niming_backend/blueprints/article.py

145 lines
4.9 KiB
Python
Raw Normal View History

2024-11-13 03:23:11 +08:00
import time
2024-11-19 21:22:01 +08:00
import hashlib
import magic
2024-11-19 22:58:15 +08:00
from flask import Blueprint, request, jsonify
2024-11-19 21:22:01 +08:00
from google.protobuf.message import DecodeError
2024-11-14 13:03:00 +08:00
from utils import logger, pgclass, setting_loader
2024-11-19 21:22:01 +08:00
from utils.dbhelper import db, solo_article_fetcher, multi_article_fetcher, solo_file_fetcher, solo_article_remover
from utils.misc import error
from protobuf_files import niming_pb2
2024-11-13 03:23:11 +08:00
"""
TODO:
2024-11-19 02:19:25 +08:00
- IG post ( Po文刪文只PO本體文章 )
2024-11-14 13:03:00 +08:00
2024-11-18 02:47:25 +08:00
- log 的方式之後要重新設計 > 正規化
2024-11-14 13:03:00 +08:00
- IP Record (deploy之前配合rev proxy)
2024-11-19 02:19:25 +08:00
- gunicorn
- 檔案完成但是再看看要不要讓發文者持sha256存取自己發的文的檔案
2024-11-13 03:23:11 +08:00
"""
article = Blueprint('article', __name__)
# 匿名文列表
@article.route('/list', methods = ["GET"])
def listing():
2024-11-19 21:22:01 +08:00
res, code = multi_article_fetcher("general", request.args.get("start"), request.args.get("count"))
return res, code
# 獲取匿名文附檔
@article.route("/file/<int:id>", methods=["GET"])
def getfile(id:int):
resp, code = solo_file_fetcher("general", id)
return resp, code
2024-11-13 03:23:11 +08:00
2024-11-19 21:22:01 +08:00
# 只有發文者可以看到的獲取指定文章
# 只有發文者可以做到的刪除文章
@article.route("/own/<sha256>", methods = ["GET", "DELETE"])
def owner_getarticle(sha256:str):
table = pgclass.SQLarticle
ftab = pgclass.SQLfile
# 獲取指定文章
if request.method == "GET":
resfn, code = solo_article_fetcher("owner", key=sha256)
return jsonify(resfn), code
# 刪除指定文章跟他們的留言、檔案
elif request.method == "DELETE":
result, code = solo_article_remover("general", hash=sha256)
if "error" in result: return jsonify(result), code
2024-11-13 03:23:11 +08:00
2024-11-19 21:22:01 +08:00
logger.logger("delpost", "Delete post (id=%d with comments %s): last_status=%s"
%(result["id"], str(result["rcl"]), str(result["mark"])))
return jsonify({"result":"OK"}), code
2024-11-13 03:23:11 +08:00
# 獲取指定文章
2024-11-19 21:22:01 +08:00
@article.route("/<int:id>", methods = ["GET"])
2024-11-13 03:23:11 +08:00
def getarticle(id:int):
2024-11-19 21:22:01 +08:00
resfn, code = solo_article_fetcher("general", key=id)
return jsonify(resfn), code
2024-11-13 03:23:11 +08:00
2024-11-14 13:03:00 +08:00
# 上傳文章 / 留言
2024-11-19 21:22:01 +08:00
@article.route("/", methods = ["POST"])
2024-11-13 03:23:11 +08:00
def posting():
2024-11-18 02:47:25 +08:00
# flow:
# ctx -> hash -> reference -> file -> IP -> IG -> mark -> post | -> log
2024-11-14 13:03:00 +08:00
# loadset
opt = setting_loader.loadset()
chk_before_post = opt["Check_Before_Post"]
maxword = opt["Niming_Max_Word"]
2024-11-19 21:22:01 +08:00
# protobuf parse
recv = niming_pb2.DataMessage()
2024-11-19 02:19:25 +08:00
try: recv.ParseFromString(request.data)
2024-11-19 21:22:01 +08:00
except DecodeError: return error("Protobuf decode error"), 400
2024-11-13 03:23:11 +08:00
# content
2024-11-19 21:22:01 +08:00
ctx = str(recv.ctx)
if len(ctx) == 0 or len(ctx) > maxword: # length check
return error("no content or too many words"), 400
2024-11-13 03:23:11 +08:00
# hash
seed = ctx + str(time.time())
hash = hashlib.sha256(seed.encode()).hexdigest()
2024-11-19 21:22:01 +08:00
# SQL start
table = pgclass.SQLarticle
with db.getsession() as session:
2024-11-19 02:19:25 +08:00
# reference
2024-11-19 21:22:01 +08:00
ref = int(recv.ref)
2024-11-19 02:19:25 +08:00
if not (ref == 0): # 如果ref不是0
# 檢查是不是指向存在的文章
chk = session.query(table).filter(table.id == ref, table.mark == "visible").first()
2024-11-19 21:22:01 +08:00
if chk is None: return error("Invalid Reference"), 400
2024-11-19 02:19:25 +08:00
# 檢查指向的文章是否也是留言
2024-11-19 21:22:01 +08:00
if not(chk.reference is None): return error("Invalid Reference"), 400
2024-11-19 02:19:25 +08:00
else:
ref = None
2024-11-19 02:19:25 +08:00
# file processing
files = recv.files
# check - size
atts = opt["Attachment_Count"]
sizelimit = opt["Attachment_Size"]
2024-11-19 21:22:01 +08:00
if len(files) > atts: return error("Too many files"), 400
2024-11-19 02:19:25 +08:00
for f in files:
2024-11-19 21:22:01 +08:00
if len(f) <= 0 or len(f) > sizelimit: return error("File size error"), 400
2024-11-19 02:19:25 +08:00
# check - mimetype
allowed_mime = opt["Allowed_MIME"]
for f in files:
mime = magic.Magic(mime=True)
type = mime.from_buffer(f)
2024-11-19 21:22:01 +08:00
if not(type in allowed_mime): return error("File format error"), 400
2024-11-19 02:19:25 +08:00
# run processor
ftab = pgclass.SQLfile
for f in files:
mime = magic.Magic(mime=True)
type = mime.from_buffer(f)
fsql = ftab(reference = hash, binary = f, type = type)
session.add(fsql)
# IP
ip = request.remote_addr
# ig posting
if chk_before_post:
igid = None
# Go posting
igid = None
# Coming Soon...
2024-11-19 02:19:25 +08:00
# mark
if chk_before_post: mark = "pending"
else: mark = "visible"
2024-11-13 03:23:11 +08:00
2024-11-19 02:19:25 +08:00
# posting
data = table(hash = hash, ctx = ctx, igid = igid, mark = mark, reference = ref, ip = ip)
session.add(data)
session.commit()
2024-11-13 21:20:21 +08:00
2024-11-19 21:22:01 +08:00
result, code = solo_article_fetcher(role="owner", key=hash)
2024-11-13 21:20:21 +08:00
# logger
2024-11-19 21:22:01 +08:00
logger.logger("newpost", "New post (id=%d point to %s): %s"%(result["id"], ref, mark))
return result, code