MrDoc/app_api/views.py
2021-08-17 07:51:47 +08:00

309 lines
13 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

from django.shortcuts import render
from django.http.response import JsonResponse,HttpResponse
from django.views.decorators.csrf import csrf_exempt # CSRF装饰器
from django.views.decorators.http import require_http_methods,require_safe,require_GET
from django.contrib.auth.decorators import login_required # 登录需求装饰器
from django.core.exceptions import PermissionDenied,ObjectDoesNotExist
from django.conf import settings
from django.contrib.auth import authenticate,login,logout # 认证相关方法
from django.contrib.auth.models import User # Django默认用户模型
from django.shortcuts import render,redirect
from django.utils.translation import gettext_lazy as _
from app_doc.util_upload_img import upload_generation_dir,base_img_upload
from app_api.models import UserToken
from app_doc.models import Project,Doc,DocHistory,Image
from loguru import logger
import time,hashlib
import traceback,json
import datetime
# MrDoc 基于用户的Token访问API模块
# 用户通过该url获取服务器时间戳便于接口访问
# url范例http://127.0.0.1:8000/api/get_timestamp/
def get_timestamp(request):
now_time = str(int(time.time()))
return JsonResponse({'status':True,'data':now_time})
def oauth0(request):
# url范例http://127.0.0.1:8000/api/oauth0/?username=huyang&timestamp=1608797025&randstr=123adsfadf&hashstr=c171ce95ef3789d922cb6663c678c255&redirecturl=http%3A%2F%2F127.0.0.1%3A8000%2Fproject-1%2Fdoc-10%2F
if request.method == 'GET':
try:
username = request.GET.get("username","")
timestamp = request.GET.get("timestamp","")
randstr = request.GET.get("randstr","")
hashstr = request.GET.get("hashstr","")
redirecturl = request.GET.get("redirecturl","/")
if redirecturl == "" :
# 必须用判断的方式否则url里提交redirecturl= 还是为空
redirecturl = "/"
if "" not in [username,timestamp,randstr,hashstr] :
# 都不为空,才验证哦
# 1 、验证timestamp的时效性
nowtime = int (time.time())
# 时间戳失效时间默认为3600可以改短如30严格点5秒如果使用5秒请求前需要通过get_timestamp获取服务器时间戳否则因为和服务器时间差导致无法验证通过
if (nowtime - int(timestamp)) > 3600 :
raise ValueError(_('链接已失效,请从合法路径访问,或联系管理员!'))
# 2、获取userid的Token
user = User.objects.get(username=username)
if user is None:
raise ValueError(_('请求用户出错!'))
ID = user.id
State = user.is_active
if State == 1 and ID is not None:
usertoken = UserToken.objects.get(user_id=ID)
token = usertoken.token
else:
raise ValueError(_('非法用户!'))
# 3、 验证hash的正确性
final_str = str(randstr) + str(timestamp) + str(username) + token
md5 = hashlib.md5(final_str.encode("utf-8")).hexdigest() # 不支持中文
if md5 == hashstr:
# 用户验证成功
login(request,user)
from urllib.parse import unquote
newurl = unquote(redirecturl)
return redirect(newurl)
else:
raise ValueError(_('验证失败,可能是用户名或Token不正确!详情请联系管理员!'))
else:
raise ValueError(_('关键字验证失败,请联系管理员!部分关键字为空'))
except ValueError as e:
errormsg = e
return render(request, 'app_api/api404.html', locals())
except :
errormsg = _("API接口运行出错")
return render(request, 'app_api/api404.html', locals())
else:
return JsonResponse({'status':False,'data':'Nothing Here'})
# Token管理页面
@require_http_methods(['POST','GET'])
@login_required()
def manage_token(request):
if request.method == 'GET':
try:
token = UserToken.objects.get(user=request.user).token # 查询用户Token
except ObjectDoesNotExist:
token = _('你还没有生成过Token')
except:
if settings.DEBUG:
logger.exception(_("Token管理页面异常"))
return render(request,'app_api/manage_token.html',locals())
elif request.method == 'POST':
try:
user = request.user
now_time =str(time.time())
string = 'user_{}_time_{}'.format(user,now_time).encode('utf-8')
token_str = hashlib.sha224(string).hexdigest()
user_token = UserToken.objects.filter(user=user)
if user_token.exists():
UserToken.objects.get(user=user).delete()
UserToken.objects.create(
user=user,
token=token_str
)
return JsonResponse({'status':True,'data':token_str})
except:
logger.exception(_("用户Token生成异常"))
return JsonResponse({'status':False,'data':_('生成出错,请重试!')})
# 获取文集
@require_GET
def get_projects(request):
token = request.GET.get('token','')
try:
token = UserToken.objects.get(token=token)
projects = Project.objects.filter(create_user=token.user) # 查询文集
project_list = []
for project in projects:
item = {
'id':project.id, # 文集ID
'name':project.name, # 文集名称
'type':project.role # 文集状态
}
project_list.append(item)
return JsonResponse({'status':True,'data':project_list})
except ObjectDoesNotExist:
return JsonResponse({'status':False,'data':_('token无效')})
except:
logger.exception(_("token获取文集异常"))
return JsonResponse({'status':False,'data':_('系统异常')})
# 获取文集下的文档列表
def get_docs(request):
token = request.GET.get('token', '')
try:
token = UserToken.objects.get(token=token)
pid = request.GET.get('pid','')
docs = Doc.objects.filter(create_user=token.user,top_doc=pid) # 查询文集下的文档
doc_list = []
for doc in docs:
item = {
'id': doc.id, # 文档ID
'name': doc.name, # 文档名称
'parent_doc':doc.parent_doc, # 上级文档
'top_doc':doc.top_doc, # 所属文集
'status':doc.status, # 文档状态
'create_time': doc.create_time, # 文档创建时间
'modify_time': doc.modify_time, # 文档的修改时间
'create_user': doc.create_user.username # 文档的创建者
}
doc_list.append(item)
return JsonResponse({'status': True, 'data': doc_list})
except ObjectDoesNotExist:
return JsonResponse({'status': False, 'data': _('token无效')})
except:
logger.exception(_("token获取文集异常"))
return JsonResponse({'status': False, 'data': _('系统异常')})
# 获取单篇文档
def get_doc(request):
token = request.GET.get('token', '')
try:
token = UserToken.objects.get(token=token)
did = request.GET.get('did', '')
doc = Doc.objects.get(create_user=token.user, id=did) # 查询文集下的文档
item = {
'id': doc.id, # 文档ID
'name': doc.name, # 文档名称
'md_content':doc.pre_content, # 文档内容
'parent_doc':doc.parent_doc, # 上级文档
'top_doc':doc.top_doc, # 所属文集
'status':doc.status, # 文档状态
'create_time': doc.create_time, # 文档创建时间
'modify_time': doc.modify_time, # 文档的修改时间
'create_user': doc.create_user.username # 文档的创建者
}
return JsonResponse({'status': True, 'data': item})
except ObjectDoesNotExist:
return JsonResponse({'status': False, 'data': _('token无效')})
except:
logger.exception("token获取文集异常")
return JsonResponse({'status': False, 'data': _('系统异常')})
# 新建文集
@require_http_methods(['GET','POST'])
@csrf_exempt
def create_project(request):
token = request.GET.get('token', '')
project_name = request.POST.get('name','')
project_desc = request.POST.get('desc','')
project_role = request.POST.get('role',1)
try:
# 验证Token
token = UserToken.objects.get(token=token)
Project.objects.create(
name = project_name, # 文集名称
intro = project_desc, # 文集简介
role = project_role, # 文集权限
create_user = token.user # 创建的用户
)
return JsonResponse({'status': True, 'data': 'ok'})
except ObjectDoesNotExist:
return JsonResponse({'status': False, 'data': _('token无效')})
except:
logger.exception(_("token创建文集异常"))
return JsonResponse({'status':False,'data':_('系统异常')})
# 新建文档
@require_http_methods(['GET','POST'])
@csrf_exempt
def create_doc(request):
token = request.GET.get('token', '')
project_id = request.POST.get('pid','')
doc_title = request.POST.get('title','')
doc_content = request.POST.get('doc','')
editor_mode = request.POST.get('editor_mode',1)
try:
# 验证Token
token = UserToken.objects.get(token=token)
# 文集是否属于用户
is_project = Project.objects.filter(create_user=token.user,id=project_id)
# 新建文档
if is_project.exists():
Doc.objects.create(
name = doc_title, # 文档内容
pre_content = doc_content, # 文档的编辑内容,意即编辑框输入的内容
top_doc = project_id, # 所属文集
editor_mode = editor_mode, # 编辑器模式
create_user = token.user # 创建的用户
)
return JsonResponse({'status': True, 'data': 'ok'})
else:
return JsonResponse({'status':False,'data':_('非法请求')})
except ObjectDoesNotExist:
return JsonResponse({'status': False, 'data': _('token无效')})
except:
logger.exception(_("token创建文档异常"))
return JsonResponse({'status':False,'data':_('系统异常')})
# 更新修改文档
@require_http_methods(['GET','POST'])
@csrf_exempt
def modify_doc(request):
token = request.GET.get('token', '')
project_id = request.POST.get('pid','')
doc_id = request.POST.get('did', '')
doc_title = request.POST.get('title','')
doc_content = request.POST.get('doc','')
try:
# 验证Token
token = UserToken.objects.get(token=token)
# 文集是否属于用户
is_project = Project.objects.filter(create_user=token.user,id=project_id)
# 修改现有文档
if is_project.exists():
# 将现有文档内容写入到文档历史中
doc = Doc.objects.get(id=doc_id)
DocHistory.objects.create(
doc=doc,
pre_content=doc.pre_content,
create_user=token.user
)
# 更新修改现有文档
Doc.objects.filter(id=int(doc_id)).update(
name=doc_title,
pre_content=doc_content,
modify_time=datetime.datetime.now(),
)
return JsonResponse({'status': True, 'data': 'ok'})
else:
return JsonResponse({'status':False,'data':'非法请求'})
except ObjectDoesNotExist:
return JsonResponse({'status': False, 'data': 'token无效'})
except:
logger.exception("token修改文档异常")
return JsonResponse({'status':False,'data':'系统异常'})
# 上传图片
@csrf_exempt
@require_http_methods(['GET','POST'])
def upload_img(request):
##################
# {"success": 0, "message": "出错信息"}
# {"success": 1, "url": "图片地址"}
##################
token = request.GET.get('token', '')
base64_img = request.POST.get('data','')
try:
# 验证Token
token = UserToken.objects.get(token=token)
# 上传图片
result = base_img_upload(base64_img, '', token.user)
return JsonResponse(result)
# return HttpResponse(json.dumps(result), content_type="application/json")
except ObjectDoesNotExist:
return JsonResponse({'success': 0, 'data': _('token无效')})
except:
logger.exception(_("token上传图片异常"))
return JsonResponse({'success':0,'data':_('上传出错')})