def delete_url(url_id): #check_admin() url = Url.get(url_id) if url is None: raise APIResourceNotFoundError('url') close_url(url) raise seeother('/index')
def callback(): i = ctx.request.input(code="") code = i.code client = _create_client() r = client.request_access_token(code) logging.info("access token: %s" % json.dumps(r)) access_token, expires_in, uid = r.access_token, r.expires_in, r.uid client.set_access_token(access_token, expires_in) u = client.users.show.get(uid=uid) logging.info("got user: %s" % uid) users = db.select("select * from users where id=?", uid) user = dict( name=u.screen_name, image_url=u.avatar_large or u.profile_image_url, statuses_count=u.statuses_count, friends_count=u.friends_count, followers_count=u.followers_count, verified=u.verified, verified_type=u.verified_type, auth_token=access_token, expired_time=expires_in, ) if users: db.update_kw("users", "id=?", uid, **user) else: user["id"] = uid db.insert("users", **user) _make_cookie(uid, access_token, expires_in) raise seeother("/")
def callback(): i = ctx.request.input(code='') code = i.code client = _create_client() r = client.request_access_token(code) logging.info('access token: %s' % json.dumps(r)) access_token, expires_in, uid = r.access_token, r.expires_in, r.uid client.set_access_token(access_token, expires_in) u = client.users.show.get(uid=uid) logging.info('got user: %s' % uid) users = db.select('select * from users where id=?', uid) user = dict(name=u.screen_name, \ image_url=u.avatar_large or u.profile_image_url, \ statuses_count=u.statuses_count, \ friends_count=u.friends_count, \ followers_count=u.followers_count, \ verified=u.verified, \ verified_type=u.verified_type, \ auth_token=access_token, \ expired_time=expires_in) if users: db.update_kw('users', 'id=?', uid, **user) else: user['id'] = uid db.insert('users', **user) _make_cookie(uid, access_token, expires_in) raise seeother('/')
def auth_signin(): ''' Redirect to sina sign in page. ''' ctx.response.set_cookie(COOKIE_REDIRECT, _get_referer()) client = APIClient(app_key=APP_KEY, app_secret=APP_SECRET, redirect_uri=CALLBACK) raise seeother(client.get_authorize_url())
def attachments(): i = ctx.request.input(action='', page='1', size='20') if i.action == 'delete': delete_attachment(i.id) raise seeother('attachments') page = int(i.page) size = int(i.size) num = db.select_int('select count(id) from attachments where website_id=?', ctx.website.id) if page < 1: raise APIValueError('page', 'page invalid.') if size < 1 or size > 100: raise APIValueError('size', 'size invalid.') offset = (page - 1) * size atts = db.select( 'select * from attachments where website_id=? order by id desc limit ?,?', ctx.website.id, offset, size + 1) next = False if len(atts) > size: atts = atts[:-1] next = True return Template('templates/attachments.html', attachments=atts, page=page, previous=page > 2, next=next)
def articles(): i = ctx.request.input(action='', page='1') if i.action == 'edit': article = _get_article(i.id) return Template('templates/articleform.html', form_title=_('Edit Article'), form_action='/api/articles/update', categories=_get_categories(), static=False, **article) if i.action == 'delete': api_delete_article() raise seeother('articles') page = int(i.page) previous = page > 1 next = False articles = _get_articles(page, 51, published_only=False) if len(articles) == 51: articles = articles[:-1] next = True return Template('templates/articles.html', page=page, previous=previous, next=next, categories=_get_categories(), articles=articles)
def index_interceptor(next): logging.info('try to check user from session cookie...') user = ctx.request.user if user is not None: logging.info('user is not None...') return next() raise seeother('/signin')
def pages(): i = ctx.request.input(action='') if i.action=='edit': page = _get_page(i.id) return Template('/templates/articleform.html', form_title=_('Edit Page'), form_action='/api/pages/update', static=True, **page) if i.action=='delete': api_delete_page() raise seeother('pages') return Template('templates/pages.html', pages=_get_pages())
def signout(): delete_session_cookie() redirect = ctx.request.get('redirect', '') if not redirect: redirect = ctx.request.header('REFERER', '') if not redirect or redirect.find('/admin/')!=(-1) or redirect.find('/signin')!=(-1): redirect = '/' logging.debug('signed out and redirect to: %s' % redirect) raise seeother(redirect)
def auth_callback(): ''' Callback from sina, then redirect to previous url. ''' code = ctx.request.input(code='').code if not code: raise seeother('/s/auth_failed') client = APIClient(app_key=APP_KEY, app_secret=APP_SECRET, redirect_uri=CALLBACK) r = client.request_access_token(code) access_token = r.access_token expires = r.expires_in uid = r.uid # get user info: client.set_access_token(access_token, expires) account = client.users.show.get(uid=uid) image = account.get(u'profile_image_url', u'about:blank') logging.info('got account: %s' % str(account)) name = account.get('screen_name', u'') or account.get('name', u'') id = u'weibo_%s' % uid user = auth.fn_load_user(id) if user: # update user if necessary: db.update('update user set name=?, oauth_image=?, oauth_access_token=?, oauth_expires=? where id=?', \ name, image, access_token, expires, id) else: db.insert('user', \ id = id, \ name = name, \ oauth_access_token = access_token, \ oauth_expires = expires, \ oauth_url = u'http://weibo.com/u/%s' % uid, \ oauth_image = image, \ admin = False) # make a signin cookie: cookie_str = auth.make_session_cookie(id, access_token, expires) logging.info('will set cookie: %s' % cookie_str) redirect = ctx.request.cookie(COOKIE_REDIRECT, '/') ctx.response.set_cookie(auth.COOKIE_AUTH, cookie_str, expires=expires) ctx.response.delete_cookie(COOKIE_REDIRECT) raise seeother(redirect)
def auth_from_weibo(): provider = 'SinaWeibo' p = sns.create_client(provider) redirect = _get_redirect(excludes='/auth/') callback = 'http://%s/auth/callback/weibo?redirect=%s' % ( ctx.request.host, urllib.quote(redirect)) jscallback = ctx.request.get('jscallback', '') if jscallback: callback = '%s&jscallback=%s' % (callback, jscallback) raise seeother(p.get_authorize_url(callback))
def categories(): i = ctx.request.input(action='') if i.action=='add': return Template('templates/categoryform.html', form_title=_('Add Category'), form_action='/api/categories/create') if i.action=='edit': cat = _get_category(i.id) return Template('templates/categoryform.html', form_title=_('Edit Category'), form_action='/api/categories/update', **cat) if i.action=='delete': api_delete_category() raise seeother('categories') return Template('templates/categories.html', categories=_get_categories())
def open_url(url_id): #check_admin() url = Url.get(url_id) if url is None: raise APIResourceNotFoundError('url') ##之前不是关闭状态 if url.status != 0: raise APIResourceNotFoundError('url') url.status = 1 url.update() raise seeother('/index')
def manage_interceptor(next): """ :param next: :return: :raise seeother: """ user = ctx.request.user if user: localauth = LocalAuth.find_first('where user_id=?', user.user_id) if localauth.user_admin: return next() raise seeother('/signin')
def pages(): i = ctx.request.input(action='') if i.action == 'edit': page = _get_page(i.id) return Template('/templates/articleform.html', form_title=_('Edit Page'), form_action='/api/pages/update', static=True, **page) if i.action == 'delete': api_delete_page() raise seeother('pages') return Template('templates/pages.html', pages=_get_pages())
def close_url(url_id): #check_admin() url = Url.get(url_id) if url is None: raise APIResourceNotFoundError('url') ##之前不是关闭状态 if url.status != 1: raise APIResourceNotFoundError('url') url.status = 0 ##todo:这里还有很多事情要做,比如关闭监听,需要删除之前抓的网页 url.update() raise seeother('/index')
def _manage(app, func): if ctx.user is None: raise seeother('/auth/signin') mod = _apps.get(app, None) if mod is None: raise notfound() fn = getattr(mod, func, None) if fn is None: raise notfound() r = fn() if isinstance(r, Template): r.model['__user__'] = ctx.user r.model['__apps__'] = _apps_list return r
def articles(): i = ctx.request.input(action='', page='1') if i.action=='edit': article = _get_article(i.id) return Template('templates/articleform.html', form_title=_('Edit Article'), form_action='/api/articles/update', categories=_get_categories(), static=False, **article) if i.action=='delete': api_delete_article() raise seeother('articles') page = int(i.page) previous = page > 1 next = False articles = _get_articles(page, 51, published_only=False) if len(articles)==51: articles = articles[:-1] next = True return Template('templates/articles.html', page=page, previous=previous, next=next, categories=_get_categories(), articles=articles)
def categories(): i = ctx.request.input(action='') if i.action == 'add': return Template('templates/categoryform.html', form_title=_('Add Category'), form_action='/api/categories/create') if i.action == 'edit': cat = _get_category(i.id) return Template('templates/categoryform.html', form_title=_('Edit Category'), form_action='/api/categories/update', **cat) if i.action == 'delete': api_delete_category() raise seeother('categories') return Template('templates/categories.html', categories=_get_categories())
def do_signin(): i = ctx.request.input(remember='') email = i.email.strip().lower() passwd = i.passwd remember = i.remember if not email or not passwd: return dict(email=email, remember=remember, error=_('Bad email or password')) us = db.select('select id, passwd from users where email=?', email) if not us: return dict(email=email, remember=remember, error=_('Bad email or password')) u = us[0] if passwd != u.passwd: logging.debug('expected passwd: %s' % u.passwd) return dict(email=email, remember=remember, error=_('Bad email or password')) expires = time.time() + _SESSION_COOKIE_EXPIRES if remember else None make_session_cookie(u.id, passwd, expires) ctx.response.delete_cookie(_COOKIE_SIGNIN_REDIRECT) raise seeother(ctx.request.cookie(_COOKIE_SIGNIN_REDIRECT, '/'))
def attachments(): i = ctx.request.input(action='', page='1', size='20') if i.action=='delete': delete_attachment(i.id) raise seeother('attachments') page = int(i.page) size = int(i.size) num = db.select_int('select count(id) from attachments where website_id=?', ctx.website.id) if page < 1: raise APIValueError('page', 'page invalid.') if size < 1 or size > 100: raise APIValueError('size', 'size invalid.') offset = (page - 1) * size atts = db.select('select * from attachments where website_id=? order by id desc limit ?,?', ctx.website.id, offset, size+1) next = False if len(atts)>size: atts = atts[:-1] next = True return Template('templates/attachments.html', attachments=atts, page=page, previous=page>2, next=next)
def auth_callback_weibo(): provider = 'SinaWeibo' p = sns.create_client(provider) callback = 'http://%s/manage/setting/auth_callback_weibo' % ctx.request.host i = ctx.request.input(code='', state='') code = i.code if not code: raise IOError('missing code') state = i.state r = p.request_access_token(code, callback) thirdpart_id = r['uid'] info = p.users.show.get(uid=thirdpart_id) name = info['screen_name'] auth_id = '%s-%s' % (provider, thirdpart_id) auth_token = r['access_token'] expires_time = r['expires'] db.update('delete from snstokens where auth_provider=?', provider) SNSTokens(auth_id=auth_id, auth_provider=provider, auth_name=name, auth_token=auth_token, expires_time=expires_time).insert() raise seeother('/manage/setting/snstokens')
def manage_index(): raise seeother('/manage/comments')
def manage_interceptor(next): user = ctx.request.user if user and user.admin: return next() raise seeother('/signin')
def signout(): ctx.response.delete_cookie(_COOKIE_NAME) raise seeother('/')
def signin(): if ctx.request.user: raise seeother('/') return dict()
def signin(): client = _create_client() raise seeother(client.get_authorize_url())
def signout(): ctx.response.set_cookie(_COOKIE, "deleted", max_age=0) raise seeother("/")
def manage_index(): raise seeother('/manage/requests')
def _wrapper(*args, **kw): u = ctx.user if u and u.role<=role: return func(*args, **kw) raise seeother('/auth/signin')
def auth_callback_weibo(): provider = 'SinaWeibo' p = sns.create_client(provider) redirect = _get_redirect(excludes='/auth/') callback = 'http://%s/auth/callback/%s' % (ctx.request.host, provider) i = ctx.request.input(code='', state='') code = i.code if not code: raise IOError('missing code') state = i.state r = p.request_access_token(code, callback) thirdpart_id = r['uid'] auth_id = '%s-%s' % (provider, thirdpart_id) auth_token = r['access_token'] expires = r['expires'] user = None auser = AuthUsers.select_one('where auth_id=?', auth_id) if auser: # already signed in before: auser.auth_token = auth_token auser.expires = expires auser.update() user = Users.get_by_id(auser.user_id) make_session_cookie(provider, auser._id, auth_token, expires) else: # not signed in before, so try to get info: info = p.users.show.get(uid=thirdpart_id) user_id = db.next_id() email = info['email'] if 'email' in info else '%s@tmp' % user_id name = info['screen_name'] image_url = info['profile_image_url'] user = Users(_id=user_id, role=ROLE_GUEST, binds=provider, email=email, name=name, image_url=image_url, passwd='') auser = AuthUsers( \ user_id = user_id, \ auth_id = auth_id, \ auth_provider = provider, \ auth_token = auth_token, \ expires_time = expires \ ) with db.transaction(): user.insert() auser.insert() make_session_cookie(provider, auser._id, auth_token, expires) jscallback = ctx.request.get('jscallback', '') if jscallback: ctx.response.write( r'''<html><body><script> window.opener.%s({'id': '%s', 'name': '%s', 'image_url': '%s'}); self.close(); </script></body></html>''' % (jscallback, user._id, user.name.replace('\'', '\\\'').replace( '\n', '').replace('\r', ''), user.image_url)) return raise seeother('/')
def auth_signout(): ''' Sign out and redirect to previous page. ''' ctx.response.delete_cookie(auth.COOKIE_AUTH) raise seeother(_get_referer())
def redirect_wikipage(pid): p = _get_wikipage(pid) if p is None: raise notfound() raise seeother('/wiki/%s/%s' % (p.wiki_id, pid))
def index(): raise seeother('/manage/')
def manage_index(): raise seeother('/manage/pageviews')
def manage_interceptor(next): logging.info('MANAGE_INTERCEPTOR') user = ctx.request.user if user and user.admin: return next() raise seeother('/signin')
def manage_index(): raise seeother('/manage/reviews')
def signout(): ctx.response.set_cookie(_COOKIE, 'deleted', max_age=0) raise seeother('/')
def register(): if ctx.request.user: raise seeother('/') return dict()
def manage_index(): raise seeother('/task_list')
def manage_index(): raise seeother('/manage/blogs')
def manage_interceptor(next): # 对URL/manage/进行拦截,检查当前用户是否是管理员身份 user = ctx.request.user if user and user.admin: return next() raise seeother('/signin')
def manage_index(): raise seeother('/manage/posts')