def topics(request, author_id):
#127.0.0.1:8000/v1/topics/<author_id>?category=[tec|no-tec]
if request.method == 'GET':
#獲取用戶博客數據
#前端地址 -> http:127.0.0.1:5000/<username>/topics
#author_id 被訪問的博客的博主用戶名
#visitor 訪客 1.登入 2.遊客
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 308, 'error': 'no author'}
return JsonResponse(result)
#取出結果中的博主
author = authors[0]
#visitor?
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
t_id = request.GET.get('t_id')
#獲取 t_id
if t_id:
#當前是否為博主訪問自己的博客
is_self = False
#根據t_id進行查詢
t_id = int(t_id)
if author_id == visitor_name:
is_self = True
#博主訪問自己
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 312, 'error': 'no topic'}
return JsonResponse(result)
#拼前端返回值
else:
#訪客訪問博主的博客
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
result = {'code': 313, 'error': 'no topic'}
return JsonResponse(result)
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
#127.0.0.1:8000/v1/topics/<author_id>?category=[tec|no-tec]
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
#v1/topics/<author_id>?category=[tec|no-tec]
if author_id == visitor_name:
#博主訪問自己的博客
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
#訪客來了
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit='public')
else:
#v1/topics/<author_id>
if author_id == visitor_name:
#博主訪問自己的博客 獲取全部數據
topics = Topic.objects.filter(author_id=author_id)
else:
#訪客,非博主本人
topics = Topic.objects.filter(author_id=author_id,
limit='public')
result = make_topics_res(author, topics)
return JsonResponse(result)
#v1/topics
elif request.method == "POST":
json_str = request.body.decode()
if not json_str:
result = {'code': 301, 'error': 'Please give me json'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
#xss注入
import html
title = html.escape(title)
if not title:
result = {'code': 302, 'error': 'Please give me title'}
return JsonResponse(result)
content = json_obj.get('content')
if not content:
result = {'code': 303, 'error': 'Please give me content'}
return JsonResponse(result)
content_text = json_obj.get('content_text')
if not content_text:
result = {'code': 304, 'error': 'Please give me content_text'}
return JsonResponse(result)
introduce = content_text[:30]
limit = json_obj.get('limit')
if limit not in ['public', 'private']:
result = {'code': 305, 'error': 'Please give me limit'}
return JsonResponse(result)
category = json_obj.get('category')
#TODO 檢查 sam to 'limit'
#創建數據
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author=request.user)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'DELETE':
#博主删除自己的文章
#/v1/topics/<author_id>
# token存储的用户
author = request.user
token_author_id = author.username
#url中传过来的author_id 必须与token中的用户名相等
if author_id != token_author_id:
result = {'code': 309, 'error': 'You can not do it '}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 310, 'error': 'You can not do it !'}
return JsonResponse(result)
#删除
if topic.author.username != author_id:
result = {'code': 311, 'error': 'You can not do it !! '}
return JsonResponse(result)
topic.delete()
res = {'code': 200}
return JsonResponse(res)
def topics(request, author_id):
# 127.0.0.1:8000/v1/topics/<author_id>?category=[tec|no-tec]
if request.method == 'GET':
# 获取用户博客数据
# 前端地址 -> http://127.0.0.1:5000/<username>/topics
# author_id 被访问的博客的博主用户名
# visitor 访客 【1,登陆了 2,游客(未登录)】
# author 博主 当前被访问博客的博主
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 308, 'error': 'no author'}
return JsonResponse(result)
# 取出结果中的博主
author = authors[0]
# visitor ?
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
t_id = request.GET.get('t_id')
# 获取 t_id
if t_id:
# 当前是否为 博主访问自己的博客
is_self = False
# 根据t_id进行查询
t_id = int(t_id)
if author_id == visitor_name:
is_self = True
# 博主访问自己的博客
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 312, 'error': 'no topic'}
return JsonResponse(result)
else:
# 访客访问博主的博客
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
result = {'code': 313, 'error': 'no topic !'}
return JsonResponse(result)
# 拼前端返回值
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
# 127.0.0.1:8000/v1/topics/<author_id>?category=[tec|no-tec]
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
# /v1/topics/<author_id>?category=[tec|no-tec]
if author_id == visitor_name:
# 博主访问自己的博客
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
# 访客来了
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit='public')
else:
# /v1/topics/<author_id> 用户全量数据
if author_id == visitor_name:
# 博主访问自己的博客 获取全部博客数据
topics = Topic.objects.filter(author_id=author_id)
else:
# 访客来了, 非博主本人 只获取public数据
topics = Topic.objects.filter(author_id=author_id,
limit='public')
# 返回
res = make_topics_res(author, topics)
return JsonResponse(res)
elif request.method == 'POST':
# 创建用户博客数据
json_str = request.body
if not json_str:
result = {'code': 301, 'error': 'Please give me json'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
# xss注入
import html
# 进行转义
title = html.escape(title)
if not title:
result = {'code': 302, 'error': 'Please give me title'}
return JsonResponse(result)
content = json_obj.get('content')
if not content:
result = {'code': 303, 'error': 'Please give me content'}
return JsonResponse(result)
# 获取纯文本内容 - 用于切割文章简介
content_text = json_obj.get('content_text')
if not content_text:
result = {'code': 304, 'error': 'Please give me content_text'}
return JsonResponse(result)
# 切割简介
introduce = content_text[:30]
limit = json_obj.get('limit')
if limit not in ['public', 'private']:
result = {'code': 305, 'error': 'Your limit is wrong'}
return JsonResponse(result)
category = json_obj.get('category')
# Todo 检查 same to 'limit'
# 创建数据
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author=request.user)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'DELETE':
# 博主删除自己的文章
# /v1/topics/<author_id>
# token存储的用户
author = request.user
token_author_id = author.username
# url中传过来的author_id 必须与token中的用户名相等
if author_id != token_author_id:
result = {'code': 309, 'error': 'You can not do it '}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 310, 'error': 'You can not do it !'}
return JsonResponse(result)
# 删除
if topic.author.username != author_id:
result = {'code': 311, 'error': 'You can not do it !! '}
return JsonResponse(result)
topic.delete()
res = {'code': 200}
return JsonResponse(res)
return JsonResponse({'code': 200, 'error': 'this is test'})
def topic_view(request, author_id):
if request.method == "POST":
json_str = request.body
if not json_str:
result = {'code': 302, 'error': 'Please give me data !!'}
return JsonResponse(result)
data = json.loads(json_str.decode())
title = data.get('title')
# 博 客 内 容 带 HTML 格式
content = data.get('content')
# 截取的30个字符字符
content_text = data.get('content_text')
limit = data.get('limit')
category = data.get('category')
if not title:
result = {'code': 303, 'error': 'Please give me title !!'}
return JsonResponse(result)
####csrf
####xss cross site script 防止xss攻击
####sql注入
title = html.escape(title)
if not content:
result = {'code': 304, 'error': 'Please give me content !!'}
return JsonResponse(result)
if not content_text:
result = {'code': 305, 'error': 'Please give me content_text !!'}
return JsonResponse(result)
if not limit:
result = {'code': 306, 'error': 'Please give me limit!!'}
return JsonResponse(result)
if not category:
result = {'code': 307, 'error': 'Please give me category !!'}
return JsonResponse(result)
introduce = content_text[:30]
if request.user.username != author_id:
result = {'code': 308, 'error': 'Can not touch me !!'}
return JsonResponse(result)
try:
models.Topic.objects.create(title=title,
limit=limit,
content=content,
introduce=introduce,
category=category,
author_id=author_id)
except Exception as e:
print(e)
result = {'code': 309, 'error': 'Databases is connected error !!'}
return JsonResponse(result)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == "GET":
# vistor 访问者
# author 作者
# 查找作者
authors = models.u_model.UserProfile.objects.filter(username=author_id)
if not authors:
request = {'code': 310, 'error': 'The author is not existed'}
return JsonResponse(request)
author = authors[0]
# 查找访问者
vistor = get_user_by_request(request)
vistor_username = None
if vistor:
vistor_username = vistor.username
# 获取t_id
t_id = request.GET.get('t_id')
if t_id:
t_id = int(t_id)
##查询指定文章
is_self = False
if vistor_username != author.username: #author.username
author_topics = models.Topic.objects.filter(id=t_id,
limit='public')
author_topic = author_topics[0]
if not author_topic:
request = {
'code': 312,
'error': 'The topic is not existed'
}
return JsonResponse(request)
else:
is_self = True
author_topics = models.Topic.objects.filter(id=t_id)
author_topic = author_topics[0]
if not author_topic:
result = {'code': 311, 'error': 'No Topic !!'}
return JsonResponse(result)
result = make_topic_res1(author, author_topic, is_self)
# print(result)
return JsonResponse(result)
##查询全部文章
else:
# 判断是否有查询字符串[category]
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
if vistor_username == author.username:
author_topics = models.Topic.objects.filter(
author_id=author.username, category=category)
else:
author_topics = models.Topic.objects.filter(
author_id=author.username,
limit='public',
category=category)
else:
if vistor_username == author.username:
author_topics = models.Topic.objects.filter(
author_id=author.username)
else:
author_topics = models.Topic.objects.filter(
author_id=author.username, limit='public')
res = make_topics_res(author, author_topics)
return JsonResponse(res)
elif request.method == 'DELETE':
users = get_user_by_request(request)
if not users:
result = {'code': 311, 'error': '未登录'}
return JsonResponse(result)
if users.username != author_id:
result = {'code': 312, 'error': 'URL 中欲删除的用户和登陆用户不一致'}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
if not topic_id:
result = {'code': 313, 'error': 'Please give me the id'}
return JsonResponse(result)
author_topic = models.Topic.objects.filter(id=topic_id)
if not author_topic:
result = {'code': 314, 'error': '想删除的 topic 不存在'}
return JsonResponse(result)
author_topic.delete()
result = {'code': 200}
return JsonResponse(result)
def topics(request, author_id):
#http://127.0.0.1:5000/<username>/topic/release
if request.method == 'POST':
#发布博客
json_str = request.body
if not json_str:
result = {'code': 302, 'error': 'Please POST data!!!'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
#带html标签样式的文章内容 [颜色...]
content = json_obj.get('content')
#纯文本的文章内容 用于截取简介
content_text = json_obj.get('content_text')
limit = json_obj.get('limit')
category = json_obj.get('category')
if not title:
result = {'code': 303, 'error': 'Please give me title!!!'}
return JsonResponse(result)
#防止xss cross site script攻击
title = html.escape(title)
if not content:
result = {'code': 304, 'error': 'Please give me content!!!'}
return JsonResponse(result)
if not content_text:
result = {'code': 305, 'error': 'Please give me content_text!!!'}
return JsonResponse(result)
if not limit:
result = {'code': 306, 'error': 'Please give me limit!!!'}
return JsonResponse(result)
if not category:
result = {'code': 307, 'error': 'Please give me category!!!'}
return JsonResponse(result)
introduce = content_text[:30]
if request.user.username != author_id:
result = {'code': 308, 'error': 'Can not touch me!!!'}
return JsonResponse(result)
#创建数据
try:
Topic.objects.create(title=title,
limit=limit,
content=content,
category=category,
introduce=introduce,
author_id=author_id)
except Exception as e:
print(e)
result = {'code': 309, 'error': 'Topic is busy!!!'}
return JsonResponse(result)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'GET':
#获取author_id的文章
#后端地址/v1/topics/<username>?category[tec/notec]
#前端地址http://127.0.0.1:5000/<username>/topics
#1,访问者 visitor
#2,博主/作者 author
#查找我们的大博主
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 310, 'error': 'The user is not existed!!'}
return JsonResponse(result)
author = authors[0]
# print(author)
# print(author.username)
#查询我们的访问者
visitor = get_user_by_request(request)
# print(visitor)
# print(visitor.username)
visitor_username = None
if visitor:
visitor_username = visitor.username
#判断查询字符串是否有t_id
t_id = request.GET.get('t_id')
print(type(t_id))
print(t_id)
if t_id:
#查询用户的指定文章数据
t_id = int(t_id)
#是否为博主访问自己
is_self = False
if visitor_username == author_id:
is_self = True
# 博主访问自己的博客
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 311, 'error': 'No topic!'}
return JsonResponse(result)
else:
#陌生人访问博主的博客
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except:
result = {'code': 312, 'error': 'No public topic!!'}
return JsonResponse(result)
res = make_topic_res(author, author_topic, is_self)
#http://127.0.0.1:5000/<username>/topics
return JsonResponse(res)
else:
#查询用户的全部文章
pass
#判断是否有查询字符串【category】
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
if visitor_username == author.username:
# 博主访问自己的博客
author_topics = Topic.objects.filter(author_id=author.username,
category=category)
else:
# 陌生的访问者, 访问author的博客
author_topics = Topic.objects.filter(author_id=author.username,
limit='public',
category=category)
else:
if visitor_username == author.username:
#博主访问自己的博客
author_topics = Topic.objects.filter(author_id=author.username)
else:
#陌生的访问者, 访问author的博客
author_topics = Topic.objects.filter(author_id=author.username,
limit='public')
res = make_topics_res(author, author_topics)
return JsonResponse(res)
elif request.method == 'DELETE':
#删除博客
#查询字符串中包含topic_id
topic_id = request.GET.get('topic_id')
print(topic_id)
if not topic_id:
result = {'code': 201, 'error': "未知错误!"}
return JsonResponse(result)
try:
topic_obj = Topic.objects.get(topic_id)
topic_obj.delete()
except:
print("删除失败!")
pass
def topics(request, author_id):
if request.method == "GET":
# 獲取用戶部落格數據
# http://127.0.0.1:5000/<username>/topics
# author_id 被訪問的部落客的版主用戶名
# visitor 訪客『1.登錄了 2.未登入』
# author 版主
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {"code": 308, "error": "no author"}
return JsonResponse(result)
author = authors[0]
# visitor 訪客
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
t_id = request.GET.get("t_id")
if t_id:
# 是否為自己訪問自己
is_self = False
t_id = int(t_id)
if author_id == visitor_name:
is_self = True
print(is_self)
# 版主訪問自己
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {"code": 312, "error": "no topic"}
return JsonResponse(result)
else:
try:
author_topic = Topic.objects.get(id=t_id, limit="public")
except Exception as e:
result = {"code": 313, "error": "no topic!"}
return JsonResponse(result)
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
category = request.GET.get("category")
if category in ["tec", "no-tec"]:
# /v1/topics/<author_id>?category=[tec|no-tec]
if author_id == visitor_name:
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit="public")
else:
# /v1/topics/<author_id>用戶全量數據
if author_id == visitor_name:
# 當前版主訪問自己的部落客 獲取全部數據
topics = Topic.objects.filter(author_id=author_id)
else:
# 訪客訪問部落格 指獲取public數據
topics = Topic.objects.filter(author_id=author_id,
category="tec")
res = make_topics_res(author, topics)
return JsonResponse(res)
elif request.method == "POST":
# 創建用戶部落格
json_str = request.body
if not json_str:
result = {"code": 301, "error": "Give me json"}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get("title")
# xss注入防止對方使用javasprict輸入盜取東西
import html
# 使用轉義
title = html.escape(title)
if not title:
result = {"code": 302, "error": "Give me title"}
return JsonResponse(result)
content = json_obj.get("content")
if not content:
result = {"code": 303, "error": "Give me content"}
return JsonResponse(result)
# 獲取純文本內容-用於切割文章作為簡介
content_text = json_obj.get("content_text")
if not content_text:
result = {"code": 304, "error": "Give me content_text"}
return JsonResponse(result)
# 切割簡介
introduce = content_text[:30]
limit = json_obj.get("limit")
if limit not in ["public", "private"]:
result = {"code": 305, "error": "Your limit is wrong"}
return JsonResponse(result)
category = json_obj.get("category")
if category not in ["tec", "No-tec"]:
result = {"code": 306, "error": "Your limit is category"}
return JsonResponse(result)
# 創建數據
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author=request.user)
result = {"code": 200, "username": request.user.username}
return JsonResponse(result)
elif request.method == "DELETE":
# token裡存儲的用戶
author = request.user
token_author_id = author.username
# url中傳過來的authorid 必須與token中用戶名相等
if token_author_id != author_id:
result = {"code": 309, "error": "you can not do it"}
return JsonResponse(result)
delete_id = request.GET.get("topic_id")
try:
topic = Topic.objects.get(id=delete_id)
except:
result = {"code": 310, "error": "you can not do it!"}
return JsonResponse(result)
if topic.author.username != author_id:
result = {"code": 311, "error": "you can not do it !!"}
return JsonResponse(result)
topic.delete()
res = {"code": 200}
return JsonResponse(res)
# delete_id = request.GET["topic_id"]
# authors = UserProfile.objects.filter(username=author_id)
# if not authors:
# result = {"code": 308, "error": "no author"}
# return JsonResponse(result)
# delete_target = Topic.objects.get(id=delete_id)
# delete_target.delete()
return JsonResponse({"code": 200, "error": "this is a test"})
def topics(request, author_id):
if request.method == 'GET':
# 获取用户博客数据
# http://127.0.0.1:5000/<username>/topics
# author_id被访问的博客的博主用户民
# visitor 访客[1. 登陆了 2. 游客(未登录)]
# author 博主 当前被博客的博主
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 308, 'error': 'no authhor'}
return JsonResponse(result)
# 取出结果中的博主
author = authors[0]
# visitor
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
# /v1/topics/<author_id>?category=[tec|no-tec] 用户全量数据
if author_id == visitor_name:
# 博主访问自己的博客
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
# 访客来了
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit='public')
else:
# /v1/topics/<author_id>?category=[tec|no-tec] 用户全量数据
if author_id == visitor_name:
# 博主访问自己的博客 获取全部博客数据
topics = Topic.objects.filter(author_id=author_id)
else:
# 方可访问博客,非博主本人
topics = Topic.objects.filter(author_id,
author_id,
limit='public')
# 返回
res = make_topics_res(author, topics)
return JsonResponse(res)
elif request.method == 'POST':
# 创建用户博客数据
json_str = request.body
if not json_str:
result = {'code': 301, 'error': 'Please give me json'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
# xss注入
# 进行转义
title = html.escape(title)
if not title:
result = {'code': 302, 'error': 'Please give me title'}
return JsonResponse(result)
content = json_obj.get('content')
if not content:
result = {'code': 303, 'error': 'Please give me content'}
return JsonResponse(result)
# 获取纯文本内容 - 用于切割文章简介
content_text = json_obj.get('content_text')
if not content_text:
result = {'code': 304, 'error': 'Please give me content_text'}
return JsonResponse(result)
# 切割文章简介
introduce = content_text[:30]
limit = json_obj.get('limit')
if limit not in ['public', 'private']:
result = {'code': 305, 'error': 'Your limit is wrong'}
return JsonResponse(result)
category = json_obj.get('category')
# 创建数据
Topic.objects.create(title=title,
category=category,
limit=limit,
introduce=introduce,
author=request.user)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'DELETE':
# 博主删除自己的文章
# /v1/topics/<author_id>
# token存储的用户
author = request.user
token_author_id = author.username
# url中传过来的author_id必须与token中的用户名相等
if author_id != token_author_id:
result = {'code': 309, 'error': 'You can not do it'}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 310, 'error': 'You can not do it !'}
return JsonResponse(result)
# 删除
if topic.author.username != author_id:
result = {'code': 311, 'error': 'You can not do it !!'}
return JsonResponse(result)
topic.delete()
res = {'code': 200}
return JsonResponse(res)
def topics(request, author_id):
if request.method == 'GET':
# get user's blog data
# get the author
authors = user_profile.objects.filter(username=author_id)
if not authors:
result = {'code': 308, 'error': 'do not have any author'}
return JsonResponse(result)
author = authors[0]
# get visitor
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
# get details
t_id = request.GET.get('t_id')
if t_id:
# to check if is author self
is_self = False
t_id = int(t_id)
if author_id == visitor_name:
is_self = True
try:
topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {
'code': 312,
'error': 'Sorry, the topic is not existing'
}
return JsonResponse(result)
else:
try:
topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
result = {
'code': 313,
'error': 'Sorry, the topic is not existing!'
}
return JsonResponse(result)
result = get_topic_details(author, topic, is_self)
return JsonResponse(result)
#topics page
else:
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
# /v1/topics/<author_id>?category=[tec/no-tec]
if author_id == visitor_name:
# if the visitor is author
topics = Topic.objects.filter(author=author_id,
category=category)
else:
# if the visitor is not author
topics = Topic.objects.filter(author=author_id,
limit='public',
category=category)
else:
# /v1/topics/<author_id>
if author_id == visitor_name:
# if the visitor is author
topics = Topic.objects.filter(author=author_id)
else:
# if the visitor is not author
topics = Topic.objects.filter(author=author_id,
limit='public')
result = make_topics_result(author, topics)
return JsonResponse(result)
elif request.method == 'POST':
# create new article
json_str = request.body
if not json_str:
result = {'code': 301, 'error': 'can not find any data'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
# xss transferred
title = html.escape(title)
# judge title
if not title:
result = {
'code': 302,
'error': 'Please input the title of article'
}
return JsonResponse(result)
category = json_obj.get('category')
if category not in ['tec', 'no-tec']:
result = {
'code': 303,
'error': 'Please choose the category of article'
}
return JsonResponse(result)
limit = json_obj.get('limit')
if limit not in ['public', 'private']:
result = {
'code': 304,
'error': 'Please choose the limit of article'
}
return JsonResponse(result)
content = json_obj.get('content')
if not content:
result = {
'code': 305,
'error': 'Please input the content of article'
}
return JsonResponse(result)
content_text = json_obj.get('content_text')
if not content_text:
result = {
'code': 306,
'error': 'Please input the content_text of article'
}
return JsonResponse(result)
introduce = content_text[:30]
try:
Topic.objects.create(title=title,
category=category,
limit=limit,
introduce=introduce,
content=content,
author=request.user)
except Exception as e:
result = {'code': 307, 'error': 'Sorry, server is busy'}
return JsonResponse(result)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
# delete specified topic
elif request.method == 'DELETE':
# get the user from token
author = request.user
token_author_id = author.username
# user shold same as author
if author_id != token_author_id:
result = {
'code': 309,
'error': 'Please confirm if it is your blog'
}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except Exception as e:
result = {'code': 310, 'error': 'You can not do it'}
return JsonResponse(result)
if topic.author.username != author_id:
result = {'code': 311, 'error': 'You can not do it!'}
return JsonResponse(result)
topic.delete()
return JsonResponse({'code': 200})
# other request
else:
result = {'code': 312, 'error': 'method of request is wrong'}
return JsonResponse(result)
def topics(request, author_id):
if request.method == 'POST':
# 发表博客
author = request.user
if author.username != author_id:
result = {'code': 30101, 'error': 'The author is error!'}
return JsonResponse(result)
json_str = request.body
json_obj = json.loads(json_str)
title = json_obj.get('title')
# 注意xss攻击
import html
title = html.escape(title)
category = json_obj.get('category')
if category not in ['tec', 'no-tec']:
result = {
'code': 30102,
'error': 'Thanks, your category is error~'
}
return JsonResponse(result)
limit = json_obj.get('limit')
if limit not in ['private', 'public']:
result = {'code': 30103, 'error': 'Thanks, your limit is error!!'}
return JsonResponse(result)
# 带样式的文章内容
content = json_obj.get('content')
# 纯文本的 文章内容 - 用于做文章简介的切片
content_text = json_obj.get('content_text')
introduce = content_text[:30]
# 创建topic
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author=author)
result = {'code': 200, 'username': author.username}
return JsonResponse(result)
if request.method == 'GET':
# 获取用户文章数据
# /v1/topics/tony - tony的所有文章
# /v1/topics/tony?category=tec
# /v1/topics/tony?t_id=33查看具体文章
# 1.访问当前博客的访问者 visitor
# 2.被访问的博客的博主 author
author = UserProfile.objects.filter(username=author_id)
if not author:
result = {'code': 30104, 'error': 'The author is not existed!'}
return JsonResponse(result)
author = author[0]
# 访问者
visitor = get_user_by_request(request)
visitor_username = None
if visitor:
visitor_username = visitor.username
t_id = request.GET.get('t_id')
if t_id:
# 获取指定文章的详情页
t_id = int(t_id)
# 生成标记为 True 为博主自己访问自己, False 为陌生人访问博主
is_self = False
if author_id == visitor_username:
is_self = True
try:
author_topic = Topic.objects.get(
id=t_id, author_id=visitor_username)
except Exception as e:
result = {'code': 400, 'error': 'No topic'}
return JsonResponse(result)
else:
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
result = {'code': 400, 'error': 'No topic'}
return JsonResponse(result)
# 生成具体返回值
result = make_topic_res(author, author_topic, is_self)
return JsonResponse(result)
else:
# 列表页
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
# 按种类筛选
if author_id == visitor_username:
author_topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
author_topics = Topic.objects.filter(author_id=author_id,
limit='public',
category=category)
else:
# 不分种类
if author_id == visitor_username:
# 博主访问自己的博客,作者文章全部都返回
author_topics = Topic.objects.filter(author_id=author_id)
else:
# 陌生人访问他人博客, 只返回公开权限的
author_topics = Topic.objects.filter(author_id=author_id,
limit='public')
res = make_topics_res(author, author_topics)
return JsonResponse(res)
if request.method == 'DELETE':
# 删除博客文章, 真删除
# 请求中携带查询字符串 ?topic_id=3
# 响应{'code':200}
user = request.user
if user.username != author_id:
print(user.username, author_id)
result = {'code': 30105, 'error': 'Your id is error'}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
if not topic_id:
result = {'code': 30106, 'error': 'Must be give me topic_id!'}
return JsonResponse(result)
topic_id = int(topic_id)
try:
topic = Topic.objects.get(id=topic_id, author_id=author_id)
print(topic)
topic.delete()
result = {'code': 200}
except Exception as e:
print('--topic-delete-error--')
print(e)
result = {'code': 30107, 'error': 'The topic is not exist'}
return JsonResponse(result)
def topics(request, author_id):
#http://127.0.0.1:5000/<username>/topic/release
if request.method == 'POST':
# 发布博客
json_str = request.body
if not json_str:
result = {'code': 302, 'error': 'Please give me data'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
#带html标签样式的文章内容 [颜色啊,..]
content = json_obj.get('content')
#纯文本的文章内容 用于截取简介
content_text = json_obj.get('content_text')
limit = json_obj.get('limit')
category = json_obj.get('category')
if not title:
result = {'code': 303, 'error': 'Please give me title !!'}
return JsonResponse(result)
#防止xss cross site script 攻击
title = html.escape(title)
if not content:
result = {'code': 304, 'error': 'Please give me content !!'}
return JsonResponse(result)
if not content_text:
result = {'code': 305, 'error': 'Please give me content text !!'}
return JsonResponse(result)
if not limit:
result = {'code': 306, 'error': 'Please give me limit !!'}
return JsonResponse(result)
if not category:
result = {'code': 307, 'error': 'Please give me category'}
return JsonResponse(result)
introduce = content_text[:30]
if request.user.username != author_id:
result = {'code': 308, 'error': 'Can not touch me !!'}
return JsonResponse(result)
#创建数据
try:
Topic.objects.create(title=title,
limit=limit,
content=content,
introduce=introduce,
category=category,
author_id=author_id)
except Exception as e:
print(11111111111)
print(e)
result = {'code': 309, 'error': 'Topic is busy'}
return JsonResponse(result)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'GET':
#获取author_id的文章
#后端地址: /v1/topcis/<username>?category=tec|no-tec
#前端地址: http://127.0.0.1:5000/<username>/topics
#文档地址: 第二部分
# 1, 访问者 visitor
# 2, 博主/作者 author
#查找我们的大博主
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 310, 'error': 'The user is not existed !'}
return JsonResponse(result)
author = authors[0]
#查找我们的访问者
visitor = get_user_by_request(request)
visitor_username = None
if visitor:
visitor_username = visitor.username
#获取t_id
t_id = request.GET.get('t_id')
if t_id:
#查询用户指定文章
t_id = int(t_id)
#是否为 博主访问自己的博客
is_self = False
if visitor_username == author_id:
is_self = True
#博主访问自己的博客
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 311, 'error': 'no topic'}
return JsonResponse(result)
else:
#陌生人访问博主的博客
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
result = {'code': 312, 'error': 'no topic ! '}
return JsonResponse(result)
res = make_topic_res(author, author_topic, is_self)
#http://127.0.0.1:5000/<username>/topics
return JsonResponse(res)
else:
#查询用户的全部文章
#判断是否有查询字符串[category]
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
if visitor_username == author.username:
# 博主访问自己的博客
author_topics = Topic.objects.filter(
author_id=author.username, category=category)
else:
# 陌生的访问者 访问 author 的博客
author_topics = Topic.objects.filter(
author_id=author.username,
limit='public',
category=category)
else:
if visitor_username == author.username:
#博主访问自己的博客
author_topics = Topic.objects.filter(
author_id=author.username)
else:
#陌生的访问者 访问 author 的博客
author_topics = Topic.objects.filter(
author_id=author.username, limit='public')
#生成返回值
res = make_topics_res(author, author_topics)
return JsonResponse(res)
elif request.method == 'DELETE':
#删除博客 [真删除]
#查询字符串中 包含 topic_id ->
#res返回值 {'code':200}
topic_id = request.GET.get('topic_id')
pass
def topics(request, author_id):
if request.method == 'GET':
#获取用户数据
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 308, 'error': 'no author'}
return JsonResponse(result)
#取出结果中的博主
author = authors[0]
#visitor
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
#用户全量数据
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
if author_id == visitor_name:
#博主访问自己的博客
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
#访客来了
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit='public')
else: #用户全量数据
if author_id == visitor_name:
#博主访问自己的博客 获取全部数据
topics = Topic.objects.filter(author_id=author_id)
else:
#访客来了,非博主本人 public
topics = Topic.objects.filter(author_id=author_id,
limit='public')
#返回
res = make_topics_res(author, topics)
return JsonResponse(res)
elif request.method == 'POST':
#创建用户数据
json_str = request.body
if not json_str:
result = {'code': 301, 'error': 'give json'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
#xss注入脚本
import html
#进行转义
title = html.escape(title)
if not title:
result = {'code': 302, 'error': 'g v title'}
return JsonResponse(result)
content = json_obj.get('content')
if not content:
result = {'code': 303, 'error': 'g v content'}
return JsonResponse(result)
#获取纯文本内容,用于切割文章简介
content_text = json_obj.get('content_text')
if not content_text:
result = {'code': 304, 'error': 'p g v content_text'}
return JsonResponse(result)
#切割简介
introduce = content_text[:30]
limit = json_obj.get('limit')
if limit not in ['public', 'private']:
result = {'code': 305, 'error': 'limit is wrong'}
return JsonResponse(result)
category = json_obj.get('category')
#TODO 检查 same to limit
#创建数据
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author=request.user)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'DELETE':
#博主删除自己的文章
#token存储的用户
author = request.user
token_author_id = author.username
#url中传过来的author——id 必须与token中的用户名相等
if author_id != token_author_id:
result = {'code': 309, 'error': 'u can not do it'}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 310, 'error': 'can not do it!'}
return JsonResponse(result)
#删除
if topic.author.username != author_id:
result = {'code': 311, 'error': 'u can not do it !!'}
return JsonResponse(result)
topic.delete()
res = {'code': 200}
return JsonResponse(res)
return JsonResponse({'code': 200, 'error': 'test!'})
def topics(request,author_id):
if request.method=="GET":
#http://127.0.0.1:5000/<username>/topics
#获取用户数据
authors=UserProfile.objects.filter(username=author_id)
if not authors:
result={'code':308,'error':'no author'}
return JsonResponse(result)
author=authors[0]
visitor=get_user_by_request(request)
visitor_name=None
if visitor:
visitor_name=visitor.username
t_id=request.GET.get('t_id')
if t_id:
#是否为自己访问自己
is_self=False
#根据t_id 进行查询
t_id=int(t_id)
if author_id==visitor_name:
is_self = True
try:
author_topic=Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 312, 'error': 'no topic'}
return JsonResponse(result)
else:
#访客访问
try:
author_topic = Topic.objects.get(id=t_id,limit='public')
except Exception as e:
result = {'code': 313, 'error': 'no topic !'}
return JsonResponse(result)
res=make_topic_res(author,author_topic,is_self)
return JsonResponse(res)
else:
category=request.GET.get('category')
if category in ['tec','no-tec']:
# /v1/topics/<author_id>? category=[tec|no-tec]
if author_id==visitor_name:
topics=Topic.objects.filter(author_id=author_id,categrory=category)
else:
topics=Topic.objects.filter(author_id=author_id,categrory=category,limit='public')
else:
# /v1/topics/<author_id>
if author_id==visitor_name:
#博主访问自己的博客,获取全部的数据
topics=Topic.objects.filter(author_id=author_id)
else:
#访客来了,非博主本人
topics=Topic.objects.filter(author_id=author_id,limit ='public')
result=make_topics_res(author,topics)
return JsonResponse(result)
elif request.method=="POST":
json_str = request.body
if not json_str:
result={'code':301,'error':'Please give me json'}
return JsonResponse(result)
json_obj=json.loads(json_str)
title=json_obj.get('title')
#xss注入,进行转义
import html
title=html.escape(title)
if not title:
result={'code':302,'error':"Please give me title"}
return JsonResponse(result)
content=json_obj.get('content')
if not content:
result = {'code': 303, 'error': "Please give me content"}
return JsonResponse(result)
#获取纯文本内容,
content_text=json_obj.get('content_text')
if not content_text:
result = {'code': 304, 'error': "Please give me content_text"}
return JsonResponse(result)
introduce=content_text[:30]
limit=json_obj.get('limit')
if limit not in ['public','private']:
result = {'code': 305, 'error': "You limit is wrong"}
return JsonResponse(result)
categrory = json_obj.get('category')
if categrory not in ['tec','no-tec']:
result = {'code': 306, 'error': "You categrory is wrong"}
return JsonResponse(result)
Topic.objects.create(title=title,categrory=categrory,limit=limit,content=content,introduce=introduce,
author=request.user)
result={'code':200,'username':request.user.username}
return JsonResponse(result)
# elif request.method==""
elif request.method=="DELETE":
#博主删除自己的博客
#vi/topics/<author_id>
# #token存储的用户
author=request.user
token_author_id=author.username
if author_id!=token_author_id:
result={'code':309,'error':'You can not do it '}
return JsonResponse(result)
topic_id=request.GET.get('topic_id')
try:
topic=Topic.objects.get(id=topic_id)
except:
result={'code':310,'error':'You can not do it !'}
return JsonResponse(result)
if topic.author.username!=author_id:
result = {'code': 311, 'error': 'You can not do it !!'}
return JsonResponse(result)
topic.delete()
res={'code':200}
return JsonResponse(res)
def topics(request, author_id): #因为数据库username为主键,author_id为username
if request.method == "POST":
user = request.user
if user.username != author_id:
result = {"code": 301, "error": "wrong!"}
return JsonResponse(result)
json_str = request.body
if not json_str:
result = {"code": 302, "error": "please give me data!"}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get("title")
category = json_obj.get("category")
limit = json_obj.get("limit")
content = json_obj.get("content")
content_text = json_obj.get("content_text")
if not title:
result = {"code": 303, "error": "please give me title!"}
return JsonResponse(result)
#防止xss cross site script攻击
title = html.escape(title)
if not category:
result = {"code": 304, "error": "please give me category!"}
return JsonResponse(result)
if not limit:
result = {"code": 305, "error": "please give me limit!"}
return JsonResponse(result)
if not content:
result = {"code": 306, "error": "please give me content!"}
return JsonResponse(result)
if not content_text:
result = {"code": 307, "error": "please give me content_text!"}
return JsonResponse(result)
introduce = content_text[:30]
try:
Topic.objects.create(title=title,
category=category,
limit=limit,
introduce=introduce,
content=content,
author_id=author_id)
except Exception as e:
print("The error is %s" % e)
result = {"code": 222, "error": "topic is busy"}
return JsonResponse(result)
result = {"code": 200, "username": user.username}
return JsonResponse(result)
elif request.method == "GET":
authors = Userprofile.objects.filter(username=author_id)
if not authors:
result = {"code": 301, "error": "author is not existed"}
return JsonResponse(result)
author = authors[0]
category = request.GET.get("category")
t_id = request.GET.get("t_id")
#查找访问者
visitor = get_user_by_request(request)
visitor_username = None
if visitor:
visitor_username = visitor.username
if t_id:
#查询用户的指定文章
t_id = int(t_id)
is_self = False
if visitor_username == author_id:
is_self = True
# 博主访问自己的博客
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {"code": 311, "error": "no topic"}
return JsonResponse(result)
else:
# 陌生人访问博主的博客
try:
author_topic = Topic.objects.get(id=t_id, limit="public")
except Exception as e:
result = {"code": 312, "error": "no topic!"}
return JsonResponse(result)
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
if category in ["tec", "no-tec"]:
if visitor_username == author.username:
#博主访问自己的博客
author_topics = Topic.objects.filter(
author_id=author.username, category=category)
else:
#陌生人访问博主的博客
author_topics = Topic.objects.filter(
author_id=author.username,
limit="public",
category=category)
else:
if visitor_username == author.username:
#博主访问自己的博客
author_topics = Topic.objects.filter(
author_id=author.username)
else:
#陌生人访问博主的博客
author_topics = Topic.objects.filter(
author_id=author.username, limit="public")
res = make_topics_res(author, author_topics)
return JsonResponse(res)
elif request.method == "DELETE":
user = request.user
if user.username != author_id:
result = {"code": 404, "error": "wrong!"}
return JsonResponse(result)
topic_id = request.GET.get("topic_id")
if not topic_id:
result = {"code": 405, "error": "please give me topic_id!"}
return JsonResponse(result)
topics = Topic.objects.filter(id=topic_id, author_id=author_id)
if not topics:
result = {"code": 405, "error": "the topic is not existed!"}
return JsonResponse(result)
topic = topics[0]
topic.delete()
result = {"code": 200}
return JsonResponse(result)
def topics(request, author_id):
# 127.0.0.1:8000/v1/topics/<author_id>?category=[tec|no-tec]
if request.method == 'GET':
# 獲取用戶數據
# http://127.0.0.1:5000/<username>/topics
# author_id 被訪問的部落格博主用戶名
# visitor 訪客 「1.登入了 2.遊客(未登入)」
# author 博主 當前被訪問博客的博主
authors = UserProfile.objects.filter(username=author_id)
# 判斷是否有這個博主
if not authors:
result = {'code': 308, 'error': 'No author!'}
return JsonResponse(result)
# 取出結果中的博主
author = authors[0]
# visitor 怎麼確定?
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
visitor_name = visitor.username
# 有t_id就是詳情頁,沒有就是列表頁
t_id = request.GET.get('t_id')
if t_id:
# 當前是否為 博主訪問自己的文章
is_self = False
# 獲取詳情
t_id = int(t_id)
if author_id == visitor_name:
is_self = True
# 博主訪問自己
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 312, 'error': 'No topic!'}
return JsonResponse(result)
else:
# 訪客訪問博主文章
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
result = {'code': 313, 'error': 'No topic!!'}
return JsonResponse(result)
# 拼前端返回值
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
# 獲取用戶所有博客
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
# /v1/topics/<author_id>?category=[tec|no-tec]
if author_id == visitor_name:
# 博主訪問自己
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
# 訪客來了 訪客只能
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit='public')
else:
# /v1/topics/<author_id> 用戶全量數據
if author_id == visitor_name:
# 當前為博主訪問自己的博客 獲取全部數據
topics = Topic.objects.filter(author_id=author_id)
else:
# 訪客 非博主本人 只獲取public數據
topics = Topic.objects.filter(author_id=author_id,
limit='public')
res = make_topics_res(author, topics)
return JsonResponse(res)
elif request.method == 'POST':
# 創建用戶部落格數據
json_str = request.body
if not json_str:
result = {'code': 301, 'error': 'Please give me json!'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
# 防止xss注入 使用html轉譯
import html
title = html.escape(title)
if not title:
result = {'code': 302, 'error': 'Please give me title!'}
return JsonResponse(result)
content = json_obj.get('content')
if not content:
result = {'code': 303, 'error': 'Please give me content!'}
return JsonResponse(result)
# 獲取純文本文件,用於切割文章簡介
content_text = json_obj.get('content_text')
if not content_text:
result = {'code': 304, 'error': 'Please give me content_text!'}
return JsonResponse(result)
# 切割簡介
introduce = content_text[:30]
limit = json_obj.get('limit')
if limit not in ['public', 'private']:
result = {'code': 305, 'error': 'Your limit is wrong!'}
return JsonResponse(result)
category = json_obj.get('category')
# TODO 檢查 same to 'limit'
# 創建數據
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author=request.user)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
elif request.method == 'DELETE':
# 博主刪除自己的文章
# /v1/topics/<author_id>
# token存儲的用戶
author = request.user
token_author_id = author.username
# url中傳過來的author_id必須和token中的用戶名相等
if author_id != token_author_id:
result = {'code': 309, 'error': 'You can not di it!'}
return JsonResponse(result)
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 310, 'error': 'You can not di it!!'}
return JsonResponse(result)
#
if topic.author.username != author_id:
result = {'code': 311, 'error': 'You can not di it!!!'}
return JsonResponse(result)
topic.delete()
res = {'code': 200}
return JsonResponse(res)
return JsonResponse({'code': 200, 'error': 'This is a test!'})
def topics(request, author_id):
if request.method == 'GET':
# 获取用户数据
# author_id 被访问的博客的博主用户名
# visitor 访客
authors = UserProfile.objects.filter(username=author_id)
# print(author_id)
if not authors:
result = {'code': 308, 'error': '?no author'}
return JsonResponse(result)
# 取出结果中的博主
author = authors[0]
# visitor
visitor = get_user_by_request(request)
visitor_name = None
if visitor:
# 是登陆用户
visitor_name = visitor.username
t_id = request.GET.get('t_id')
if t_id:
# 当前是否为 博主访问自己的博客
is_self = False
# 获取详情页
t_id = int(t_id)
if author_id == visitor_name:
is_self = True
# 博主访问自己的博客详情页
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
result = {'code': 312, 'error': 'no topic'}
return JsonResponse(result)
else:
# 访客访问博主博客详情页
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
return JsonResponse({'code': 313, 'error': 'no topic!'})
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
# / v1/topics/<author_id>?category=[tec|no-yec]
if author_id == visitor_name:
# 博主访问自己
topics = Topic.objects.filter(author_id=author_id,
category=category)
else:
# 访客
topics = Topic.objects.filter(author_id=author_id,
category=category,
limit='public')
else:
if author_id == visitor_name:
# 博主
topics = Topic.objects.filter(author_id=author_id)
else:
# 登陆访客
topics = Topic.objects.filter(author_id=author_id,
limit='public')
# 返回 author为 UserProfile对象 topics 为Topic对象
res = make_topics_res(author, topics)
return JsonResponse(res)
elif request.method == 'DELETE':
author = request.user
token_author_id = author.username
# url 传入的author_id 必须与token中的用户名相等
if token_author_id != author_id:
return JsonResponse({'code': 404, 'error': '用户不一致'})
topic_id = request.GET.get('topic_id')
try:
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 405, 'error': 'you can not do it'}
return JsonResponse(result)
if topic.author.username != author_id:
return JsonResponse({'code': 406, 'error': 'you can do yit'})
topic.delete()
res = {'code': 200}
return JsonResponse(res)
elif request.method == 'POST':
# 创建用户博客数据
# token = request.META.get('HTTP_AUTHORIZATION')
# if not token:
# return JsonResponse({'code':403,'error':'用户未登陆'})
req = request.body
req_dic = json.loads(req)
if not req_dic:
return JsonResponse({'code': 401, 'error': '没有JSON数据'})
title = req_dic.get('title')
# xss 注入
import html
title = html.escape(title)
if not title:
return JsonResponse({'code': 402, 'error': '没有用户名'})
category = req_dic.get('category')
if category not in ['tec', 'no-tec']:
return JsonResponse({'code': 403, 'error': 'category不正确'})
content = req_dic.get('content')
if not content:
return JsonResponse({'code': 405, 'error': 'content 不正确'})
content_text = req_dic.get('content_text')
if not content_text:
return JsonResponse({'code': 406, 'error': 'content_text 不正确'})
introduce = content_text[:30]
limit = req_dic.get('limit')
if limit not in ['public', 'private']:
return JsonResponse({'code': 407, 'error': 'gei wo limit'})
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content_text,
introduce=introduce,
author=request.user)
user = request.user
username = user.username
return JsonResponse({'code': 200, 'username': username})
def topics(request, author_id):
if request.method == 'POST':
json_str = request.body
if not json_str:
result = {'code': 302, 'error': 'Please give me data'}
return JsonResponse(result)
json_obj = json.loads(json_str)
title = json_obj.get('title')
if not title:
result = {'code': 218, 'error': 'the title is wrong'}
return JsonResponse(result)
#防止xss cross site script攻击
title = html.escape(title)
category = json_obj.get('category')
if not category:
result = {'code': 219, 'error': 'the category is wrong'}
return JsonResponse(result)
limit = json_obj.get('limit')
if not limit:
result = {'code': 220, 'error': 'the limit is wrong'}
return JsonResponse(result)
content_text = json_obj.get('content_text')
if not content_text:
result = {'code': 226, 'error': 'the content_text is wrong'}
return JsonResponse(result)
introduce = content_text[:30]
if not introduce:
result = {'code': 221, 'error': 'the introduce is wrong'}
return JsonResponse(result)
# 带html标签样式的文章内容[color]
content = json_obj.get('content')
if not content:
result = {'code': 222, 'error': 'the content is wrong'}
return JsonResponse(result)
if request.user.username != author_id:
result = {'code': 230, 'error': 'the username is wrong'}
return JsonResponse(result)
# 创建数据
try:
Topic.objects.create(title=title,
category=category,
limit=limit,
content=content,
introduce=introduce,
author_id=author_id)
except Exception as e:
print(e)
result = {'code': 309, 'error': 'Topic is busy'}
return JsonResponse(result)
result = {'code': 200, 'username': request.user.username}
return JsonResponse(result)
# 获取author_id文章
elif request.method == 'GET':
#1.访问者 visitor 2.博主 author
#查找博主
authors = UserProfile.objects.filter(username=author_id)
if not authors:
result = {'code': 310, 'error': 'the user is not existed'}
return JsonResponse(result)
author = authors[0]
#查找我们访问者
visitor = get_user_by_request(request)
visitor_username = None
if visitor:
visitor_username = visitor.username
#获取topic_id
t_id = request.GET.get('t_id')
type(t_id)
if t_id:
#查询指定文章数据
t_id = int(t_id)
#是否博主访问自己博客
is_self = False
if visitor_username == author_id:
is_self = True
#博主访问自己博客
try:
author_topic = Topic.objects.get(id=t_id)
except Exception as e:
print(e)
result = {'code': 311, 'error': 'have not topic'}
return JsonResponse(result)
else:
#陌生人访问博主博客
try:
author_topic = Topic.objects.get(id=t_id, limit='public')
except Exception as e:
print(e)
result = {'code': 312, 'error': 'have not topic!!!'}
return JsonResponse(result)
res = make_topic_res(author, author_topic, is_self)
return JsonResponse(res)
else:
#查询用户全部文章
#判断是否有查询字符串[category]
category = request.GET.get('category')
if category in ['tec', 'no-tec']:
if visitor_username == author.username:
#博主访问自己博客
author_topics = Topic.objects.filter(
author_id=author.username, category=category)
else:
#非博主访问博主博客
author_topics = Topic.objects.filter(
author_id=author.username,
limit='public',
category=category)
else:
if visitor_username == author.username:
# 博主访问与技术无关的博客
author_topics = Topic.objects.filter(
author_id=author.username)
else:
# 非博主访问与技术无关的博客
author_topics = Topic.objects.filter(
author_id=author.username, limit='public')
# #生成返回值
res = make_topics_res(author, author_topics)
return JsonResponse(res)
elif request.method == 'DELETE':
#删除博客
#查询字符串包含topic_id
#获取Topic 的 id
topic_id = request.GET.get('topic_id')
try:
#根据id获取topic
topic = Topic.objects.get(id=topic_id)
except:
result = {'code': 405, 'error': 'the topic_id is existed'}
return JsonResponse(result)
#判断是否登录
user = request.user
if not user:
result = {'code': 403, 'error': 'the topic_id have not login'}
return JsonResponse(result)
#判断删除的文章的用户是否是登录的用户
if topic.author != user:
result = {'code': 404, 'error': 'the topic_id permission denied'}
return JsonResponse(result)
#删除
topic.delete()
#返回status 200
return JsonResponse({"code": 200})
