def info():
"""获取用户信息
---
tags:
- 用户
responses:
200:
description: 获取成功
schema:
type: object
properties:
code:
type: int
data:
type: array
$ref: '#/definitions/Module'
message:
type: string
examples:
code: 0
data: [{}, {}]
message: 'success'
"""
token = request.args.get('token')
data = verify_token(token)
if not data:
return fail(401)
user = Admin.query.get_or_404(data['user_id'])
if not user:
return fail(401)
res = {'data': {'name': user.name, 'avatar': user.avatar}}
return success(res)
def login():
"""帐密登录
---
tags:
- 登录
parameters:
- in: body
name: body
required: true
schema:
$ref: '#/parameters/user_login'
responses:
200:
examples:
code: 0
data: {'token': 'abcdefgh'}
message: 'success'
401:
examples:
code: 1
message: 'fail'
# 登录验证成功后生成一个token存在redis中,设置了有效期,并返回
# :return: Flask Response
"""
try:
data = json.loads(request.data)
except:
return fail(401)
user = Admin.query.filter_by(username=data['username']).first()
if user and user.verify_password(data['password']):
token = generate_token(user.id).decode()
res = {'data': {'token': token}}
cache.setex(user.id, current_app.config['EXPIRE_TIME'], token)
return success(res)
return fail(401)
def delete_user(id):
"""删除用户
---
tags:
- 用户
security:
- api_key: []
responses:
200:
description: 获取成功
schema:
type: object
properties:
code:
type: int
data:
type: array
$ref: '#/definitions/Module'
message:
type: string
examples:
code: 0
data: [{}, {}]
message: 'success'
"""
user = Admin.query.get_or_404(id)
if user:
user.delete()
return success()
return fail(400)
def delete_operation_log():
"""删除操作日志,可批量删除
---
tags:
- 系统
security:
- api_key: []
responses:
200:
description: 删除成功
schema:
type: object
properties:
code:
type: int
message:
type: string
examples:
code: 0
message: 'success'
"""
data = json.loads(request.data)
try:
for item in data:
log = OperationLog.query.get_or_404(item['id'])
db.session.delete(log)
db.session.commit()
return success()
except Exception:
return fail(400)
def expression_offical_add() -> ApiResult:
""" 添加体验官
---
tags:
- 前台API
parameters:
- in: body
name: body
required: true
schema:
$ref: '#/parameters/add_expression_offical'
responses:
200:
description: 添加成功
examples:
code: 0
message: 'success'
"""
data = request.form
try:
ExpressionOffical.create(**dict(data))
except:
return fail()
return success()
def github_login():
"""github oauth登录
---
tags:
- 登录
parameters:
- in: url
name: code
required: true
responses:
200:
examples:
code: 0
data: {'token': 'abcdefgh'}
message: 'success'
401:
examples:
code: 1
message: 'fail'
# 使用code和secret前往github获取到一个token,使用token能获取到用户信息,这里直接使用
# :return: Flask Response
"""
code = request.args.get('code')
if not code:
return fail(401)
params = {
'code': code,
'client_id': GITHUB_CLIENTID,
'client_secret': GITHUB_CLIENTSECRET
}
res = requests.get(GITHUB_OAUTH_URL, params=params)
# res.text: access_token=5fb2fde682eeae364bf72eed9e84cc1fa5ba9e1a&scope=user%3Aemail&token_type=bearer
token = res.text.split('&')[0]
res = requests.get(GITHUB_USER_URL + token)
user = json.loads(res.content)
user = Admin.query.filter_by(username=user['login']).first()
if not user:
return fail(401)
token = generate_token(user.id).decode()
res = {'data': {'token': token}}
cache.setex(user.id, current_app.config['EXPIRE_TIME'], token)
return success(res)
def upload():
"""上传文件
---
tags:
- 资讯
security:
- api_key: []
responses:
200:
description: 获取成功
schema:
type: object
properties:
code:
type: int
data:
type: array
$ref: '#/definitions/Module'
message:
type: string
examples:
code: 0
data: [{}, {}]
message: 'success'
"""
file = request.files['file']
if file:
now = time.time()
date = time.strftime('%Y%m%d', time.localtime(now))
filename = str(int(now)) + file.filename
if not allowed_file(filename):
return fail(415)
if not CH_REGEX.search(filename):
filename = secure_filename(filename)
UPLOAD_PATH = os.path.join(current_app.config['UPLOAD_FOLDER'], date)
os.makedirs(UPLOAD_PATH, exist_ok=True)
filepath = os.path.join(UPLOAD_PATH, filename)
file.save(filepath)
res = {'data': {'filename': filename, 'fileurl': filepath}}
return success(res)
return fail(400)
def upload_avatar():
"""上传头像
---
tags:
- 用户
security:
- api_key: []
responses:
200:
description: 获取成功
schema:
type: object
properties:
code:
type: int
data:
type: array
$ref: '#/definitions/Module'
message:
type: string
examples:
code: 0
data: [{}, {}]
message: 'success'
"""
file = request.files['avatar']
if file:
now = time.time()
filename = str(int(now)) + file.filename
if not allowed_file(filename):
return fail(415)
if not CH_REGEX.search(filename):
filename = secure_filename(filename)
filepath = os.path.join(current_app.config['UPLOAD_FOLDER'], filename)
file.save(filepath)
res = {'data': {'filename': filename, 'fileurl': filepath}}
return success(res)
return fail(400)
def verify_user(response):
"""
对这个蓝图下的请求进行权限验证,同时增加操作日志
:param response: Flask Response Object
:return: response
"""
from .user import verify_token
if request.path in ALLOWED_PATHS or request.method == 'OPTIONS':
return response
elif 'Authorization' in request.headers:
data = verify_token(request.headers['Authorization'])
if data:
add_operation_log(data, request)
return response
return fail(200, 50014).to_response()
def delete_article(id):
"""删除资讯
---
tags:
- 资讯
security:
- api_key: []
responses:
200:
description: 删除成功
examples:
code: 0
data: [{}, {}]
message: 'success'
"""
article = Article.query.get_or_404(id)
if article:
article.delete()
return success()
return fail(400)