fix: csrf_token
This commit is contained in:
DengDai
@@ -3,6 +3,7 @@ from flask_sqlalchemy import SQLAlchemy
|
|||||||
from flask_migrate import Migrate
|
from flask_migrate import Migrate
|
||||||
from flask_login import LoginManager
|
from flask_login import LoginManager
|
||||||
from flask_session import Session
|
from flask_session import Session
|
||||||
|
from flask_wtf.csrf import CSRFProtect
|
||||||
from config import config
|
from config import config
|
||||||
from flask_bootstrap import Bootstrap
|
from flask_bootstrap import Bootstrap
|
||||||
|
|
||||||
@@ -11,6 +12,7 @@ db = SQLAlchemy()
|
|||||||
migrate = Migrate()
|
migrate = Migrate()
|
||||||
login_manager = LoginManager()
|
login_manager = LoginManager()
|
||||||
sess = Session()
|
sess = Session()
|
||||||
|
csrf = CSRFProtect()
|
||||||
bootstrap = Bootstrap()
|
bootstrap = Bootstrap()
|
||||||
# login_manager 的基本配置
|
# login_manager 的基本配置
|
||||||
login_manager.login_view = 'auth.login' # 后面我们会创建一个叫 'auth' 的蓝图
|
login_manager.login_view = 'auth.login' # 后面我们会创建一个叫 'auth' 的蓝图
|
||||||
@@ -31,11 +33,13 @@ def create_app(config_name='default'):
|
|||||||
migrate.init_app(app, db)
|
migrate.init_app(app, db)
|
||||||
login_manager.init_app(app)
|
login_manager.init_app(app)
|
||||||
sess.init_app(app)
|
sess.init_app(app)
|
||||||
|
csrf.init_app(app)
|
||||||
bootstrap.init_app(app)
|
bootstrap.init_app(app)
|
||||||
|
|
||||||
# 注册自定义过滤器
|
# 注册自定义过滤器
|
||||||
from .filters import translate_status
|
from .filters import translate_status, translate_reason
|
||||||
app.jinja_env.filters['translate_status'] = translate_status
|
app.jinja_env.filters['translate_status'] = translate_status
|
||||||
|
app.jinja_env.filters['translate_reason'] = translate_reason
|
||||||
|
|
||||||
# 3. 注册蓝图 (Blueprint)
|
# 3. 注册蓝图 (Blueprint)
|
||||||
# 后面我们会在这里添加蓝图
|
# 后面我们会在这里添加蓝图
|
||||||
|
|||||||
@@ -22,6 +22,26 @@ STATUS_TRANSLATIONS = {
|
|||||||
'expired': '已过期'
|
'expired': '已过期'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
REASON_TRANSLATIONS = {
|
||||||
|
'cheating': '作弊 (刷上传/下载)',
|
||||||
|
'trading': '账号交易/共享',
|
||||||
|
'spam': '发布垃圾/违禁信息',
|
||||||
|
'abusive': '辱骂/人身攻击',
|
||||||
|
'low_ratio': '分享率过低',
|
||||||
|
'hit_and_run': 'H&R (下载不做种)',
|
||||||
|
'fake_seeding': '假做种',
|
||||||
|
'multiple_accounts': '多账号/小号',
|
||||||
|
'account_sharing': '账号共享',
|
||||||
|
'reselling': '倒卖邀请',
|
||||||
|
'harassment': '骚扰他人',
|
||||||
|
'scamming': '诈骗行为',
|
||||||
|
'other': '其他 (请在描述中详述)'
|
||||||
|
}
|
||||||
|
|
||||||
def translate_status(status):
|
def translate_status(status):
|
||||||
"""将英文状态翻译为中文"""
|
"""将英文状态翻译为中文"""
|
||||||
return STATUS_TRANSLATIONS.get(status, status)
|
return STATUS_TRANSLATIONS.get(status, status)
|
||||||
|
|
||||||
|
def translate_reason(reason):
|
||||||
|
"""将英文违规原因翻译为中文"""
|
||||||
|
return REASON_TRANSLATIONS.get(reason, reason)
|
||||||
|
|||||||
10
app/forms.py
10
app/forms.py
@@ -3,6 +3,7 @@ from wtforms import StringField, SubmitField, PasswordField, BooleanField, TextA
|
|||||||
from wtforms.validators import DataRequired, Length, Email, EqualTo, ValidationError, Optional, URL
|
from wtforms.validators import DataRequired, Length, Email, EqualTo, ValidationError, Optional, URL
|
||||||
from .models import User
|
from .models import User
|
||||||
from wtforms_sqlalchemy.fields import QuerySelectField
|
from wtforms_sqlalchemy.fields import QuerySelectField
|
||||||
|
from .filters import REASON_TRANSLATIONS
|
||||||
|
|
||||||
def get_active_partner_sites():
|
def get_active_partner_sites():
|
||||||
return PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name)
|
return PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name)
|
||||||
@@ -56,14 +57,7 @@ class ReportForm(FlaskForm):
|
|||||||
)
|
)
|
||||||
reason_category = SelectField(
|
reason_category = SelectField(
|
||||||
'举报原因分类',
|
'举报原因分类',
|
||||||
choices=[
|
choices=[(k, v) for k, v in REASON_TRANSLATIONS.items()],
|
||||||
('cheating', '作弊 (刷上传/下载)'),
|
|
||||||
('trading', '账号交易/共享'),
|
|
||||||
('spam', '发布垃圾/违禁信息'),
|
|
||||||
('abusive', '辱骂/人身攻击'),
|
|
||||||
('radio', '分享率过低'),
|
|
||||||
('other', '其他 (请在描述中详述)')
|
|
||||||
],
|
|
||||||
validators=[DataRequired()]
|
validators=[DataRequired()]
|
||||||
)
|
)
|
||||||
description = TextAreaField(
|
description = TextAreaField(
|
||||||
|
|||||||
@@ -13,7 +13,7 @@
|
|||||||
<li class="list-group-item"><strong>被举报邮箱:</strong> {{ report.reported_email }}</li>
|
<li class="list-group-item"><strong>被举报邮箱:</strong> {{ report.reported_email }}</li>
|
||||||
<li class="list-group-item"><strong>被举报用户名:</strong> {{ report.reported_username or 'N/A' }}</li>
|
<li class="list-group-item"><strong>被举报用户名:</strong> {{ report.reported_username or 'N/A' }}</li>
|
||||||
<li class="list-group-item"><strong>所属站点:</strong> {{ report.reported_pt_site }}</li>
|
<li class="list-group-item"><strong>所属站点:</strong> {{ report.reported_pt_site }}</li>
|
||||||
<li class="list-group-item"><strong>举报理由:</strong> {{ report.reason_category }}</li>
|
<li class="list-group-item"><strong>举报理由:</strong> {{ report.reason_category | translate_reason }}</li>
|
||||||
<li class="list-group-item"><strong>举报人:</strong> {{ report.reporter.username }}</li>
|
<li class="list-group-item"><strong>举报人:</strong> {{ report.reporter.username }}</li>
|
||||||
<li class="list-group-item"><strong>状态:</strong> <strong class="text-capitalize">{{ report.status | translate_status }}</strong></li>
|
<li class="list-group-item"><strong>状态:</strong> <strong class="text-capitalize">{{ report.status | translate_status }}</strong></li>
|
||||||
<li class="list-group-item"><strong>详细描述:</strong><br><span style="white-space: pre-wrap;">{{ report.description }}</span></li>
|
<li class="list-group-item"><strong>详细描述:</strong><br><span style="white-space: pre-wrap;">{{ report.description }}</span></li>
|
||||||
|
|||||||
@@ -46,7 +46,7 @@
|
|||||||
<ul class="list-group list-group-flush">
|
<ul class="list-group list-group-flush">
|
||||||
<li class="list-group-item"><strong>违规站点:</strong> {{ search_result.pt_site }}</li>
|
<li class="list-group-item"><strong>违规站点:</strong> {{ search_result.pt_site }}</li>
|
||||||
{% if search_result.report %}
|
{% if search_result.report %}
|
||||||
<li class="list-group-item"><strong>违规原因:</strong> {{ search_result.report.reason_category }}</li>
|
<li class="list-group-item"><strong>违规原因:</strong> {{ search_result.report.reason_category | translate_reason }}</li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<li class="list-group-item"><strong>记录时间:</strong> {{ search_result.created_at.strftime('%Y-%m-%d') }}</li>
|
<li class="list-group-item"><strong>记录时间:</strong> {{ search_result.created_at.strftime('%Y-%m-%d') }}</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|||||||
@@ -10,7 +10,11 @@ class Config:
|
|||||||
"""基础配置类"""
|
"""基础配置类"""
|
||||||
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-hard-to-guess-string'
|
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-hard-to-guess-string'
|
||||||
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
||||||
|
|
||||||
|
# CSRF 配置
|
||||||
|
WTF_CSRF_ENABLED = True
|
||||||
|
WTF_CSRF_TIME_LIMIT = None
|
||||||
|
|
||||||
# Session 配置
|
# Session 配置
|
||||||
SESSION_TYPE = 'redis'
|
SESSION_TYPE = 'redis'
|
||||||
SESSION_PERMANENT = False
|
SESSION_PERMANENT = False
|
||||||
|
|||||||
Reference in New Issue
Block a user