def kf_group_interfaces_manage_ban_profile(group_id, kick_id, profile_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) selectResult = model.member.select().where( (model.member.group == group_id) & (model.member.user == kick_id) & (model.member.is_disabled == False) ) if not selectResult: raise Exceptions.InvalidRequestData() selectResult = selectResult.get() profile = model.profile.select().where( (model.profile.uuid == profile_id) & (model.profile.createby == user_uuid) ) if not profile: raise Exceptions.InvalidRequestData() ban = model.banner( user=kick_id, profile=profile.get().profile_id, create_time=datetime.datetime.now(), group=group_id, until=datetime.datetime.fromtimestamp( time.time() + float(int(data.get("after")))) ) ban.save() return Response(status=204)
def kf_group_interfaces_report_join(group_id): if not request.is_json: raise Exceptions.InvalidToken() data = request.json token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid if not model.group.select().where(model.group.uuid == group_id): raise Exceptions.InvalidToken() group = G.get_group(group_id) if group.joinway not in ["public_join", "public_join_review"]: raise Exceptions.InvalidToken() if model.member.select().where( (model.member.is_disabled == False) & (model.member.user == user_uuid) & (model.member.group == group.id) ): raise Exceptions.InvalidToken() if group.joinway == "public_join": new = model.member(user=user_uuid, group=group_id, permission="common_user") new.save() return Response(json.dumps(model.kf_format_group_public(group)), mimetype='application/json; charset=utf-8') if group.joinway == "public_join_review": review = model.review(user=user_uuid, group=group.id) review.save() return Response(json.dumps({ "reviewId": review.id }), mimetype='application/json; charset=utf-8') if group.joinway == 'private': raise Exceptions.InvalidToken()
def kf_group_interfaces_manager_checkjoin_length(group_id, extra=None): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) if not extra: length = model.review.select().where( (model.review.group == group_id) ).count() else: if extra not in ["non-enabled", "enabled", "accessed", "non-accessed"]: raise Exceptions.InvalidRequestData() length = model.review.select().where( (model.review.group == group_id) & { "non-enabled": (model.review.isEnable == False), "enabled": (model.review.isEnable == True), "accessed": (model.review.isAccessed == True), "non-accessed": (model.review.isAccessed == False) }[extra] ).count() return Response(json.dumps({ "length": length }), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_create(): if request.is_json: data = request.json name = data.get("name") joinway = data.get("joinway", "public_join") if joinway not in ["public_join", "public_join_review", "private"]: raise Exceptions.InvalidToken() if not re.match(r"[a-zA-Z0-9\u4E00-\u9FA5_-]{4,16}$", name): raise Exceptions.InvalidToken() if model.group.select().where(model.group.name == name): raise Exceptions.InvalidToken() accessToken = data.get("accessToken") clientToken = data.get("clientToken") if not accessToken: raise Exceptions.InvalidToken() if Token.is_validate_strict(accessToken, clientToken): raise Exceptions.InvalidToken() token = Token.gettoken_strict(accessToken, clientToken) user_uuid = model.getuser_uuid(token.get("user")).uuid new_group = model.group(name=name, creater=user_uuid, manager=user_uuid, create_date=datetime.datetime.now(), joinway=joinway) new_group.save() new_manager = model.member( user=user_uuid, group=new_group.id, permission="super_manager") return Response(json.dumps({ "groupId": new_group.uuid, "timestamp": new_group.create_date.timestamp() }), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_checkban(group_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) try: page = int(data.get("range", 1)) except ValueError: return Response(json.dumps({ 'error': "ForbiddenOperationException", 'errorMessage': "Invalid request args." }), status=403, mimetype='application/json; charset=utf-8') return Response(json.dumps([ (lambda x: { "create": x.create_time.timestamp(), "until": x.until.timestamp(), "length": x.until.timestamp() - x.create_time.timestamp(), ["user", "profile"][bool(x.profile)]: [x.profile, x.user][bool(x.profile)], "uuid": x.user })(i) for i in model.banner.select().where(model.banner.group == group_id)[15*(page - 1):15 * page] ]), mimetype='application/json; charset=utf-8')
def kf_message_alreadyRead(): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid return Response(json.dumps([{ "title": i.title, "body": i.body } for i in model.message.select().where((model.message.to == user_uuid) & (model.message.is_read == True))]), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_list(): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid Response(json.dumps([(lambda x:{ "id": x.id, "name": x.name, "create_date": x.create_date.timestamp() })(i) for i in model.member.select().where( (model.member.is_disabled == False) & (model.member.user == user_uuid) )]), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_manager_down(group_id, user_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid G.is_super_manager(group_id, user_id) selectResult = G.isManager(group_id, user_id) selectResult.permission = "common_user" selectResult.managedown_number += 1 selectResult.save() return Response(status=204)
def kf_group_interfaces_manage_setting_change(group_id, setting_name): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid group = G.get_group(group_id) manager = G.isManager(group_id, user_uuid) if setting_name not in [ "joinway", "name", "enable_yggdrasil", "enable_invite", "enable_public_joinhistory", "enable_public_memberlist" ]: raise Exceptions.InvalidRequestData() value = data.get("change_value") if setting_name == "joinway": if value not in ["public_join", "public_join_review", "private"]: raise Exceptions.InvalidRequestData() group.joinway = value if setting_name == "name": if not re.match(r"[a-zA-Z0-9\u4E00-\u9FA5_-]{4,16}$", value): raise Exceptions.InvalidRequestData() group.name = value if setting_name == "enable_yggdrasil": if not type(value) == bool: raise Exceptions.InvalidRequestData() group.enable_yggdrasil = value if setting_name == "enable_invite": if not type(value) == bool: raise Exceptions.InvalidRequestData() group.enable_invite = value if setting_name == "enable_public_joinhistory": if not type(value) == bool: raise Exceptions.InvalidRequestData() group.enable_public_joinhistory = value if setting_name == "enable_public_memberlist": if not type(value) == bool: raise Exceptions.InvalidRequestData() group.enable_public_memberlist = value group.save() return Response(status=204)
def kf_group_interfaces_manage(group_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = model.member.select().where( (model.member.group == group_id) & (model.member.user == user_uuid) & (model.member.is_disabled == False) ) if not selectResult: raise Exceptions.InvalidToken() selectResult = selectResult.get() return Response(status=[403, 204][selectResult.permission in ['manager', 'super_manager']])
def kf_group_interfaces_manage_checkjoin_non_accessed(group_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) return Response(json.dumps([(lambda x: { "id": x.id, "user": x.user, "time": x.time.timestamp(), "enabled": x.isEnabled, })(i) for i in model.review.select().where( (model.review.group == group_id) & (model.review.isAccessed == False) )]), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_setting(group_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid group = G.get_group(group_id) selectResult = G.isManager(group_id, user_uuid) return Response(json.dumps({ "name": group.name, "joinway": group.joinway, "enable": { "yggdrasil": group.enable_yggdrasil, "invite": group.enable_invite, "public_joinhistory": group.enable_public_joinhistory, "public_memberlist": group.enable_public_memberlist } }), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_checkjoin_refuse(group_id, review_id): data = G.autodata(request) token = G.auto_verify(request) user = model.getuser_uuid(token.get("user")) user_uuid = user.uuid group = G.get_group(group_id) manager = G.isManager(group_id, user_uuid) selectResult = model.review.select().where( (model.review.id == review_id) & (model.review.group == group_id) ) if not selectResult: raise Exceptions.InvalidToken() selectResult = selectResult.get() if selectResult.isEnable != True: raise Exceptions.InvalidRequestData() selectResult.isEnable = False selectResult.isAccessed = False for i in model.member.select().where( (model.member.group == selectResult.group) & ((model.member.permission == "manager") | (model.member.permission == "super_manager")) & (model.member.is_disabled == True) & (model.member.user != manager.uuid) ): model.message( to=i.user, title="用户 %(user)s 面向组 %(group)s 的加组申请被拒绝" % ( [user.uuid, user.username][bool(user.username)], group.name), body="用户 %(user)s 面向组 %(group)s 的加组申请被组管理员 %(manager)s 拒绝" % ([user.uuid, user.username][bool( user.username)], group.name, [manager.uuid, manager.username][bool(manager.username)]), extra=json.dumps({ "user": user_uuid, "group": group.id, "manager": manager.uuid }) ) return Response(status=204)
def kf_group_interfaces_manage_kick(group_id, kick_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) selectResult = model.member.select().where( (model.member.group == group_id) & (model.member.user == kick_id) & (model.member.is_disabled == False) ) if not selectResult: raise Exceptions.InvalidRequestData() selectResult = selectResult.get() selectResult.is_disabled = True selectResult.move_times += 1 selectResult.be_kicked_times_total += 1 selectResult.save() return Response(status=204)
def kf_group_interfaces_manage_checkjoin_info(group_id, review_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) selectResult = model.review.select().where( (model.review.id == review_id) & (model.review.group == group_id) ) if not selectResult: raise Exceptions.InvalidToken() selectResult = selectResult.get() return Response(json.dumps({ "id": selectResult.id, "user": selectResult.user, "time": selectResult.time.timestamp(), "enabled": selectResult.isEnabled, "accessed": selectResult.isAccessed }), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_manage_checkban_user(group_id, user_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid selectResult = G.isManager(group_id, user_uuid) if model.member.select().where( (model.member.group == group_id) & (model.member.user == user_id) & (model.member.is_disabled == False) ): raise Exceptions.InvalidToken() return Response(json.dumps([ (lambda x: { "create": x.create_time.timestamp(), "until": x.until.timestamp(), "length": x.until.timestamp() - x.create_time.timestamp(), [b"user", "profile"][bool(x.profile)]: [b"INSTEAD", x.profile][not bool(x.profile)], "uuid": x.user })(i) for i in model.banner.select().where((model.banner.group == group_id) & (model.banner.user == user_id)) ], skipkeys=True), mimetype='application/json; charset=utf-8')
def kf_group_interfaces_signout(group_id): data = G.autodata(request) token = G.auto_verify(request) user_uuid = model.getuser_uuid(token.get("user")).uuid if not model.group.select().where(model.group.uuid == group_id): raise Exceptions.InvalidToken() group: model.group = G.get_group(group_id) known = G.get_member(group_id, user_uuid) if known.permission == "super_manager": if not data.get("force"): raise Exceptions.InvalidToken() else: manager_result = model.member.select().where( (model.member.is_disabled == False) & (model.member.permission == "manager") & (model.member.group == group_id) ) if manager_result: # 有其他管理员可以被任命为组管理员 # 随!机!选!择! manager_selected = manager_result[random.randint( 0, len(manager_result) - 1)] manager_result.permission = "super_manager" manager_result.save() model.message( to=manager_result.user, title='您已成为组 "%(groupname)s" 的组管理员' % (group.name), body='因该组的原组管理员的退出, 您已成为该组的组管理员.', extra=json.dumps({ "type": "group" }) ) else: # 通知一波然后删掉, 解散的组不需要 now_member = model.member.select().where( (model.member.is_disabled == False) & (model.member.group == group_id) & (model.member.user != user_uuid) ) for i in now_member: model.message( to=i.user, title='您已被清理出组 "%(groupname)s"' % (group.name), body="因该组的原组管理员的退出, 您已被清理出该组." ).save() model.member.delete().where(model.member.group == group_id).execute() else: known.is_disabled = True known.move_times += 1 known.save() manager_result = model.member.select().where( (model.member.is_disabled == False) & ((model.member.permission == "manager") | (model.member.permission == "super_manager")) & (model.member.group == group_id) ) for i in manager_result: model.message( to=i.user, title='%(user)s 退出组 "%(groupname)s"' % ( model.getuser_uuid(user_uuid).username, group.name), body="因该成员的主动申请, 该成员已退出该组." ).save() return Response(status=204)
def getuser_byaccessToken(self, accessToken): result = self.CacheObject.get(self._format(accessToken)) if not result: return False return model.getuser_uuid(result)
def group_refresh(group_id): group.get_group(group_id) if request.is_json: data = request.json Can = False AccessToken = data.get('accessToken') ClientToken = data.get("clientToken", str(uuid.uuid4()).replace("-", "")) IReturn = {} if 'clientToken' in data: OldToken = Token.gettoken_strict(AccessToken, data.get("clientToken")) else: OldToken = Token.gettoken_strict(AccessToken) if not OldToken: raise Exceptions.InvalidToken() group.token_is_group(OldToken, group_id) if int(time.time()) >= OldToken.get("createTime") + ( config.TokenTime.RefrushTime * config.TokenTime.TimeRange): model.log_yggdrasil(operational="authserver.refrush", user=OldToken.get("user"), otherargs=json.dumps( {"clientToken": data.get("clientToken")}), IP=request.remote_addr, time=datetime.datetime.now(), successful=False).save() raise Exceptions.InvalidToken() User = model.getuser_uuid(OldToken.get("user")) group.get_member(group_id, User.uuid) TokenSelected = OldToken.get("bind") if TokenSelected: TokenProfile = model.getprofile_uuid(TokenSelected).get() else: TokenProfile = {} if 'selectedProfile' in data: PostProfile = data['selectedProfile'] needuser = model.getprofile_id_name(PostProfile['id'], PostProfile['name']) if not needuser: # 验证客户端提供的角色信息 raise Exceptions.IllegalArgumentException() # 角色不存在. else: needuser = needuser.get() # 验证完毕,有该角色. if OldToken.get('bind'): # 如果令牌本来就绑定了角色 model.log_yggdrasil(operational="authserver.refrush", user=User.uuid, otherargs=json.dumps({ "clientToken": data.get("clientToken") }), IP=request.remote_addr, time=datetime.datetime.now(), successful=False).save() error = { 'error': 'IllegalArgumentException', 'errorMessage': "Access token already has a profile assigned." } return Response(json.dumps(error), status=400, mimetype='application/json; charset=utf-8') if needuser.createby != OldToken.get("user"): # 如果角色不属于用户 model.log_yggdrasil(operational="authserver.refrush", user=User.uuid, otherargs=json.dumps({ "clientToken": data.get("clientToken") }), IP=request.remote_addr, time=datetime.datetime.now(), successful=False).save() error = { 'error': "ForbiddenOperationException", 'errorMessage': "Attempting to bind a token to a role that does not belong to its corresponding user." } return Response(json.dumps(error), status=403, mimetype='application/json; charset=utf-8') TokenSelected = model.findprofilebyid(PostProfile['id']).uuid IReturn['selectedProfile'] = model.format_profile( model.findprofilebyid(PostProfile['id']), unsigned=True) Can = True NewAccessToken = str(uuid.uuid4()).replace('-', '') cache_token.set(NewAccessToken, { "clientToken": OldToken.get('clientToken'), "bind": TokenSelected, "user": OldToken.get("user"), "group": group_id, "createTime": int(time.time()) }, ttl=config.TokenTime.RefrushTime * config.TokenTime.TimeRange) cache_token.delete(AccessToken) IReturn['accessToken'] = NewAccessToken IReturn['clientToken'] = OldToken.get('clientToken') if TokenProfile and not Can: IReturn['selectedProfile'] = model.format_profile(TokenProfile, unsigned=True) if 'requestUser' in data: if data['requestUser']: IReturn['user'] = model.format_user(User) User.last_login = datetime.datetime.now() model.log_yggdrasil(operational="authserver.refrush", user=User.uuid, otherargs=json.dumps( {"clientToken": data.get("clientToken")}), IP=request.remote_addr, time=datetime.datetime.now()).save() return Response(json.dumps(IReturn), mimetype='application/json; charset=utf-8')