uuid')
# 创建连接到redis的对象
redis_conn = get_redis_connection('verify_code')
# 校验参数
if not all([image_code_client, uuid]):
return http.HttpResponseForbidden('缺少必传参数')
# 避免频繁发送短信验证码
send_flag = redis_conn.get('send_flag_%s' % mobile)
if send_flag:
return http.JsonResponse({
'code': RETCODE.THROTTLINGERR,
'errmsg': '发送短信过于频繁'
})
# 提取图形验证码
image_code_server = redis_conn.get('img_%s' % uuid)
if not image_code_server:
return http.JsonResponse({
'code': RETCODE.IMAGECODEERR,
'errmsg': '图形验证码已失效'
})
# 删除图形验证码
redis_conn.delete('img_%s' % uuid)
# 对比图形验证码
image_code_server = image_code_server.decode()
if image_code_server.lower() != image_code_client.lower():
return http.JsonResponse({
'code': RETCODE.IMAGECODEERR,
'errmsg': '输入图形验证码有误'
})
# 生成短信验证码
sms_code = '%06d' % random.randint(0, 999999)
logger.info(sms_code)
# # 保存短信验证码
# redis_conn.setex('sms_%s' % mobile, constants.IMAGE_CODE_REDIS_EXPIRES, sms_code)
#
# # 保存发送短信验证码的标记
# redis_conn.setex('send_flag_%s' % mobile, constants.SEND_SMS_CODE_INTERVAL, 1)
# 创建redis管道
pl = redis_conn.pipeline()
# 将redis请求添加到队列
# 保存短信验证码
pl.setex('sms_%s' % mobile, constants.IMAGE_CODE_REDIS_EXPIRES,
sms_code)
# 保存发送短信验证码的标记
pl.setex('send_flag_%s' % mobile, constants.SEND_SMS_CODE_INTERVAL, 1)
# 执行请求
pl.execute()
# # 发送短信验证码
# CCP().send_template_sms('17301768520', [sms_code, constants.IMAGE_CODE_REDIS_EXPIRES / 60], 1)
# 使用celery发送短信验证码
send_sms_code.delay(mobile, sms_code)
# 响应结果
return http.JsonResponse({'code': RETCODE.OK, 'errmsg': '发送短信成功'})
def post(self, request):
"""美多商城用户绑定到openid"""
# 1.接收参数
mobile = request.POST.get('mobile')
pwd = request.POST.get('password')
sms_code_client = request.POST.get('sms_code')
openid = request.POST.get('openid')
# 2.判空正则校验 图片验证 短信验证
# 判断参数是否齐全
if not all([mobile, pwd, sms_code_client]):
return http.HttpResponseForbidden('缺少必传参数')
# 判断手机号是否合法
if not re.match(r'^1[3-9]\d{9}$', mobile):
return http.HttpResponseForbidden('请输入正确的手机号码')
# 判断密码是否合格
if not re.match(r'^[0-9A-Za-z]{8,20}$', pwd):
return http.HttpResponseForbidden('请输入8-20位的密码')
# # 判断短信验证码是否一致
# redis_conn = get_redis_connection('sms_code')
# sms_code_server = redis_conn.get('sms_%s' % mobile)
# if sms_code_server is None:
# return render(request, 'oauth_callback.html', {'sms_code_errmsg': '无效的短信验证码'})
# if sms_code_client != sms_code_server.decode():
# return render(request, 'oauth_callback.html', {'sms_code_errmsg': '输入短信验证码有误'})
# # 解密出openid 再判断openid是否有效
# openid = SecretOauth().loads(openid).get('openid')
# if not openid:
# return render(request, 'oauth_callback.html', {'openid_errmsg': '无效的openid'})
# 3.判断user是否存在
try:
user = User.objects.get(mobile=mobile)
except Exception as e:
# 没注册--> 新注册一个
user = User.objects.create_user(username=mobile, mobile=mobile, password=pwd)
else:
# 注册了--> 校验密码
if not user.check_password(pwd):
return render(request, 'oauth_callback.html', {'account_errmsg': '用户名或密码错误'})
# 4.绑定openid
try:
OAuthQQUser.objects.create(user=user, openid=openid)
except Exception as e:
return render(request, 'oauth_callback.html', {'qq_login_errmsg': 'QQ登录失败'})
# 5.重定向到首页
# 保持登录状态
login(request, user)
# 重定向到首页 设置首页用户名
response = redirect(reverse('contents:index'))
# 购物车合并
# cookie--未登录--笔记本1 黄色2 黑色3 银色1
# redis----登录---笔记本3 黄色2 黑色1
# 合并结果--- 1 2 3 1
response = merge_cart_cookie_to_redis(request, user, response)
response.set_cookie('username', user.username, max_age=24 * 14 * 3600)
return response
def preview(request, pk):
symbols_upload = get_object_or_404(models.SymbolsUpload, pk=pk)
if not request.user.is_superuser:
if symbols_upload.user != request.user:
return http.HttpResponseForbidden('Not yours')
return http.HttpResponse(symbols_upload.content, content_type='text/plain')
def get(self, request, *args, **kwargs):
if not request.user.is_staff:
return http.HttpResponseForbidden()
return super(RegistryView, self).get(request, *args, **kwargs)
def post(self, request):
"""注册逻辑"""
# 接收请求体表单数据
query_dict = request.POST
# 获取 username password password2 mobile sms_code allow
username = query_dict.get('username')
password = query_dict.get('password')
password2 = query_dict.get('password2')
mobile = query_dict.get('mobile')
sms_code_client = query_dict.get('sms_code')
allow = query_dict.get(
'allow'
) # 没有指定复选框中的value时如果勾选 'on', 没勾选None 如果前端指定了value值勾选就传递的是value中的值
# 校验
# if all(query_dict.dict().values()):
# 判断里面可迭代对象中的每个元素是否有为None '', {}, [], False,如果有就返回False
if all([username, password, password2, mobile, sms_code_client, allow
]) is False:
return http.HttpResponseForbidden('缺少必传参数')
if not re.match(r'^[a-zA-Z0-9_-]{5,20}$', username):
return http.HttpResponseForbidden('请输入5-20个字符的用户名')
if not re.match(r'^[0-9A-Za-z]{8,20}$', password):
return http.HttpResponseForbidden('请输入8-20位的密码')
if password != password2:
return http.HttpResponseForbidden('两次密码输入的不一致')
if not re.match(r'^1[3-9]\d{9}$', mobile):
return http.HttpResponseForbidden('请输入正确的手机号码')
# 短信验证码校验后期补充
# 创建redis连接对象
redis_conn = get_redis_connection('verify_code')
# 获取短信验证码
sms_code_server = redis_conn.get('sms_code_%s' % mobile)
# 让短信验证码只能用一次
redis_conn.delete('sms_code_%s' % mobile)
# 判断是否过期
if sms_code_server is None:
return http.HttpResponseForbidden('短信验证码过期')
# 判断用户短信验证码是否输入正确
if sms_code_client != sms_code_server.decode():
return http.HttpResponseForbidden('短信验证码输入错误')
# 创建一个新用户
# user = User.objects.create(password=password)
# user.set_password(password)
# user.save()
user = User.objects.create_user(username=username,
password=password,
mobile=mobile)
# 状态保持(记录用户登录状态)
login(request, user)
response = redirect('/') # redirect 重定向
response.set_cookie('username',
user.username,
max_age=settings.SESSION_COOKIE_AGE)
# 用户注册成功即代表登录成功
# 响应,重定向到首页
# return http.HttpResponse('注册成功,跳转到首页')
return response
def wrapper(request, *args, **kw):
if acl.action_allowed(request, 'Editors', '%'):
return func(request, *args, **kw)
else:
return http.HttpResponseForbidden()
def post(self, request):
# 判断用户收货地址上限 不能多于20个
user = request.user
# 查询当前登录用户未逻辑删除的收货地址数量
count = Address.objects.filter(user=user, is_deleted=False).count()
# user.addresses.filter(is_deleted=False).count()
if count >= 20:
return http.JsonResponse({
'code': RETCODE.MAXNUM,
'errmsg': '收货地址超限'
})
# 接收请求体数据
json_dict = json.loads(request.body.decode())
title = json_dict.get('title')
receiver = json_dict.get('receiver')
province_id = json_dict.get('province_id')
city_id = json_dict.get('city_id')
district_id = json_dict.get('district_id')
place = json_dict.get('place')
mobile = json_dict.get('mobile')
tel = json_dict.get('tel')
email = json_dict.get('email')
# 校验
if all([
title, receiver, province_id, city_id, district_id, place,
mobile
]) is False:
return http.HttpResponseForbidden('缺少必传参数')
if not re.match(r'^1[3-9]\d{9}$', mobile):
return http.HttpResponseForbidden('参数mobile有误')
if tel:
if not re.match(
r'^(0[0-9]{2,3}-)?([2-9][0-9]{6,7})+(-[0-9]{1,4})?$', tel):
return http.HttpResponseForbidden('参数tel有误')
if email:
if not re.match(
r'^[a-z0-9][\w\.\-]*@[a-z0-9\-]+(\.[a-z]{2,5}){1,2}$',
email):
return http.HttpResponseForbidden('参数email有误')
# try:
# Area.objects.get(id=province_id)
# 新增
try:
address = Address.objects.create(user=user,
title=title,
receiver=receiver,
province_id=province_id,
city_id=city_id,
district_id=district_id,
place=place,
mobile=mobile,
tel=tel,
email=email)
except DatabaseError as e:
logger.error(e)
return http.HttpResponseForbidden('添加收货地址失败')
# 如果用户还没有默认收货地址,把当前新增的收货地址设置为用户的默认收货地址
if user.default_address is None:
user.default_address = address
user.save()
# 把新增的address模型对象转换成字典,并响应给前端
address_dict = {
'id': address.id,
'title': address.title,
'receiver': address.receiver,
'province_id': address.province_id,
'province': address.province.name,
'city_id': address.city_id,
'city': address.city.name,
'district_id': address.district_id,
'district': address.district.name,
'place': address.place,
'mobile': address.mobile,
'tel': address.tel,
'email': address.email,
}
return http.JsonResponse({
'code': RETCODE.OK,
'errmsg': '添加收货地址成功',
'address': address_dict
})
def record(request):
# The rate limiting is done up on the client, but if things go wrong
# we can just turn the percentage down to zero.
if get_collect_timings():
return django_statsd_record(request)
return http.HttpResponseForbidden()
def post(self, request):
"""保存订单信息和订单商品信息"""
#获取当前要保存的订单数据
json_dict = json.loads(request.body.decode())
address_id = json_dict.get('address_id')
pay_method = json_dict.get('pay_method')
#校验参数
if not all([address_id, pay_method]):
return http.HttpResponseForbidden('缺少必传参数')
#判断address_id是否正确
try:
address = Address.objects.get(id=address_id)
except Exception:
return http.HttpResponseForbidden('参数address_id错误')
#判断pay_method是否正确
if pay_method not in [
OrderInfo.PAY_METHODS_ENUM['CASH'],
OrderInfo.PAY_METHODS_ENUM['ALIPAY']
]:
return http.HttpResponseForbidden('参数pay_method错误')
# 开启一个事务
with transaction.atomic():
# 创建事务保存点
save_id = transaction.savepoint()
# 暴力回滚
try:
#获取登陆用户
user = request.user
#生成订单编号:年月日时分秒+用户编号
order_id = timezone.localtime().strftime('%Y%m%d%H%M%S') + (
'%09d' % user.id)
#保存订单基本信息 OrderInfo(一)
order = OrderInfo.objects.create(
order_id=order_id,
user=user,
address=address,
total_count=0,
total_amount=Decimal('0'),
freight=Decimal('10.00'),
pay_method=pay_method,
status=OrderInfo.ORDER_STATUS_ENUM['UNPAID']
if pay_method == OrderInfo.PAY_METHODS_ENUM['ALIPAY'] else
OrderInfo.ORDER_STATUS_ENUM['UNSEND'])
# 从 redis 读取购物车中被勾选的商品信息
redis_conn = get_redis_connection('carts')
item_dict = redis_conn.hgetall('carts_%s' % user.id)
cart_selected = redis_conn.smembers('selected_%s' % user.id)
carts = {}
for sku_id in cart_selected:
carts[int(sku_id)] = int(item_dict[sku_id])
#获取选中山东商品id:
sku_ids = carts.keys()
#遍历购物车中被勾选的商品信息
for sku_id in sku_ids:
# TODO1: 增加的代码: 增加一个死循环
while True:
#查询SKU信息
sku = SKU.objects.get(id=sku_id)
# TODO2: 增加的代码: 读取原始库存
origin_stock = sku.stock
origin_sales = sku.sales
#判断SKU库存
sku_count = carts[sku.id]
if sku_count > sku.stock:
# 出错就回滚
transaction.savepoint_rollback(save_id)
return http.JsonResponse({
'code': RETCODE.STOCKERR,
'errmsg': '库存不足'
})
# TODO3: 增加的代码: 乐观锁更新库存和销量
# 计算差值
new_stock = origin_stock - sku_count
new_sales = origin_sales + sku_count
result = SKU.objects.filter(id=sku_id,
stock=origin_stock).update(
stock=new_stock,
sales=new_sales)
# 如果下单失败,但是库存足够时,
# 继续下单,直到下单成功或者库存不足为止
if result == 0:
continue
#SKU减少库存,增加销量
sku.stock -= sku_count
sku.sales += sku_count
sku.save()
#修改SPU销量
sku.goods.sales += sku_count
sku.goods.save()
#保存订单商品信息 OrderGoods(多)
OrderGoods.objects.create(order=order,
sku=sku,
count=sku_count,
price=sku.price)
#保存订单商品中总价和总数量
order.total_count += sku_count
order.total_amount += (sku_count * sku.price)
# TODO4: 增加的代码:
# 下单成功或者失败就跳出循环
break
#添加邮费和保存订单信息
order.total_amount += order.freight
order.save()
except Exception as e:
logger.error(e)
transaction.savepoint_rollback(save_id)
return http.JsonResponse({
'code': RETCODE.DBERR,
'errmsg': '下单失败'
})
#提交订单成功,提交一次事务
transaction.savepoint_commit(save_id)
# 清除购物车中已结算的商品
pl = redis_conn.pipeline()
pl.hdel('carts_%s' % user.id, *cart_selected)
pl.srem('selected_%s' % user.id, *cart_selected)
pl.execute()
# 响应提交订单结果
return http.JsonResponse({
'code': RETCODE.OK,
'errmsg': '下单成功',
'order_id': order.order_id
})
def post(self, request):
"""保存订单信息和订单商品信息"""
# 获取当前要保存的订单数据
json_dict = json.loads(request.body.decode())
address_id = json_dict.get('address_id')
pay_method = json_dict.get('pay_method')
# 校验参数
user = request.user
if not user.is_authenticated:
return http.HttpResponseForbidden('缺少必传参数')
if not all([address_id, pay_method]):
return http.HttpResponseForbidden('缺少必传参数')
# 判断address_id是否合法
try:
# address = Address.objects.get(id=address_id)
address = Address.objects.get(id=address_id)
except Exception:
return http.HttpResponseForbidden('参数address_id错误')
# 判断pay_method是否合法
# if pay_method not in [OrderInfo.PAY_METHODS_ENUM['CASH'], OrderInfo.PAY_METHODS_ENUM['ALIPAY']]:
# return http.HttpResponseForbidden('参数pay_method错误')
if pay_method not in [OrderInfo.PAY_METHODS_ENUM['CASH'], OrderInfo.PAY_METHODS_ENUM['ALIPAY']]:
return http.HttpResponseForbidden('参数pay_method错误')
with transaction.atomic():
tra1 = transaction.savepoint()
try:
date = time.localtime()[0:-1]
date = ''.join([str(i) for i in date])
order_id = date + '%09d'%user.id
orderinfo = OrderInfo.objects.create(
order_id=order_id,
user = user,
address = address,
total_count = 0,
total_amount = Decimal(0.00),
freight = Decimal(10.00),
pay_method = pay_method,
status = OrderInfo.ORDER_STATUS_ENUM['UNPAID'] if pay_method == OrderInfo.PAY_METHODS_ENUM['ALIPAY'] else
OrderInfo.ORDER_STATUS_ENUM['UNSEND'])
conn_redis = get_redis_connection('carts')
str_dict = conn_redis.hgetall('carts_%s'%user.id)
str_list = conn_redis.smembers('selected_%s' % user.id)
for sku_id in str_list:
while True:
count = int(str_dict[sku_id])
sku = SKU.objects.get(id=sku_id)
if count> sku.stock:
transaction.rollback(using=tra1)
return http.JsonResponse({'code':1, 'errmsg':'error'})
reault = SKU.objects.get(id=sku_id, stock=sku.stock).update(stock=sku.stock-count,sales=sku.sales+count)
if reault == 0:
continue
# sku.stock -= count
# sku.save()
# sku.spu.sales += count
# sku.spu.save()
# sku.goods.sales += count
# sku.goods.save()
OrderGoods.objects.create(order = orderinfo,
sku = sku,
count = count,
price = sku.price)
orderinfo.total_amount += sku.price*count
orderinfo.total_count += count
break
orderinfo.total_count += 10
orderinfo.save()
except Exception as e:
print(e)
transaction.rollback(tra1)
return http.JsonResponse({'code': 1, 'errmsg': 'e'})
transaction.savepoint_commit(tra1)
return http.JsonResponse({'code': 0, 'errmsg': '下单成功', 'order_id': orderinfo.order_id})
def _wrapped(request, *a, **kw):
try:
status = 200
headers = {}
ret = f(request, *a, **kw)
if isinstance(ret, tuple):
if len(ret) == 3:
ret, status, headers = ret
else:
ret, status = ret
# Some errors are not exceptions. :\
if isinstance(ret, http.HttpResponseNotAllowed):
blob = _dump_json({
'error': 405,
'message': 'HTTP method not allowed.'
})
return http.HttpResponse(blob,
status=405,
content_type=JSON)
# Allow HttpResponses to go straight through.
if isinstance(ret, http.HttpResponse):
return ret
blob = _dump_json(ret)
response = http.HttpResponse(blob,
status=status,
content_type=content_type)
for k in headers:
response[k] = headers[k]
return response
except http.Http404 as e:
blob = _dump_json({
'error': 404,
'message': compat.text_type(e),
})
logger.warning('Not found: %s',
request.path,
extra={
'status_code': 404,
'request': request,
})
return http.HttpResponseNotFound(blob, content_type=JSON)
except PermissionDenied as e:
logger.warning('Forbidden (Permission denied): %s',
request.path,
extra={
'status_code': 403,
'request': request,
})
blob = _dump_json({
'error': 403,
'message': compat.text_type(e),
})
return http.HttpResponseForbidden(blob, content_type=JSON)
except BadRequest as e:
blob = _dump_json({
'error': 400,
'message': compat.text_type(e),
})
return http.HttpResponseBadRequest(blob, content_type=JSON)
except Exception as e:
exc_data = {
'error': 500,
'message': 'An error occurred',
}
if settings.DEBUG:
exc_data['message'] = compat.text_type(e)
exc_data['traceback'] = traceback.format_exc()
blob = _dump_json(exc_data)
# Generate the usual 500 error email with stack trace and full
# debugging information
logger.error('Internal Server Error: %s',
request.path,
exc_info=True,
extra={
'status_code': 500,
'request': request
})
# Here we lie a little bit. Because we swallow the exception,
# the BaseHandler doesn't get to send this signal. It sets the
# sender argument to self.__class__, in case the BaseHandler
# is subclassed.
got_request_exception.send(sender=BaseHandler, request=request)
return http.HttpResponseServerError(blob, content_type=JSON)
def put(self, request):
json_dict = json.loads(request.body.decode())
sku_id = json_dict.get('sku_id')
count = json_dict.get('count')
selected = json_dict.get('selected')
if all([sku_id, count]) is False:
return http.HttpResponseForbidden('缺少必传参数')
try:
sku_model = SKU.objects.get(id=sku_id)
except SKU.DoesNotExist:
return http.HttpResponseForbidden('sku_id不存在')
try:
count = int(count)
except Exception:
return http.HttpResponseForbidden('类型有误')
if isinstance(selected, bool) is False:
return http.HttpResponseForbidden('类型有误')
user = request.user
if user.is_authenticated:
redis_conn = get_redis_connection('carts')
pl = redis_conn.pipeline()
pl.hset('carts_%s' % user.id, sku_id, count)
if selected:
pl.sadd('selected_%s' % user.id, sku_id)
else:
pl.srem('selected_%s' % user.id, sku_id)
pl.execute()
cart_sku = {
'id': sku_model.id,
'name': sku_model.name,
'price': str(sku_model.price),
'default_image_url': sku_model.default_image.url,
'selected': selected,
'count': count,
'amount': str(sku_model.price * count)
}
response = http.JsonResponse({
'code': RETCODE.OK,
'errmsg': '修改购物车数据成功',
'cart_sku': cart_sku
})
return response
else:
cart_str = request.COOKIES.get('carts')
if cart_str:
cart_dict = pickle.loads(base64.b64decode(cart_str.encode()))
else:
return http.JsonResponse({
'code': RETCODE.DBERR,
'errmsg': 'cookie数据没有获取到'
})
"""
{
16: {'count': 2, 'selected': True}
}
"""
cart_dict[sku_id] = {'count': count, 'selected': selected}
cart_str = base64.b64encode(pickle.dumps(cart_dict)).decode()
cart_sku = {
'id': sku_model.id,
'name': sku_model.name,
'price': str(sku_model.price),
'default_image_url': sku_model.default_image.url,
'selected': selected,
'count': count,
'amount': str(sku_model.price * count)
}
response = http.JsonResponse({
'code': RETCODE.OK,
'errmsg': '修改购物车数据成功',
'cart_sku': cart_sku
})
response.set_cookie('carts', cart_str)
return response
def post(self, request):
'''
接收用户发过来的注册信息, 保存到mysql
:param request:
:return:
'''
# 1.接收参数
username = request.POST.get('username')
password = request.POST.get('password')
password2 = request.POST.get('password2')
mobile = request.POST.get('mobile')
allow = request.POST.get('allow')
sms_code_client = request.POST.get('sms_code')
# 2.检验参数(总体检验 + 单个检验)
if not all([username, password, password2, mobile, allow]):
return http.HttpResponseForbidden('缺少必传参数')
# 单个检验
if not re.match(r'^[a-zA-Z0-9_-]{5,20}$', username):
return http.HttpResponseForbidden('用户名不符合5-20位的格式')
if not re.match(r'^[a-zA-Z0-9]{8,20}$', password):
return http.HttpResponseForbidden('密码不符合8-20位的格式')
if password != password2:
return http.HttpResponseForbidden('两次输入密码不一致')
if not re.match(r'^1[3456789]\d{9}$', mobile):
return http.HttpResponseForbidden('手机号不符合')
if allow != 'on':
return http.HttpResponseForbidden('请勾选用户协议')
# 2.1 链接redis
redis_conn = get_redis_connection('verify_code')
# 2.2 获取redis中的短信验证码
sms_code_server = redis_conn.get('sms_code_%s' % mobile)
if sms_code_server is None:
return render(request, 'register.html',
{'sms_code_errmsg': '无效的短信验证码'})
# 2.3 判断两个验证码是否一致
if sms_code_server.decode() != sms_code_client:
return render(request, 'register.html',
{'sms_code_errmsg': '前端输入的短信验证码有误'})
# 3.往mysql存(User)
try:
user = User.objects.create_user(username=username,
password=password,
mobile=mobile)
except DatabaseError:
return render(request, 'register.html',
{'register_errmsg': '保存数据失败'})
# 保持状态:
login(request, user)
response = redirect(reverse('contents:index'))
# 往cookie中写入username
response.set_cookie('username', user.username, max_age=3600 * 24 * 15)
# 4.返回结果
# return http.HttpResponse('保存成功,跳转到首页')
return response
def process_request(self, request):
referer_url = request.META.get('HTTP_REFERER','')
for allowed_referer in settings.ALLOWED_REFERER_URL:
if referer_url.startswith(allowed_referer):
return None
return http.HttpResponseForbidden('<h1>Forbidden</h1>')
def status(request, addon_id, addon):
appeal_form = forms.AppAppealForm(request.POST, product=addon)
upload_form = NewWebappVersionForm(request.POST or None,
is_packaged=True,
addon=addon,
request=request)
publish_form = forms.PublishForm(
request.POST if 'publish-app' in request.POST else None, addon=addon)
if request.method == 'POST':
if 'resubmit-app' in request.POST and appeal_form.is_valid():
if not addon.is_rated():
# Cannot resubmit without content ratings.
return http.HttpResponseForbidden(
'This app must obtain content ratings before being '
'resubmitted.')
appeal_form.save()
create_comm_note(addon,
addon.latest_version,
request.user,
appeal_form.data['notes'],
note_type=comm.RESUBMISSION)
if addon.vip_app:
handle_vip(addon, addon.latest_version, request.user)
messages.success(request, _('App successfully resubmitted.'))
return redirect(addon.get_dev_url('versions'))
elif 'upload-version' in request.POST and upload_form.is_valid():
upload = upload_form.cleaned_data['upload']
ver = Version.from_upload(upload, addon)
# Update addon status now that the new version was saved.
addon.update_status()
res = run_validator(ver.all_files[0].file_path)
validation_result = json.loads(res)
# Escalate the version if it uses prerelease permissions.
escalate_prerelease_permissions(addon, validation_result, ver)
# Set all detected features as True and save them.
keys = [
'has_%s' % feature.lower()
for feature in validation_result['feature_profile']
]
data = defaultdict.fromkeys(keys, True)
# Set "Smartphone-Sized Displays" if it's a mobile-only app.
qhd_devices = (set((mkt.DEVICE_GAIA, )), set(
(mkt.DEVICE_MOBILE, )),
set((
mkt.DEVICE_GAIA,
mkt.DEVICE_MOBILE,
)))
mobile_only = (addon.latest_version
and addon.latest_version.features.has_qhd)
if set(addon.device_types) in qhd_devices or mobile_only:
data['has_qhd'] = True
# Update feature profile for this version.
ver.features.update(**data)
messages.success(request, _('New version successfully added.'))
log.info('[Webapp:%s] New version created id=%s from upload: %s' %
(addon, ver.pk, upload))
if addon.vip_app:
handle_vip(addon, ver, request.user)
return redirect(addon.get_dev_url('versions.edit', args=[ver.pk]))
elif 'publish-app' in request.POST and publish_form.is_valid():
publish_form.save()
return redirect(addon.get_dev_url('versions'))
ctx = {
'addon': addon,
'appeal_form': appeal_form,
'is_tarako': addon.tags.filter(tag_text=QUEUE_TARAKO).exists(),
'publish_form': publish_form,
'upload_form': upload_form,
}
# Used in the delete version modal.
if addon.is_packaged:
versions = addon.versions.values('id', 'version')
version_strings = dict((v['id'], v) for v in versions)
version_strings['num'] = len(versions)
ctx['version_strings'] = json.dumps(version_strings)
if addon.status == mkt.STATUS_REJECTED:
try:
entry = (AppLog.objects.filter(
addon=addon,
activity_log__action=mkt.LOG.REJECT_VERSION.id).order_by(
'-created'))[0]
except IndexError:
entry = None
# This contains the rejection reason and timestamp.
ctx['rejection'] = entry and entry.activity_log
return render(request, 'developers/apps/status.html', ctx)
def download(request):
if request.user.is_authenticated:
return http.HttpResponseForbidden(
content="Forbidden; Please access downloadable resources directly")
else:
return http.HttpResponseForbidden(content="Forbidden; Please Login")
def post(self, request):
"""添加购物车"""
# 接受 校验参数
json_dict = json.loads(request.body.decode())
sku_id = json_dict.get('sku_id')
count = json_dict.get('count')
selected = json_dict.get('selected', True)
if not all([sku_id, count]):
return http.HttpResponseForbidden('缺少必传参数')
try:
SKU.objects.get(id=sku_id)
except SKU.DoseNotExist:
return http.HttpResponseForbidden('sku_id不正确')
# 判断counts是否是数字
try:
count = int(count)
except Exception as e:
logger.error(e)
return http.HttpResponseForbidden('count不正确')
if selected:
if not isinstance(selected, bool):
return http.HttpResponseForbidden('selected不正确')
# 判断用户书否登陆
user = request.user
if user.is_authenticated:
# 用户登陆的话操作 redis 购物车
# carts_user_id: {sku_id1: count, sku_id3: count, sku_id5: count, ...}
# selected_user_id: [sku_id1, sku_id3, ...]
redis_conn = get_redis_connection('carts')
pl = redis_conn.pipeline()
# 新增购物车数据
# 当要添加到购物车的商品已存在时,对商品数量进行累加计算。
# 当要添加到购物车的商品不存在时,向hash中新增field和value即可。
# 这里hincrby:主动count+1,hash 结构 键 属性 值
pl.hincrby('carts_%s' % user.id, sku_id, count)
# 新增选中的状态
if selected:
pl.sadd('selected_%s' % user.id, sku_id)
pl.execute()
return http.JsonResponse({'code': RETCODE.OK, 'errmsg': 'ok'})
else:
# 用户未登录的话操作 cookie 购物车
"""
{
11: {
"count": "1",
"selected": "True"
},
22: {
"count": "3",
"selected": "True"
},
}
"""
cart_str = request.COOKIES.get('carts')
# 如果操作过cookie购物车
if cart_str:
# 转成字典数据
cart_dict = str_to_dict(cart_str)
# 没有操作的话
else:
cart_dict = {}
# 判断要加入的购物车商品是否已经存在在购物车中
# 当要添加到购物车的商品已存在时,对商品数量进行累加计算。
if sku_id in cart_dict.keys():
origin_count = cart_dict.get(sku_id).get('count')
count += origin_count
# 当要添加到购物车的商品不存在时,向JSON中新增field和value即可。
cart_dict[sku_id] = {'count': count, 'selected': selected}
# 把dict数据序列化
cookie_cart_str = dict_to_str(cart_dict)
# 设置到cookie中
response = http.JsonResponse({'code': RETCODE.OK, 'errmsg': 'ok'})
response.set_cookie('carts', cookie_cart_str)
return response
def updateDatabaseCSV(request):
if request.user.is_authenticated:
if request.method == "POST":
_file = request.FILES['file']
_dest = './temp/{}_{}'.format(request.user, int(time.time()))
# Preliminary check on document
validate_file = FileValidator(
max_size=52428800,
content_types=('text/plain',
'text/csv')) # 52428800 B = 50 MiB
try:
validate_file(_file)
except ValidationError as e:
return http.HttpResponse(status=500, content=e)
if not os.path.exists('./temp'):
try:
os.makedirs('./temp')
except OSError as e:
return http.HttpResponse(status=500, content=e)
try:
with open(_dest + ".csv", 'wb+') as destination:
for chunk in _file.chunks():
destination.write(chunk)
# https://stackoverflow.com/a/4992124/3211506 (Does not catch KeyboardInterrupt, etc.)
except Exception as e:
# Remove file if exists
if os.path.isfile(_dest + ".csv"):
os.remove(_dest + ".csv")
return http.HttpResponse(status=500, content=e)
# Import the CSV
# delete = True, and no log files since we don't want to clog up the server
di = importCSV.DatabaseImporter(_dest + ".csv",
request.user.username, True, None)
try:
di.parse()
except (importCSV.ImporterError, AssertionError) as e:
di.clean()
return http.HttpResponse(status=500, content=e)
except Exception as e:
di.clean()
return http.HttpResponse(
status=500,
content="Unknown Parsing/Update Error: {}".format(e))
di.clean()
return http.HttpResponse(content="OK")
else:
# If not POST, we generate a template for the csv
m = mapping.Mapping()
_csvT = m.generateTemplate()
# https://stackoverflow.com/a/1158750/3211506
_res = http.HttpResponse(content=_csvT, content_type='text/csv')
_res['Content-Disposition'] = 'attachment; filename={}'.format(
smart_str("template.csv"))
return _res
else:
return http.HttpResponseForbidden(content="Forbidden; Please Login")
def _wrapped(request, *a, **kw):
try:
status = 200
headers = {}
ret = f(request, *a, **kw)
if isinstance(ret, tuple):
if len(ret) == 3:
ret, status, headers = ret
else:
ret, status = ret
# Some errors are not exceptions. :\
if isinstance(ret, http.HttpResponseNotAllowed):
blob = json.dumps({
'error': 405,
'message': 'HTTP method not allowed.'
})
return http.HttpResponse(blob, status=405, content_type=JSON)
blob = json.dumps(ret)
response = http.HttpResponse(blob,
status=status,
content_type=JSON)
for k in headers:
response[k] = headers[k]
return response
except http.Http404 as e:
blob = json.dumps({
'error': 404,
'message': unicode(e),
})
logger.warning('Not found: %s',
request.path,
extra={
'status_code': 404,
'request': request,
})
return http.HttpResponseNotFound(blob, content_type=JSON)
except PermissionDenied as e:
logger.warning('Forbidden (Permission denied): %s',
request.path,
extra={
'status_code': 403,
'request': request,
})
blob = json.dumps({
'error': 403,
'message': unicode(e),
})
return http.HttpResponseForbidden(blob, content_type=JSON)
except BadRequest as e:
blob = json.dumps({
'error': 400,
'message': unicode(e),
})
return http.HttpResponseBadRequest(blob, content_type=JSON)
except Exception as e:
blob = json.dumps({
'error': 500,
'message': unicode(e),
})
logger.exception(unicode(e))
# Here we lie a little bit. Because we swallow the exception, the
# BaseHandler doesn't get to send this signal. It sets the sender
# argument to self.__class__, in case the BaseHandler is
# subclassed.
got_request_exception.send(sender=BaseHandler, request=request)
return http.HttpResponseServerError(blob, content_type=JSON)
def process_request(self, request):
"""
Check for denied User-Agents and rewrite the URL based on
settings.APPEND_SLASH and settings.PREPEND_WWW
"""
# Check for denied User-Agents
if 'HTTP_USER_AGENT' in request.META:
for user_agent_regex in settings.DISALLOWED_USER_AGENTS:
if user_agent_regex.search(request.META['HTTP_USER_AGENT']):
logger.warning('Forbidden (User agent): %s',
request.path,
extra={
'status_code': 403,
'request': request
})
return http.HttpResponseForbidden('<h1>Forbidden</h1>')
# Check for a redirect based on settings.APPEND_SLASH
# and settings.PREPEND_WWW
host = request.get_host()
old_url = [host, request.path]
new_url = old_url[:]
if (settings.PREPEND_WWW and old_url[0]
and not old_url[0].startswith('www.')):
new_url[0] = 'www.' + old_url[0]
# Append a slash if APPEND_SLASH is set and the URL doesn't have a
# trailing slash and there is no pattern for the current path
if settings.APPEND_SLASH and (not old_url[1].endswith('/')):
urlconf = getattr(request, 'urlconf', None)
if (not urlresolvers.is_valid_path(request.path_info, urlconf)
and urlresolvers.is_valid_path("%s/" % request.path_info,
urlconf)):
new_url[1] = new_url[1] + '/'
if settings.DEBUG and request.method == 'POST':
raise RuntimeError((
""
"You called this URL via POST, but the URL doesn't end "
"in a slash and you have APPEND_SLASH set. Django can't "
"redirect to the slash URL while maintaining POST data. "
"Change your form to point to %s%s (note the trailing "
"slash), or set APPEND_SLASH=False in your Django "
"settings.") % (new_url[0], new_url[1]))
if new_url == old_url:
# No redirects required.
return
if new_url[0]:
newurl = "%s://%s%s" % (request.scheme, new_url[0],
urlquote(new_url[1]))
else:
newurl = urlquote(new_url[1])
if request.META.get('QUERY_STRING', ''):
if six.PY3:
newurl += '?' + request.META['QUERY_STRING']
else:
# `query_string` is a bytestring. Appending it to the unicode
# string `newurl` will fail if it isn't ASCII-only. This isn't
# allowed; only broken software generates such query strings.
# Better drop the invalid query string than crash (#15152).
try:
newurl += '?' + request.META['QUERY_STRING'].decode()
except UnicodeDecodeError:
pass
return http.HttpResponsePermanentRedirect(newurl)
