示例#1
0
    def process_request(self, request):
        try:
            # 1. GET参数整合到parameters
            request.parameters = request.GET.copy()
            if request.method == "POST":
                # 2. 处理request.body内的query_string更新到request.parameters
                # multipart/form-data 时不处理表单里的参数,因为没有经过nginx的参数签名校验,无法保证参数合法性
                if request.META['CONTENT_TYPE'].startswith('multipart/form-data'):
                    return None
                # application/x-www-form-urlencoded 时不处理request.body
                elif request.META['CONTENT_TYPE'] == 'application/x-www-form-urlencoded':
                    pass
                # xml or json 时不处理request.body
                elif request.body.startswith("<") or request.body.startswith("{") or request.body.startswith("["):
                    pass
                # 其他情况更新request.body内的query_string到request.parameters
                elif '=' in request.body:
                    request.parameters.update(QueryDict(request.body, encoding='utf-8'))

                # 3. 表单参数更新到request.parameters
                for k in request.POST:
                    # 使用setlist以支持类似复选控件一个name多个value的情况
                    request.parameters.setlist(k, request.POST.getlist(k))
            # 提取用户的客户端信息
            RequestInfo.DATA = {
                "request_ip": get_clientip(request),
                "user_agent": request.META.get("HTTP_USER_AGENT", "")
            }
            # 安全日志部分到此为止
            return None
        except Exception as ex:
            SysLogger.exception(ex, request)
            response = HttpResponseBadRequest()
            return response
示例#2
0
def detail(request, year, month, day, id):
    """
    博客详情
    """
    try:
        article = Article.objects.get(id=id)
        # 文章阅读量统计,12小时内连续访问的IP只记录一次
        ip_address = get_clientip(request)
        key = ip_address + '_' + str(id)
        if cache.get(key) is None:
            article.count += 1
            article.save(update_fields=['count'])
            cache.set(key, str(datetime.now() + timedelta(hours=12)), 12 * 60 * 60)  # 设置12小时过期

        statics_count = Article.objects.aggregate(
            blog_count=Count('id', distinct=True),
            read_count=Sum('count'),
            tags_count=Count('tags', distinct=True)
        )
        # 生成文章目录
        if article.editor == EditorKind.Markdown:
            md = markdown.Markdown(extensions=[
                'markdown.extensions.extra',
                'markdown.extensions.codehilite',
                'markdown.extensions.toc',
                'markdown.extensions.tables'
            ])
            article.content = md.convert(article.content)
            toc = md.toc
        tag_list, music_list = get_tags_and_musics('tmp_tags', 'tmp_musics')  # 获取所有标签,并随机赋予颜色
        not_update_days = (datetime.now() - article.last_update).days  # 计算文章距现在多长时间没有更新
        return render(request, 'blog/content.html', locals())
    except Article.DoesNotExist:
        raise Http404
示例#3
0
        def _validate_access(request, *args, **kwargs):
            allowed_ips = config.get('domain') or []
            # 验证IP
            ip_permission = False
            client_ip = get_clientip(request)
            if len(allowed_ips) == 0 or allowed_ips[0] == '*':
                ip_permission = True
            else:
                for ip in set(allowed_ips):
                    if fnmatch(client_ip, ip):
                        ip_permission = True
                        break
            if not ip_permission:
                return HttpResponseForbidden("REQUEST IP %s IS NOT ALLOWED" % client_ip)

            response = view_func(request, *args, **kwargs)
            return response
示例#4
0
        def _validate_access(request, *args, **kwargs):
            allowed_ips = config.get('domain') or []
            # 验证IP
            ip_permission = False
            client_ip = get_clientip(request)
            if len(allowed_ips) == 0 or allowed_ips[0] == '*':
                ip_permission = True
            else:
                for ip in set(allowed_ips):
                    if fnmatch(client_ip, ip):
                        ip_permission = True
                        break
            if not ip_permission:
                return HttpResponseForbidden("REQUEST IP %s IS NOT ALLOWED" %
                                             client_ip)

            response = view_func(request, *args, **kwargs)
            return response
示例#5
0
def add_comments_view(request):
    """
    添加评论
    """
    form = CommentForm(request.POST)
    if not form.is_valid():
        return http_response(request, statuscode=ERRORCODE.PARAM_ERROR)

    nickname = form.cleaned_data.get('nickname')
    email = form.cleaned_data.get('email')
    website = form.cleaned_data.get('website')
    content = form.cleaned_data.get('content')
    target = form.cleaned_data.get('target')
    parent_comment_id = form.cleaned_data.get('parent_comment_id')

    try:
        user, created = Visitor.objects.update_or_create(
            nickname=nickname,
            email=email,
            defaults={
                "nickname": nickname,
                "email": email,
                "website": website,
                "avatar": gravatar_url(email)
            })
        ip_address = get_clientip(request)
        country, province, city = get_location_by_ip(ip_address)
        anchor = "".join([
            random.choice("abcdefghijklmnopqrstuvwxyz1234567890")
            for i in xrange(16)
        ])
        comment_data = {
            "user_id": user.id,
            "content": content,
            "target": target,
            "ip_address": ip_address,
            "country": country,
            "province": province,
            "city": city,
            "anchor": anchor,
        }
        # 二级回复
        if parent_comment_id:
            parent_comment = Comments.objects.select_related().filter(
                pk=parent_comment_id).first()
            reply_to = parent_comment.user if parent_comment else None
            comment_data.update({
                "parent_id": parent_comment_id,
                "reply_to": reply_to
            })
            mail_body = MailTemplate.notify_parent_user.format(
                parent_user=parent_comment.user.nickname,
                parent_comment=parent_comment.content,
                target_url=DOMAIN_NAME + parent_comment.target,
                anchor='#' + parent_comment.anchor)
            send_email_task.delay(reply_to.email, mail_body)
        Comments.objects.create(**comment_data)
        messages.success(request, u'评论成功')
        cache.delete_pattern(target)  # 清除缓存
        if not parent_comment_id and not user.blogger:
            mail_body = MailTemplate.notify_blogger.format(
                nickname=nickname,
                comment=content,
                target_url=DOMAIN_NAME + target,
                anchor='#' + anchor)
            send_email_task.delay(BLOGGER_EMAIL, mail_body)
        return http_response(request, statuscode=ERRORCODE.SUCCESS)
    except Exception as exp:
        return http_response(request, statuscode=ERRORCODE.FAILED, msg=exp)