2024-11-19 02:19:25 +08:00
|
|
|
|
from flask import Blueprint, current_app, request, jsonify, make_response
|
2024-11-13 03:23:11 +08:00
|
|
|
|
import hashlib
|
|
|
|
|
import time
|
2024-11-15 02:12:21 +08:00
|
|
|
|
import magic # apt install libmagic1 libmagic-dev -y
|
2024-11-14 13:03:00 +08:00
|
|
|
|
from utils import logger, pgclass, setting_loader
|
2024-11-13 03:23:11 +08:00
|
|
|
|
from sqlalchemy.orm import sessionmaker
|
|
|
|
|
from sqlalchemy import desc
|
2024-11-15 02:12:21 +08:00
|
|
|
|
from protobuf_files import niming_pb2
|
2024-11-19 02:19:25 +08:00
|
|
|
|
from google.protobuf.message import DecodeError
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
TODO:
|
2024-11-19 02:19:25 +08:00
|
|
|
|
- IG post ( Po文、刪文、只PO本體文章 )
|
2024-11-14 13:03:00 +08:00
|
|
|
|
|
2024-11-18 02:47:25 +08:00
|
|
|
|
- log 的方式之後要重新設計 > 正規化
|
2024-11-14 13:03:00 +08:00
|
|
|
|
- IP Record (deploy之前配合rev proxy)
|
2024-11-19 02:19:25 +08:00
|
|
|
|
- gunicorn
|
2024-11-15 02:12:21 +08:00
|
|
|
|
- 檔案完成,但是再看看要不要讓發文者持sha256存取自己發的文的檔案
|
2024-11-13 03:23:11 +08:00
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
article = Blueprint('article', __name__)
|
|
|
|
|
|
|
|
|
|
# 匿名文列表
|
|
|
|
|
@article.route('/list', methods = ["GET"])
|
|
|
|
|
def listing():
|
|
|
|
|
# variables
|
2024-11-19 02:19:25 +08:00
|
|
|
|
if request.args.get("start") is None or request.args.get("count") is None or \
|
|
|
|
|
request.args.get("start").isdigit()==False or request.args.get("count").isdigit()==False: return "Arguments error", 400
|
2024-11-13 03:23:11 +08:00
|
|
|
|
rst = int(request.args.get("start"))
|
|
|
|
|
count = int(request.args.get("count"))
|
|
|
|
|
|
|
|
|
|
# db
|
|
|
|
|
db = current_app.shared_resource.engine
|
|
|
|
|
Session = sessionmaker(bind=db)
|
2024-11-19 02:19:25 +08:00
|
|
|
|
with Session() as session:
|
|
|
|
|
# get ctx
|
|
|
|
|
table = pgclass.SQLarticle
|
|
|
|
|
ftab = pgclass.SQLfile
|
|
|
|
|
res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.hash).order_by(desc(table.id)).filter(table.mark == 'visible', table.reference == None).offset(rst).limit(count).all()
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
# mapping
|
|
|
|
|
res = [ {"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4],
|
|
|
|
|
"files": [ f[0] for f in session.query(ftab.id).filter(ftab.reference == r[5]).all() ] } for r in res ]
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
return jsonify(res), 200
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
|
|
|
|
# 獲取指定文章
|
|
|
|
|
@article.route("/get/<int:id>", methods = ["GET"])
|
|
|
|
|
def getarticle(id:int):
|
|
|
|
|
db = current_app.shared_resource.engine
|
|
|
|
|
Session = sessionmaker(bind=db)
|
2024-11-19 02:19:25 +08:00
|
|
|
|
with Session() as session:
|
|
|
|
|
# get ctx
|
|
|
|
|
table = pgclass.SQLarticle
|
|
|
|
|
ftab = pgclass.SQLfile
|
|
|
|
|
res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.reference, table.hash).filter(table.id == id).filter(table.mark == 'visible').all()
|
|
|
|
|
|
|
|
|
|
# mapping
|
|
|
|
|
resfn = [
|
|
|
|
|
{"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4], "reference":r[5], # basic
|
|
|
|
|
"comment": [ c[0] for c in session.query(table.id).filter(table.reference == int(r[0]), table.mark == "visible").all() ], # comment
|
|
|
|
|
"files": [ f[0] for f in session.query(ftab.id).filter(ftab.reference == r[6]).all() ]
|
|
|
|
|
}
|
|
|
|
|
for r in res
|
|
|
|
|
]
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
return jsonify(resfn), 200
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
2024-11-14 13:03:00 +08:00
|
|
|
|
# 上傳文章 / 留言
|
2024-11-13 03:23:11 +08:00
|
|
|
|
@article.route("/post", methods = ["POST"])
|
|
|
|
|
def posting():
|
2024-11-18 02:47:25 +08:00
|
|
|
|
# flow:
|
|
|
|
|
# ctx -> hash -> reference -> file -> IP -> IG -> mark -> post | -> log
|
2024-11-14 13:03:00 +08:00
|
|
|
|
# db
|
2024-11-13 03:23:11 +08:00
|
|
|
|
db = current_app.shared_resource.engine
|
|
|
|
|
Session = sessionmaker(bind=db)
|
2024-11-14 13:03:00 +08:00
|
|
|
|
table = pgclass.SQLarticle
|
|
|
|
|
# loadset
|
|
|
|
|
opt = setting_loader.loadset()
|
|
|
|
|
chk_before_post = opt["Check_Before_Post"]
|
2024-11-15 02:12:21 +08:00
|
|
|
|
maxword = opt["Niming_Max_Word"]
|
|
|
|
|
# data parse
|
|
|
|
|
recv = niming_pb2.DataMessage()
|
2024-11-19 02:19:25 +08:00
|
|
|
|
try: recv.ParseFromString(request.data)
|
|
|
|
|
except DecodeError: return "Protobuf decode error", 400
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
|
|
|
|
# content
|
2024-11-15 02:12:21 +08:00
|
|
|
|
ctx = str(recv.ctx) # request.json["ctx"]
|
|
|
|
|
# length check
|
|
|
|
|
if len(ctx) == 0 or len(ctx) > maxword: return "no content or too many words", 400
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
|
|
|
|
# hash
|
|
|
|
|
seed = ctx + str(time.time())
|
|
|
|
|
hash = hashlib.sha256(seed.encode()).hexdigest()
|
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
with Session() as session:
|
|
|
|
|
# reference
|
|
|
|
|
ref = int(recv.ref) # request.json["ref"]
|
|
|
|
|
if not (ref == 0): # 如果ref不是0
|
|
|
|
|
# 檢查是不是指向存在的文章
|
|
|
|
|
chk = session.query(table).filter(table.id == ref, table.mark == "visible").first()
|
|
|
|
|
if chk is None: return "Invalid Reference", 400
|
|
|
|
|
# 檢查指向的文章是否也是留言
|
|
|
|
|
if not(chk.reference is None): return "Invalid Reference", 400
|
|
|
|
|
else:
|
|
|
|
|
ref = None
|
2024-11-15 02:12:21 +08:00
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
# file processing
|
|
|
|
|
files = recv.files
|
|
|
|
|
# check - size
|
|
|
|
|
atts = opt["Attachment_Count"]
|
|
|
|
|
sizelimit = opt["Attachment_Size"]
|
|
|
|
|
if len(files) > atts: return "Too many files", 400
|
|
|
|
|
for f in files:
|
|
|
|
|
if len(f) <= 0 or len(f) > sizelimit: return "File size error", 400
|
|
|
|
|
# check - mimetype
|
|
|
|
|
allowed_mime = opt["Allowed_MIME"]
|
|
|
|
|
for f in files:
|
|
|
|
|
mime = magic.Magic(mime=True)
|
|
|
|
|
type = mime.from_buffer(f)
|
|
|
|
|
if not(type in allowed_mime): return "File format error", 400
|
|
|
|
|
# run processor
|
|
|
|
|
ftab = pgclass.SQLfile
|
|
|
|
|
for f in files:
|
|
|
|
|
mime = magic.Magic(mime=True)
|
|
|
|
|
type = mime.from_buffer(f)
|
|
|
|
|
fsql = ftab(reference = hash, binary = f, type = type)
|
|
|
|
|
session.add(fsql)
|
|
|
|
|
|
|
|
|
|
# IP
|
|
|
|
|
ip = request.remote_addr
|
|
|
|
|
|
|
|
|
|
# ig posting
|
|
|
|
|
if chk_before_post:
|
|
|
|
|
igid = None
|
|
|
|
|
# Go posting
|
|
|
|
|
igid = None
|
|
|
|
|
# Coming Soon...
|
2024-11-15 02:12:21 +08:00
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
# mark
|
|
|
|
|
if chk_before_post: mark = "pending"
|
|
|
|
|
else: mark = "visible"
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
2024-11-19 02:19:25 +08:00
|
|
|
|
# posting
|
|
|
|
|
data = table(hash = hash, ctx = ctx, igid = igid, mark = mark, reference = ref, ip = ip)
|
|
|
|
|
session.add(data)
|
|
|
|
|
session.commit()
|
|
|
|
|
# pg getdata
|
|
|
|
|
res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.hash, table.reference).filter(table.hash == hash).all()
|
|
|
|
|
fres = session.query(ftab.id).filter(ftab.reference == hash).all()
|
|
|
|
|
res = [ {"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4], "hash":r[5], "reference":r[6],
|
|
|
|
|
"files": [f[0] for f in fres]
|
|
|
|
|
} for r in res ]
|
2024-11-13 21:20:21 +08:00
|
|
|
|
|
|
|
|
|
# logger
|
2024-11-15 02:12:21 +08:00
|
|
|
|
logger.logger(db, "newpost", "New post (id=%d point to %s): %s"%(res[0]["id"], ref, mark))
|
2024-11-13 21:20:21 +08:00
|
|
|
|
|
2024-11-18 02:47:25 +08:00
|
|
|
|
return jsonify(res), 201
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
|
|
|
|
# 只有發文者可以看到的獲取指定文章
|
|
|
|
|
# 只有發文者可以做到的刪除文章
|
|
|
|
|
@article.route("/own/<sha256>", methods = ["GET", "DELETE"])
|
|
|
|
|
def owner_getarticle(sha256:str):
|
|
|
|
|
db = current_app.shared_resource.engine
|
|
|
|
|
Session = sessionmaker(bind=db)
|
2024-11-13 21:20:21 +08:00
|
|
|
|
table = pgclass.SQLarticle
|
2024-11-15 02:12:21 +08:00
|
|
|
|
ftab = pgclass.SQLfile
|
2024-11-13 03:23:11 +08:00
|
|
|
|
|
|
|
|
|
# 獲取指定文章
|
|
|
|
|
if request.method == "GET":
|
2024-11-19 02:19:25 +08:00
|
|
|
|
with Session() as session:
|
|
|
|
|
res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.hash, table.reference).filter(table.hash == sha256).all()
|
|
|
|
|
resfn = [
|
|
|
|
|
{"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4], "hash":r[5], "reference":r[6],
|
|
|
|
|
"comment":[ c[0] for c in session.query(table.id).filter(table.reference == int(r[0])).all() ], # comments
|
|
|
|
|
"files":[ f[0] for f in session.query(ftab.id).filter(ftab.reference == r[5]).all() ]} # files
|
|
|
|
|
for r in res
|
|
|
|
|
]
|
2024-11-15 02:12:21 +08:00
|
|
|
|
return jsonify(resfn), 200
|
|
|
|
|
# 刪除指定文章跟他們的留言、檔案
|
2024-11-13 03:23:11 +08:00
|
|
|
|
elif request.method == "DELETE":
|
2024-11-19 02:19:25 +08:00
|
|
|
|
with Session() as session:
|
|
|
|
|
rcl = []
|
|
|
|
|
res = session.query(table).filter(table.hash == sha256).first() # 本體
|
|
|
|
|
if res is None: return "Post not found", 400 # 檢查本體是否存在
|
|
|
|
|
# 刪除本體檔案
|
|
|
|
|
session.query(ftab).filter(ftab.reference == res.hash).delete()
|
2024-11-15 02:12:21 +08:00
|
|
|
|
# 刪留言
|
2024-11-19 02:19:25 +08:00
|
|
|
|
resc = session.query(table).filter(table.reference == res.id).all() # 留言
|
|
|
|
|
for c in resc:
|
|
|
|
|
rcl.append(c.id)
|
|
|
|
|
# 刪留言的檔案
|
|
|
|
|
session.query(ftab).filter(ftab.reference == c.hash).delete()
|
|
|
|
|
# 刪留言
|
|
|
|
|
session.delete(c)
|
|
|
|
|
# 刪本體
|
|
|
|
|
session.delete(res)
|
|
|
|
|
# commit
|
|
|
|
|
session.commit()
|
2024-11-13 21:20:21 +08:00
|
|
|
|
# logger
|
2024-11-15 02:12:21 +08:00
|
|
|
|
logger.logger(db, "delpost", "Delete post (id=%d with comments %s): last_status=%s"%(res.id, str(rcl), res.mark))
|
2024-11-13 03:23:11 +08:00
|
|
|
|
return "OK", 200
|
|
|
|
|
|
2024-11-15 02:12:21 +08:00
|
|
|
|
session.close()
|
|
|
|
|
|
|
|
|
|
# 獲取匿名文附檔
|
2024-11-19 02:19:25 +08:00
|
|
|
|
@article.route("/file/<int:id>", methods=["GET"])
|
2024-11-15 02:12:21 +08:00
|
|
|
|
def getfile(id:int):
|
|
|
|
|
db = current_app.shared_resource.engine
|
|
|
|
|
Session = sessionmaker(bind=db)
|
|
|
|
|
|
|
|
|
|
table = pgclass.SQLarticle
|
|
|
|
|
ftab = pgclass.SQLfile
|
2024-11-19 02:19:25 +08:00
|
|
|
|
with Session() as session:
|
|
|
|
|
fres = session.query(ftab).filter(ftab.id == id).first()
|
|
|
|
|
if fres is None: return "File not found", 400 # 檢查檔案是否存在
|
|
|
|
|
article = session.query(table).filter(table.hash == fres.reference, table.mark == 'visible').first()
|
|
|
|
|
if article is None: return "File not found", 400 # 檢查文章本體是否存在/可以閱覽
|
2024-11-15 02:12:21 +08:00
|
|
|
|
resp = make_response(fres.binary)
|
|
|
|
|
resp.headers.set("Content-Type", fres.type)
|
2024-11-19 02:19:25 +08:00
|
|
|
|
resp.headers.set("Content-Disposition", f"attachment; filename=file{fres.id}")
|
2024-11-15 02:12:21 +08:00
|
|
|
|
return resp
|