DengDai/pt_blacklist
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e656487d6d5cc0084b7f1d39db138a66f8ad96a5
pt_blacklist/app/routes.py
DengDai eddda12228 fix: 申诉查看错误
2025-11-24 15:01:36 +08:00

450 lines
19 KiB
Python
Raw Blame History

from flask import abort, Blueprint, render_template, request, flash,redirect, url_for
from sqlalchemy import or_
from flask_login import login_required, current_user
from app import db
from app.forms import SearchForm, ReportForm, ReportForm, UpdateUserForm, CommentForm, RevokeForm, AppealForm, AppealMessageForm, PartnerSiteForm
from app.models import Blacklist, Report, Evidence, User, Comment, AppealMessage, Appeal, PartnerSite
from app.decorators import admin_required, permission_required
from app.services.email_normalizer import normalize_email
main = Blueprint('main', __name__)
@main.route('/', methods=['GET', 'POST'])
def index():
form = SearchForm()
search_result = None
searched = False
if form.validate_on_submit():
# 在处理表单之前,检查用户是否已登录
if not current_user.is_authenticated:
flash('请登录后才能使用查询功能。', 'warning')
# 重定向到登录页面,或者直接返回首页
return redirect(url_for('main.index'))
# 如果用户已登录,则执行以下查询逻辑
searched = True
search_term = form.search_term.data
normalized_email = normalize_email(search_term)
search_result = Blacklist.query.join(Report).filter(
or_(
Blacklist.normalized_email == normalized_email,
Blacklist.username == search_term
),
Blacklist.status == 'active',
Report.status == 'approved'
).first()
if search_result:
flash(f'警告: 查询到与 "{search_term}" 相关的公开不良记录。详情如下。', 'warning')
else:
flash(f'未查询到与 "{search_term}" 相关的公开不良记录。', 'info')
return render_template('index.html', form=form, search_result=search_result, searched=searched, Appeal=Appeal)
@main.route('/report/new', methods=['GET', 'POST'])
@login_required
def create_report():
form = ReportForm()
active_sites = PartnerSite.query.filter_by(is_active=True).order_by(PartnerSite.name).all()
form.reported_pt_site.choices = [(site.name, site.name) for site in active_sites]
if form.validate_on_submit():
# 1. 创建 Report 对象
new_report = Report(
reporter_id=current_user.id,
reported_pt_site=form.reported_pt_site.data,
reported_username=form.reported_username.data,
reported_email=form.reported_email.data,
reason_category=form.reason_category.data,
description=form.description.data,
status='pending'
)
db.session.add(new_report)
# 2. 处理证据链接
urls_text = form.evidences.data
# 按行分割,并移除空白行和首尾空格
evidence_urls = [url.strip() for url in urls_text.strip().splitlines() if url.strip()]
if not evidence_urls:
flash('必须提供至少一个有效的证据链接。', 'danger')
return render_template('create_report.html', form=form)
# 对每个 URL 进行简单的验证和保存
valid_extensions = ('.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp')
for url in evidence_urls:
if url.lower().startswith(('http://', 'https://')) and url.lower().endswith(valid_extensions):
evidence = Evidence(
file_url=url,
file_type='image_url', # 标记类型为图片链接
report=new_report
)
db.session.add(evidence)
else:
# 如果有任何一个链接格式不正确,则回滚并提示用户
db.session.rollback()
flash(f'链接 "{url[:50]}..." 格式不正确或不是支持的图片格式。请提供以 http/https 开头,以 .png, .jpg 等结尾的图片链接。', 'danger')
return render_template('create_report.html', form=form)
# 3. 提交到数据库
db.session.commit()
flash('举报提交成功,请等待管理员审核。', 'success')
return redirect(url_for('main.index'))
return render_template('create_report.html', form=form)
@main.route('/admin/reports')
@login_required
@permission_required('admin', 'trust_user')
def report_list():
# 获取页码,默认为第一页
page = request.args.get('page', 1, type=int)
# 查询举报,按创建时间倒序排列,并进行分页
# 每页显示 20 条记录
query = Report.query
if current_user.role == 'trust_user':
query = query.filter_by(status='pending')
reports_pagination = query.order_by(Report.created_at.desc()).paginate(
page=page, per_page=20, error_out=False
)
return render_template(
'admin/report_list.html',
reports=reports_pagination
)
@main.route('/report/<int:report_id>', methods=['GET', 'POST'])
@login_required
@permission_required('admin', 'trust_user') # 允许 admin 和 trust_user 访问
def report_detail(report_id):
report = Report.query.get_or_404(report_id)
if current_user.role == 'trust_user' and report.status != 'pending':
flash('您无权查看已处理的举报。', 'warning')
return redirect(url_for('main.report_list'))
comment_form = CommentForm()
revoke_form = RevokeForm()
if comment_form.validate_on_submit():
if report.status != 'pending':
flash('错误:该举报已被处理,无法添加新的评论。', 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
comment = Comment(
body=comment_form.body.data,
report=report,
author=current_user._get_current_object()
)
db.session.add(comment)
db.session.commit()
flash('你的审核建议已成功提交。', 'success')
return redirect(url_for('main.report_detail', report_id=report.id))
comments = report.comments.order_by(Comment.created_at.desc()).all()
return render_template(
'admin/report_detail.html',
report=report,
form=comment_form,
revoke_form=revoke_form,
comments=comments
)
# === 独立的举报处理视图 (仅限 Admin) ===
# 这个视图只处理动作,不渲染页面。它接收来自详情页按钮的 POST 请求。
@main.route('/admin/report/<int:report_id>/process', methods=['POST'])
@login_required
@admin_required
def process_report(report_id):
report = Report.query.get_or_404(report_id)
action = request.form.get('action')
if action not in ['confirm', 'invalidate']:
flash('无效的操作。', 'danger')
return redirect(url_for('main.report_detail', report_id=report_id))
if action == 'confirm':
report.status = 'approved'
# 检查是否已在黑名单中
existing_blacklist = Blacklist.query.filter_by(report_id=report.id).first()
if not existing_blacklist:
# 创建新的黑名单记录
new_blacklist_entry = Blacklist(
email=report.reported_email,
normalized_email=normalize_email(report.reported_email),
pt_site=report.reported_pt_site,
uid=report.reported_username,
report_id=report.id,
username=report.reported_username or None
)
db.session.add(new_blacklist_entry)
flash('举报已批准,并已将相关信息添加到黑名单。', 'success')
else:
flash('举报状态已更新为“批准”。该举报已在黑名单中,无需重复添加。', 'info')
elif action == 'invalidate':
report.status = 'rejected'
flash('举报状态已更新为“无效”。', 'success')
else:
flash('无效的操作。', 'danger')
db.session.commit()
return redirect(url_for('main.report_detail', report_id=report.id))
@main.route('/admin/report/<int:report_id>/revoke', methods=['POST'])
@login_required
@admin_required
def revoke_report(report_id):
report = Report.query.get_or_404(report_id)
# 只有已批准的举报才能被撤销
if report.status != 'approved':
flash('错误:只有已批准的举报才能被撤销。', 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
form = RevokeForm()
if form.validate_on_submit():
# 1. 从黑名单中移除
blacklist_entry = Blacklist.query.filter_by(report_id=report.id).first()
if blacklist_entry:
db.session.delete(blacklist_entry)
# 2. 更新举报状态
report.status = 'revoked'
# 3. 将撤销理由记录为一条特殊的评论(审计日志)
revocation_comment = Comment(
body=f"[系统操作:撤销批准]\n理由:{form.reason.data}",
report=report,
author=current_user._get_current_object()
)
db.session.add(revocation_comment)
db.session.commit()
flash('举报已成功撤销,并已从黑名单中移除。', 'success')
else:
# 如果表单验证失败(例如理由为空),显示错误信息
flash('撤销失败:' + ' '.join(form.reason.errors), 'danger')
return redirect(url_for('main.report_detail', report_id=report.id))
@main.route('/admin/users')
@login_required
@admin_required
def manage_users():
# 查询所有非待审核的用户
users = User.query.filter(User.status != 'pending').order_by(User.created_at.desc()).all()
# 为每个用户创建一个预填充了当前数据的表单实例
# 这样在模板中可以直接渲染,并且下拉框会默认选中用户的当前角色/状态
forms = {}
for user in users:
forms[user.id] = UpdateUserForm(obj=user)
return render_template('admin/manage_users.html', users=users, forms=forms)
@main.route('/admin/user/<int:user_id>/update', methods=['POST'])
@login_required
@admin_required
def update_user(user_id):
if user_id == 1:
flash('错误:禁止修改初始管理员账户的角色和状态。', 'danger')
return redirect(url_for('main.manage_users'))
user = User.query.get_or_404(user_id)
form = UpdateUserForm() # 创建一个空的表单来接收 POST 数据
if form.validate_on_submit():
# 安全检查:防止管理员误操作禁用或降级自己
if user == current_user:
if form.role.data != 'admin' or form.status.data != 'active':
flash('警告:您不能禁用或降级自己的管理员账户。', 'danger')
return redirect(url_for('main.manage_users'))
user.role = form.role.data
user.status = form.status.data
db.session.commit()
flash(f'用户 {user.username} 的信息已成功更新。', 'success')
else:
# 如果表单验证失败,也给出提示
flash('更新失败,请检查提交的数据。', 'danger')
return redirect(url_for('main.manage_users'))
@main.route('/admin/users/pending')
@login_required
@admin_required
def pending_users():
users_to_review = User.query.filter_by(status='pending').order_by(User.created_at.asc()).all()
return render_template('admin/pending_users.html', users=users_to_review)
@main.route('/admin/user/<int:user_id>/approve', methods=['POST'])
@login_required
@admin_required
def approve_user(user_id):
user = User.query.get_or_404(user_id)
user.status = 'active'
db.session.commit()
flash(f'用户 {user.username} 的注册申请已被批准。', 'success')
return redirect(url_for('main.pending_users'))
@main.route('/admin/user/<int:user_id>/reject', methods=['POST'])
@login_required
@admin_required
def reject_user(user_id):
user = User.query.get_or_404(user_id)
db.session.delete(user)
db.session.commit()
flash(f'用户 {user.username} 的注册申请已被拒绝并删除。', 'success')
return redirect(url_for('main.pending_users'))
@main.route('/appeal/create/<int:blacklist_id>', methods=['GET', 'POST'])
@login_required
def create_appeal(blacklist_id):
blacklist_entry = Blacklist.query.get_or_404(blacklist_id)
# 安全检查:确保用户只能为自己的黑名单记录申诉(邮箱匹配 或 UID+站点匹配)
if not (current_user.email == blacklist_entry.email or
(current_user.uid == blacklist_entry.uid and current_user.pt_site == blacklist_entry.pt_site)):
abort(403)
# 检查是否已有进行中的申诉
if blacklist_entry.appeals.filter(Appeal.status.in_(['awaiting_admin_reply', 'awaiting_user_reply'])).first():
flash('您已有一个正在进行中的申诉,请勿重复提交。', 'warning')
return redirect(url_for('main.index'))
form = AppealForm()
if form.validate_on_submit():
appeal = Appeal(
reason=form.reason.data,
appealer_id=current_user.id,
blacklist_entry=blacklist_entry
)
db.session.add(appeal)
db.session.commit()
flash('您的申诉已成功提交,请等待管理员审核。', 'success')
# 提交成功后,跳转到申诉详情页
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
# 如果是 GET 请求,或表单验证失败,则渲染创建页面
return render_template('create_appeal.html', form=form, entry=blacklist_entry)
@main.route('/appeal/<int:appeal_id>', methods=['GET', 'POST'])
@login_required
def appeal_detail(appeal_id):
appeal = Appeal.query.get_or_404(appeal_id)
# 权限检查:只有申诉人或管理员可以查看
if appeal.appealer_id != current_user.id and not current_user.role=='admin': # 假设你有 MANAGE_REPORTS 权限
abort(403)
form = AppealMessageForm()
if form.validate_on_submit():
if appeal.status in ['approved', 'rejected']:
flash('该申诉已关闭,无法继续对话。', 'warning')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
msg = AppealMessage(
body=form.body.data,
author_id=current_user.id,
appeal_id=appeal.id
)
# 更新申诉状态
if current_user.role=='admin':
appeal.status = 'awaiting_user_reply'
else:
appeal.status = 'awaiting_admin_reply'
db.session.add(msg)
db.session.commit()
flash('消息已发送。', 'success')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
messages = appeal.messages.order_by(AppealMessage.created_at.asc()).all()
return render_template('appeal_detail.html', appeal=appeal, messages=messages, form=form)
@main.route('/admin/appeals')
@login_required
@permission_required('admin') # 或者你的管理权限
def appeal_list():
page = request.args.get('page', 1, type=int)
# 优先显示待处理的
appeals_pagination = Appeal.query.order_by(
db.case(
(Appeal.status == 'awaiting_admin_reply', 0),
(Appeal.status == 'awaiting_user_reply', 1),
else_=2
),
Appeal.updated_at.desc()
).paginate(page=page, per_page=20, error_out=False)
return render_template('admin/appeal_list.html', appeals=appeals_pagination)
@main.route('/appeal/<int:appeal_id>/decide', methods=['POST'])
@login_required
@permission_required('admin') # 必须是管理员
def decide_appeal(appeal_id):
appeal = Appeal.query.get_or_404(appeal_id)
if appeal.status in ['approved', 'rejected']:
flash('该申诉已处理,无法重复操作。', 'warning')
return redirect(url_for('main.appeal_detail', appeal_id=appeal.id))
action = request.form.get('action')
if action == 'approve':
# 批准申诉:删除黑名单记录,更新申诉状态
blacklist_entry = appeal.blacklist_entry
blacklist_entry.status = 'revoked' # 将黑名单条目状态改为"已撤销"
appeal.status = 'approved' # 同时更新申诉本身的状态
if blacklist_entry.report:
# 使用 'overturned' (已推翻) 可能比 'revoked' 更能描述 Report 的状态
blacklist_entry.report.status = 'overturned'
db.session.add(blacklist_entry.report)
db.session.add(blacklist_entry)
db.session.add(appeal)
db.session.commit()
# --- 修改结束 ---
flash(f'申诉 #{appeal.id} 已被批准,对应的黑名单条目已撤销。', 'success')
elif action == 'reject':
# 驳回申诉:仅更新申诉状态
appeal.status = 'rejected'
db.session.add(appeal)
flash(f'已驳回申诉 #{appeal.id}', 'info')
else:
flash('无效操作。', 'danger')
return redirect(url_for('main.appeal_list'))
db.session.commit()
return redirect(url_for('main.appeal_list'))
@main.route('/my/reports')
@login_required
def my_reports():
page = request.args.get('page', 1, type=int)
reports_pagination = Report.query.filter_by(reporter_id=current_user.id).order_by(
Report.created_at.desc()
).paginate(page=page, per_page=20, error_out=False)
return render_template('my_reports.html', reports=reports_pagination)
@main.route('/my/appeals')
@login_required
def my_appeals():
page = request.args.get('page', 1, type=int)
appeals_pagination = Appeal.query.filter_by(appealer_id=current_user.id).order_by(
Appeal.created_at.desc()
).paginate(page=page, per_page=20, error_out=False)
return render_template('my_appeals.html', appeals=appeals_pagination)
@main.route('/admin/sites', methods=['GET', 'POST'])
@login_required
@admin_required
def manage_sites():
form = PartnerSiteForm()
if form.validate_on_submit():
# ... (添加站点的逻辑保持不变)
existing_site = PartnerSite.query.filter_by(name=form.name.data).first()
if existing_site:
flash('该站点名称已存在。', 'danger')
else:
new_site = PartnerSite(name=form.name.data, url=form.url.data)
db.session.add(new_site)
db.session.commit()
flash(f'合作站点 "{form.name.data}" 已成功添加。', 'success')
return redirect(url_for('main.manage_sites'))
sites = PartnerSite.query.order_by(PartnerSite.name.asc()).all()
return render_template('admin/manage_sites.html', sites=sites, form=form)
# 添加用于删除和切换状态的路由
@main.route('/admin/site/<int:site_id>/delete', methods=['POST'])
@login_required
@admin_required
def delete_site(site_id):
site = PartnerSite.query.get_or_404(site_id)
user_count = User.query.filter_by(pt_site=site.name).count()
if user_count > 0:
flash(f'无法删除站点 "{site.name}",因为已有 {user_count} 名用户关联到该站点。请先将其禁用。', 'danger')
else:
db.session.delete(site)
db.session.commit()
flash(f'站点 "{site.name}" 已被删除。', 'success')
return redirect(url_for('main.manage_sites'))
@main.route('/admin/site/<int:site_id>/toggle_active', methods=['POST'])
@login_required
@admin_required
def toggle_site_active(site_id):
site = PartnerSite.query.get_or_404(site_id)
site.is_active = not site.is_active
db.session.commit()
status = "启用" if site.is_active else "禁用"
flash(f'站点 "{site.name}" 已被{status}', 'success')
return redirect(url_for('main.manage_sites'))
Reference in New Issue View Git Blame Copy Permalink