DengDai/pt_blacklist
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: log

Browse Source
This commit is contained in:
DengDai
2025-11-24 21:04:58 +08:00
parent ae208d6b39
commit c9e11c4bd1
8 changed files with 180 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
app/routes.py
View File

@@ -1,8 +1,8 @@
from flask import abort, Blueprint, render_template, request, flash,redirect, url_for
from flask import abort, Blueprint, render_template, request, flash, redirect, url_for, current_app
from sqlalchemy import or_
from flask_login import login_required, current_user
from app import db
from app.forms import SearchForm, ReportForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
from app.forms import SearchForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
from app.models import Blacklist, Report, Evidence, User, Comment, AppealMessage, Appeal, PartnerSite
from app.decorators import admin_required, permission_required
from app.services.email_normalizer import normalize_email
@@ -11,54 +11,54 @@ main = Blueprint('main', __name__)
@main.route('/', methods=['GET', 'POST'])
def index():
"""首页 - 黑名单查询"""
form = SearchForm()
search_result = None
searched = False
if form.validate_on_submit():
# 在处理表单之前,检查用户是否已登录
if not current_user.is_authenticated:
flash('请登录后才能使用查询功能。', 'warning')
# 重定向到登录页面,或者直接返回首页
return redirect(url_for('main.index'))
# 如果用户已登录,则执行以下查询逻辑
searched = True
search_term = form.search_term.data
normalized_email = normalize_email(search_term)
search_result = Blacklist.query.join(Report).filter(
or_(
Blacklist.normalized_email == normalized_email,
Blacklist.username == search_term
),
Blacklist.status == 'active',
Report.status == 'approved'
Report.status == 'approved'
).first()
if search_result:
current_app.logger.info(f'黑名单查询命中: {search_term} by {current_user.username}')
flash(f'警告: 查询到与 "{search_term}" 相关的公开不良记录。详情如下。', 'warning')
else:
current_app.logger.info(f'黑名单查询未命中: {search_term} by {current_user.username}')
flash(f'未查询到与 "{search_term}" 相关的公开不良记录。', 'info')
return render_template('index.html', form=form, search_result=search_result, searched=searched, Appeal=Appeal)
@main.route('/report/new', methods=['GET', 'POST'])
@login_required
def create_report():
"""创建新举报"""
form = ReportForm()
active_sites = PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name).all()
form.reported_pt_site.choices = [(site.name, site.name) for site in active_sites]
if form.validate_on_submit():
# 检查是否已有针对该邮箱的活跃举报
existing_report = Report.query.filter_by(
reported_email=form.reported_email.data,
status='pending'
).first()
if existing_report:
current_app.logger.warning(f'重复举报: {form.reported_email.data} by {current_user.username}')
flash(f'该邮箱已有待审核的举报 (#{existing_report.id}),请勿重复提交。', 'warning')
return render_template('create_report.html', form=form)
# 1. 创建 Report 对象
new_report = Report(
reporter_id=current_user.id,
reported_pt_site=form.reported_pt_site.data,
@@ -69,59 +69,53 @@ def create_report():
status='pending'
)
db.session.add(new_report)
# 2. 处理证据链接
urls_text = form.evidences.data
# 按行分割,并移除空白行和首尾空格
evidence_urls = [url.strip() for url in urls_text.strip().splitlines() if url.strip()]
if not evidence_urls:
flash('必须提供至少一个有效的证据链接。', 'danger')
return render_template('create_report.html', form=form)
# 对每个 URL 进行简单的验证和保存
valid_extensions = ('.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp')
for url in evidence_urls:
if url.lower().startswith(('http://', 'https://')) and url.lower().endswith(valid_extensions):
evidence = Evidence(
file_url=url,
file_type='image_url', # 标记类型为图片链接
file_url=url,
file_type='image_url',
report=new_report
)
db.session.add(evidence)
else:
# 如果有任何一个链接格式不正确,则回滚并提示用户
db.session.rollback()
current_app.logger.error(f'无效证据链接: {url[:50]} by {current_user.username}')
flash(f'链接 "{url[:50]}..." 格式不正确或不是支持的图片格式。请提供以 http/https 开头,以 .png, .jpg 等结尾的图片链接。', 'danger')
return render_template('create_report.html', form=form)
# 3. 提交到数据库
db.session.commit()
current_app.logger.info(f'新举报提交: #{new_report.id} - {form.reported_email.data} by {current_user.username}')
flash('举报提交成功,请等待管理员审核。', 'success')
return redirect(url_for('main.index'))
return render_template('create_report.html', form=form)
@main.route('/admin/reports')
@login_required
@permission_required('admin', 'trust_user')
def report_list():
# 获取页码,默认为第一页
"""举报列表(管理员/信任用户)"""
page = request.args.get('page', 1, type=int)
# 查询举报,按创建时间倒序排列,并进行分页
# 每页显示 20 条记录
query = Report.query
if current_user.role == 'trust_user':
query = query.filter_by(status='pending')
reports_pagination = query.order_by(Report.created_at.desc()).paginate(
page=page, per_page=20, error_out=False
)
return render_template(
'admin/report_list.html',
reports=reports_pagination
)
return render_template('admin/report_list.html', reports=reports_pagination)
@main.route('/report/<int:report_id>', methods=['GET', 'POST'])
@login_required
@permission_required('admin', 'trust_user') # 允许 admin 和 trust_user 访问
@permission_required('admin', 'trust_user')
def report_detail(report_id):
"""举报详情"""
report = Report.query.get_or_404(report_id)
if current_user.role == 'trust_user' and report.status != 'pending':
flash('您无权查看已处理的举报。', 'warning')
@@ -139,12 +133,11 @@ def report_detail(report_id):
)
db.session.add(comment)
db.session.commit()
current_app.logger.info(f'举报评论: #{report.id} by {current_user.username}')
flash('你的审核建议已成功提交。', 'success')
return redirect(url_for('main.report_detail', report_id=report.id))
comments = report.comments.order_by(Comment.created_at.desc()).all()
# 查找针对同一邮箱的其他举报
comments = report.comments.order_by(Comment.created_at.desc()).all()
related_reports = Report.query.filter(
Report.reported_email == report.reported_email,
Report.id != report.id
@@ -158,12 +151,11 @@ def report_detail(report_id):
comments=comments,
related_reports=related_reports
)
# === 独立的举报处理视图 (仅限 Admin) ===
# 这个视图只处理动作,不渲染页面。它接收来自详情页按钮的 POST 请求。
@main.route('/admin/report/<int:report_id>/process', methods=['POST'])
@login_required
@admin_required
def process_report(report_id):
"""处理举报(批准/驳回)"""
report = Report.query.get_or_404(report_id)
action = request.form.get('action')
@@ -173,10 +165,8 @@ def process_report(report_id):
if action == 'confirm':
report.status = 'approved'
# 检查是否已在黑名单中
existing_blacklist = Blacklist.query.filter_by(report_id=report.id).first()
if not existing_blacklist:
# 创建新的黑名单记录
new_blacklist_entry = Blacklist(
email=report.reported_email,
normalized_email=normalize_email(report.reported_email),
@@ -187,7 +177,6 @@ def process_report(report_id):
)
db.session.add(new_blacklist_entry)
# 自动处理同一邮箱的其他待审核举报
other_pending = Report.query.filter(
Report.reported_email == report.reported_email,
Report.id != report.id,
@@ -203,7 +192,9 @@ def process_report(report_id):
)
db.session.add(comment)
current_app.logger.info(f'举报批准: #{report.id} - {report.reported_email} by {current_user.username}')
if other_pending:
current_app.logger.info(f'自动批准关联举报: {len(other_pending)}')
flash(f'举报已批准,并已将相关信息添加到黑名单。同时自动处理了 {len(other_pending)} 个相关举报。', 'success')
else:
flash('举报已批准,并已将相关信息添加到黑名单。', 'success')
@@ -211,8 +202,8 @@ def process_report(report_id):
flash('举报状态已更新为"批准"。该举报已在黑名单中,无需重复添加。', 'info')
elif action == 'invalidate':
report.status = 'rejected'
flash('举报状态已更新为“无效”。', 'success')
current_app.logger.info(f'举报驳回: #{report.id} by {current_user.username}')
flash('举报状态已更新为"无效"', 'success')
else:
flash('无效的操作。', 'danger')
db.session.commit()
@@ -221,44 +212,36 @@ def process_report(report_id):
@login_required
@admin_required
def revoke_report(report_id):
"""撤销已批准的举报"""
report = Report.query.get_or_404(report_id)
# 只有已批准的举报才能被撤销
if report.status != 'approved':
flash('错误:只有已批准的举报才能被撤销。', 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
form = RevokeForm()
if form.validate_on_submit():
# 1. 从黑名单中移除
blacklist_entry = Blacklist.query.filter_by(report_id=report.id).first()
if blacklist_entry:
db.session.delete(blacklist_entry)
# 2. 更新举报状态
report.status = 'revoked'
# 3. 将撤销理由记录为一条特殊的评论(审计日志)
revocation_comment = Comment(
body=f"[系统操作:撤销批准]\n理由:{form.reason.data}",
report=report,
author=current_user._get_current_object()
)
db.session.add(revocation_comment)
db.session.commit()
current_app.logger.warning(f'举报撤销: #{report.id} by {current_user.username} - 理由: {form.reason.data[:50]}')
flash('举报已成功撤销,并已从黑名单中移除。', 'success')
else:
# 如果表单验证失败(例如理由为空),显示错误信息
flash('撤销失败:' + ' '.join(form.reason.errors), 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
@main.route('/admin/users')
@login_required
@admin_required
def manage_users():
# 查询所有非待审核的用户
"""用户管理"""
users = User.query.filter(User.status != 'pending').order_by(User.created_at.desc()).all()
# 为每个用户创建一个预填充了当前数据的表单实例
# 这样在模板中可以直接渲染,并且下拉框会默认选中用户的当前角色/状态
forms = {}
for user in users:
forms[user.id] = UpdateUserForm(obj=user)
@@ -267,13 +250,13 @@ def manage_users():
@login_required
@admin_required
def update_user(user_id):
"""更新用户角色和状态"""
if user_id == 1:
flash('错误:禁止修改初始管理员账户的角色和状态。', 'danger')
return redirect(url_for('main.manage_users'))
user = User.query.get_or_404(user_id)
form = UpdateUserForm() # 创建一个空的表单来接收 POST 数据
form = UpdateUserForm()
if form.validate_on_submit():
# 安全检查:防止管理员误操作禁用或降级自己
if user == current_user:
if form.role.data != 'admin' or form.status.data != 'active':
flash('警告:您不能禁用或降级自己的管理员账户。', 'danger')
@@ -281,9 +264,9 @@ def update_user(user_id):
user.role = form.role.data
user.status = form.status.data
db.session.commit()
current_app.logger.info(f'用户更新: {user.username} - 角色:{user.role} 状态:{user.status} by {current_user.username}')
flash(f'用户 {user.username} 的信息已成功更新。', 'success')
else:
# 如果表单验证失败,也给出提示
flash('更新失败,请检查提交的数据。', 'danger')
return redirect(url_for('main.manage_users'))
@@ -291,37 +274,47 @@ def update_user(user_id):
@login_required
@admin_required
def pending_users():
"""待审核用户列表"""
users_to_review = User.query.filter_by(status='pending').order_by(User.created_at.asc()).all()
return render_template('admin/pending_users.html', users=users_to_review)
@main.route('/admin/user/<int:user_id>/approve', methods=['POST'])
@login_required
@admin_required
def approve_user(user_id):
"""批准用户注册"""
user = User.query.get_or_404(user_id)
user.status = 'active'
db.session.commit()
current_app.logger.info(f'用户注册批准: {user.username} ({user.email}) by {current_user.username}')
flash(f'用户 {user.username} 的注册申请已被批准。', 'success')
return redirect(url_for('main.pending_users'))
@main.route('/admin/user/<int:user_id>/reject', methods=['POST'])
@login_required
@admin_required
def reject_user(user_id):
"""拒绝用户注册"""
user = User.query.get_or_404(user_id)
username = user.username
email = user.email
db.session.delete(user)
db.session.commit()
flash(f'用户 {user.username} 的注册申请已被拒绝并删除。', 'success')
current_app.logger.info(f'用户注册拒绝: {username} ({email}) by {current_user.username}')
flash(f'用户 {username} 的注册申请已被拒绝并删除。', 'success')
return redirect(url_for('main.pending_users'))
@main.route('/appeal/create/<int:blacklist_id>', methods=['GET', 'POST'])
@login_required
def create_appeal(blacklist_id):
"""创建申诉"""
blacklist_entry = Blacklist.query.get_or_404(blacklist_id)
# 安全检查:确保用户只能为自己的黑名单记录申诉(邮箱匹配 或 UID+站点匹配)
if not (current_user.email == blacklist_entry.email or
(current_user.uid == blacklist_entry.uid and current_user.pt_site == blacklist_entry.pt_site)):
current_app.logger.warning(f'非法申诉尝试: 用户{current_user.username} 尝试申诉黑名单#{blacklist_id}')
abort(403)
# 检查是否已有进行中的申诉
if blacklist_entry.appeals.filter(Appeal.status.in_(['awaiting_admin_reply', 'awaiting_user_reply'])).first():
flash('您已有一个正在进行中的申诉,请勿重复提交。', 'warning')
return redirect(url_for('main.index'))
@@ -334,19 +327,18 @@ def create_appeal(blacklist_id):
)
db.session.add(appeal)
db.session.commit()
current_app.logger.info(f'新申诉提交: #{appeal.id} - 黑名单#{blacklist_id} by {current_user.username}')
flash('您的申诉已成功提交,请等待管理员审核。', 'success')
# 提交成功后,跳转到申诉详情页
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
# 如果是 GET 请求,或表单验证失败,则渲染创建页面
return render_template('create_appeal.html', form=form, entry=blacklist_entry)
@main.route('/appeal/<int:appeal_id>', methods=['GET', 'POST'])
@login_required
def appeal_detail(appeal_id):
"""申诉详情和对话"""
appeal = Appeal.query.get_or_404(appeal_id)
# 权限检查:只有申诉人或管理员可以查看
if appeal.appealer_id != current_user.id and not current_user.role=='admin': # 假设你有 MANAGE_REPORTS 权限
if appeal.appealer_id != current_user.id and not current_user.role=='admin':
abort(403)
form = AppealMessageForm()
if form.validate_on_submit():
@@ -358,7 +350,6 @@ def appeal_detail(appeal_id):
author_id=current_user.id,
appeal_id=appeal.id
)
# 更新申诉状态
if current_user.role=='admin':
appeal.status = 'awaiting_user_reply'
else:
@@ -366,16 +357,17 @@ def appeal_detail(appeal_id):
db.session.add(msg)
db.session.commit()
current_app.logger.info(f'申诉消息: #{appeal.id} by {current_user.username}')
flash('消息已发送。', 'success')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
messages = appeal.messages.order_by(AppealMessage.created_at.asc()).all()
return render_template('appeal_detail.html', appeal=appeal, messages=messages, form=form)
@main.route('/admin/appeals')
@login_required
@permission_required('admin') # 或者你的管理权限
@permission_required('admin')
def appeal_list():
"""申诉列表(管理员)"""
page = request.args.get('page', 1, type=int)
# 优先显示待处理的
appeals_pagination = Appeal.query.order_by(
db.case(
(Appeal.status == 'awaiting_admin_reply', 0),
@@ -384,48 +376,48 @@ def appeal_list():
),
Appeal.updated_at.desc()
).paginate(page=page, per_page=20, error_out=False)
return render_template('admin/appeal_list.html', appeals=appeals_pagination)
@main.route('/appeal/<int:appeal_id>/decide', methods=['POST'])
@login_required
@permission_required('admin') # 必须是管理员
@permission_required('admin')
def decide_appeal(appeal_id):
"""处理申诉(批准/驳回)"""
appeal = Appeal.query.get_or_404(appeal_id)
if appeal.status in ['approved', 'rejected']:
flash('该申诉已处理,无法重复操作。', 'warning')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
action = request.form.get('action')
if action == 'approve':
# 批准申诉:删除黑名单记录,更新申诉状态
blacklist_entry = appeal.blacklist_entry
blacklist_entry.status = 'revoked' # 将黑名单条目状态改为"已撤销"
appeal.status = 'approved' # 同时更新申诉本身的状态
blacklist_entry.status = 'revoked'
appeal.status = 'approved'
if blacklist_entry.report:
# 使用 'overturned' (已推翻) 可能比 'revoked' 更能描述 Report 的状态
blacklist_entry.report.status = 'overturned'
blacklist_entry.report.status = 'overturned'
db.session.add(blacklist_entry.report)
db.session.add(blacklist_entry)
db.session.add(appeal)
db.session.commit()
# --- 修改结束 ---
current_app.logger.info(f'申诉批准: #{appeal.id} by {current_user.username}')
flash(f'申诉 #{appeal.id} 已被批准,对应的黑名单条目已撤销。', 'success')
elif action == 'reject':
# 驳回申诉:仅更新申诉状态
appeal.status = 'rejected'
db.session.add(appeal)
db.session.commit()
current_app.logger.info(f'申诉驳回: #{appeal.id} by {current_user.username}')
flash(f'已驳回申诉 #{appeal.id}', 'info')
else:
flash('无效操作。', 'danger')
return redirect(url_for('main.appeal_list'))
db.session.commit()
return redirect(url_for('main.appeal_list'))
@main.route('/my/reports')
@login_required
def my_reports():
"""我的举报列表"""
page = request.args.get('page', 1, type=int)
reports_pagination = Report.query.filter_by(reporter_id=current_user.id).order_by(
Report.created_at.desc()
@@ -435,6 +427,7 @@ def my_reports():
@main.route('/my/appeals')
@login_required
def my_appeals():
"""我的申诉列表"""
page = request.args.get('page', 1, type=int)
appeals_pagination = Appeal.query.filter_by(appealer_id=current_user.id).order_by(
Appeal.created_at.desc()
@@ -445,9 +438,9 @@ def my_appeals():
@login_required
@admin_required
def manage_sites():
"""站点管理"""
form = PartnerSiteForm()
if form.validate_on_submit():
# ... (添加站点的逻辑保持不变)
existing_site = PartnerSite.query.filter_by(name=form.name.data).first()
if existing_site:
flash('该站点名称已存在。', 'danger')
@@ -455,32 +448,39 @@ def manage_sites():
new_site = PartnerSite(name=form.name.data, url=form.url.data)
db.session.add(new_site)
db.session.commit()
current_app.logger.info(f'新站点添加: {form.name.data} by {current_user.username}')
flash(f'合作站点 "{form.name.data}" 已成功添加。', 'success')
return redirect(url_for('main.manage_sites'))
sites = PartnerSite.query.order_by(PartnerSite.name.asc()).all()
return render_template('admin/manage_sites.html', sites=sites, form=form)
# 添加用于删除和切换状态的路由
@main.route('/admin/site/<int:site_id>/delete', methods=['POST'])
@login_required
@admin_required
def delete_site(site_id):
"""删除站点"""
site = PartnerSite.query.get_or_404(site_id)
user_count = User.query.filter_by(pt_site=site.name).count()
if user_count > 0:
flash(f'无法删除站点 "{site.name}",因为已有 {user_count} 名用户关联到该站点。请先将其禁用。', 'danger')
else:
site_name = site.name
db.session.delete(site)
db.session.commit()
flash(f'站点 "{site.name}" 已被删除。', 'success')
current_app.logger.info(f'站点删除: {site_name} by {current_user.username}')
flash(f'站点 "{site_name}" 已被删除。', 'success')
return redirect(url_for('main.manage_sites'))
@main.route('/admin/site/<int:site_id>/toggle_active', methods=['POST'])
@login_required
@admin_required
def toggle_site_active(site_id):
"""切换站点启用状态"""
site = PartnerSite.query.get_or_404(site_id)
site.is_active = not site.is_active
db.session.commit()
status = "启用" if site.is_active else "禁用"
current_app.logger.info(f'站点状态切换: {site.name} - {status} by {current_user.username}')
flash(f'站点 "{site.name}" 已被{status}', 'success')
return redirect(url_for('main.manage_sites'))