def get_available_rooms():
campus = request.args.get('campus')
building = request.args.get('building')
time = request.args.get('time')
date_str = request.args.get('date')
if not date_str:
date = datetime.date.today()
else:
date = datetime.date(*map(int, date_str.split('-')))
# vip 可以选择日期,普通用户只能选择时间
if not campus:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing campus parameter')
if not building:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing building parameter')
if not time:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing time parameter')
return generate_success_response(
entity_service.get_available_rooms(campus, building, date, time))
def report_unavailable_room():
room_id_encoded = request.args.get("room_id")
time = request.args.get("time")
date_str = request.args.get("date")
date = datetime.date(*map(int, date_str.split('-')))
# 运营策略:报告获得他人认同可以加积分
if not room_id_encoded:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing room_id parameter')
if not time:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing time parameter')
if not date_str:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing date parameter')
try:
resource_type, room_id = decrypt(room_id_encoded,
resource_type=RTYPE_ROOM)
except ValueError:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'invalid room_id')
entity_service.report_unavailable_room(room_id, date, time, *get_ut_uid())
return generate_success_response(None)
def accept_grant(grant_id: int):
action = request.args.get('action')
if not action:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "action not found")
if action == 'accept':
return generate_success_response(user_service.accept_grant(grant_id, g.user_id))
elif action == 'reject':
return generate_success_response(user_service.reject_grant(grant_id, g.user_id))
else:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "invalid action")
def apply_grant():
to_user_id_encoded = request.args.get('to_user_id')
if not to_user_id_encoded:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "mising to_user_id")
to_uid = decrypt(to_user_id_encoded, resource_type=RTYPE_STUDENT)[1]
user_service.new_grant_request(g.user_id, to_uid)
return generate_success_response(None)
def email_verification():
"""邮件验证-设置密码
错误码:
4104 验证请求不存在(内部异常)
4105 当前VerificationRequest的状态并非STATUS_TKN_PASSED(排除网络卡了导致客户端没收到响应其实已经注册成功的情况)
4106 密码过弱
"""
request_id = session.get(SESSION_EMAIL_VER_REQ_ID, None)
if not request_id:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "无效请求,请重新点击邮件中的链接")
password = request.form.get("password")
if not password:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请输入密码")
username = user_service.register_by_email_set_password(request_id, password)
return generate_success_response({"token": user_service.issue_token(username)})
def login():
"""登录并获得token
可能的错误码:
4000 用户名或密码错误
4100 用户不存在
4101 密码错误
"""
username = request.form.get("username")
password = request.form.get("password")
if not username:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请填写用户名")
if not password:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请填写密码")
if not user_service.check_password(username, password):
raise exceptions.WrongPassword
return generate_success_response({"token": user_service.issue_token(username)})
def handle_biz_exception(error: base_exceptions.BizException):
if request.path.startswith("/mobile"):
if isinstance(error, base_exceptions.InternalError):
logger.error(repr(error))
# 业务错误的status_message可以对外展示
actual_error = {'status_message_overwrite': error.status_message}
return generate_error_response(None, error.status_code,
**actual_error)
def multi_people_schedule():
people_encoded = request.args.get('people')
date = request.args.get('date')
uid = get_logged_in_uid()
if not people_encoded:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing people parameter')
if not date:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing date parameter')
people_list = [decrypt(people)[1] for people in people_encoded.split(',')]
date = datetime.date(*map(int, date.split('-')))
schedule = entity_service.multi_people_schedule(people_list, date, uid)
return generate_success_response(schedule)
def get_calendar_token(id_sec: str, semester: str):
"""
:param id_sec: 加密后的学号或教工号
:param semester: 学期,如 2018-2019-1
错误码:
4000 请求无效
4003 无权访问
"""
try:
res_type, res_id = encryption.decrypt(id_sec)
except ValueError:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '用户ID无效')
if res_type == encryption.RTYPE_STUDENT:
if not user_service.has_access(res_id, g.username)[0]:
return generate_error_response(None, api_helpers.STATUS_CODE_PERMISSION_DENIED, '无权访问该用户课表')
student = entity_service.get_student_timetable(res_id, semester)
if not student:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '学生不存在')
token = calendar_service.get_calendar_token(resource_type=res_type,
identifier=student.student_id,
semester=semester)
else:
teacher = entity_service.get_teacher_timetable(res_id, semester)
if not teacher:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, '教师不存在')
token = calendar_service.get_calendar_token(resource_type=res_type,
identifier=teacher.teacher_id,
semester=semester)
ics_url = url_for('calendar.ics_download', calendar_token=token, _external=True)
ics_webcal = ics_url.replace('https', 'webcal').replace('http', 'webcal')
return generate_success_response({'token': token,
'ics_url': ics_url,
'ics_url_webcal': ics_webcal})
def register_by_email():
"""通过邮箱验证注册
错误码:
4000 用户名未填写
4102 已经注册过了
5000 内部错误
todo:加限流
"""
identifier = request.args.get("identifier")
if not identifier:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "请填写用户名")
user_service.register_by_email(identifier)
return generate_success_response(None)
def email_verification_check():
"""验证邮箱token
错误码:
4000 token缺失
4102 用户已存在,token无效
4103 token无效
"""
# todo 这里发出去的邮箱里面的链接还是网页版的,要换一下
email_token = request.args.get("token")
if not email_token:
return generate_error_response(None, api_helpers.STATUS_CODE_INVALID_REQUEST, "token参数缺失")
request_id = user_service.register_by_email_token_check(email_token)
session[SESSION_EMAIL_VER_REQ_ID] = request_id
return generate_success_response(None)
def internal_server_error(error):
if request.path.startswith("/mobile"):
# 对于非业务错误,生产环境中不进行返回,其他环境中可返回
actual_error = {
'status_message_overwrite':
f"server internal error: {repr(error.original_exception)}"
} if not is_production() else {}
return generate_error_response(
None, api_helpers.STATUS_CODE_INTERNAL_ERROR, **actual_error)
if plugin_available("sentry"):
return render_template(
'common/error.html',
message=MSG_INTERNAL_ERROR,
event_id=g.sentry_event_id,
public_dsn=sentry.client.get_public_dsn('https'))
return f"<h4>500 Error: {repr(error.original_exception)}</h4><br>You are seeing this page because Sentry is not available."
def multi_people_schedule_search():
keyword = request.args.get('keyword')
if not keyword:
return generate_error_response(None,
api_helpers.STATUS_CODE_INVALID_REQUEST,
'missing keyword parameter')
print([request.cookies.get('e_session')])
search_result = entity_service.search(keyword)
uid = get_logged_in_uid()
print(f"session:{session.values()} \n uid:{uid}")
items = []
for s in search_result.students:
eligible = False
groups = re.findall(r'\d+', s.klass)
if len(groups) > 0:
if int(groups[0][:2]) + 5 >= datetime.date.today().year - 2000:
eligible = True
else:
eligible = True
if eligible:
items.append(
SearchResultItem(
s.name, s.deputy + s.klass, "student",
s.student_id_encoded,
*user_service.has_access(s.student_id, uid, False)))
items.extend([
SearchResultItem(t.name, t.unit + t.title, "teacher",
t.teacher_id_encoded,
*user_service.has_access(t.teacher_id, uid, False))
for t in search_result.teachers
])
return generate_success_response({
'items': items,
'keyword': keyword,
'is_guest': True if uid is None else False
})
def page_not_found(error):
if request.path.startswith('/mobile'):
return generate_error_response(
None, api_helpers.STATUS_CODE_INVALID_REQUEST, "no such API")
return render_template('common/error.html', message=MSG_404)
