更改验证方式&&界面

3 years ago · 072f13a2b6
--- a/app.py
+++ b/app.py
@ -1,3 +1,4 @@
 from functools import wraps
 from flask import Flask, request, render_template, send_from_directory, abort, redirect, session
 from flask_sqlalchemy import SQLAlchemy
 from flask_limiter import Limiter
@ -61,16 +62,31 @@ class Like(db.Model):

 db.create_all()

 def need_verify(func):
    @wraps(func)
    def warp(*args, **kwargs):
        print(session)
        if not session.get('verified'):
            abort(403)
        return func(*args, **kwargs)

    return warp

@app.route('/img/<path:path>')
 def send_img(path):
    return send_from_directory('static/img', path)

@app.route('/ordinary/set_session')
@limiter.limit("2 / hour; 1 / 5 minute")
 def set_session():
@app.route('/ordinary/verify', methods=['POST'])
@limiter.limit("3 / hour")
 def verify():
    for name, ques, hint, ans in C.verify:
        if request.form.get(name) != ans:
            return WRONG_ANS_HTML, 401

    session.permanent = True
    session['verified'] = True
    if 'uid' not in session:
        session['uid'] = random.randint(0, 2000000000)
        session.permanent = True
    return redirect('.')

@app.route('/ordinary/')
@ -78,9 +94,7 @@ def can_list():
    key = request.args.get('key')
    sort_by = request.args.get('sort_by', 'time')

    if 'uid' not in session:
        return redirect('set_session')
    uid = session['uid']
    uid = session.get('uid')

    q = Candidate.query
    q = q.order_by(db.desc('likeNum')) if sort_by=='likeNum' else q.order_by(db.desc('id'))
@ -99,20 +113,16 @@ def can_list():
        } for name, ques, hint, ans in C.verify
    ]

    return render_template('list.html', pagination=pag, vs=vs, showPrivate=(key==C.key), sort_by=sort_by, key=key, base_toot_url='https://%s/web/statuses/' % C.domain)
    return render_template('list.html', pagination=pag, vs=vs, verified=session.get('verified'), showPrivate=(key==C.key), sort_by=sort_by, key=key, base_toot_url='https://%s/web/statuses/' % C.domain)

@app.route('/ordinary/new', methods=['POST'])
@limiter.limit("5 / hour; 1 / 2 second")
@need_verify
 def new_one():

    content = request.form.get('text')
    private = request.form.get('privateText')
    url = request.form.get('url')

    for name, ques, hint, ans in C.verify:
        if request.form.get(name) != ans:
            return WRONG_ANS_HTML, 401

    if not content or len(content)>4000: abort(422)
    if    private and len(private)>1000: abort(422)
    if url and not re.match('https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)', url): abort(422)
@ -137,14 +147,9 @@ def new_one():

@app.route('/ordinary/judge', methods=['POST'])
@limiter.limit("10 / hour; 1 / 2 second")
@need_verify
 def judge():

    group = request.form.get('groupType')

    for name, ques, hint, ans in C.verify:
        if request.form.get(name) != ans:
            return WRONG_ANS_HTML, 401
    
    return redirect(C.groups.get(group))

@limiter.limit("100 / hour; 2 / second")
@ -178,6 +183,7 @@ def get_comments(toot):

@limiter.limit("100 / hour")
@app.route('/ordinary/<int:toot>/like', methods=['POST'])
@need_verify
 def like(toot):
    c = Candidate.query.filter_by(toot=toot).first()
    if not c:
--- a/templates/list.html
+++ b/templates/list.html
@ -54,6 +54,12 @@
      font-family: 'Noto Serif SC', serif;
    }

    .verify-box {
      padding: 20px;
      background-color: #8884;
      margin: 20px;
    }

    .part1 {
      max-width: 500px;
      float: left;
@ -194,8 +200,22 @@
    </div>

    <div class="part1">
    {% if not verified %}
    <form action="verify" method="post" class="verify-box">
      <p>完成简易验证后，你可以提交报名、获取评委群、点赞以及发布匿名评论<sub>(火热开发中)</sub>)</p>
      {% for v in vs %}
      <div class="form-group row">
        <label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
        <div class="col-sm-4">
          <input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
        </div>
      </div>
      {% endfor %}
      <button type="submit" class="btn btn-link btn-lg">提交</button>
    </form>
    {% else %}

      <div id="new" class="new twin-collapse twin front">
      <div id="new" class="new twin front">
        <form action="new" method="post">
          <div class="form-group qbox">
            <h1 style="margin: -14px -13px 20px">自荐提名</h1>
@ -212,16 +232,6 @@
                <input type="url" class="form-control" id="url" name="url" placeholder="清华云盘或safeShare链接，https://开头" pattern="https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)">
              </div>
            </div>
            <hr />
            <hr />
            {% for v in vs %}
            <div class="form-group row">
              <label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
              <div class="col-sm-4">
                <input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
              </div>
            </div>
            {% endfor %}
            <button type="submit" class="btn btn-link btn-lg">报名</button>
          </div>
        </form>
@ -239,10 +249,10 @@

      </div>

      <div class="judge twin-collapse twin behind">
      <div class="judge twin behind">
        <form action="judge" method="post">
          <div class="form-group qbox">
            <h1 style="text-align:right;margin:-12px -20px 20px">成为评委</h1>
            <h1 style="text-align:right;margin:-12px -20px 16px">成为评委</h1>
            <div style="font-size:80%">
              <p>为了更好地选出十位普通人的代表，为了更好地展现大众的声音，我们希望招募更多的评委。</p>
              <p>成为评委的条件：</p>
@ -270,36 +280,11 @@
                <label class="form-check-label" for="wx">微信</label>
              </div>
            </div>
            <hr/>
            {% for v in vs %}
            <div class="form-group row">
              <label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
              <div class="col-sm-4">
                <input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
              </div>
            </div>
            {% endfor %}
            <button type="submit" class="btn btn-link btn-lg">进群</button>
          </div>
        </form>
      </div>

      <a href="##" onclick="showNew()" class="show-mask">
        <span>
          <svg fill="#fff" viewBox="0 12 24 48" width="24">
            <path d="m0 24 l12 18 l12 -18 z"></path>
          </svg>
        </span>
      </a>


      <script>
        function showNew() {
          $('.twin').removeClass('twin-collapse');
          $('.show-mask').hide();
        }
      </script>

    {% endif %}
    </div>

    <div class="part2" id="part2">
@ -357,7 +342,7 @@

      <nav>
        <ul class="pagination">
          {%- for page in pagination.iter_pages() %}
          {%- for page in pagination.iter_pages(left_edge=2, left_current=1, right_current=3, right_edge=2) %}
          {% if page %}
          {% if page != pagination.page %}
          <li class="page-item"><a class="page-link" href="{{ url_for('can_list', page=page, per_page=pagination.per_page, key=key, sort_by=sort_by) }}">{{ page }}</a></li>
@ -367,7 +352,7 @@
          </li>
          {% endif %}
          {% else %}
          <li class="page-item"><span class=ellipsis>…</span></li>
          <li class="page-item"><span class=ellipsis>...</span></li>
          {% endif %}
          {%- endfor %}
        </ul>
@ -395,6 +380,7 @@
      alert('赞都赞了，别撤回嘛');
      return;
    }
    {% if verified %}
    $.ajax({
      type: 'POST',
      url: toot + '/like',
@ -407,6 +393,7 @@
        alert(error + ': ' + xhr.responseText);
      }
    });
    {% endif %}
  }

 $(document).ready(function(){