EnglishPal/app/account_service.py

from flask import Blueprint, request, render_template, jsonify,session,redirect, url_for,escape
from Login import check_username_availability, verify_user, add_user,get_expiry_date, change_password, WarningMessage

# 初始化蓝图
accountService = Blueprint("accountService", __name__)

### sign-up, login, logout, reset###
@accountService.route("/signup", methods=['GET', 'POST'])
def signup():
    '''
    注册
    :return: 根据注册是否成功返回不同界面
    '''
    # GET方法直接返回注册页面
    if request.method == 'GET':
        return render_template('signup.html')

    # POST方法需判断是否注册成功，再根据结果返回不同的内容
    username = escape(request.form['username'])
    password = escape(request.form['password'])
    #! 添加如下代码为了过滤注册时的非法字符
    warn = WarningMessage(username)
    if str(warn) != 'OK':
        return jsonify({'status': '3', 'warn': str(warn)})
    available = check_username_availability(username)
    # 用户名不可用
    if not available:
        return jsonify({'status': '0'})
    # 用户名可用,添加账户信息
    add_user(username, password)
    verified = verify_user(username, password)
    # 注册成功，写入session
    if verified:
        session['logged_in'] = True
        session[username] = username
        session['username'] = username
        session['expiry_date'] = get_expiry_date(username)
        session['visited_articles'] = None
        return jsonify({'status': '2'})
    # 验证失败
    return jsonify({'status': '1'})



@accountService.route("/login", methods=['GET', 'POST'])
def login():
    '''
    登录
    :return: 根据登录是否成功返回不同页面
    '''
    # GET方法直接返回登录页面
    if request.method == 'GET':
        return render_template('login.html')

    # POST方法用于判断登录是否成功，检查数据库并验证用户，再根据结果返回不同的内容
    username = escape(request.form['username'])
    password = escape(request.form['password'])
    verified = verify_user(username, password)
    # 登录成功，写入session
    if verified:
        session['logged_in'] = True
        session[username] = username
        session['username'] = username
        user_expiry_date = get_expiry_date(username)
        session['expiry_date'] = user_expiry_date
        session['visited_articles'] = None
        return jsonify({'status': '1'})
    #验证失败
    return jsonify({'status': '0'})


@accountService.route("/logout", methods=['GET', 'POST'])
def logout():
    '''
    登出
    :return: 重定位到主界面
    '''
    # 将session标记为登出状态
    session['logged_in'] = False
    return redirect(url_for('mainpage'))


@accountService.route("/reset", methods=['GET', 'POST'])
def reset():
    '''
    重设密码
    :return: 返回适当的页面
    '''
    # 下列方法用于防止未登录状态下的修改密码
    if not session.get('logged_in'):
        return render_template('login.html')
    username = session['username']
    if username == '':
        return redirect('/login')

    # GET请求返回修改密码页面
    if request.method == 'GET':
        return render_template('reset.html', username=session['username'], state='wait')

    # POST请求用于提交修改后信息
    old_password = escape(request.form['old-password'])
    new_password = escape(request.form['new-password'])
    flag = change_password(username, old_password, new_password) # flag表示是否修改成功
    # 修改成功
    if flag:
        session['logged_in'] = False
        return jsonify({'status':'1'})
    # 修改失败
    return jsonify({'status':'2'})