feat: log
This commit is contained in:
DengDai
@@ -6,33 +6,33 @@ from flask_session import Session
|
|||||||
from flask_wtf.csrf import CSRFProtect
|
from flask_wtf.csrf import CSRFProtect
|
||||||
from config import config
|
from config import config
|
||||||
from flask_bootstrap import Bootstrap
|
from flask_bootstrap import Bootstrap
|
||||||
|
import logging
|
||||||
|
from logging.handlers import RotatingFileHandler
|
||||||
|
import os
|
||||||
|
from datetime import datetime, timedelta
|
||||||
|
import glob
|
||||||
|
|
||||||
# 初始化扩展,但此时不传入 app
|
# 初始化扩展
|
||||||
db = SQLAlchemy()
|
db = SQLAlchemy()
|
||||||
migrate = Migrate()
|
migrate = Migrate()
|
||||||
login_manager = LoginManager()
|
login_manager = LoginManager()
|
||||||
sess = Session()
|
sess = Session()
|
||||||
csrf = CSRFProtect()
|
csrf = CSRFProtect()
|
||||||
bootstrap = Bootstrap()
|
bootstrap = Bootstrap()
|
||||||
# login_manager 的基本配置
|
login_manager.login_view = 'auth.login'
|
||||||
login_manager.login_view = 'auth.login' # 后面我们会创建一个叫 'auth' 的蓝图
|
|
||||||
|
|
||||||
def create_app(config_name='default'):
|
def create_app(config_name='default'):
|
||||||
"""
|
"""应用工厂函数,创建并配置Flask应用实例"""
|
||||||
应用工厂函数
|
|
||||||
:param config_name: 配置名称 ('development', 'production')
|
|
||||||
:return: Flask app instance
|
|
||||||
"""
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
|
||||||
# 1. 加载配置
|
# 加载配置
|
||||||
app.config.from_object(config[config_name])
|
app.config.from_object(config[config_name])
|
||||||
config[config_name].init_app(app)
|
config[config_name].init_app(app)
|
||||||
|
# 配置代理转发
|
||||||
# 信任代理转发的头信息
|
|
||||||
from werkzeug.middleware.proxy_fix import ProxyFix
|
from werkzeug.middleware.proxy_fix import ProxyFix
|
||||||
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
|
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
|
||||||
# 2. 初始化扩展
|
|
||||||
|
# 初始化扩展
|
||||||
db.init_app(app)
|
db.init_app(app)
|
||||||
migrate.init_app(app, db)
|
migrate.init_app(app, db)
|
||||||
login_manager.init_app(app)
|
login_manager.init_app(app)
|
||||||
@@ -40,17 +40,36 @@ def create_app(config_name='default'):
|
|||||||
csrf.init_app(app)
|
csrf.init_app(app)
|
||||||
bootstrap.init_app(app)
|
bootstrap.init_app(app)
|
||||||
|
|
||||||
|
# 配置日志
|
||||||
|
if not os.path.exists('logs'):
|
||||||
|
os.mkdir('logs')
|
||||||
|
|
||||||
|
# 清理过期日志
|
||||||
|
log_retention_days = int(os.environ.get('LOG_RETENTION_DAYS', 7))
|
||||||
|
cutoff_time = datetime.now() - timedelta(days=log_retention_days)
|
||||||
|
for log_file in glob.glob('logs/*.log*'):
|
||||||
|
if os.path.getmtime(log_file) < cutoff_time.timestamp():
|
||||||
|
os.remove(log_file)
|
||||||
|
|
||||||
|
file_handler = RotatingFileHandler('logs/pt_blacklist.log', maxBytes=10240000, backupCount=10)
|
||||||
|
file_handler.setFormatter(logging.Formatter(
|
||||||
|
'%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'
|
||||||
|
))
|
||||||
|
file_handler.setLevel(logging.INFO)
|
||||||
|
app.logger.addHandler(file_handler)
|
||||||
|
app.logger.setLevel(logging.INFO)
|
||||||
|
app.logger.info('PT黑名单系统启动')
|
||||||
|
|
||||||
# 注册自定义过滤器
|
# 注册自定义过滤器
|
||||||
from .filters import translate_status, translate_reason
|
from .filters import translate_status, translate_reason
|
||||||
app.jinja_env.filters['translate_status'] = translate_status
|
app.jinja_env.filters['translate_status'] = translate_status
|
||||||
app.jinja_env.filters['translate_reason'] = translate_reason
|
app.jinja_env.filters['translate_reason'] = translate_reason
|
||||||
|
|
||||||
# 3. 注册蓝图 (Blueprint)
|
# 注册蓝图
|
||||||
# 后面我们会在这里添加蓝图
|
|
||||||
from .routes import main as main_blueprint
|
from .routes import main as main_blueprint
|
||||||
app.register_blueprint(main_blueprint)
|
app.register_blueprint(main_blueprint)
|
||||||
|
|
||||||
from .auth import auth as auth_blueprint
|
from .auth import auth as auth_blueprint
|
||||||
app.register_blueprint(auth_blueprint, url_prefix='/auth')
|
app.register_blueprint(auth_blueprint, url_prefix='/auth')
|
||||||
|
|
||||||
return app
|
return app
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from flask import render_template, redirect, url_for, flash, request
|
from flask import render_template, redirect, url_for, flash, request, current_app
|
||||||
from flask_login import login_user, logout_user, login_required, current_user
|
from flask_login import login_user, logout_user, login_required, current_user
|
||||||
from . import auth
|
from . import auth
|
||||||
from .. import db
|
from .. import db
|
||||||
@@ -7,6 +7,7 @@ from ..forms import LoginForm, RegistrationForm
|
|||||||
|
|
||||||
@auth.route('/register', methods=['GET', 'POST'])
|
@auth.route('/register', methods=['GET', 'POST'])
|
||||||
def register():
|
def register():
|
||||||
|
"""用户注册"""
|
||||||
if current_user.is_authenticated:
|
if current_user.is_authenticated:
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
form = RegistrationForm()
|
form = RegistrationForm()
|
||||||
@@ -18,36 +19,43 @@ def register():
|
|||||||
username=form.username.data,
|
username=form.username.data,
|
||||||
pt_site=form.pt_site.data,
|
pt_site=form.pt_site.data,
|
||||||
uid=form.uid.data,
|
uid=form.uid.data,
|
||||||
status='pending' # 新用户需要管理员审核
|
status='pending'
|
||||||
)
|
)
|
||||||
user.set_password(form.password.data)
|
user.set_password(form.password.data)
|
||||||
db.session.add(user)
|
db.session.add(user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'新用户注册: {user.username} ({user.email}) - 站点: {user.pt_site}')
|
||||||
flash('注册申请已提交,请等待管理员审核。', 'info')
|
flash('注册申请已提交,请等待管理员审核。', 'info')
|
||||||
return redirect(url_for('auth.login'))
|
return redirect(url_for('auth.login'))
|
||||||
return render_template('auth/register.html', form=form)
|
return render_template('auth/register.html', form=form)
|
||||||
|
|
||||||
@auth.route('/login', methods=['GET', 'POST'])
|
@auth.route('/login', methods=['GET', 'POST'])
|
||||||
def login():
|
def login():
|
||||||
|
"""用户登录"""
|
||||||
if current_user.is_authenticated:
|
if current_user.is_authenticated:
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
form = LoginForm()
|
form = LoginForm()
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
user = User.query.filter_by(email=form.email.data).first()
|
user = User.query.filter_by(email=form.email.data).first()
|
||||||
if user is None or not user.check_password(form.password.data):
|
if user is None or not user.check_password(form.password.data):
|
||||||
|
current_app.logger.warning(f'登录失败: {form.email.data} - 无效的邮箱或密码')
|
||||||
flash('无效的邮箱或密码。', 'danger')
|
flash('无效的邮箱或密码。', 'danger')
|
||||||
return redirect(url_for('auth.login'))
|
return redirect(url_for('auth.login'))
|
||||||
|
|
||||||
if user.status != 'active':
|
if user.status != 'active':
|
||||||
|
current_app.logger.warning(f'登录失败: {user.username} - 账户状态: {user.status}')
|
||||||
flash(f'您的账户当前状态为 "{user.status}",无法登录。请联系管理员。', 'warning')
|
flash(f'您的账户当前状态为 "{user.status}",无法登录。请联系管理员。', 'warning')
|
||||||
return redirect(url_for('auth.login'))
|
return redirect(url_for('auth.login'))
|
||||||
login_user(user, remember=form.remember_me.data)
|
login_user(user, remember=form.remember_me.data)
|
||||||
|
current_app.logger.info(f'用户登录: {user.username} ({user.email})')
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
return render_template('auth/login.html', form=form)
|
return render_template('auth/login.html', form=form)
|
||||||
|
|
||||||
@auth.route('/logout')
|
@auth.route('/logout')
|
||||||
@login_required
|
@login_required
|
||||||
def logout():
|
def logout():
|
||||||
|
"""用户登出"""
|
||||||
|
current_app.logger.info(f'用户登出: {current_user.username}')
|
||||||
logout_user()
|
logout_user()
|
||||||
flash('您已成功登出。')
|
flash('您已成功登出。')
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
|
|||||||
@@ -1,27 +1,26 @@
|
|||||||
|
"""权限装饰器"""
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
from flask import abort
|
from flask import abort
|
||||||
from flask_login import current_user
|
from flask_login import current_user
|
||||||
|
|
||||||
def admin_required(f):
|
def admin_required(f):
|
||||||
|
"""仅管理员可访问"""
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
if not current_user.is_authenticated or current_user.role != 'admin':
|
if not current_user.is_authenticated or current_user.role != 'admin':
|
||||||
abort(403) # HTTP 403 Forbidden error
|
abort(403)
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
||||||
# === 修正后的通用权限装饰器 ===
|
|
||||||
def permission_required(*roles):
|
def permission_required(*roles):
|
||||||
|
"""指定角色可访问"""
|
||||||
def decorator(f):
|
def decorator(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
if not current_user.is_authenticated:
|
if not current_user.is_authenticated:
|
||||||
abort(401) # Unauthorized
|
abort(401)
|
||||||
if current_user.role not in roles:
|
if current_user.role not in roles:
|
||||||
abort(403) # Forbidden
|
abort(403)
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
|
return decorated_function
|
||||||
# 正确的返回:返回包含了权限检查逻辑的包装函数
|
|
||||||
return decorated_function # <--- 已修正
|
|
||||||
|
|
||||||
return decorator
|
return decorator
|
||||||
|
|||||||
@@ -1,24 +1,16 @@
|
|||||||
# app/filters.py
|
"""Jinja2模板过滤器"""
|
||||||
# 状态翻译过滤器
|
|
||||||
|
|
||||||
STATUS_TRANSLATIONS = {
|
STATUS_TRANSLATIONS = {
|
||||||
# 举报状态
|
|
||||||
'pending': '待审核',
|
'pending': '待审核',
|
||||||
'in_review': '审核中',
|
'in_review': '审核中',
|
||||||
'approved': '已批准',
|
'approved': '已批准',
|
||||||
'rejected': '已驳回',
|
'rejected': '已驳回',
|
||||||
'revoked': '已撤销',
|
'revoked': '已撤销',
|
||||||
'overturned': '已推翻',
|
'overturned': '已推翻',
|
||||||
|
|
||||||
# 申诉状态
|
|
||||||
'awaiting_admin_reply': '等待管理员回复',
|
'awaiting_admin_reply': '等待管理员回复',
|
||||||
'awaiting_user_reply': '等待用户回复',
|
'awaiting_user_reply': '等待用户回复',
|
||||||
|
|
||||||
# 用户状态
|
|
||||||
'active': '正常',
|
'active': '正常',
|
||||||
'disabled': '已禁用',
|
'disabled': '已禁用',
|
||||||
|
|
||||||
# 黑名单状态
|
|
||||||
'expired': '已过期'
|
'expired': '已过期'
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -39,9 +31,9 @@ REASON_TRANSLATIONS = {
|
|||||||
}
|
}
|
||||||
|
|
||||||
def translate_status(status):
|
def translate_status(status):
|
||||||
"""将英文状态翻译为中文"""
|
"""状态翻译过滤器"""
|
||||||
return STATUS_TRANSLATIONS.get(status, status)
|
return STATUS_TRANSLATIONS.get(status, status)
|
||||||
|
|
||||||
def translate_reason(reason):
|
def translate_reason(reason):
|
||||||
"""将英文违规原因翻译为中文"""
|
"""违规原因翻译过滤器"""
|
||||||
return REASON_TRANSLATIONS.get(reason, reason)
|
return REASON_TRANSLATIONS.get(reason, reason)
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ from werkzeug.security import generate_password_hash, check_password_hash
|
|||||||
from app import db, login_manager
|
from app import db, login_manager
|
||||||
|
|
||||||
class PartnerSite(db.Model):
|
class PartnerSite(db.Model):
|
||||||
|
"""合作PT站点模型"""
|
||||||
__tablename__ = 'partner_sites'
|
__tablename__ = 'partner_sites'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
name = db.Column(db.String(100), unique=True, nullable=False, index=True)
|
name = db.Column(db.String(100), unique=True, nullable=False, index=True)
|
||||||
@@ -14,20 +15,23 @@ class PartnerSite(db.Model):
|
|||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f'<PartnerSite {self.name}>'
|
return f'<PartnerSite {self.name}>'
|
||||||
|
|
||||||
class User(UserMixin, db.Model):
|
class User(UserMixin, db.Model):
|
||||||
|
"""用户模型"""
|
||||||
__tablename__ = 'users'
|
__tablename__ = 'users'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
username = db.Column(db.String(64), unique=True, index=True, nullable=False)
|
username = db.Column(db.String(64), unique=True, index=True, nullable=False)
|
||||||
email = db.Column(db.String(120), unique=True, index=True, nullable=False)
|
email = db.Column(db.String(120), unique=True, index=True, nullable=False)
|
||||||
password_hash = db.Column(db.String(256))
|
password_hash = db.Column(db.String(256))
|
||||||
role = db.Column(db.String(16), default='user', index=True) # 'user', 'admin', 'trust_user'
|
role = db.Column(db.String(16), default='user', index=True)
|
||||||
status = db.Column(db.String(16), default='pending', index=True) # 'pending', 'active', 'disabled'
|
status = db.Column(db.String(16), default='pending', index=True)
|
||||||
created_at = db.Column(db.DateTime, default=datetime.utcnow)
|
created_at = db.Column(db.DateTime, default=datetime.utcnow)
|
||||||
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
||||||
pt_site = db.Column(db.String(100)) # 注册时填写的站点
|
pt_site = db.Column(db.String(100))
|
||||||
uid = db.Column(db.String(50)) # 注册时填写的 UID
|
uid = db.Column(db.String(50))
|
||||||
reports = db.relationship('Report', backref='reporter', lazy='dynamic')
|
reports = db.relationship('Report', backref='reporter', lazy='dynamic')
|
||||||
comments = db.relationship('Comment', back_populates='author', lazy='dynamic')
|
comments = db.relationship('Comment', back_populates='author', lazy='dynamic')
|
||||||
|
|
||||||
def set_password(self, password):
|
def set_password(self, password):
|
||||||
self.password_hash = generate_password_hash(password)
|
self.password_hash = generate_password_hash(password)
|
||||||
|
|
||||||
@@ -42,6 +46,7 @@ def load_user(user_id):
|
|||||||
return User.query.get(int(user_id))
|
return User.query.get(int(user_id))
|
||||||
|
|
||||||
class Report(db.Model):
|
class Report(db.Model):
|
||||||
|
"""举报模型"""
|
||||||
__tablename__ = 'reports'
|
__tablename__ = 'reports'
|
||||||
__table_args__ = (
|
__table_args__ = (
|
||||||
db.Index('idx_report_status_created', 'status', 'created_at'),
|
db.Index('idx_report_status_created', 'status', 'created_at'),
|
||||||
@@ -52,9 +57,9 @@ class Report(db.Model):
|
|||||||
reported_pt_site = db.Column(db.String(100), nullable=False)
|
reported_pt_site = db.Column(db.String(100), nullable=False)
|
||||||
reported_username = db.Column(db.String(50))
|
reported_username = db.Column(db.String(50))
|
||||||
reported_email = db.Column(db.String(120), index=True, nullable=False)
|
reported_email = db.Column(db.String(120), index=True, nullable=False)
|
||||||
reason_category = db.Column(db.String(16), nullable=False) # 'cheating', 'trading', 'spam', 'abusive', 'radio', 'other'
|
reason_category = db.Column(db.String(16), nullable=False)
|
||||||
description = db.Column(db.Text, nullable=False)
|
description = db.Column(db.Text, nullable=False)
|
||||||
status = db.Column(db.String(16), index=True, default='pending') # 'pending', 'approved', 'rejected', 'revoked', 'overturned'
|
status = db.Column(db.String(16), index=True, default='pending')
|
||||||
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
||||||
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
||||||
comments = db.relationship('Comment', backref='report', lazy='dynamic', cascade='all, delete-orphan')
|
comments = db.relationship('Comment', backref='report', lazy='dynamic', cascade='all, delete-orphan')
|
||||||
@@ -65,11 +70,12 @@ class Report(db.Model):
|
|||||||
return f'<Report {self.id}>'
|
return f'<Report {self.id}>'
|
||||||
|
|
||||||
class Evidence(db.Model):
|
class Evidence(db.Model):
|
||||||
|
"""证据模型"""
|
||||||
__tablename__ = 'evidences'
|
__tablename__ = 'evidences'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
report_id = db.Column(db.Integer, db.ForeignKey('reports.id', ondelete='CASCADE'), nullable=False)
|
report_id = db.Column(db.Integer, db.ForeignKey('reports.id', ondelete='CASCADE'), nullable=False)
|
||||||
file_url = db.Column(db.String(1024), nullable=False) # 存储OSS或本地路径
|
file_url = db.Column(db.String(1024), nullable=False)
|
||||||
file_type = db.Column(db.String(16)) # 'image', 'zip', 'text', 'image_url'
|
file_type = db.Column(db.String(16))
|
||||||
created_at = db.Column(db.DateTime, default=datetime.utcnow)
|
created_at = db.Column(db.DateTime, default=datetime.utcnow)
|
||||||
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
||||||
|
|
||||||
@@ -77,6 +83,7 @@ class Evidence(db.Model):
|
|||||||
return f'<Evidence {self.id} for Report {self.report_id}>'
|
return f'<Evidence {self.id} for Report {self.report_id}>'
|
||||||
|
|
||||||
class Blacklist(db.Model):
|
class Blacklist(db.Model):
|
||||||
|
"""黑名单模型"""
|
||||||
__tablename__ = 'blacklist'
|
__tablename__ = 'blacklist'
|
||||||
__table_args__ = (
|
__table_args__ = (
|
||||||
db.Index('idx_blacklist_email_status', 'normalized_email', 'status'),
|
db.Index('idx_blacklist_email_status', 'normalized_email', 'status'),
|
||||||
@@ -86,18 +93,20 @@ class Blacklist(db.Model):
|
|||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
username = db.Column(db.String(64), index=True)
|
username = db.Column(db.String(64), index=True)
|
||||||
email = db.Column(db.String(120), index=True)
|
email = db.Column(db.String(120), index=True)
|
||||||
normalized_email = db.Column(db.String(120), index=True) # 归一化后的邮箱
|
normalized_email = db.Column(db.String(120), index=True)
|
||||||
pt_site = db.Column(db.String(100), index=True)
|
pt_site = db.Column(db.String(100), index=True)
|
||||||
uid = db.Column(db.String(50))
|
uid = db.Column(db.String(50))
|
||||||
report_id = db.Column(db.Integer, db.ForeignKey('reports.id'), unique=True) # 确保一个举报只对应一个黑名单条目
|
report_id = db.Column(db.Integer, db.ForeignKey('reports.id'), unique=True)
|
||||||
status = db.Column(db.String(16), default='active', index=True) # 'active', 'revoked', 'expired'
|
status = db.Column(db.String(16), default='active', index=True)
|
||||||
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
||||||
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
||||||
appeals = db.relationship('Appeal', backref='blacklist_entry', lazy='dynamic')
|
appeals = db.relationship('Appeal', backref='blacklist_entry', lazy='dynamic')
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f'<Blacklist {self.normalized_email} on {self.pt_site}>'
|
return f'<Blacklist {self.normalized_email} on {self.pt_site}>'
|
||||||
|
|
||||||
class Comment(db.Model):
|
class Comment(db.Model):
|
||||||
|
"""评论模型"""
|
||||||
__tablename__ = 'comments'
|
__tablename__ = 'comments'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
body = db.Column(db.Text)
|
body = db.Column(db.Text)
|
||||||
@@ -105,26 +114,30 @@ class Comment(db.Model):
|
|||||||
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
|
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
|
||||||
report_id = db.Column(db.Integer, db.ForeignKey('reports.id', ondelete='CASCADE'))
|
report_id = db.Column(db.Integer, db.ForeignKey('reports.id', ondelete='CASCADE'))
|
||||||
author = db.relationship('User', back_populates='comments')
|
author = db.relationship('User', back_populates='comments')
|
||||||
|
|
||||||
class Appeal(db.Model):
|
class Appeal(db.Model):
|
||||||
|
"""申诉模型"""
|
||||||
__tablename__ = 'appeals'
|
__tablename__ = 'appeals'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
reason = db.Column(db.Text, nullable=False) # 用户最初的申诉理由
|
reason = db.Column(db.Text, nullable=False)
|
||||||
status = db.Column(db.String(32), nullable=False, default='awaiting_admin_reply', index=True) # 'awaiting_admin_reply', 'awaiting_user_reply', 'approved', 'rejected'
|
status = db.Column(db.String(32), nullable=False, default='awaiting_admin_reply', index=True)
|
||||||
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
||||||
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
||||||
appealer_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')) # 申诉人
|
appealer_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
|
||||||
blacklist_entry_id = db.Column(db.Integer, db.ForeignKey('blacklist.id', ondelete='SET NULL')) # 关联的黑名单条目
|
blacklist_entry_id = db.Column(db.Integer, db.ForeignKey('blacklist.id', ondelete='SET NULL'))
|
||||||
messages = db.relationship('AppealMessage', backref='appeal', lazy='dynamic', cascade='all, delete-orphan')
|
messages = db.relationship('AppealMessage', backref='appeal', lazy='dynamic', cascade='all, delete-orphan')
|
||||||
appealer = db.relationship('User', backref='appeals')
|
appealer = db.relationship('User', backref='appeals')
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return f'<Appeal {self.id}>'
|
return f'<Appeal {self.id}>'
|
||||||
|
|
||||||
class AppealMessage(db.Model):
|
class AppealMessage(db.Model):
|
||||||
|
"""申诉消息模型"""
|
||||||
__tablename__ = 'appeal_messages'
|
__tablename__ = 'appeal_messages'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
body = db.Column(db.Text, nullable=False)
|
body = db.Column(db.Text, nullable=False)
|
||||||
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
created_at = db.Column(db.DateTime, index=True, default=datetime.utcnow)
|
||||||
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE')) # 消息发送者
|
author_id = db.Column(db.Integer, db.ForeignKey('users.id', ondelete='CASCADE'))
|
||||||
appeal_id = db.Column(db.Integer, db.ForeignKey('appeals.id', ondelete='CASCADE'))
|
appeal_id = db.Column(db.Integer, db.ForeignKey('appeals.id', ondelete='CASCADE'))
|
||||||
author = db.relationship('User', backref='appeal_messages')
|
author = db.relationship('User', backref='appeal_messages')
|
||||||
|
|
||||||
|
|||||||
168
app/routes.py
168
app/routes.py
@@ -1,8 +1,8 @@
|
|||||||
from flask import abort, Blueprint, render_template, request, flash,redirect, url_for
|
from flask import abort, Blueprint, render_template, request, flash, redirect, url_for, current_app
|
||||||
from sqlalchemy import or_
|
from sqlalchemy import or_
|
||||||
from flask_login import login_required, current_user
|
from flask_login import login_required, current_user
|
||||||
from app import db
|
from app import db
|
||||||
from app.forms import SearchForm, ReportForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
|
from app.forms import SearchForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
|
||||||
from app.models import Blacklist, Report, Evidence, User, Comment, AppealMessage, Appeal, PartnerSite
|
from app.models import Blacklist, Report, Evidence, User, Comment, AppealMessage, Appeal, PartnerSite
|
||||||
from app.decorators import admin_required, permission_required
|
from app.decorators import admin_required, permission_required
|
||||||
from app.services.email_normalizer import normalize_email
|
from app.services.email_normalizer import normalize_email
|
||||||
@@ -11,54 +11,54 @@ main = Blueprint('main', __name__)
|
|||||||
|
|
||||||
@main.route('/', methods=['GET', 'POST'])
|
@main.route('/', methods=['GET', 'POST'])
|
||||||
def index():
|
def index():
|
||||||
|
"""首页 - 黑名单查询"""
|
||||||
form = SearchForm()
|
form = SearchForm()
|
||||||
search_result = None
|
search_result = None
|
||||||
searched = False
|
searched = False
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
# 在处理表单之前,检查用户是否已登录
|
|
||||||
if not current_user.is_authenticated:
|
if not current_user.is_authenticated:
|
||||||
flash('请登录后才能使用查询功能。', 'warning')
|
flash('请登录后才能使用查询功能。', 'warning')
|
||||||
# 重定向到登录页面,或者直接返回首页
|
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
|
|
||||||
# 如果用户已登录,则执行以下查询逻辑
|
|
||||||
searched = True
|
searched = True
|
||||||
search_term = form.search_term.data
|
search_term = form.search_term.data
|
||||||
normalized_email = normalize_email(search_term)
|
normalized_email = normalize_email(search_term)
|
||||||
|
|
||||||
search_result = Blacklist.query.join(Report).filter(
|
search_result = Blacklist.query.join(Report).filter(
|
||||||
or_(
|
or_(
|
||||||
Blacklist.normalized_email == normalized_email,
|
Blacklist.normalized_email == normalized_email,
|
||||||
Blacklist.username == search_term
|
Blacklist.username == search_term
|
||||||
),
|
),
|
||||||
Blacklist.status == 'active',
|
Blacklist.status == 'active',
|
||||||
Report.status == 'approved'
|
Report.status == 'approved'
|
||||||
).first()
|
).first()
|
||||||
|
|
||||||
if search_result:
|
if search_result:
|
||||||
|
current_app.logger.info(f'黑名单查询命中: {search_term} by {current_user.username}')
|
||||||
flash(f'警告: 查询到与 "{search_term}" 相关的公开不良记录。详情如下。', 'warning')
|
flash(f'警告: 查询到与 "{search_term}" 相关的公开不良记录。详情如下。', 'warning')
|
||||||
else:
|
else:
|
||||||
|
current_app.logger.info(f'黑名单查询未命中: {search_term} by {current_user.username}')
|
||||||
flash(f'未查询到与 "{search_term}" 相关的公开不良记录。', 'info')
|
flash(f'未查询到与 "{search_term}" 相关的公开不良记录。', 'info')
|
||||||
|
|
||||||
return render_template('index.html', form=form, search_result=search_result, searched=searched, Appeal=Appeal)
|
return render_template('index.html', form=form, search_result=search_result, searched=searched, Appeal=Appeal)
|
||||||
|
|
||||||
@main.route('/report/new', methods=['GET', 'POST'])
|
@main.route('/report/new', methods=['GET', 'POST'])
|
||||||
@login_required
|
@login_required
|
||||||
def create_report():
|
def create_report():
|
||||||
|
"""创建新举报"""
|
||||||
form = ReportForm()
|
form = ReportForm()
|
||||||
active_sites = PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name).all()
|
active_sites = PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name).all()
|
||||||
form.reported_pt_site.choices = [(site.name, site.name) for site in active_sites]
|
form.reported_pt_site.choices = [(site.name, site.name) for site in active_sites]
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
# 检查是否已有针对该邮箱的活跃举报
|
|
||||||
existing_report = Report.query.filter_by(
|
existing_report = Report.query.filter_by(
|
||||||
reported_email=form.reported_email.data,
|
reported_email=form.reported_email.data,
|
||||||
status='pending'
|
status='pending'
|
||||||
).first()
|
).first()
|
||||||
if existing_report:
|
if existing_report:
|
||||||
|
current_app.logger.warning(f'重复举报: {form.reported_email.data} by {current_user.username}')
|
||||||
flash(f'该邮箱已有待审核的举报 (#{existing_report.id}),请勿重复提交。', 'warning')
|
flash(f'该邮箱已有待审核的举报 (#{existing_report.id}),请勿重复提交。', 'warning')
|
||||||
return render_template('create_report.html', form=form)
|
return render_template('create_report.html', form=form)
|
||||||
|
|
||||||
# 1. 创建 Report 对象
|
|
||||||
new_report = Report(
|
new_report = Report(
|
||||||
reporter_id=current_user.id,
|
reporter_id=current_user.id,
|
||||||
reported_pt_site=form.reported_pt_site.data,
|
reported_pt_site=form.reported_pt_site.data,
|
||||||
@@ -69,59 +69,53 @@ def create_report():
|
|||||||
status='pending'
|
status='pending'
|
||||||
)
|
)
|
||||||
db.session.add(new_report)
|
db.session.add(new_report)
|
||||||
|
|
||||||
# 2. 处理证据链接
|
|
||||||
urls_text = form.evidences.data
|
urls_text = form.evidences.data
|
||||||
# 按行分割,并移除空白行和首尾空格
|
|
||||||
evidence_urls = [url.strip() for url in urls_text.strip().splitlines() if url.strip()]
|
evidence_urls = [url.strip() for url in urls_text.strip().splitlines() if url.strip()]
|
||||||
if not evidence_urls:
|
if not evidence_urls:
|
||||||
flash('必须提供至少一个有效的证据链接。', 'danger')
|
flash('必须提供至少一个有效的证据链接。', 'danger')
|
||||||
return render_template('create_report.html', form=form)
|
return render_template('create_report.html', form=form)
|
||||||
# 对每个 URL 进行简单的验证和保存
|
|
||||||
valid_extensions = ('.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp')
|
valid_extensions = ('.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp')
|
||||||
for url in evidence_urls:
|
for url in evidence_urls:
|
||||||
if url.lower().startswith(('http://', 'https://')) and url.lower().endswith(valid_extensions):
|
if url.lower().startswith(('http://', 'https://')) and url.lower().endswith(valid_extensions):
|
||||||
evidence = Evidence(
|
evidence = Evidence(
|
||||||
file_url=url,
|
file_url=url,
|
||||||
file_type='image_url', # 标记类型为图片链接
|
file_type='image_url',
|
||||||
report=new_report
|
report=new_report
|
||||||
)
|
)
|
||||||
db.session.add(evidence)
|
db.session.add(evidence)
|
||||||
else:
|
else:
|
||||||
# 如果有任何一个链接格式不正确,则回滚并提示用户
|
|
||||||
db.session.rollback()
|
db.session.rollback()
|
||||||
|
current_app.logger.error(f'无效证据链接: {url[:50]} by {current_user.username}')
|
||||||
flash(f'链接 "{url[:50]}..." 格式不正确或不是支持的图片格式。请提供以 http/https 开头,以 .png, .jpg 等结尾的图片链接。', 'danger')
|
flash(f'链接 "{url[:50]}..." 格式不正确或不是支持的图片格式。请提供以 http/https 开头,以 .png, .jpg 等结尾的图片链接。', 'danger')
|
||||||
return render_template('create_report.html', form=form)
|
return render_template('create_report.html', form=form)
|
||||||
|
|
||||||
# 3. 提交到数据库
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'新举报提交: #{new_report.id} - {form.reported_email.data} by {current_user.username}')
|
||||||
flash('举报提交成功,请等待管理员审核。', 'success')
|
flash('举报提交成功,请等待管理员审核。', 'success')
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
|
|
||||||
return render_template('create_report.html', form=form)
|
return render_template('create_report.html', form=form)
|
||||||
|
|
||||||
@main.route('/admin/reports')
|
@main.route('/admin/reports')
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('admin', 'trust_user')
|
@permission_required('admin', 'trust_user')
|
||||||
def report_list():
|
def report_list():
|
||||||
# 获取页码,默认为第一页
|
"""举报列表(管理员/信任用户)"""
|
||||||
page = request.args.get('page', 1, type=int)
|
page = request.args.get('page', 1, type=int)
|
||||||
# 查询举报,按创建时间倒序排列,并进行分页
|
|
||||||
# 每页显示 20 条记录
|
|
||||||
query = Report.query
|
query = Report.query
|
||||||
if current_user.role == 'trust_user':
|
if current_user.role == 'trust_user':
|
||||||
query = query.filter_by(status='pending')
|
query = query.filter_by(status='pending')
|
||||||
reports_pagination = query.order_by(Report.created_at.desc()).paginate(
|
reports_pagination = query.order_by(Report.created_at.desc()).paginate(
|
||||||
page=page, per_page=20, error_out=False
|
page=page, per_page=20, error_out=False
|
||||||
)
|
)
|
||||||
return render_template(
|
return render_template('admin/report_list.html', reports=reports_pagination)
|
||||||
'admin/report_list.html',
|
|
||||||
reports=reports_pagination
|
|
||||||
)
|
|
||||||
@main.route('/report/<int:report_id>', methods=['GET', 'POST'])
|
@main.route('/report/<int:report_id>', methods=['GET', 'POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('admin', 'trust_user') # 允许 admin 和 trust_user 访问
|
@permission_required('admin', 'trust_user')
|
||||||
def report_detail(report_id):
|
def report_detail(report_id):
|
||||||
|
"""举报详情"""
|
||||||
report = Report.query.get_or_404(report_id)
|
report = Report.query.get_or_404(report_id)
|
||||||
if current_user.role == 'trust_user' and report.status != 'pending':
|
if current_user.role == 'trust_user' and report.status != 'pending':
|
||||||
flash('您无权查看已处理的举报。', 'warning')
|
flash('您无权查看已处理的举报。', 'warning')
|
||||||
@@ -139,12 +133,11 @@ def report_detail(report_id):
|
|||||||
)
|
)
|
||||||
db.session.add(comment)
|
db.session.add(comment)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'举报评论: #{report.id} by {current_user.username}')
|
||||||
flash('你的审核建议已成功提交。', 'success')
|
flash('你的审核建议已成功提交。', 'success')
|
||||||
return redirect(url_for('main.report_detail', report_id=report.id))
|
return redirect(url_for('main.report_detail', report_id=report.id))
|
||||||
|
|
||||||
comments = report.comments.order_by(Comment.created_at.desc()).all()
|
|
||||||
|
|
||||||
# 查找针对同一邮箱的其他举报
|
comments = report.comments.order_by(Comment.created_at.desc()).all()
|
||||||
related_reports = Report.query.filter(
|
related_reports = Report.query.filter(
|
||||||
Report.reported_email == report.reported_email,
|
Report.reported_email == report.reported_email,
|
||||||
Report.id != report.id
|
Report.id != report.id
|
||||||
@@ -158,12 +151,11 @@ def report_detail(report_id):
|
|||||||
comments=comments,
|
comments=comments,
|
||||||
related_reports=related_reports
|
related_reports=related_reports
|
||||||
)
|
)
|
||||||
# === 独立的举报处理视图 (仅限 Admin) ===
|
|
||||||
# 这个视图只处理动作,不渲染页面。它接收来自详情页按钮的 POST 请求。
|
|
||||||
@main.route('/admin/report/<int:report_id>/process', methods=['POST'])
|
@main.route('/admin/report/<int:report_id>/process', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def process_report(report_id):
|
def process_report(report_id):
|
||||||
|
"""处理举报(批准/驳回)"""
|
||||||
report = Report.query.get_or_404(report_id)
|
report = Report.query.get_or_404(report_id)
|
||||||
action = request.form.get('action')
|
action = request.form.get('action')
|
||||||
|
|
||||||
@@ -173,10 +165,8 @@ def process_report(report_id):
|
|||||||
|
|
||||||
if action == 'confirm':
|
if action == 'confirm':
|
||||||
report.status = 'approved'
|
report.status = 'approved'
|
||||||
# 检查是否已在黑名单中
|
|
||||||
existing_blacklist = Blacklist.query.filter_by(report_id=report.id).first()
|
existing_blacklist = Blacklist.query.filter_by(report_id=report.id).first()
|
||||||
if not existing_blacklist:
|
if not existing_blacklist:
|
||||||
# 创建新的黑名单记录
|
|
||||||
new_blacklist_entry = Blacklist(
|
new_blacklist_entry = Blacklist(
|
||||||
email=report.reported_email,
|
email=report.reported_email,
|
||||||
normalized_email=normalize_email(report.reported_email),
|
normalized_email=normalize_email(report.reported_email),
|
||||||
@@ -187,7 +177,6 @@ def process_report(report_id):
|
|||||||
)
|
)
|
||||||
db.session.add(new_blacklist_entry)
|
db.session.add(new_blacklist_entry)
|
||||||
|
|
||||||
# 自动处理同一邮箱的其他待审核举报
|
|
||||||
other_pending = Report.query.filter(
|
other_pending = Report.query.filter(
|
||||||
Report.reported_email == report.reported_email,
|
Report.reported_email == report.reported_email,
|
||||||
Report.id != report.id,
|
Report.id != report.id,
|
||||||
@@ -203,7 +192,9 @@ def process_report(report_id):
|
|||||||
)
|
)
|
||||||
db.session.add(comment)
|
db.session.add(comment)
|
||||||
|
|
||||||
|
current_app.logger.info(f'举报批准: #{report.id} - {report.reported_email} by {current_user.username}')
|
||||||
if other_pending:
|
if other_pending:
|
||||||
|
current_app.logger.info(f'自动批准关联举报: {len(other_pending)}个')
|
||||||
flash(f'举报已批准,并已将相关信息添加到黑名单。同时自动处理了 {len(other_pending)} 个相关举报。', 'success')
|
flash(f'举报已批准,并已将相关信息添加到黑名单。同时自动处理了 {len(other_pending)} 个相关举报。', 'success')
|
||||||
else:
|
else:
|
||||||
flash('举报已批准,并已将相关信息添加到黑名单。', 'success')
|
flash('举报已批准,并已将相关信息添加到黑名单。', 'success')
|
||||||
@@ -211,8 +202,8 @@ def process_report(report_id):
|
|||||||
flash('举报状态已更新为"批准"。该举报已在黑名单中,无需重复添加。', 'info')
|
flash('举报状态已更新为"批准"。该举报已在黑名单中,无需重复添加。', 'info')
|
||||||
elif action == 'invalidate':
|
elif action == 'invalidate':
|
||||||
report.status = 'rejected'
|
report.status = 'rejected'
|
||||||
flash('举报状态已更新为“无效”。', 'success')
|
current_app.logger.info(f'举报驳回: #{report.id} by {current_user.username}')
|
||||||
|
flash('举报状态已更新为"无效"。', 'success')
|
||||||
else:
|
else:
|
||||||
flash('无效的操作。', 'danger')
|
flash('无效的操作。', 'danger')
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
@@ -221,44 +212,36 @@ def process_report(report_id):
|
|||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def revoke_report(report_id):
|
def revoke_report(report_id):
|
||||||
|
"""撤销已批准的举报"""
|
||||||
report = Report.query.get_or_404(report_id)
|
report = Report.query.get_or_404(report_id)
|
||||||
# 只有已批准的举报才能被撤销
|
|
||||||
if report.status != 'approved':
|
if report.status != 'approved':
|
||||||
flash('错误:只有已批准的举报才能被撤销。', 'danger')
|
flash('错误:只有已批准的举报才能被撤销。', 'danger')
|
||||||
return redirect(url_for('main.report_detail', report_id=report.id))
|
return redirect(url_for('main.report_detail', report_id=report.id))
|
||||||
form = RevokeForm()
|
form = RevokeForm()
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
# 1. 从黑名单中移除
|
|
||||||
blacklist_entry = Blacklist.query.filter_by(report_id=report.id).first()
|
blacklist_entry = Blacklist.query.filter_by(report_id=report.id).first()
|
||||||
if blacklist_entry:
|
if blacklist_entry:
|
||||||
db.session.delete(blacklist_entry)
|
db.session.delete(blacklist_entry)
|
||||||
|
|
||||||
# 2. 更新举报状态
|
|
||||||
report.status = 'revoked'
|
report.status = 'revoked'
|
||||||
|
|
||||||
# 3. 将撤销理由记录为一条特殊的评论(审计日志)
|
|
||||||
revocation_comment = Comment(
|
revocation_comment = Comment(
|
||||||
body=f"[系统操作:撤销批准]\n理由:{form.reason.data}",
|
body=f"[系统操作:撤销批准]\n理由:{form.reason.data}",
|
||||||
report=report,
|
report=report,
|
||||||
author=current_user._get_current_object()
|
author=current_user._get_current_object()
|
||||||
)
|
)
|
||||||
db.session.add(revocation_comment)
|
db.session.add(revocation_comment)
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.warning(f'举报撤销: #{report.id} by {current_user.username} - 理由: {form.reason.data[:50]}')
|
||||||
flash('举报已成功撤销,并已从黑名单中移除。', 'success')
|
flash('举报已成功撤销,并已从黑名单中移除。', 'success')
|
||||||
else:
|
else:
|
||||||
# 如果表单验证失败(例如理由为空),显示错误信息
|
|
||||||
flash('撤销失败:' + ' '.join(form.reason.errors), 'danger')
|
flash('撤销失败:' + ' '.join(form.reason.errors), 'danger')
|
||||||
return redirect(url_for('main.report_detail', report_id=report.id))
|
return redirect(url_for('main.report_detail', report_id=report.id))
|
||||||
@main.route('/admin/users')
|
@main.route('/admin/users')
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def manage_users():
|
def manage_users():
|
||||||
# 查询所有非待审核的用户
|
"""用户管理"""
|
||||||
users = User.query.filter(User.status != 'pending').order_by(User.created_at.desc()).all()
|
users = User.query.filter(User.status != 'pending').order_by(User.created_at.desc()).all()
|
||||||
|
|
||||||
# 为每个用户创建一个预填充了当前数据的表单实例
|
|
||||||
# 这样在模板中可以直接渲染,并且下拉框会默认选中用户的当前角色/状态
|
|
||||||
forms = {}
|
forms = {}
|
||||||
for user in users:
|
for user in users:
|
||||||
forms[user.id] = UpdateUserForm(obj=user)
|
forms[user.id] = UpdateUserForm(obj=user)
|
||||||
@@ -267,13 +250,13 @@ def manage_users():
|
|||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def update_user(user_id):
|
def update_user(user_id):
|
||||||
|
"""更新用户角色和状态"""
|
||||||
if user_id == 1:
|
if user_id == 1:
|
||||||
flash('错误:禁止修改初始管理员账户的角色和状态。', 'danger')
|
flash('错误:禁止修改初始管理员账户的角色和状态。', 'danger')
|
||||||
return redirect(url_for('main.manage_users'))
|
return redirect(url_for('main.manage_users'))
|
||||||
user = User.query.get_or_404(user_id)
|
user = User.query.get_or_404(user_id)
|
||||||
form = UpdateUserForm() # 创建一个空的表单来接收 POST 数据
|
form = UpdateUserForm()
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
# 安全检查:防止管理员误操作禁用或降级自己
|
|
||||||
if user == current_user:
|
if user == current_user:
|
||||||
if form.role.data != 'admin' or form.status.data != 'active':
|
if form.role.data != 'admin' or form.status.data != 'active':
|
||||||
flash('警告:您不能禁用或降级自己的管理员账户。', 'danger')
|
flash('警告:您不能禁用或降级自己的管理员账户。', 'danger')
|
||||||
@@ -281,9 +264,9 @@ def update_user(user_id):
|
|||||||
user.role = form.role.data
|
user.role = form.role.data
|
||||||
user.status = form.status.data
|
user.status = form.status.data
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'用户更新: {user.username} - 角色:{user.role} 状态:{user.status} by {current_user.username}')
|
||||||
flash(f'用户 {user.username} 的信息已成功更新。', 'success')
|
flash(f'用户 {user.username} 的信息已成功更新。', 'success')
|
||||||
else:
|
else:
|
||||||
# 如果表单验证失败,也给出提示
|
|
||||||
flash('更新失败,请检查提交的数据。', 'danger')
|
flash('更新失败,请检查提交的数据。', 'danger')
|
||||||
return redirect(url_for('main.manage_users'))
|
return redirect(url_for('main.manage_users'))
|
||||||
|
|
||||||
@@ -291,37 +274,47 @@ def update_user(user_id):
|
|||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def pending_users():
|
def pending_users():
|
||||||
|
"""待审核用户列表"""
|
||||||
users_to_review = User.query.filter_by(status='pending').order_by(User.created_at.asc()).all()
|
users_to_review = User.query.filter_by(status='pending').order_by(User.created_at.asc()).all()
|
||||||
return render_template('admin/pending_users.html', users=users_to_review)
|
return render_template('admin/pending_users.html', users=users_to_review)
|
||||||
|
|
||||||
@main.route('/admin/user/<int:user_id>/approve', methods=['POST'])
|
@main.route('/admin/user/<int:user_id>/approve', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def approve_user(user_id):
|
def approve_user(user_id):
|
||||||
|
"""批准用户注册"""
|
||||||
user = User.query.get_or_404(user_id)
|
user = User.query.get_or_404(user_id)
|
||||||
user.status = 'active'
|
user.status = 'active'
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'用户注册批准: {user.username} ({user.email}) by {current_user.username}')
|
||||||
flash(f'用户 {user.username} 的注册申请已被批准。', 'success')
|
flash(f'用户 {user.username} 的注册申请已被批准。', 'success')
|
||||||
return redirect(url_for('main.pending_users'))
|
return redirect(url_for('main.pending_users'))
|
||||||
|
|
||||||
@main.route('/admin/user/<int:user_id>/reject', methods=['POST'])
|
@main.route('/admin/user/<int:user_id>/reject', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def reject_user(user_id):
|
def reject_user(user_id):
|
||||||
|
"""拒绝用户注册"""
|
||||||
user = User.query.get_or_404(user_id)
|
user = User.query.get_or_404(user_id)
|
||||||
|
username = user.username
|
||||||
|
email = user.email
|
||||||
db.session.delete(user)
|
db.session.delete(user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash(f'用户 {user.username} 的注册申请已被拒绝并删除。', 'success')
|
current_app.logger.info(f'用户注册拒绝: {username} ({email}) by {current_user.username}')
|
||||||
|
flash(f'用户 {username} 的注册申请已被拒绝并删除。', 'success')
|
||||||
return redirect(url_for('main.pending_users'))
|
return redirect(url_for('main.pending_users'))
|
||||||
|
|
||||||
@main.route('/appeal/create/<int:blacklist_id>', methods=['GET', 'POST'])
|
@main.route('/appeal/create/<int:blacklist_id>', methods=['GET', 'POST'])
|
||||||
@login_required
|
@login_required
|
||||||
def create_appeal(blacklist_id):
|
def create_appeal(blacklist_id):
|
||||||
|
"""创建申诉"""
|
||||||
blacklist_entry = Blacklist.query.get_or_404(blacklist_id)
|
blacklist_entry = Blacklist.query.get_or_404(blacklist_id)
|
||||||
|
|
||||||
# 安全检查:确保用户只能为自己的黑名单记录申诉(邮箱匹配 或 UID+站点匹配)
|
|
||||||
if not (current_user.email == blacklist_entry.email or
|
if not (current_user.email == blacklist_entry.email or
|
||||||
(current_user.uid == blacklist_entry.uid and current_user.pt_site == blacklist_entry.pt_site)):
|
(current_user.uid == blacklist_entry.uid and current_user.pt_site == blacklist_entry.pt_site)):
|
||||||
|
current_app.logger.warning(f'非法申诉尝试: 用户{current_user.username} 尝试申诉黑名单#{blacklist_id}')
|
||||||
abort(403)
|
abort(403)
|
||||||
# 检查是否已有进行中的申诉
|
|
||||||
if blacklist_entry.appeals.filter(Appeal.status.in_(['awaiting_admin_reply', 'awaiting_user_reply'])).first():
|
if blacklist_entry.appeals.filter(Appeal.status.in_(['awaiting_admin_reply', 'awaiting_user_reply'])).first():
|
||||||
flash('您已有一个正在进行中的申诉,请勿重复提交。', 'warning')
|
flash('您已有一个正在进行中的申诉,请勿重复提交。', 'warning')
|
||||||
return redirect(url_for('main.index'))
|
return redirect(url_for('main.index'))
|
||||||
@@ -334,19 +327,18 @@ def create_appeal(blacklist_id):
|
|||||||
)
|
)
|
||||||
db.session.add(appeal)
|
db.session.add(appeal)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'新申诉提交: #{appeal.id} - 黑名单#{blacklist_id} by {current_user.username}')
|
||||||
flash('您的申诉已成功提交,请等待管理员审核。', 'success')
|
flash('您的申诉已成功提交,请等待管理员审核。', 'success')
|
||||||
# 提交成功后,跳转到申诉详情页
|
|
||||||
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
|
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
|
||||||
|
|
||||||
# 如果是 GET 请求,或表单验证失败,则渲染创建页面
|
|
||||||
return render_template('create_appeal.html', form=form, entry=blacklist_entry)
|
return render_template('create_appeal.html', form=form, entry=blacklist_entry)
|
||||||
@main.route('/appeal/<int:appeal_id>', methods=['GET', 'POST'])
|
@main.route('/appeal/<int:appeal_id>', methods=['GET', 'POST'])
|
||||||
@login_required
|
@login_required
|
||||||
def appeal_detail(appeal_id):
|
def appeal_detail(appeal_id):
|
||||||
|
"""申诉详情和对话"""
|
||||||
appeal = Appeal.query.get_or_404(appeal_id)
|
appeal = Appeal.query.get_or_404(appeal_id)
|
||||||
|
|
||||||
# 权限检查:只有申诉人或管理员可以查看
|
if appeal.appealer_id != current_user.id and not current_user.role=='admin':
|
||||||
if appeal.appealer_id != current_user.id and not current_user.role=='admin': # 假设你有 MANAGE_REPORTS 权限
|
|
||||||
abort(403)
|
abort(403)
|
||||||
form = AppealMessageForm()
|
form = AppealMessageForm()
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
@@ -358,7 +350,6 @@ def appeal_detail(appeal_id):
|
|||||||
author_id=current_user.id,
|
author_id=current_user.id,
|
||||||
appeal_id=appeal.id
|
appeal_id=appeal.id
|
||||||
)
|
)
|
||||||
# 更新申诉状态
|
|
||||||
if current_user.role=='admin':
|
if current_user.role=='admin':
|
||||||
appeal.status = 'awaiting_user_reply'
|
appeal.status = 'awaiting_user_reply'
|
||||||
else:
|
else:
|
||||||
@@ -366,16 +357,17 @@ def appeal_detail(appeal_id):
|
|||||||
|
|
||||||
db.session.add(msg)
|
db.session.add(msg)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'申诉消息: #{appeal.id} by {current_user.username}')
|
||||||
flash('消息已发送。', 'success')
|
flash('消息已发送。', 'success')
|
||||||
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
|
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
|
||||||
messages = appeal.messages.order_by(AppealMessage.created_at.asc()).all()
|
messages = appeal.messages.order_by(AppealMessage.created_at.asc()).all()
|
||||||
return render_template('appeal_detail.html', appeal=appeal, messages=messages, form=form)
|
return render_template('appeal_detail.html', appeal=appeal, messages=messages, form=form)
|
||||||
@main.route('/admin/appeals')
|
@main.route('/admin/appeals')
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('admin') # 或者你的管理权限
|
@permission_required('admin')
|
||||||
def appeal_list():
|
def appeal_list():
|
||||||
|
"""申诉列表(管理员)"""
|
||||||
page = request.args.get('page', 1, type=int)
|
page = request.args.get('page', 1, type=int)
|
||||||
# 优先显示待处理的
|
|
||||||
appeals_pagination = Appeal.query.order_by(
|
appeals_pagination = Appeal.query.order_by(
|
||||||
db.case(
|
db.case(
|
||||||
(Appeal.status == 'awaiting_admin_reply', 0),
|
(Appeal.status == 'awaiting_admin_reply', 0),
|
||||||
@@ -384,48 +376,48 @@ def appeal_list():
|
|||||||
),
|
),
|
||||||
Appeal.updated_at.desc()
|
Appeal.updated_at.desc()
|
||||||
).paginate(page=page, per_page=20, error_out=False)
|
).paginate(page=page, per_page=20, error_out=False)
|
||||||
|
|
||||||
return render_template('admin/appeal_list.html', appeals=appeals_pagination)
|
return render_template('admin/appeal_list.html', appeals=appeals_pagination)
|
||||||
|
|
||||||
@main.route('/appeal/<int:appeal_id>/decide', methods=['POST'])
|
@main.route('/appeal/<int:appeal_id>/decide', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('admin') # 必须是管理员
|
@permission_required('admin')
|
||||||
def decide_appeal(appeal_id):
|
def decide_appeal(appeal_id):
|
||||||
|
"""处理申诉(批准/驳回)"""
|
||||||
appeal = Appeal.query.get_or_404(appeal_id)
|
appeal = Appeal.query.get_or_404(appeal_id)
|
||||||
if appeal.status in ['approved', 'rejected']:
|
if appeal.status in ['approved', 'rejected']:
|
||||||
flash('该申诉已处理,无法重复操作。', 'warning')
|
flash('该申诉已处理,无法重复操作。', 'warning')
|
||||||
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
|
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
|
||||||
action = request.form.get('action')
|
action = request.form.get('action')
|
||||||
if action == 'approve':
|
if action == 'approve':
|
||||||
# 批准申诉:删除黑名单记录,更新申诉状态
|
|
||||||
blacklist_entry = appeal.blacklist_entry
|
blacklist_entry = appeal.blacklist_entry
|
||||||
blacklist_entry.status = 'revoked' # 将黑名单条目状态改为"已撤销"
|
blacklist_entry.status = 'revoked'
|
||||||
appeal.status = 'approved' # 同时更新申诉本身的状态
|
appeal.status = 'approved'
|
||||||
if blacklist_entry.report:
|
if blacklist_entry.report:
|
||||||
# 使用 'overturned' (已推翻) 可能比 'revoked' 更能描述 Report 的状态
|
blacklist_entry.report.status = 'overturned'
|
||||||
blacklist_entry.report.status = 'overturned'
|
|
||||||
db.session.add(blacklist_entry.report)
|
db.session.add(blacklist_entry.report)
|
||||||
db.session.add(blacklist_entry)
|
db.session.add(blacklist_entry)
|
||||||
db.session.add(appeal)
|
db.session.add(appeal)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'申诉批准: #{appeal.id} by {current_user.username}')
|
||||||
# --- 修改结束 ---
|
|
||||||
flash(f'申诉 #{appeal.id} 已被批准,对应的黑名单条目已撤销。', 'success')
|
flash(f'申诉 #{appeal.id} 已被批准,对应的黑名单条目已撤销。', 'success')
|
||||||
|
|
||||||
elif action == 'reject':
|
elif action == 'reject':
|
||||||
# 驳回申诉:仅更新申诉状态
|
|
||||||
appeal.status = 'rejected'
|
appeal.status = 'rejected'
|
||||||
db.session.add(appeal)
|
db.session.add(appeal)
|
||||||
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'申诉驳回: #{appeal.id} by {current_user.username}')
|
||||||
flash(f'已驳回申诉 #{appeal.id}。', 'info')
|
flash(f'已驳回申诉 #{appeal.id}。', 'info')
|
||||||
else:
|
else:
|
||||||
flash('无效操作。', 'danger')
|
flash('无效操作。', 'danger')
|
||||||
return redirect(url_for('main.appeal_list'))
|
return redirect(url_for('main.appeal_list'))
|
||||||
|
|
||||||
db.session.commit()
|
|
||||||
return redirect(url_for('main.appeal_list'))
|
return redirect(url_for('main.appeal_list'))
|
||||||
|
|
||||||
@main.route('/my/reports')
|
@main.route('/my/reports')
|
||||||
@login_required
|
@login_required
|
||||||
def my_reports():
|
def my_reports():
|
||||||
|
"""我的举报列表"""
|
||||||
page = request.args.get('page', 1, type=int)
|
page = request.args.get('page', 1, type=int)
|
||||||
reports_pagination = Report.query.filter_by(reporter_id=current_user.id).order_by(
|
reports_pagination = Report.query.filter_by(reporter_id=current_user.id).order_by(
|
||||||
Report.created_at.desc()
|
Report.created_at.desc()
|
||||||
@@ -435,6 +427,7 @@ def my_reports():
|
|||||||
@main.route('/my/appeals')
|
@main.route('/my/appeals')
|
||||||
@login_required
|
@login_required
|
||||||
def my_appeals():
|
def my_appeals():
|
||||||
|
"""我的申诉列表"""
|
||||||
page = request.args.get('page', 1, type=int)
|
page = request.args.get('page', 1, type=int)
|
||||||
appeals_pagination = Appeal.query.filter_by(appealer_id=current_user.id).order_by(
|
appeals_pagination = Appeal.query.filter_by(appealer_id=current_user.id).order_by(
|
||||||
Appeal.created_at.desc()
|
Appeal.created_at.desc()
|
||||||
@@ -445,9 +438,9 @@ def my_appeals():
|
|||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def manage_sites():
|
def manage_sites():
|
||||||
|
"""站点管理"""
|
||||||
form = PartnerSiteForm()
|
form = PartnerSiteForm()
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit():
|
||||||
# ... (添加站点的逻辑保持不变)
|
|
||||||
existing_site = PartnerSite.query.filter_by(name=form.name.data).first()
|
existing_site = PartnerSite.query.filter_by(name=form.name.data).first()
|
||||||
if existing_site:
|
if existing_site:
|
||||||
flash('该站点名称已存在。', 'danger')
|
flash('该站点名称已存在。', 'danger')
|
||||||
@@ -455,32 +448,39 @@ def manage_sites():
|
|||||||
new_site = PartnerSite(name=form.name.data, url=form.url.data)
|
new_site = PartnerSite(name=form.name.data, url=form.url.data)
|
||||||
db.session.add(new_site)
|
db.session.add(new_site)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
current_app.logger.info(f'新站点添加: {form.name.data} by {current_user.username}')
|
||||||
flash(f'合作站点 "{form.name.data}" 已成功添加。', 'success')
|
flash(f'合作站点 "{form.name.data}" 已成功添加。', 'success')
|
||||||
return redirect(url_for('main.manage_sites'))
|
return redirect(url_for('main.manage_sites'))
|
||||||
|
|
||||||
sites = PartnerSite.query.order_by(PartnerSite.name.asc()).all()
|
sites = PartnerSite.query.order_by(PartnerSite.name.asc()).all()
|
||||||
return render_template('admin/manage_sites.html', sites=sites, form=form)
|
return render_template('admin/manage_sites.html', sites=sites, form=form)
|
||||||
# 添加用于删除和切换状态的路由
|
|
||||||
@main.route('/admin/site/<int:site_id>/delete', methods=['POST'])
|
@main.route('/admin/site/<int:site_id>/delete', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def delete_site(site_id):
|
def delete_site(site_id):
|
||||||
|
"""删除站点"""
|
||||||
site = PartnerSite.query.get_or_404(site_id)
|
site = PartnerSite.query.get_or_404(site_id)
|
||||||
user_count = User.query.filter_by(pt_site=site.name).count()
|
user_count = User.query.filter_by(pt_site=site.name).count()
|
||||||
if user_count > 0:
|
if user_count > 0:
|
||||||
flash(f'无法删除站点 "{site.name}",因为已有 {user_count} 名用户关联到该站点。请先将其禁用。', 'danger')
|
flash(f'无法删除站点 "{site.name}",因为已有 {user_count} 名用户关联到该站点。请先将其禁用。', 'danger')
|
||||||
else:
|
else:
|
||||||
|
site_name = site.name
|
||||||
db.session.delete(site)
|
db.session.delete(site)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash(f'站点 "{site.name}" 已被删除。', 'success')
|
current_app.logger.info(f'站点删除: {site_name} by {current_user.username}')
|
||||||
|
flash(f'站点 "{site_name}" 已被删除。', 'success')
|
||||||
return redirect(url_for('main.manage_sites'))
|
return redirect(url_for('main.manage_sites'))
|
||||||
|
|
||||||
@main.route('/admin/site/<int:site_id>/toggle_active', methods=['POST'])
|
@main.route('/admin/site/<int:site_id>/toggle_active', methods=['POST'])
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
def toggle_site_active(site_id):
|
def toggle_site_active(site_id):
|
||||||
|
"""切换站点启用状态"""
|
||||||
site = PartnerSite.query.get_or_404(site_id)
|
site = PartnerSite.query.get_or_404(site_id)
|
||||||
site.is_active = not site.is_active
|
site.is_active = not site.is_active
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
status = "启用" if site.is_active else "禁用"
|
status = "启用" if site.is_active else "禁用"
|
||||||
|
current_app.logger.info(f'站点状态切换: {site.name} - {status} by {current_user.username}')
|
||||||
flash(f'站点 "{site.name}" 已被{status}。', 'success')
|
flash(f'站点 "{site.name}" 已被{status}。', 'success')
|
||||||
return redirect(url_for('main.manage_sites'))
|
return redirect(url_for('main.manage_sites'))
|
||||||
12
config.py
12
config.py
@@ -1,22 +1,18 @@
|
|||||||
|
"""应用配置"""
|
||||||
import os
|
import os
|
||||||
from dotenv import load_dotenv
|
from dotenv import load_dotenv
|
||||||
import redis
|
import redis
|
||||||
|
|
||||||
# 加载 .env 文件中的环境变量
|
|
||||||
basedir = os.path.abspath(os.path.dirname(__file__))
|
basedir = os.path.abspath(os.path.dirname(__file__))
|
||||||
load_dotenv(os.path.join(basedir, '.env'))
|
load_dotenv(os.path.join(basedir, '.env'))
|
||||||
|
|
||||||
class Config:
|
class Config:
|
||||||
"""基础配置类"""
|
"""基础配置"""
|
||||||
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-hard-to-guess-string'
|
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-hard-to-guess-string'
|
||||||
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
||||||
|
|
||||||
# CSRF 配置
|
|
||||||
WTF_CSRF_ENABLED = True
|
WTF_CSRF_ENABLED = True
|
||||||
WTF_CSRF_TIME_LIMIT = None
|
WTF_CSRF_TIME_LIMIT = None
|
||||||
WTF_CSRF_CHECK_DEFAULT = False
|
WTF_CSRF_CHECK_DEFAULT = False
|
||||||
|
|
||||||
# Session 配置
|
|
||||||
SESSION_TYPE = 'redis'
|
SESSION_TYPE = 'redis'
|
||||||
SESSION_PERMANENT = False
|
SESSION_PERMANENT = False
|
||||||
SESSION_USE_SIGNER = True
|
SESSION_USE_SIGNER = True
|
||||||
@@ -29,7 +25,6 @@ class Config:
|
|||||||
class DevelopmentConfig(Config):
|
class DevelopmentConfig(Config):
|
||||||
"""开发环境配置"""
|
"""开发环境配置"""
|
||||||
DEBUG = True
|
DEBUG = True
|
||||||
# 数据库 URI
|
|
||||||
DB_USER = os.environ.get('DB_USER')
|
DB_USER = os.environ.get('DB_USER')
|
||||||
DB_PASSWORD = os.environ.get('DB_PASSWORD')
|
DB_PASSWORD = os.environ.get('DB_PASSWORD')
|
||||||
DB_HOST = os.environ.get('DB_HOST')
|
DB_HOST = os.environ.get('DB_HOST')
|
||||||
@@ -39,15 +34,12 @@ class DevelopmentConfig(Config):
|
|||||||
class ProductionConfig(Config):
|
class ProductionConfig(Config):
|
||||||
"""生产环境配置"""
|
"""生产环境配置"""
|
||||||
DEBUG = False
|
DEBUG = False
|
||||||
# 数据库 URI
|
|
||||||
DB_USER = os.environ.get('DB_USER')
|
DB_USER = os.environ.get('DB_USER')
|
||||||
DB_PASSWORD = os.environ.get('DB_PASSWORD')
|
DB_PASSWORD = os.environ.get('DB_PASSWORD')
|
||||||
DB_HOST = os.environ.get('DB_HOST')
|
DB_HOST = os.environ.get('DB_HOST')
|
||||||
DB_NAME = os.environ.get('DB_NAME')
|
DB_NAME = os.environ.get('DB_NAME')
|
||||||
SQLALCHEMY_DATABASE_URI = f'mysql+pymysql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}/{DB_NAME}'
|
SQLALCHEMY_DATABASE_URI = f'mysql+pymysql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}/{DB_NAME}'
|
||||||
|
|
||||||
|
|
||||||
# 方便地通过字典来选择配置
|
|
||||||
config = {
|
config = {
|
||||||
'development': DevelopmentConfig,
|
'development': DevelopmentConfig,
|
||||||
'production': ProductionConfig,
|
'production': ProductionConfig,
|
||||||
|
|||||||
17
run.py
17
run.py
@@ -1,3 +1,4 @@
|
|||||||
|
"""应用启动入口"""
|
||||||
import os
|
import os
|
||||||
import click
|
import click
|
||||||
from app import create_app, db
|
from app import create_app, db
|
||||||
@@ -13,23 +14,23 @@ def make_shell_context():
|
|||||||
@click.argument("username")
|
@click.argument("username")
|
||||||
@click.argument("email")
|
@click.argument("email")
|
||||||
@click.argument("password")
|
@click.argument("password")
|
||||||
@click.option("--admin", is_flag=True, help="Flag to create an admin user.")
|
@click.option("--admin", is_flag=True, help="创建管理员用户")
|
||||||
def create_user(username, email, password, admin):
|
def create_user(username, email, password, admin):
|
||||||
"""Creates a new user."""
|
"""创建新用户"""
|
||||||
if User.query.filter_by(email=email).first():
|
if User.query.filter_by(email=email).first():
|
||||||
print(f"Error: Email {email} already exists.")
|
print(f"错误: 邮箱 {email} 已存在")
|
||||||
return
|
return
|
||||||
if User.query.filter_by(username=username).first():
|
if User.query.filter_by(username=username).first():
|
||||||
print(f"Error: Username {username} already exists.")
|
print(f"错误: 用户名 {username} 已存在")
|
||||||
return
|
return
|
||||||
|
|
||||||
user = User(username=username, email=email, status='active')
|
user = User(username=username, email=email, status='active')
|
||||||
user.set_password(password)
|
user.set_password(password)
|
||||||
if admin:
|
if admin:
|
||||||
user.role = 'admin'
|
user.role = 'admin'
|
||||||
|
|
||||||
db.session.add(user)
|
db.session.add(user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
print(f"User {username} created successfully.")
|
print(f"用户 {username} 创建成功")
|
||||||
if admin:
|
if admin:
|
||||||
print("Role: Admin")
|
print("角色: 管理员")
|
||||||
|
|||||||
Reference in New Issue
Block a user