from flask import Blueprint, current_app, request, jsonify import hashlib import time from utils import logger, pgclass, setting_loader from sqlalchemy.orm import sessionmaker from sqlalchemy import desc """ TODO: - Image & Video - IG post - admin (看文,隱藏文章,刪文,[新增用戶,刪除用戶](用戶管理)) - log 的方式之後要重新設計 - IP Record (deploy之前配合rev proxy) """ article = Blueprint('article', __name__) # 匿名文列表 @article.route('/list', methods = ["GET"]) def listing(): # variables rst = int(request.args.get("start")) count = int(request.args.get("count")) # db db = current_app.shared_resource.engine Session = sessionmaker(bind=db) session = Session() # get ctx table = pgclass.SQLarticle res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark).order_by(desc(table.id)).filter(table.mark == 'visible', table.reference == None).offset(rst).limit(count).all() # mapping res = [ {"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4]} for r in res ] return jsonify(res) # 獲取指定文章 @article.route("/get/", methods = ["GET"]) def getarticle(id:int): db = current_app.shared_resource.engine Session = sessionmaker(bind=db) session = Session() # get ctx table = pgclass.SQLarticle res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.reference).filter(table.id == id).filter(table.mark == 'visible').all() # mapping resfn = [] for r in res: rd = {"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4], "reference":r[5]} comments = session.query(table.id).filter(table.reference == int(r[0]), table.mark == "visible").all() rd["comment"] = [ c[0] for c in comments ] resfn.append(rd) return jsonify(resfn) # 上傳文章 / 留言 @article.route("/post", methods = ["POST"]) def posting(): # db db = current_app.shared_resource.engine Session = sessionmaker(bind=db) session = Session() table = pgclass.SQLarticle # loadset opt = setting_loader.loadset() chk_before_post = opt["Check_Before_Post"] # content ctx = request.json["ctx"] if ctx is None: return "no content" else: ctx = str(ctx) # reference ref = request.json["ref"] if not (ref is None): # 如果ref不是null ref = str(ref) # 轉字串 if not (ref == ""): # 如果不是空字串 -> 檢查 if not ref.isdigit(): return "Invalid Reference" # 檢查是不是數字 # 檢查是不是指向存在的文章 chk = session.query(table).filter(table.id == ref, table.mark == "visible").first() if chk is None: return "Invalid Reference" # 檢查指向的文章是否也是留言 if not(chk.reference is None): return "Invalid Reference" else: # 如果是空字串 -> 轉 null object ref = None # IP ip = request.remote_addr # hash seed = ctx + str(time.time()) hash = hashlib.sha256(seed.encode()).hexdigest() # file processing # ig posting if chk_before_post: igid = None # Go posting igid = None # Coming Soon... # mark if chk_before_post: mark = "pending" else: mark = "visible" # posting data = table(hash = hash, ctx = ctx, igid = igid, mark = mark, reference = ref, ip = ip) session.add(data) # commit session.commit() # pg getdata res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.hash, table.reference).filter(table.hash == hash).all() res = [ {"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4], "hash":r[5], "reference":r[6]} for r in res ] session.close() # logger logger.logger(db, "newpost", "Insert (id=%d): posts (point to %s) / %s"%(res[0]["id"], ref, mark)) return jsonify(res) # 只有發文者可以看到的獲取指定文章 # 只有發文者可以做到的刪除文章 @article.route("/own/", methods = ["GET", "DELETE"]) def owner_getarticle(sha256:str): db = current_app.shared_resource.engine Session = sessionmaker(bind=db) session = Session() table = pgclass.SQLarticle # 獲取指定文章 if request.method == "GET": res = session.query(table.id, table.ctx, table.igid, table.created_at, table.mark, table.hash, table.reference).filter(table.hash == sha256).all() resfn = [] for r in res: rd = {"id":r[0], "ctx":r[1], "igid":r[2], "created_at":r[3], "mark":r[4], "hash":r[5], "reference":r[6]} comments = session.query(table.id).filter(table.reference == int(r[0])).all() rd["comment"] = [ c[0] for c in comments ] resfn.append(rd) return jsonify(resfn) # 刪除指定文章跟他們的留言 elif request.method == "DELETE": rcl = [] res = session.query(table).filter(table.hash == sha256).first() # 本體 resc = session.query(table).filter(table.reference == res.id).all() # 留言 # 刪留言 for c in resc: rcl.append(c.id) session.delete(c) # 刪本體 session.delete(res) # commit session.commit() # logger logger.logger(db, "delpost", "Delete (id=%d): posts / comments: %s / last status: %s"%(res.id, str(rcl), res.mark)) return "OK", 200 session.close()