DengDai/pt_blacklist
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: log

Browse Source
This commit is contained in:
DengDai
2025-11-24 21:04:58 +08:00
parent ae208d6b39
commit c9e11c4bd1
8 changed files with 180 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
app/__init__.py
View File

@@ -6,33 +6,33 @@ from flask_session import Session
from flask_wtf.csrf import CSRFProtect
from config import config
from flask_bootstrap import Bootstrap
import logging
from logging.handlers import RotatingFileHandler
import os
from datetime import datetime, timedelta
import glob
# 初始化扩展,但此时不传入 app
# 初始化扩展
db = SQLAlchemy()
migrate = Migrate()
login_manager = LoginManager()
sess = Session()
csrf = CSRFProtect()
bootstrap = Bootstrap()
# login_manager 的基本配置
login_manager.login_view = 'auth.login' # 后面我们会创建一个叫 'auth' 的蓝图
login_manager.login_view = 'auth.login'
def create_app(config_name='default'):
"""
应用工厂函数
:param config_name: 配置名称 ('development', 'production')
:return: Flask app instance
"""
"""应用工厂函数创建并配置Flask应用实例"""
app = Flask(__name__)
# 1. 加载配置
# 加载配置
app.config.from_object(config[config_name])
config[config_name].init_app(app)
# 信任代理转发的头信息
# 配置代理转发
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
# 2. 初始化扩展
# 初始化扩展
db.init_app(app)
migrate.init_app(app, db)
login_manager.init_app(app)
@@ -40,17 +40,36 @@ def create_app(config_name='default'):
csrf.init_app(app)
bootstrap.init_app(app)
# 配置日志
if not os.path.exists('logs'):
os.mkdir('logs')
# 清理过期日志
log_retention_days = int(os.environ.get('LOG_RETENTION_DAYS', 7))
cutoff_time = datetime.now() - timedelta(days=log_retention_days)
for log_file in glob.glob('logs/*.log*'):
if os.path.getmtime(log_file) < cutoff_time.timestamp():
os.remove(log_file)
file_handler = RotatingFileHandler('logs/pt_blacklist.log', maxBytes=10240000, backupCount=10)
file_handler.setFormatter(logging.Formatter(
'%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'
))
file_handler.setLevel(logging.INFO)
app.logger.addHandler(file_handler)
app.logger.setLevel(logging.INFO)
app.logger.info('PT黑名单系统启动')
# 注册自定义过滤器
from .filters import translate_status, translate_reason
app.jinja_env.filters['translate_status'] = translate_status
app.jinja_env.filters['translate_reason'] = translate_reason
# 3. 注册蓝图 (Blueprint)
# 后面我们会在这里添加蓝图
# 注册蓝图
from .routes import main as main_blueprint
app.register_blueprint(main_blueprint)
from .auth import auth as auth_blueprint
app.register_blueprint(auth_blueprint, url_prefix='/auth')
return app

14
app/auth/routes.py
View File

@@ -1,4 +1,4 @@
from flask import render_template, redirect, url_for, flash, request
from flask import render_template, redirect, url_for, flash, request, current_app
from flask_login import login_user, logout_user, login_required, current_user
from . import auth
from .. import db
@@ -7,6 +7,7 @@ from ..forms import LoginForm, RegistrationForm
@auth.route('/register', methods=['GET', 'POST'])
def register():
"""用户注册"""
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = RegistrationForm()
@@ -18,36 +19,43 @@ def register():
username=form.username.data,
pt_site=form.pt_site.data,
uid=form.uid.data,
status='pending' # 新用户需要管理员审核
status='pending'
)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
current_app.logger.info(f'新用户注册: {user.username} ({user.email}) - 站点: {user.pt_site}')
flash('注册申请已提交,请等待管理员审核。', 'info')
return redirect(url_for('auth.login'))
return render_template('auth/register.html', form=form)
@auth.route('/login', methods=['GET', 'POST'])
def login():
"""用户登录"""
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None or not user.check_password(form.password.data):
current_app.logger.warning(f'登录失败: {form.email.data} - 无效的邮箱或密码')
flash('无效的邮箱或密码。', 'danger')
return redirect(url_for('auth.login'))
if user.status != 'active':
current_app.logger.warning(f'登录失败: {user.username} - 账户状态: {user.status}')
flash(f'您的账户当前状态为 "{user.status}",无法登录。请联系管理员。', 'warning')
return redirect(url_for('auth.login'))
login_user(user, remember=form.remember_me.data)
current_app.logger.info(f'用户登录: {user.username} ({user.email})')
return redirect(url_for('main.index'))
return render_template('auth/login.html', form=form)
@auth.route('/logout')
@login_required
def logout():
"""用户登出"""
current_app.logger.info(f'用户登出: {current_user.username}')
logout_user()
flash('您已成功登出。')
return redirect(url_for('main.index'))

15
app/decorators.py
View File

@@ -1,27 +1,26 @@
"""权限装饰器"""
from functools import wraps
from flask import abort
from flask_login import current_user
def admin_required(f):
"""仅管理员可访问"""
@wraps(f)
def decorated_function(*args, **kwargs):
if not current_user.is_authenticated or current_user.role != 'admin':
abort(403) # HTTP 403 Forbidden error
abort(403)
return f(*args, **kwargs)
return decorated_function
# === 修正后的通用权限装饰器 ===
def permission_required(*roles):
"""指定角色可访问"""
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not current_user.is_authenticated:
abort(401) # Unauthorized
abort(401)
if current_user.role not in roles:
abort(403) # Forbidden
abort(403)
return f(*args, **kwargs)
# 正确的返回:返回包含了权限检查逻辑的包装函数
return decorated_function # <--- 已修正
return decorated_function
return decorator

14
app/filters.py
View File

@@ -1,24 +1,16 @@
# app/filters.py
# 状态翻译过滤器
"""Jinja2模板过滤器"""
STATUS_TRANSLATIONS = {
# 举报状态
'pending': '待审核',
'in_review': '审核中',
'approved': '已批准',
'rejected': '已驳回',
'revoked': '已撤销',
'overturned': '已推翻',
# 申诉状态
'awaiting_admin_reply': '等待管理员回复',
'awaiting_user_reply': '等待用户回复',
# 用户状态
'active': '正常',
'disabled': '已禁用',
# 黑名单状态
'expired': '已过期'
}
@@ -39,9 +31,9 @@ REASON_TRANSLATIONS = {
}
def translate_status(status):
"""将英文状态翻译为中文"""
"""状态翻译过滤器"""
return STATUS_TRANSLATIONS.get(status, status)
def translate_reason(reason):
"""将英文违规原因翻译为中文"""
"""违规原因翻译过滤器"""
return REASON_TRANSLATIONS.get(reason, reason)

45
app/models.py
View File

@@ -4,6 +4,7 @@ from werkzeug.security import generate_password_hash, check_password_hash
from app import db, login_manager
class PartnerSite(db.Model):
"""合作PT站点模型"""
__tablename__ = 'partner_sites'
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(100), unique=True, nullable=False, index=True)
@@ -14,20 +15,23 @@ class PartnerSite(db.Model):
def __repr__(self):
return f'<PartnerSite {self.name}>'
class User(UserMixin, db.Model):
"""用户模型"""
__tablename__ = 'users'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(64), unique=True, index=True, nullable=False)
email = db.Column(db.String(120), unique=True, index=True, nullable=False)
password_hash = db.Column(db.String(256))
role = db.Column(db.String(16), default='user', index=True) # 'user', 'admin', 'trust_user'
status = db.Column(db.String(16), default='pending', index=True) # 'pending', 'active', 'disabled'
role = db.Column(db.String(16), default='user', index=True)
status = db.Column(db.String(16), default='pending', index=True)
created_at = db.Column(db.DateTime, default=datetime.utcnow)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
pt_site = db.Column(db.String(100)) # 注册时填写的站点
uid = db.Column(db.String(50)) # 注册时填写的 UID
pt_site = db.Column(db.String(100))
uid = db.Column(db.String(50))
reports = db.relationship('Report', backref='reporter', lazy='dynamic')
comments = db.relationship('Comment', back_populates='author', lazy='dynamic')
def set_password(self, password):
self.password_hash = generate_password_hash(password)
@@ -42,6 +46,7 @@ def load_user(user_id):
return User.query.get(int(user_id))
class Report(db.Model):
"""举报模型"""
__tablename__ = 'reports'
__table_args__ = (
db.Index('idx_report_status_created', 'status', 'created_at'),
@@ -52,9 +57,9 @@ class Report(db.Model):
reported_pt_site = db.Column(db.String(100), nullable=False)
reported_username = db.Column(db.String(50))
reported_email = db.Column(db.String(120), index=True, nullable=False)
reason_category = db.Column(db.String(16), nullable=False) # 'cheating', 'trading', 'spam', 'abusive', 'radio', 'other'
reason_category = db.Column(db.String(16), nullable=False)
description = db.Column(db.Text, nullable=False)
status = db.Column(db.String(16), index=True, default='pending') # 'pending', 'approved', 'rejected', 'revoked', 'overturned'
status = db.Column(db.String(16), index=True, default='pending')
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
comments = db.relationship('Comment', backref='report', lazy='dynamic', cascade='all, delete-orphan')
@@ -65,11 +70,12 @@ class Report(db.Model):
return f'<Report {self.id}>'
class Evidence(db.Model):
"""证据模型"""
__tablename__ = 'evidences'
id = db.Column(db.Integer, primary_key=True)
report_id = db.Column(db.Integer, db.ForeignKey('reports.id', ondelete='CASCADE'), nullable=False)
file_url = db.Column(db.String(1024), nullable=False) # 存储OSS或本地路径
file_type = db.Column(db.String(16)) # 'image', 'zip', 'text', 'image_url'
file_url = db.Column(db.String(1024), nullable=False)
file_type = db.Column(db.String(16))
created_at = db.Column(db.DateTime, default=datetime.utcnow)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
@@ -77,6 +83,7 @@ class Evidence(db.Model):
return f'<Evidence {self.id} for Report {self.report_id}>'
class Blacklist(db.Model):
"""黑名单模型"""
__tablename__ = 'blacklist'
__table_args__ = (
db.Index('idx_blacklist_email_status', 'normalized_email', 'status'),
@@ -86,18 +93,20 @@ class Blacklist(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(64), index=True)
email = db.Column(db.String(120), index=True)
normalized_email = db.Column(db.String(120), index=True) # 归一化后的邮箱
normalized_email = db.Column(db.String(120), index=True)
pt_site = db.Column(db.String(100), index=True)
uid = db.Column(db.String(50))
report_id = db.Column(db.Integer, db.ForeignKey('reports.id'), unique=True) # 确保一个举报只对应一个黑名单条目
status = db.Column(db.String(16), default='active', index=True) # 'active', 'revoked', 'expired'
report_id = db.Column(db.Integer, db.ForeignKey('reports.id'), unique=True)
status = db.Column(db.String(16), default='active', index=True)
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
appeals = db.relationship('Appeal', backref='blacklist_entry', lazy='dynamic')
def __repr__(self):
return f'<Blacklist {self.normalized_email} on {self.pt_site}>'
class Comment(db.Model):
"""评论模型"""
__tablename__ = 'comments'
id = db.Column(db.Integer, primary_key=True)
body = db.Column(db.Text)
@@ -105,26 +114,30 @@ class Comment(db.Model):
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
report_id = db.Column(db.Integer, db.ForeignKey('reports.id', ondelete='CASCADE'))
author = db.relationship('User', back_populates='comments')
class Appeal(db.Model):
"""申诉模型"""
__tablename__ = 'appeals'
id = db.Column(db.Integer, primary_key=True)
reason = db.Column(db.Text, nullable=False) # 用户最初的申诉理由
status = db.Column(db.String(32), nullable=False, default='awaiting_admin_reply', index=True) # 'awaiting_admin_reply', 'awaiting_user_reply', 'approved', 'rejected'
reason = db.Column(db.Text, nullable=False)
status = db.Column(db.String(32), nullable=False, default='awaiting_admin_reply', index=True)
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
appealer_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')) # 申诉人
blacklist_entry_id = db.Column(db.Integer, db.ForeignKey('blacklist.id', ondelete='SET NULL')) # 关联的黑名单条目
appealer_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
blacklist_entry_id = db.Column(db.Integer, db.ForeignKey('blacklist.id', ondelete='SET NULL'))
messages = db.relationship('AppealMessage', backref='appeal', lazy='dynamic', cascade='all, delete-orphan')
appealer = db.relationship('User', backref='appeals')
def __repr__(self):
return f'<Appeal {self.id}>'
class AppealMessage(db.Model):
"""申诉消息模型"""
__tablename__ = 'appeal_messages'
id = db.Column(db.Integer, primary_key=True)
body = db.Column(db.Text, nullable=False)
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')) # 消息发送者
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
appeal_id = db.Column(db.Integer, db.ForeignKey('appeals.id', ondelete='CASCADE'))
author = db.relationship('User', backref='appeal_messages')

168
app/routes.py
View File

@@ -1,8 +1,8 @@
from flask import abort, Blueprint, render_template, request, flash,redirect, url_for
from flask import abort, Blueprint, render_template, request, flash, redirect, url_for, current_app
from sqlalchemy import or_
from flask_login import login_required, current_user
from app import db
from app.forms import SearchForm, ReportForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
from app.forms import SearchForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
from app.models import Blacklist, Report, Evidence, User, Comment, AppealMessage, Appeal, PartnerSite
from app.decorators import admin_required, permission_required
from app.services.email_normalizer import normalize_email
@@ -11,54 +11,54 @@ main = Blueprint('main', __name__)
@main.route('/', methods=['GET', 'POST'])
def index():
"""首页 - 黑名单查询"""
form = SearchForm()
search_result = None
searched = False
if form.validate_on_submit():
# 在处理表单之前,检查用户是否已登录
if not current_user.is_authenticated:
flash('请登录后才能使用查询功能。', 'warning')
# 重定向到登录页面,或者直接返回首页
return redirect(url_for('main.index'))
# 如果用户已登录,则执行以下查询逻辑
searched = True
search_term = form.search_term.data
normalized_email = normalize_email(search_term)
search_result = Blacklist.query.join(Report).filter(
or_(
Blacklist.normalized_email == normalized_email,
Blacklist.username == search_term
),
Blacklist.status == 'active',
Report.status == 'approved'
Report.status == 'approved'
).first()
if search_result:
current_app.logger.info(f'黑名单查询命中: {search_term} by {current_user.username}')
flash(f'警告: 查询到与 "{search_term}" 相关的公开不良记录。详情如下。', 'warning')
else:
current_app.logger.info(f'黑名单查询未命中: {search_term} by {current_user.username}')
flash(f'未查询到与 "{search_term}" 相关的公开不良记录。', 'info')
return render_template('index.html', form=form, search_result=search_result, searched=searched, Appeal=Appeal)
@main.route('/report/new', methods=['GET', 'POST'])
@login_required
def create_report():
"""创建新举报"""
form = ReportForm()
active_sites = PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name).all()
form.reported_pt_site.choices = [(site.name, site.name) for site in active_sites]
if form.validate_on_submit():
# 检查是否已有针对该邮箱的活跃举报
existing_report = Report.query.filter_by(
reported_email=form.reported_email.data,
status='pending'
).first()
if existing_report:
current_app.logger.warning(f'重复举报: {form.reported_email.data} by {current_user.username}')
flash(f'该邮箱已有待审核的举报 (#{existing_report.id}),请勿重复提交。', 'warning')
return render_template('create_report.html', form=form)
# 1. 创建 Report 对象
new_report = Report(
reporter_id=current_user.id,
reported_pt_site=form.reported_pt_site.data,
@@ -69,59 +69,53 @@ def create_report():
status='pending'
)
db.session.add(new_report)
# 2. 处理证据链接
urls_text = form.evidences.data
# 按行分割,并移除空白行和首尾空格
evidence_urls = [url.strip() for url in urls_text.strip().splitlines() if url.strip()]
if not evidence_urls:
flash('必须提供至少一个有效的证据链接。', 'danger')
return render_template('create_report.html', form=form)
# 对每个 URL 进行简单的验证和保存
valid_extensions = ('.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp')
for url in evidence_urls:
if url.lower().startswith(('http://', 'https://')) and url.lower().endswith(valid_extensions):
evidence = Evidence(
file_url=url,
file_type='image_url', # 标记类型为图片链接
file_url=url,
file_type='image_url',
report=new_report
)
db.session.add(evidence)
else:
# 如果有任何一个链接格式不正确,则回滚并提示用户
db.session.rollback()
current_app.logger.error(f'无效证据链接: {url[:50]} by {current_user.username}')
flash(f'链接 "{url[:50]}..." 格式不正确或不是支持的图片格式。请提供以 http/https 开头,以 .png, .jpg 等结尾的图片链接。', 'danger')
return render_template('create_report.html', form=form)
# 3. 提交到数据库
db.session.commit()
current_app.logger.info(f'新举报提交: #{new_report.id} - {form.reported_email.data} by {current_user.username}')
flash('举报提交成功,请等待管理员审核。', 'success')
return redirect(url_for('main.index'))
return render_template('create_report.html', form=form)
@main.route('/admin/reports')
@login_required
@permission_required('admin', 'trust_user')
def report_list():
# 获取页码,默认为第一页
"""举报列表(管理员/信任用户)"""
page = request.args.get('page', 1, type=int)
# 查询举报,按创建时间倒序排列,并进行分页
# 每页显示 20 条记录
query = Report.query
if current_user.role == 'trust_user':
query = query.filter_by(status='pending')
reports_pagination = query.order_by(Report.created_at.desc()).paginate(
page=page, per_page=20, error_out=False
)
return render_template(
'admin/report_list.html',
reports=reports_pagination
)
return render_template('admin/report_list.html', reports=reports_pagination)
@main.route('/report/<int:report_id>', methods=['GET', 'POST'])
@login_required
@permission_required('admin', 'trust_user') # 允许 admin 和 trust_user 访问
@permission_required('admin', 'trust_user')
def report_detail(report_id):
"""举报详情"""
report = Report.query.get_or_404(report_id)
if current_user.role == 'trust_user' and report.status != 'pending':
flash('您无权查看已处理的举报。', 'warning')
@@ -139,12 +133,11 @@ def report_detail(report_id):
)
db.session.add(comment)
db.session.commit()
current_app.logger.info(f'举报评论: #{report.id} by {current_user.username}')
flash('你的审核建议已成功提交。', 'success')
return redirect(url_for('main.report_detail', report_id=report.id))
comments = report.comments.order_by(Comment.created_at.desc()).all()
# 查找针对同一邮箱的其他举报
comments = report.comments.order_by(Comment.created_at.desc()).all()
related_reports = Report.query.filter(
Report.reported_email == report.reported_email,
Report.id != report.id
@@ -158,12 +151,11 @@ def report_detail(report_id):
comments=comments,
related_reports=related_reports
)
# === 独立的举报处理视图 (仅限 Admin) ===
# 这个视图只处理动作,不渲染页面。它接收来自详情页按钮的 POST 请求。
@main.route('/admin/report/<int:report_id>/process', methods=['POST'])
@login_required
@admin_required
def process_report(report_id):
"""处理举报(批准/驳回)"""
report = Report.query.get_or_404(report_id)
action = request.form.get('action')
@@ -173,10 +165,8 @@ def process_report(report_id):
if action == 'confirm':
report.status = 'approved'
# 检查是否已在黑名单中
existing_blacklist = Blacklist.query.filter_by(report_id=report.id).first()
if not existing_blacklist:
# 创建新的黑名单记录
new_blacklist_entry = Blacklist(
email=report.reported_email,
normalized_email=normalize_email(report.reported_email),
@@ -187,7 +177,6 @@ def process_report(report_id):
)
db.session.add(new_blacklist_entry)
# 自动处理同一邮箱的其他待审核举报
other_pending = Report.query.filter(
Report.reported_email == report.reported_email,
Report.id != report.id,
@@ -203,7 +192,9 @@ def process_report(report_id):
)
db.session.add(comment)
current_app.logger.info(f'举报批准: #{report.id} - {report.reported_email} by {current_user.username}')
if other_pending:
current_app.logger.info(f'自动批准关联举报: {len(other_pending)}')
flash(f'举报已批准,并已将相关信息添加到黑名单。同时自动处理了 {len(other_pending)} 个相关举报。', 'success')
else:
flash('举报已批准,并已将相关信息添加到黑名单。', 'success')
@@ -211,8 +202,8 @@ def process_report(report_id):
flash('举报状态已更新为"批准"。该举报已在黑名单中,无需重复添加。', 'info')
elif action == 'invalidate':
report.status = 'rejected'
flash('举报状态已更新为“无效”。', 'success')
current_app.logger.info(f'举报驳回: #{report.id} by {current_user.username}')
flash('举报状态已更新为"无效"', 'success')
else:
flash('无效的操作。', 'danger')
db.session.commit()
@@ -221,44 +212,36 @@ def process_report(report_id):
@login_required
@admin_required
def revoke_report(report_id):
"""撤销已批准的举报"""
report = Report.query.get_or_404(report_id)
# 只有已批准的举报才能被撤销
if report.status != 'approved':
flash('错误:只有已批准的举报才能被撤销。', 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
form = RevokeForm()
if form.validate_on_submit():
# 1. 从黑名单中移除
blacklist_entry = Blacklist.query.filter_by(report_id=report.id).first()
if blacklist_entry:
db.session.delete(blacklist_entry)
# 2. 更新举报状态
report.status = 'revoked'
# 3. 将撤销理由记录为一条特殊的评论(审计日志)
revocation_comment = Comment(
body=f"[系统操作:撤销批准]\n理由:{form.reason.data}",
report=report,
author=current_user._get_current_object()
)
db.session.add(revocation_comment)
db.session.commit()
current_app.logger.warning(f'举报撤销: #{report.id} by {current_user.username} - 理由: {form.reason.data[:50]}')
flash('举报已成功撤销,并已从黑名单中移除。', 'success')
else:
# 如果表单验证失败(例如理由为空),显示错误信息
flash('撤销失败:' + ' '.join(form.reason.errors), 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
@main.route('/admin/users')
@login_required
@admin_required
def manage_users():
# 查询所有非待审核的用户
"""用户管理"""
users = User.query.filter(User.status != 'pending').order_by(User.created_at.desc()).all()
# 为每个用户创建一个预填充了当前数据的表单实例
# 这样在模板中可以直接渲染,并且下拉框会默认选中用户的当前角色/状态
forms = {}
for user in users:
forms[user.id] = UpdateUserForm(obj=user)
@@ -267,13 +250,13 @@ def manage_users():
@login_required
@admin_required
def update_user(user_id):
"""更新用户角色和状态"""
if user_id == 1:
flash('错误:禁止修改初始管理员账户的角色和状态。', 'danger')
return redirect(url_for('main.manage_users'))
user = User.query.get_or_404(user_id)
form = UpdateUserForm() # 创建一个空的表单来接收 POST 数据
form = UpdateUserForm()
if form.validate_on_submit():
# 安全检查:防止管理员误操作禁用或降级自己
if user == current_user:
if form.role.data != 'admin' or form.status.data != 'active':
flash('警告:您不能禁用或降级自己的管理员账户。', 'danger')
@@ -281,9 +264,9 @@ def update_user(user_id):
user.role = form.role.data
user.status = form.status.data
db.session.commit()
current_app.logger.info(f'用户更新: {user.username} - 角色:{user.role} 状态:{user.status} by {current_user.username}')
flash(f'用户 {user.username} 的信息已成功更新。', 'success')
else:
# 如果表单验证失败,也给出提示
flash('更新失败,请检查提交的数据。', 'danger')
return redirect(url_for('main.manage_users'))
@@ -291,37 +274,47 @@ def update_user(user_id):
@login_required
@admin_required
def pending_users():
"""待审核用户列表"""
users_to_review = User.query.filter_by(status='pending').order_by(User.created_at.asc()).all()
return render_template('admin/pending_users.html', users=users_to_review)
@main.route('/admin/user/<int:user_id>/approve', methods=['POST'])
@login_required
@admin_required
def approve_user(user_id):
"""批准用户注册"""
user = User.query.get_or_404(user_id)
user.status = 'active'
db.session.commit()
current_app.logger.info(f'用户注册批准: {user.username} ({user.email}) by {current_user.username}')
flash(f'用户 {user.username} 的注册申请已被批准。', 'success')
return redirect(url_for('main.pending_users'))
@main.route('/admin/user/<int:user_id>/reject', methods=['POST'])
@login_required
@admin_required
def reject_user(user_id):
"""拒绝用户注册"""
user = User.query.get_or_404(user_id)
username = user.username
email = user.email
db.session.delete(user)
db.session.commit()
flash(f'用户 {user.username} 的注册申请已被拒绝并删除。', 'success')
current_app.logger.info(f'用户注册拒绝: {username} ({email}) by {current_user.username}')
flash(f'用户 {username} 的注册申请已被拒绝并删除。', 'success')
return redirect(url_for('main.pending_users'))
@main.route('/appeal/create/<int:blacklist_id>', methods=['GET', 'POST'])
@login_required
def create_appeal(blacklist_id):
"""创建申诉"""
blacklist_entry = Blacklist.query.get_or_404(blacklist_id)
# 安全检查:确保用户只能为自己的黑名单记录申诉(邮箱匹配 或 UID+站点匹配)
if not (current_user.email == blacklist_entry.email or
(current_user.uid == blacklist_entry.uid and current_user.pt_site == blacklist_entry.pt_site)):
current_app.logger.warning(f'非法申诉尝试: 用户{current_user.username} 尝试申诉黑名单#{blacklist_id}')
abort(403)
# 检查是否已有进行中的申诉
if blacklist_entry.appeals.filter(Appeal.status.in_(['awaiting_admin_reply', 'awaiting_user_reply'])).first():
flash('您已有一个正在进行中的申诉,请勿重复提交。', 'warning')
return redirect(url_for('main.index'))
@@ -334,19 +327,18 @@ def create_appeal(blacklist_id):
)
db.session.add(appeal)
db.session.commit()
current_app.logger.info(f'新申诉提交: #{appeal.id} - 黑名单#{blacklist_id} by {current_user.username}')
flash('您的申诉已成功提交,请等待管理员审核。', 'success')
# 提交成功后,跳转到申诉详情页
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
# 如果是 GET 请求,或表单验证失败,则渲染创建页面
return render_template('create_appeal.html', form=form, entry=blacklist_entry)
@main.route('/appeal/<int:appeal_id>', methods=['GET', 'POST'])
@login_required
def appeal_detail(appeal_id):
"""申诉详情和对话"""
appeal = Appeal.query.get_or_404(appeal_id)
# 权限检查:只有申诉人或管理员可以查看
if appeal.appealer_id != current_user.id and not current_user.role=='admin': # 假设你有 MANAGE_REPORTS 权限
if appeal.appealer_id != current_user.id and not current_user.role=='admin':
abort(403)
form = AppealMessageForm()
if form.validate_on_submit():
@@ -358,7 +350,6 @@ def appeal_detail(appeal_id):
author_id=current_user.id,
appeal_id=appeal.id
)
# 更新申诉状态
if current_user.role=='admin':
appeal.status = 'awaiting_user_reply'
else:
@@ -366,16 +357,17 @@ def appeal_detail(appeal_id):
db.session.add(msg)
db.session.commit()
current_app.logger.info(f'申诉消息: #{appeal.id} by {current_user.username}')
flash('消息已发送。', 'success')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
messages = appeal.messages.order_by(AppealMessage.created_at.asc()).all()
return render_template('appeal_detail.html', appeal=appeal, messages=messages, form=form)
@main.route('/admin/appeals')
@login_required
@permission_required('admin') # 或者你的管理权限
@permission_required('admin')
def appeal_list():
"""申诉列表(管理员)"""
page = request.args.get('page', 1, type=int)
# 优先显示待处理的
appeals_pagination = Appeal.query.order_by(
db.case(
(Appeal.status == 'awaiting_admin_reply', 0),
@@ -384,48 +376,48 @@ def appeal_list():
),
Appeal.updated_at.desc()
).paginate(page=page, per_page=20, error_out=False)
return render_template('admin/appeal_list.html', appeals=appeals_pagination)
@main.route('/appeal/<int:appeal_id>/decide', methods=['POST'])
@login_required
@permission_required('admin') # 必须是管理员
@permission_required('admin')
def decide_appeal(appeal_id):
"""处理申诉(批准/驳回)"""
appeal = Appeal.query.get_or_404(appeal_id)
if appeal.status in ['approved', 'rejected']:
flash('该申诉已处理,无法重复操作。', 'warning')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
action = request.form.get('action')
if action == 'approve':
# 批准申诉:删除黑名单记录,更新申诉状态
blacklist_entry = appeal.blacklist_entry
blacklist_entry.status = 'revoked' # 将黑名单条目状态改为"已撤销"
appeal.status = 'approved' # 同时更新申诉本身的状态
blacklist_entry.status = 'revoked'
appeal.status = 'approved'
if blacklist_entry.report:
# 使用 'overturned' (已推翻) 可能比 'revoked' 更能描述 Report 的状态
blacklist_entry.report.status = 'overturned'
blacklist_entry.report.status = 'overturned'
db.session.add(blacklist_entry.report)
db.session.add(blacklist_entry)
db.session.add(appeal)
db.session.commit()
# --- 修改结束 ---
current_app.logger.info(f'申诉批准: #{appeal.id} by {current_user.username}')
flash(f'申诉 #{appeal.id} 已被批准,对应的黑名单条目已撤销。', 'success')
elif action == 'reject':
# 驳回申诉:仅更新申诉状态
appeal.status = 'rejected'
db.session.add(appeal)
db.session.commit()
current_app.logger.info(f'申诉驳回: #{appeal.id} by {current_user.username}')
flash(f'已驳回申诉 #{appeal.id}', 'info')
else:
flash('无效操作。', 'danger')
return redirect(url_for('main.appeal_list'))
db.session.commit()
return redirect(url_for('main.appeal_list'))
@main.route('/my/reports')
@login_required
def my_reports():
"""我的举报列表"""
page = request.args.get('page', 1, type=int)
reports_pagination = Report.query.filter_by(reporter_id=current_user.id).order_by(
Report.created_at.desc()
@@ -435,6 +427,7 @@ def my_reports():
@main.route('/my/appeals')
@login_required
def my_appeals():
"""我的申诉列表"""
page = request.args.get('page', 1, type=int)
appeals_pagination = Appeal.query.filter_by(appealer_id=current_user.id).order_by(
Appeal.created_at.desc()
@@ -445,9 +438,9 @@ def my_appeals():
@login_required
@admin_required
def manage_sites():
"""站点管理"""
form = PartnerSiteForm()
if form.validate_on_submit():
# ... (添加站点的逻辑保持不变)
existing_site = PartnerSite.query.filter_by(name=form.name.data).first()
if existing_site:
flash('该站点名称已存在。', 'danger')
@@ -455,32 +448,39 @@ def manage_sites():
new_site = PartnerSite(name=form.name.data, url=form.url.data)
db.session.add(new_site)
db.session.commit()
current_app.logger.info(f'新站点添加: {form.name.data} by {current_user.username}')
flash(f'合作站点 "{form.name.data}" 已成功添加。', 'success')
return redirect(url_for('main.manage_sites'))
sites = PartnerSite.query.order_by(PartnerSite.name.asc()).all()
return render_template('admin/manage_sites.html', sites=sites, form=form)
# 添加用于删除和切换状态的路由
@main.route('/admin/site/<int:site_id>/delete', methods=['POST'])
@login_required
@admin_required
def delete_site(site_id):
"""删除站点"""
site = PartnerSite.query.get_or_404(site_id)
user_count = User.query.filter_by(pt_site=site.name).count()
if user_count > 0:
flash(f'无法删除站点 "{site.name}",因为已有 {user_count} 名用户关联到该站点。请先将其禁用。', 'danger')
else:
site_name = site.name
db.session.delete(site)
db.session.commit()
flash(f'站点 "{site.name}" 已被删除。', 'success')
current_app.logger.info(f'站点删除: {site_name} by {current_user.username}')
flash(f'站点 "{site_name}" 已被删除。', 'success')
return redirect(url_for('main.manage_sites'))
@main.route('/admin/site/<int:site_id>/toggle_active', methods=['POST'])
@login_required
@admin_required
def toggle_site_active(site_id):
"""切换站点启用状态"""
site = PartnerSite.query.get_or_404(site_id)
site.is_active = not site.is_active
db.session.commit()
status = "启用" if site.is_active else "禁用"
current_app.logger.info(f'站点状态切换: {site.name} - {status} by {current_user.username}')
flash(f'站点 "{site.name}" 已被{status}', 'success')
return redirect(url_for('main.manage_sites'))

12
config.py
View File

@@ -1,22 +1,18 @@
"""应用配置"""
import os
from dotenv import load_dotenv
import redis
# 加载 .env 文件中的环境变量
basedir = os.path.abspath(os.path.dirname(__file__))
load_dotenv(os.path.join(basedir, '.env'))
class Config:
"""基础配置"""
"""基础配置"""
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-hard-to-guess-string'
SQLALCHEMY_TRACK_MODIFICATIONS = False
# CSRF 配置
WTF_CSRF_ENABLED = True
WTF_CSRF_TIME_LIMIT = None
WTF_CSRF_CHECK_DEFAULT = False
# Session 配置
SESSION_TYPE = 'redis'
SESSION_PERMANENT = False
SESSION_USE_SIGNER = True
@@ -29,7 +25,6 @@ class Config:
class DevelopmentConfig(Config):
"""开发环境配置"""
DEBUG = True
# 数据库 URI
DB_USER = os.environ.get('DB_USER')
DB_PASSWORD = os.environ.get('DB_PASSWORD')
DB_HOST = os.environ.get('DB_HOST')
@@ -39,15 +34,12 @@ class DevelopmentConfig(Config):
class ProductionConfig(Config):
"""生产环境配置"""
DEBUG = False
# 数据库 URI
DB_USER = os.environ.get('DB_USER')
DB_PASSWORD = os.environ.get('DB_PASSWORD')
DB_HOST = os.environ.get('DB_HOST')
DB_NAME = os.environ.get('DB_NAME')
SQLALCHEMY_DATABASE_URI = f'mysql+pymysql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}/{DB_NAME}'
# 方便地通过字典来选择配置
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,

17
run.py
View File

@@ -1,3 +1,4 @@
"""应用启动入口"""
import os
import click
from app import create_app, db
@@ -13,23 +14,23 @@ def make_shell_context():
@click.argument("username")
@click.argument("email")
@click.argument("password")
@click.option("--admin", is_flag=True, help="Flag to create an admin user.")
@click.option("--admin", is_flag=True, help="创建管理员用户")
def create_user(username, email, password, admin):
"""Creates a new user."""
"""创建新用户"""
if User.query.filter_by(email=email).first():
print(f"Error: Email {email} already exists.")
print(f"错误: 邮箱 {email} 已存在")
return
if User.query.filter_by(username=username).first():
print(f"Error: Username {username} already exists.")
print(f"错误: 用户名 {username} 已存在")
return
user = User(username=username, email=email, status='active')
user.set_password(password)
if admin:
user.role = 'admin'
db.session.add(user)
db.session.commit()
print(f"User {username} created successfully.")
print(f"用户 {username} 创建成功")
if admin:
print("Role: Admin")
print("角色: 管理员")