def pay_return(request):
if request.method == 'POST':
trade_status = request.POST.get('trade_status')
if trade_status:
# 支付宝支付
if trade_status == 'TRADE_SUCCESS':
out_trade_no = request.POST.get('out_trade_no')
total = request.POST.get('total_amount')
save_order(out_trade_no, total)
return resp(msg='支付成功')
else:
return resp(1001, '支付错误')
else:
# 微信支付
wechat_result = Wxpay_Result()
result = wechat_result.post(request)
if result['result_code'] == 'SUCCESS':
# 请求成功数据回调
out_trade_no = result['out_trade_no']
total = float(int(result['total_fee']) * 100)
save_order(out_trade_no, total)
return HttpResponse(trans_dict_to_xml({'return_code': 'SUCCESS', 'return_msg': 'OK'}))
else:
return HttpResponse(trans_dict_to_xml({'return_code': 'FAIL', 'return_msg': 'SIGNERROR'}))
if request.method == "GET":
return resp()
def public_transfer(request):
"""对公转账"""
if request.method == 'POST':
# 该项记录由管理员进行添加财务信息,添加后,改变用户的权限
login_name = request.POST.get('login_name')
# 获取当前用户
u = User.objects.filter(login_name=login_name).first()
if not u:
return resp(400, '没有该用户')
trade_type_id = request.POST.get('trade_type')
enable = int(request.POST.get('enable'))
# 直接获取当前交易类型的用户分组,获取分组、获取交易天数、交易价格。
t = TradeType.objects.filter(id=trade_type_id).first()
g = t.group
d = t.days
p = t.price
m_type = 4 # 对公转账
o = Order()
o.id = encode_order(f'{login_name}{g}{d}{p}')
o.login_name = login_name
o.trade_type = m_type
o.trade_group = g.id
o.total = p
o.days = d
o.desc = 1
o.save()
# 改变用户行为
u.group = g
u.enable = enable
u.end_time = datetime.datetime.now() + datetime.timedelta(days=d)
u.save()
return resp()
def invoice(request):
token = request.META.get('HTTP_AUTHENTICATION')
obj = check_token(token)
u_id = obj['id']
if request.method == 'POST':
company = request.POST.get('company')
code = request.POST.get('code')
addr_tel = request.POST.get('addr_tel')
acount = request.POST.get('acount')
receive_email = request.POST.get('receive_email')
receive_user = request.POST.get('receive_user')
receive_addr = request.POST.get('receive_addr')
receive_phone = request.POST.get('receive_phone')
flag = request.POST.get('flag') # 传递falg :create 代表新建 ,不传值代表修改
i = Invoice() if flag == 'create' else Invoice.objects.filter(u_id=u_id).first()
i.u_id = u_id
i.company = company
i.code = code
i.addr_tel = addr_tel
i.acount = acount
i.receive_email = receive_email
i.receive_user = receive_user
i.receive_addr = receive_addr
i.receive_phone = receive_phone
i.save()
return resp()
if request.method == 'GET':
# 确定是否为一对一,一对多,目前采取一对一的形式
i = Invoice.objects.filter(u_id=u_id).first()
if i:
return resp(data=i.to_dict())
else:
return resp(400, '没有资源')
def register(request):
"""注册用户"""
if request.method == 'POST':
login_name = request.POST.get('login_name')
old_u = User.objects.filter(login_name=login_name).first()
if old_u:
return resp(1001, '用户名已存在')
email = request.POST.get('email')
old_u = User.objects.filter(email=email).first()
if old_u:
return resp(1001, '邮箱已注册')
pwd = request.POST.get('pwd')
if len(pwd) < 6 or len(pwd) > 16:
return resp(1002, '密码长度在6-16')
major = request.POST.get('major')
user_name = request.POST.get('user_name')
qq = request.POST.get('qq')
phone = request.POST.get('phone')
u = User()
u.login_name = login_name
u.pwd = pwd
u.email = email
u.major = major
u.user_name = user_name
u.qq = qq
u.phone = phone
u.save()
return resp()
def get_resource(request):
if request.method == 'POST':
# 三级资源id
t_id = int(request.POST.get("code"))
token = request.POST.get("token")
# 1.判断用户token是否有效
if (not token) or token == 'null':
return resp(404, '没有token')
obj = check_token(token)
if not obj:
return resp(404, 'token过期')
u_id = obj['id']
# 判断
# 2.判断用户是否有权限访问该资源 ,无访问权限返回404
u = User.objects.filter(id=u_id).first()
ids = [i.to_one_dict() for i in u.group.go.all()]
ids = parsing_list(ids)
if t_id not in ids:
return resp(404, '无权限访问')
# 3.根据三级资源获取cookie数据
t = ThreeSrc.objects.filter(id=t_id).first()
cookie = t.four_src.cookie
# 4.根据三级资源获取登陆链接
url = t.four_src.url
return resp(data={"href": url, "thing": string_encryption(cookie)})
def check_user(request):
if request.method == 'GET':
token = request.META.get('HTTP_AUTHENTICATION')
obj = check_token(token)
if not obj:
return resp(204, '用户信息过期')
u_id = obj['id']
u = User.objects.filter(id=u_id).first()
end_time = u.end_time
if not end_time:
return resp(201, '用户还未购买资源')
# 获取用户当前时间是否过期
if datetime.datetime.now() > end_time:
# 用户过期
return resp(202, '用户过期')
# 查询当前用户的资源权限
group = Group.objects.filter(id=u.group_id).first()
# 获取当前用户对应的一级分类id
cursor = connection.cursor()
sql = f'select a.id from one_src a join one_src_group b on a.id=b.one_src_id join `group` c on ' \
f'c.id=b.group_id join user d on d.group_id=c.id where d.id={u_id}'
cursor.execute(sql)
one_src_id_list = [str(i[0]) for i in cursor.fetchall()]
sql = f'select a.id from one_src a left join two_src b on a.id=b.one_src_id left join three_src c ' \
f'on b.id=c.two_src_id where a.id in ({",".join(one_src_id_list)});'
cursor.execute(sql)
data = OneSrc.objects.filter(
id__in=[i for i in {i[0]
for i in cursor.fetchall()}])
cursor.close()
data = [i.to_all_dict() for i in data]
return resp(data=data)
def get_four_src_info(request):
if request.method == 'GET':
f_id = request.GET.get('id')
if f_id:
f = FourSrc.objects.filter(id=f_id).first()
return resp(data=f.to_detail_dict() if f else 'not src')
else:
f_all = FourSrc.objects.all()
return resp(data=[i.to_name_dict() for i in f_all])
def get_order_status(request):
if request.method == 'GET':
"""查询订单状态 """
o_id = request.GET.get('order_id')
o = Order.objects.filter(id=o_id).first()
if o:
# 代表已经支付
return resp(200, '已支付')
return resp(202, '未支付')
def get_two_src_info(request):
if request.method == 'GET':
t_id = request.GET.get('id')
if t_id:
t = TwoSrc.objects.filter(id=t_id).first()
return resp(data=t.to_detail_dict() if t else 'not src')
else:
t_all = TwoSrc.objects.all()
return resp(data=[i.to_name_id_dict() for i in t_all])
def get_admins(request):
"""获取管理员列表"""
if request.method == 'GET':
a_id = request.GET.get('id')
if a_id:
a = User.objects.filter(id=a_id).filter(is_admin=1).first()
return resp(data=a.to_admin_view_dict())
else:
a_all = User.objects.filter(is_admin=1)
return resp(data=[i.to_admin_dict() for i in a_all])
def get_trade_type_info(request):
if request.method == 'GET':
t_id = request.GET.get('id')
t = request.GET.get('t')
if t_id:
t = TradeType.objects.filter(id=t_id).first()
return resp(data=t.to_dict() if t else 'not type')
else:
t_all = TradeType.objects.all()
return resp(data=[i.to_front_dict() if t == 'front' else i.to_dict() for i in t_all])
def get_card_info(request):
"""查看卡密信息"""
if request.method == 'GET':
id = request.GET.get('id')
if id:
c = CardRechargeList.objects.filter(id=id).first()
return resp(data=c.to_dict() if c else 'not card')
else:
c_all = CardRechargeList.objects.all()
return resp(data=[i.to_dict() for i in c_all])
def get_help_list_info(request):
"""获取帮助列表信息"""
if request.method == 'GET':
h_list_id = request.GET.get('id')
if h_list_id:
h_list = HelpList.objects.filter(id=h_list_id).first()
return resp(data=h_list.to_detail_dict() if h_list else 'not data')
else:
h_list_all = HelpList.objects.all()
return resp(data=[i.to_list_dict() for i in h_list_all])
def get_group_info(request):
if request.method == 'GET':
g_id = request.GET.get('id')
if g_id:
"""返回单条数据"""
g = Group.objects.filter(id=g_id).first()
return resp(data=g.to_full_dict())
else:
"""返回所有数据"""
g_all = Group.objects.all()
return resp(data=[i.to_name_dict() for i in g_all])
def get_three_src_info(request):
"""获取三级资源"""
if request.method == 'GET':
tr_id = request.GET.get('id')
t = request.GET.get('t') # 查询或者是编辑的获取详情
if tr_id:
tr = ThreeSrc.objects.filter(id=tr_id).first()
return resp(data=tr.to_simple_back_dict() if t ==
'edit' else tr.to_simple_dict() if tr else 'not src')
else:
tr_all = ThreeSrc.objects.all()
return resp(data=[i.to_simple_dict() for i in tr_all])
def get_one_src_info(request):
"""查询一级分类资源"""
if request.method == 'GET':
s_id = request.GET.get('id')
if s_id:
"""返回单条数据"""
s = OneSrc.objects.filter(id=s_id).first()
return resp(data=s.to_detail_dict() if s else 'not src')
else:
"""返回所有数据"""
s_all = OneSrc.objects.all()
return resp(data=[i.to_list_dict() for i in s_all])
def get_token_info(request):
"""根据token获取用户信息"""
if request.method == 'GET':
token = request.META.get('HTTP_AUTHENTICATION')
back = request.GET.get('back')
# 解析token数据
obj = check_token(token)
if obj:
u_id = obj['id']
u = User.objects.filter(id=u_id).first()
return resp(data=u.to_back_dict() if back else u.to_front_dict())
else:
return resp(code=4001, msg='token 失效')
def check_img_code(request):
if request.method == 'GET':
token = request.GET.get('token')
val = int(request.GET.get('val'))
# 一:判断是否是某个时刻发送的
# 二:判断验证码是否输入正确
obj = img_code_overdue_decode(token)
if not obj:
# token通过校验
return resp(code=1001, msg='token过期')
if val != obj['val']:
return resp(code=1002, msg='验证码错误')
return resp()
def process_request(self, request):
need_token = [
'/user/get_admins/', '/user/update_admin/',
'/user/update_profile/', '/user/get_user_info/',
'/user/update_pwd/', '/trade/invoice/'
]
if request.path in need_token:
# 判断需要token的路由,如果没有token,则不通过
token = request.META.get('HTTP_AUTHENTICATION')
if (not token) or token == 'null':
return resp(400, '没有token')
if not check_token(token):
return resp(401, 'token过期')
def update(request):
"""后台修改信息"""
if request.method == 'POST':
u_id = request.POST.get("id")
group_id = request.POST.get('group_id')
login_name = request.POST.get('login_name')
pwd = request.POST.get('pwd')
email = request.POST.get('email')
major = request.POST.get('major')
user_name = request.POST.get('user_name')
qq = request.POST.get('qq')
phone = request.POST.get('phone')
end_time = request.POST.get('end_time')
enable = int(request.POST.get('enable'))
active = int(json.loads(request.POST.get('active')))
u = User.objects.filter(id=u_id).first()
u.group_id = group_id
u.login_name = login_name
u.pwd = pwd
u.email = email
u.major = major
u.user_name = user_name
u.qq = qq
u.phone = phone
u.end_time = end_time
u.enable = enable
u.active = active
u.save()
return resp(data=u.to_back_read_dict())
def get_four_src(request):
if request.method == 'GET':
cursor = connection.cursor()
d = request.GET
p = int(d.get('p', 1))
n = int(d.get('n', 10))
tmp_d = [i for i in d if d[i]]
if len(tmp_d) > 2:
# 查询时 标题和编码
tmp_l = []
for i in d:
if i not in ['p', 'n']:
if d[i]:
if i == 'name':
tmp_l.append(f'name like "%{d[i]}%"')
if i == 'code':
tmp_l.append(f'code like "%{d[i]}%"')
tmp_sql = ' and '.join(tmp_l)
# 代表有检索条件
sql = f'select id,name,code,url,username,pwd,add_time from four_src' \
f' where {tmp_sql} order by id desc limit {(p - 1) * n},{n}'
else:
# 代表查询所有数据分页
sql = f'select id,name,code,url,username,pwd,add_time from four_src' \
f' order by id desc limit {(p - 1) * n},{n}'
cursor.execute(sql)
data = [format_four_src_list(i) for i in cursor.fetchall()]
sql = re.sub(r'id,.*?add_time', 'count(*)', sql)
sql = sql.split("limit")[0].strip()
cursor.execute(sql)
l = cursor.fetchone()
cursor.close()
return resp(data=data, count=l[0])
def add_n_card(request):
"""自动生成n组卡密"""
if request.method == 'POST':
trade_type_id = request.POST.get('trade_type_id')
# 获取需要生成的卡密个数
num = int(request.POST.get('num'))
# 获取需要生成的密码位数,密码生成范围在 6-12之间
pwd_num = int(request.POST.get('pwd_num'))
if pwd_num < 6 or pwd_num > 12:
return resp(201, '长度错误')
# 实现唯一卡密,使用uuid1作为卡号,使用uuid4作为卡密
CardRechargeList.objects.bulk_create(
[CardRechargeList(card_id=''.join([i for i in str(uuid.uuid1()) if i != '-']),
card_pwd=str(uuid.uuid4()).split('-').pop()[:pwd_num], trade_type_id=trade_type_id) for _
in range(num)])
return resp()
def get_order(request):
"""获取订单数据"""
if request.method == "GET":
cursor = connection.cursor()
d = request.GET
p = int(d.get('p', 1))
n = int(d.get('n', 10))
tmp_d = [i for i in d if d[i]]
if len(tmp_d) > 2:
# 查询时 充值卡号、会员名称
tmp_l = []
for i in d:
if i not in ['p', 'n']:
if d[i]:
if i == 'card':
tmp_l.append(f'card_id="{d[i]}"')
if i == 'name':
tmp_l.append(f'login_name like "%{d[i]}%"')
tmp_sql = ' and '.join(tmp_l)
# 代表有检索条件
sql = f'select * from `order` where {tmp_sql} limit {(p - 1) * n},{n}'
else:
# 代表查询所有数据分页
sql = f'select * from `order` limit {(p - 1) * n},{n}'
cursor.execute(sql)
data = [format_order_list(i) for i in cursor.fetchall()]
sql = re.sub(r'\*', 'count(*)', sql)
sql = sql.split("limit")[0].strip()
cursor.execute(sql)
l = cursor.fetchone()
cursor.close()
return resp(data=data, count=l[0])
def get_two_src(request):
if request.method == 'GET':
cursor = connection.cursor()
d = request.GET
p = int(d.get('p', 1))
n = int(d.get('n', 10))
tmp_d = [i for i in d if d[i]]
if len(tmp_d) > 2:
# 查询时 有一级分类,标题
# 一级分类为 one_src_id
tmp_l = []
for i in d:
if i not in ['p', 'n']:
if d[i]:
if i == 'one_src_id':
tmp_l.append(f'a.one_src_id={d[i]}')
if i == 'name':
tmp_l.append(f'a.name like "%{d[i]}%"')
tmp_sql = ' and '.join(tmp_l)
# 代表有检索条件
sql = f'select a.id,b.name,a.name,a.pos,a.add_time from two_src a join one_src b on b.id=a.one_src_id' \
f' where {tmp_sql} order by a.id desc limit {(p - 1) * n},{n}'
else:
# 代表查询所有数据分页
sql = f'select a.id,b.name,a.name,a.pos,a.add_time from two_src a join one_src b on b.id=a.one_src_id' \
f' order by a.id desc limit {(p - 1) * n},{n}'
cursor.execute(sql)
data = [format_two_src_list(i) for i in cursor.fetchall()]
sql = re.sub(r'a\.id,.*?add_time', 'count(*)', sql)
sql = sql.split("limit")[0].strip()
cursor.execute(sql)
l = cursor.fetchone()
cursor.close()
return resp(data=data, count=l[0])
def update_pwd(request):
"""修改密码"""
if request.method == 'POST':
token = request.META.get('HTTP_AUTHENTICATION')
obj = check_token(token)
u_id = obj['id']
u = User.objects.filter(id=u_id).first()
old_pwd = request.POST.get('old_pwd')
if not u:
return resp(201, 'not user')
if u.pwd != old_pwd:
return resp(202, 'pwd error')
new_pwd = request.POST.get('new_pwd')
u.pwd = new_pwd
u.save()
return resp()
def update_four_src(request):
"""编辑账号资源"""
if request.method == "POST":
f_id = request.POST.get('id')
name = request.POST.get('name')
url = request.POST.get('url')
code = request.POST.get('code')
desc = request.POST.get('desc')
username = request.POST.get('username')
pwd = request.POST.get('pwd')
code_script = request.POST.get('code_script')
cookie_time = int(request.POST.get('cookie_time'))
cookie = demjson.decode(request.POST.get('cookie'))
success_url = request.POST.get('success_url')
error_field = request.POST.get('error_field')
f = FourSrc.objects.filter(id=f_id).first()
f.name = name
f.code = code
f.url = url
f.desc = desc
f.username = username
f.pwd = pwd
f.code_script = code_script
f.cookie_time = cookie_time
f.cookie = cookie
f.success_url = success_url
f.error_field = error_field
f.save()
return resp(data=f.to_detail_dict())
def update_one_src(request):
if request.method == 'POST':
o_id = request.POST.get('id')
name = request.POST.get('name')
desc = request.POST.get('desc')
pos = request.POST.get('pos')
groups = json.loads(request.POST.get('groups')) # 数组
o = OneSrc.objects.filter(id=o_id).first()
o.name = name
o.desc = desc
o.pos = pos
o.save()
# 获取之前
o_groups = [i.group_id for i in o.og.all()]
# 删除的集合
del_set = set(o_groups) - set(groups)
# 新增的集合
add_set = set(groups) - set(o_groups)
# 修改分组
# 删除
if del_set:
OneSrcGroup.objects.filter(group_id__in=del_set).delete()
# 新增
if add_set:
OneSrcGroup.objects.bulk_create(
[OneSrcGroup(group_id=i, one_src_id=o.id) for i in add_set])
return resp()
def get_to_name_info(request):
"""根据分组名查询分组"""
if request.method == 'GET':
name = request.GET.get('name')
g_all = Group.objects.all()
if name:
g_all = Group.objects.filter(name__contains=name)
return resp(data=[i.to_name_dict() for i in g_all])
def forget_email_pwd(request):
"""根据注册的邮箱找回密码"""
if request.method == 'POST':
email = request.POST.get('email')
u = User.objects.filter(email=email).first()
if not u:
return resp(201, '用户不存在')
# 获取唯一验证的字符串,过期时间、用户id,创建时间
sequence = img_code_overdue_create(id=u.id,
_time=time.time(),
ex=30 * 60)
if not u.email:
return resp(401, '用户未填写邮箱')
flag = send_mail(u.email, sequence)
if not flag:
return resp(402, '发送失败')
return resp()
def update_forget_email_pwd(request):
if request.method == 'POST':
# 获取唯一的标识字符串
sequence = request.POST.get('sequence')
pwd = request.POST.get('pwd')
# 解析字符串
try:
obj = img_code_overdue_decode(sequence)
except:
obj = ''
if not obj:
return resp(401, '失效')
u_id = obj['id']
u = User.objects.filter(id=u_id).first()
u.pwd = pwd
u.save()
return resp()
