2023-03-23 17:12:23 +08:00
|
|
|
# System Library
|
2023-03-20 20:16:48 +08:00
|
|
|
from flask import *
|
2024-07-04 09:29:55 +08:00
|
|
|
from markupsafe import escape
|
2023-03-23 17:12:23 +08:00
|
|
|
|
|
|
|
# Personal library
|
2023-03-20 20:16:48 +08:00
|
|
|
from Yaml import yml
|
2023-03-23 17:12:23 +08:00
|
|
|
from model.user import *
|
|
|
|
from model.article import *
|
2023-03-20 20:16:48 +08:00
|
|
|
|
2023-03-20 20:19:56 +08:00
|
|
|
ADMIN_NAME = "lanhui" # unique admin name
|
2023-03-20 20:16:48 +08:00
|
|
|
_cur_page = 1 # current article page
|
|
|
|
_page_size = 5 # article sizes per page
|
|
|
|
adminService = Blueprint("admin_service", __name__)
|
|
|
|
|
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
def check_is_admin():
|
2023-03-20 20:16:48 +08:00
|
|
|
# 未登录,跳转到未登录界面
|
|
|
|
if not session.get("logged_in"):
|
|
|
|
return render_template("not_login.html")
|
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
# 用户名不是admin_name
|
|
|
|
if session.get("username") != ADMIN_NAME:
|
2023-03-20 20:16:48 +08:00
|
|
|
return "You are not admin!"
|
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
return "pass"
|
|
|
|
|
|
|
|
|
|
|
|
@adminService.route("/admin", methods=["GET"])
|
|
|
|
def admin():
|
|
|
|
is_admin = check_is_admin()
|
|
|
|
if is_admin != "pass":
|
|
|
|
return is_admin
|
|
|
|
|
|
|
|
return render_template(
|
|
|
|
"admin_index.html", yml=yml, username=session.get("username")
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
@adminService.route("/admin/article", methods=["GET", "POST"])
|
|
|
|
def article():
|
2024-07-04 09:29:55 +08:00
|
|
|
|
|
|
|
def _make_title_and_content(article_lst):
|
|
|
|
for article in article_lst:
|
|
|
|
text = escape(article.text) # Fix XSS vulnerability, contributed by Xu Xuan
|
|
|
|
article.title = text.split("\n")[0]
|
|
|
|
article.content = '<br/>'.join(text.split("\n")[1:])
|
|
|
|
|
|
|
|
|
|
|
|
def _update_context():
|
|
|
|
article_len = get_number_of_articles()
|
|
|
|
context["article_number"] = article_len
|
|
|
|
context["text_list"] = get_page_articles(_cur_page, _page_size)
|
|
|
|
_articles = get_page_articles(_cur_page, _page_size)
|
|
|
|
_make_title_and_content(_articles)
|
|
|
|
context["text_list"] = _articles
|
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
global _cur_page, _page_size
|
|
|
|
|
|
|
|
is_admin = check_is_admin()
|
|
|
|
if is_admin != "pass":
|
|
|
|
return is_admin
|
|
|
|
|
2023-03-23 17:34:37 +08:00
|
|
|
_article_number = get_number_of_articles()
|
2024-07-04 09:29:55 +08:00
|
|
|
|
2023-03-20 20:16:48 +08:00
|
|
|
try:
|
2024-07-04 09:29:55 +08:00
|
|
|
_page_size = min(max(1, int(request.args.get("size", 5))), _article_number) # 最小的size是1
|
|
|
|
_cur_page = min(max(1, int(request.args.get("page", 1))), _article_number // _page_size + (_article_number % _page_size > 0)) # 最小的page是1
|
2023-03-20 20:16:48 +08:00
|
|
|
except ValueError:
|
2024-07-04 09:29:55 +08:00
|
|
|
return "page parameters must be integer!"
|
|
|
|
|
2023-03-23 17:34:37 +08:00
|
|
|
_articles = get_page_articles(_cur_page, _page_size)
|
2024-07-04 09:29:55 +08:00
|
|
|
_make_title_and_content(_articles)
|
2023-03-23 17:34:37 +08:00
|
|
|
|
2023-03-20 20:16:48 +08:00
|
|
|
context = {
|
2023-03-23 17:34:37 +08:00
|
|
|
"article_number": _article_number,
|
|
|
|
"text_list": _articles,
|
2023-03-20 20:16:48 +08:00
|
|
|
"page_size": _page_size,
|
|
|
|
"cur_page": _cur_page,
|
2023-03-23 17:12:23 +08:00
|
|
|
"username": session.get("username"),
|
2023-03-20 20:16:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if request.method == "GET":
|
2023-03-23 17:12:23 +08:00
|
|
|
try:
|
|
|
|
delete_id = int(request.args.get("delete_id", 0))
|
|
|
|
except:
|
2024-07-04 09:29:55 +08:00
|
|
|
return "Delete article ID must be integer!"
|
2023-03-21 12:42:59 +08:00
|
|
|
if delete_id: # delete article
|
2023-03-23 17:12:23 +08:00
|
|
|
delete_article_by_id(delete_id)
|
2023-03-20 20:16:48 +08:00
|
|
|
_update_context()
|
2024-07-04 09:29:55 +08:00
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
elif request.method == "POST":
|
2023-03-20 20:16:48 +08:00
|
|
|
data = request.form
|
|
|
|
content = data.get("content", "")
|
|
|
|
source = data.get("source", "")
|
|
|
|
question = data.get("question", "")
|
2023-03-26 09:59:06 +08:00
|
|
|
level = data.get("level", "4")
|
2023-03-20 20:16:48 +08:00
|
|
|
if content:
|
2023-05-06 17:42:04 +08:00
|
|
|
if level not in ['1', '2', '3', '4']:
|
2023-03-26 09:59:06 +08:00
|
|
|
return "Level must be between 1 and 4."
|
2023-03-20 23:37:27 +08:00
|
|
|
add_article(content, source, level, question)
|
2023-03-20 20:16:48 +08:00
|
|
|
_update_context()
|
2023-03-26 09:44:39 +08:00
|
|
|
title = content.split('\n')[0]
|
|
|
|
flash(f'Article added. Title: {title}')
|
2024-07-04 09:29:55 +08:00
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
return render_template("admin_manage_article.html", **context)
|
2023-03-20 20:16:48 +08:00
|
|
|
|
|
|
|
|
2023-03-23 17:12:23 +08:00
|
|
|
@adminService.route("/admin/user", methods=["GET", "POST"])
|
|
|
|
def user():
|
|
|
|
is_admin = check_is_admin()
|
|
|
|
if is_admin != "pass":
|
|
|
|
return is_admin
|
|
|
|
|
|
|
|
context = {
|
|
|
|
"user_list": get_users(),
|
|
|
|
"username": session.get("username"),
|
|
|
|
}
|
|
|
|
if request.method == "POST":
|
|
|
|
data = request.form
|
|
|
|
username = data.get("username","")
|
|
|
|
new_password = data.get("new_password", "")
|
|
|
|
expiry_time = data.get("expiry_time", "")
|
|
|
|
if username:
|
|
|
|
if new_password:
|
|
|
|
update_password_by_username(username, new_password)
|
2023-03-26 09:44:39 +08:00
|
|
|
flash(f'Password updated to {new_password}')
|
2023-03-23 17:12:23 +08:00
|
|
|
if expiry_time:
|
|
|
|
update_expiry_time_by_username(username, "".join(expiry_time.split("-")))
|
2023-03-26 09:44:39 +08:00
|
|
|
flash(f'Expiry date updated to {expiry_time}.')
|
|
|
|
return render_template("admin_manage_user.html", **context)
|
2023-03-31 13:39:28 +08:00
|
|
|
|
|
|
|
|
|
|
|
@adminService.route("/admin/expiry", methods=["GET"])
|
|
|
|
def user_expiry_time():
|
|
|
|
is_admin = check_is_admin()
|
|
|
|
if is_admin != "pass":
|
|
|
|
return is_admin
|
2023-04-01 16:07:59 +08:00
|
|
|
|
2023-03-31 13:39:28 +08:00
|
|
|
username = request.args.get("username", "")
|
|
|
|
if not username:
|
2023-04-01 16:07:59 +08:00
|
|
|
return "Username can't be empty."
|
|
|
|
|
2023-03-31 13:39:28 +08:00
|
|
|
user = get_user_by_username(username)
|
|
|
|
if not user:
|
2023-04-01 16:07:59 +08:00
|
|
|
return "User does not exist."
|
|
|
|
|
|
|
|
return user.expiry_date
|