def get(self):
"""/blog资源,参数是
1.num|limit(int, str), 限制列出数据数量,另外可设置为all,列出所有blog, 全局参数。
2.sort(str), 数据排序, 全局参数。
3.blogId(int), 查询某一个id的文章, 独立参数。
4.get_catalog_list(bool), 列出博客所有目录,独立参数。
5.get_sources_list(bool), 列出博客所有类型,独立参数。
6.get_catalog_data(str), 查询博客某目录下的num个文章。
7.get_sources_data(str), 查询博客某类型下的num个文章。
8.get_index_only(bool),仅仅查询所有博客标题、ID、创建时间。
9.get_user_blog(str),查询某用户的所有博客。
"""
num = request.args.get('num', request.args.get('limit', 10))
LIMIT = '' if num in ("all", "All") else "LIMIT " + str(num)
sort = request.args.get('sort', 'desc')
blogId = request.args.get('blogId')
get_catalog_list = True if request.args.get("get_catalog_list") in ("true", "True", True) else False
get_sources_list = True if request.args.get("get_sources_list") in ("true", "True", True) else False
get_catalog_data = request.args.get("get_catalog_data")
get_sources_data = request.args.get("get_sources_data")
get_index_only = True if request.args.get("get_index_only") in ("true", "True", True) else False
get_user_blog = request.args.get("get_user_blog")
res = {"url": request.url, "msg": None, "data": None, "code": 0}
logger.debug({"num": num, "blogId": blogId, "get_catalog_list": get_catalog_list, "get_sources_list": get_sources_list, "get_catalog_data": get_catalog_data, "get_sources_data": get_sources_data})
if get_sources_data:
if get_sources_data.lower()[:3] == "ori":
get_sources_data = '原创'
elif get_sources_data.lower()[:3] == "rep":
get_sources_data = '转载'
elif get_sources_data.lower()[:3] == "tra":
get_sources_data = '翻译'
#Original reproduced translation
if get_index_only:
sql = "SELECT id,title,create_time,update_time FROM team.blog ORDER BY id %s %s" %(sort, LIMIT)
logger.info("SELECT title only SQL: %s" %sql)
try:
data = mysql2().query(sql)
except Exception,e:
logger.error(e, exc_info=True)
res.update(data=[], msg="Only title query fail", code=7)
else:
res.update(data=data)
logger.info(res)
return res
def post(self):
"""create token, with post data:
1. username,
2. password,
return token
"""
code = 1030
res = {"url": request.url, "msg": None, 'code': code}
_Pd = postData(request, res)
logger.debug({"Token:tool:postData": _Pd})
try:
username, password, email, res = _Pd.get("data")[0], _Pd.get(
"data")[1], _Pd.get("data")[2], _Pd.get("res")
except (AttributeError, IndexError), e:
res.update({'msg': "Server Error", "code": 500})
logger.error(res)
logger.error(e)
return res
def post(self):
"""login and registry, with url args:
1. action=log/reg, default is log;
post data:
1. username,
2. password,
3. email,可选, 不用做系统登录, 如果有则会做正则检测不符合格式则弹回请求.
"""
res = {"url": request.url, "msg": None, "data": None}
_Pd = postData(request, res)
logger.debug({"Token:tool:postData": _Pd})
try:
username, password, email, res = _Pd.get("data")[0], _Pd.get(
"data")[1], _Pd.get("data")[2], _Pd.get("res")
except (AttributeError, IndexError), e:
res.update({'msg': "Server Error", "code": 500})
logger.error(res)
logger.error(e)
return res
def get(self):
"""Public func, no token, with url args:
1. num, 展现的数量,默认是10条,可为all
2. username|email, 用户名或邮箱,数据库主键,唯一。
3. token, if true, display token info.
返回数据样例,{'msg':'success or error(errmsg)', 'code':'http code', 'data':data}
"""
res = {"code": 200, "msg": None, "data": None}
username = request.args.get("username")
sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.OAuth b ON a.username = b.oauth_username WHERE a.username=%s"
if username:
data = mysql2().get(sql, username)
if not data:
sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.LAuth b ON a.username = b.lauth_username WHERE a.username=%s"
data = mysql2().get(sql, username)
logger.info(username)
logger.info(sql)
logger.debug(data)
res.update(data=data)
return res
def index():
pids = mysql.get("SELECT * FROM project")
logger.debug(pids)
return render_template('index.html', title='SaintIC Projects Information', time=time.strftime("%Y-%m-%d"), pids=pids, pidnums=len(pids), version=__version__)
def delete(self):
"""delete user, with url args:
1. token, must match username,
2. username, must match token,
And, operator must have administrator rights.
"""
#from pub.config.BLOG import AdminGroup
AdminGroup = config.BLOG.get('AdminGroup')
res = {"url": request.url, "msg": None, "data": None, "code": 200}
token = request.args.get('token', None)
username = request.args.get('username', None)
if not token:
res.update({
'msg': 'No token',
"code": 1020
}) #code:1020, 请求参数无token
logger.warn(res)
return res
if not username:
res.update({
'msg': 'No username',
"code": 1021
}) #code:1021, 请求参数无username
logger.warn(res)
return res
if not username in AdminGroup:
res.update({
'msg': 'The user does not have permission!',
"code": 1022
}) #code:1022, 请求的username不在配置文件的AdminGroup组,没有删除权限
logger.error(res)
return res
ReqData = dbUser(username, token=True)
logger.debug({"User:delete:ReqData": ReqData})
if ReqData:
_DBtoken = ReqData.get('token')
_DBuser = ReqData.get('username')
if _DBtoken != token:
res.update({
'msg': 'token miss match!',
'code': 1023
}) #code:1023, 请求的token参数与数据库token值不匹配
logger.error(res)
return res
sql = "DELETE FROM user WHERE username='******'" % username
logger.info({"User:delete:SQL": sql})
try:
if hasattr(mysql, 'delete'):
mysql.delete(sql)
else:
mysql.execute(sql)
except Exception, e:
res.update({
'code': 1024,
'msg': 'Delete user failed'
}) #code:1024, delete user from mysql, it's error
logger.error(res)
return res
else:
res.update({
'code': 0,
'msg': 'Delete success',
'data': {
'delete username': username
}
}) #token match username, deleter ok
class User(Resource):
"""User resource, url is /user, /user/.
1. #get: Get user
2. #post: Create user, registry and login
3. #put: Update user profile
4. #delete: Delete user
"""
def get(self):
"""Public func, no token, with url args:
1. num, 展现的数量,默认是10条,可为all
2. username|email, 用户名或邮箱,数据库主键,唯一。
3. token, if true, display token info.
返回数据样例,{'msg':'success or error(errmsg)', 'code':'http code', 'data':data}
"""
res = {"code": 200, "msg": None, "data": None}
username = request.args.get("username")
sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.OAuth b ON a.username = b.oauth_username WHERE a.username=%s"
if username:
data = mysql2().get(sql, username)
if not data:
sql = "SELECT a.username, a.email, a.cname, a.avatar, a.motto, a.url, a.time, a.weibo, a.github, a.gender, a.extra FROM passport.User a INNER JOIN passport.LAuth b ON a.username = b.lauth_username WHERE a.username=%s"
data = mysql2().get(sql, username)
logger.info(username)
logger.info(sql)
logger.debug(data)
res.update(data=data)
return res
def post(self):
"""login and registry, with url args:
1. action=log/reg, default is log;
post data:
1. username,
2. password,
3. email,可选, 不用做系统登录, 如果有则会做正则检测不符合格式则弹回请求.
"""
res = {"url": request.url, "msg": None, "data": None}
_Pd = postData(request, res)
logger.debug({"Token:tool:postData": _Pd})
try:
username, password, email, res = _Pd.get("data")[0], _Pd.get(
"data")[1], _Pd.get("data")[2], _Pd.get("res")
except (AttributeError, IndexError), e:
res.update({'msg': "Server Error", "code": 500})
logger.error(res)
logger.error(e)
return res
if not username or not password:
logger.debug({
"User:post:request.json(user, pass)": (username, password),
"res":
res.update({
'msg': 'Invaild username or password',
'code': 1016
})
}) #code:1016, 请求的username或password为空。
return res
else:
res.update({'data': {'username': username, 'email': email}})
#define username and password length(can be from config.py)
if len(username) < 5 or len(password) < 5:
res.update({
'msg': 'username or password length of at least 5',
'code': 1010
}) #code:1010, username/password length < 5
logger.warn(res)
return res
if chinese_check.search(unicode(
username)): #reload(sys), and set defaultencoding('utf8')
res.update({
'msg': 'username contains Chinese, not allowed!',
'code': 1019
}) #code:1019,请求的username含有中文
logger.error(res)
return res
if email and mail_check.match(email) == None:
logger.debug(
{
"User:post:request.json": email,
"res": res.update({
'msg': "email format error",
'code': 1017
})
}
) #when email has set, otherwise, pass `if...abort`. The code:1017, email format error in request.json.
return res
#Start Action with (log, reg)
_MD5pass = md5(password)
action = request.args.get("action") #log or reg (登录or注册)
ReqData = dbUser(username, password=True, uid=True)
#ReqData is True(user is exists), it's dict, eg:{'username': u'xxxxx', 'password': u'xxxxxxxxxx'}
logger.debug({"request.action": action, 'ReqData': ReqData})
if action == 'log':
#When `ReqData` is True, has user, it's right, continue login
if not ReqData:
res.update({
'msg': 'User not exists',
'code': 1018
}) #code:1018, 登录请求时,请求中的username在数据库中获取不到信息(没有此用户)。
logger.warn(res)
return res
try:
_DBuser = ReqData.get('username')
_DBpass = ReqData.get('password')
res['data']['uid'] = ReqData.get('id')
except AttributeError, e:
logger.error(e)
res.update({
'msg': 'User not exists',
'code': 1018
}) #code:1018, 登录请求时,请求中的username在数据库中获取不到信息(没有此用户)。
logger.warn(res)
return res
else:
logger.debug({
'ReqUser': username,
'ReqPassMD5': _MD5pass,
'DBuser': _DBuser,
'DBpass': _DBpass
})
if _MD5pass == _DBpass:
res.update({
'msg': 'Password authentication success at sign in',
'code': 0
}) #code:0, it's successful
else:
res.update({
'msg': 'Password authentication failed at sign in',
'code': 1011
}) #code:1011, request pass != mysql pass
logger.info(res)
return res