From 072f13a2b6ff48ecaf3a3cd768ce06ade670a0d2 Mon Sep 17 00:00:00 2001
From: Tdxdxoz <tdxdxoz@gmail.com>
Date: Wed, 4 Nov 2020 22:12:39 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=94=B9=E9=AA=8C=E8=AF=81=E6=96=B9?=
 =?UTF-8?q?=E5=BC=8F&&=E7=95=8C=E9=9D=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py              | 44 ++++++++++++++++-------------
 templates/list.html | 69 ++++++++++++++++++---------------------------
 2 files changed, 53 insertions(+), 60 deletions(-)

diff --git a/app.py b/app.py
index b753e3e..2f9ffbd 100644
--- a/app.py
+++ b/app.py
@@ -1,3 +1,4 @@
+from functools import wraps
 from flask import Flask, request, render_template, send_from_directory, abort, redirect, session
 from flask_sqlalchemy import SQLAlchemy
 from flask_limiter import Limiter
@@ -61,16 +62,31 @@ class Like(db.Model):
 
 db.create_all()
 
+def need_verify(func):
+    @wraps(func)
+    def warp(*args, **kwargs):
+        print(session)
+        if not session.get('verified'):
+            abort(403)
+        return func(*args, **kwargs)
+
+    return warp
+
 @app.route('/img/<path:path>')
 def send_img(path):
     return send_from_directory('static/img', path)
 
-@app.route('/ordinary/set_session')
-@limiter.limit("2 / hour; 1 / 5 minute")
-def set_session():
+@app.route('/ordinary/verify', methods=['POST'])
+@limiter.limit("3 / hour")
+def verify():
+    for name, ques, hint, ans in C.verify:
+        if request.form.get(name) != ans:
+            return WRONG_ANS_HTML, 401
+
+    session.permanent = True
+    session['verified'] = True
     if 'uid' not in session:
         session['uid'] = random.randint(0, 2000000000)
-        session.permanent = True
     return redirect('.')
 
 @app.route('/ordinary/')
@@ -78,9 +94,7 @@ def can_list():
     key = request.args.get('key')
     sort_by = request.args.get('sort_by', 'time')
 
-    if 'uid' not in session:
-        return redirect('set_session')
-    uid = session['uid']
+    uid = session.get('uid')
 
     q = Candidate.query
     q = q.order_by(db.desc('likeNum')) if sort_by=='likeNum' else q.order_by(db.desc('id'))
@@ -99,20 +113,16 @@ def can_list():
         } for name, ques, hint, ans in C.verify
     ]
 
-    return render_template('list.html', pagination=pag, vs=vs, showPrivate=(key==C.key), sort_by=sort_by, key=key, base_toot_url='https://%s/web/statuses/' % C.domain)
+    return render_template('list.html', pagination=pag, vs=vs, verified=session.get('verified'), showPrivate=(key==C.key), sort_by=sort_by, key=key, base_toot_url='https://%s/web/statuses/' % C.domain)
 
 @app.route('/ordinary/new', methods=['POST'])
 @limiter.limit("5 / hour; 1 / 2 second")
+@need_verify
 def new_one():
-
     content = request.form.get('text')
     private = request.form.get('privateText')
     url = request.form.get('url')
 
-    for name, ques, hint, ans in C.verify:
-        if request.form.get(name) != ans:
-            return WRONG_ANS_HTML, 401
-
     if not content or len(content)>4000: abort(422)
     if    private and len(private)>1000: abort(422)
     if url and not re.match('https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)', url): abort(422)
@@ -137,14 +147,9 @@ def new_one():
 
 @app.route('/ordinary/judge', methods=['POST'])
 @limiter.limit("10 / hour; 1 / 2 second")
+@need_verify
 def judge():
-
     group = request.form.get('groupType')
-
-    for name, ques, hint, ans in C.verify:
-        if request.form.get(name) != ans:
-            return WRONG_ANS_HTML, 401
-    
     return redirect(C.groups.get(group))
 
 @limiter.limit("100 / hour; 2 / second")
@@ -178,6 +183,7 @@ def get_comments(toot):
 
 @limiter.limit("100 / hour")
 @app.route('/ordinary/<int:toot>/like', methods=['POST'])
+@need_verify
 def like(toot):
     c = Candidate.query.filter_by(toot=toot).first()
     if not c:
diff --git a/templates/list.html b/templates/list.html
index bbb7981..c788b9e 100644
--- a/templates/list.html
+++ b/templates/list.html
@@ -54,6 +54,12 @@
       font-family: 'Noto Serif SC', serif;
     }
 
+    .verify-box {
+      padding: 20px;
+      background-color: #8884;
+      margin: 20px;
+    }
+
     .part1 {
       max-width: 500px;
       float: left;
@@ -194,8 +200,22 @@
     </div>
 
     <div class="part1">
+    {% if not verified %}
+    <form action="verify" method="post" class="verify-box">
+      <p>完成简易验证后，你可以提交报名、获取评委群、点赞以及发布匿名评论<sub>(火热开发中)</sub>)</p>
+      {% for v in vs %}
+      <div class="form-group row">
+        <label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
+        <div class="col-sm-4">
+          <input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
+        </div>
+      </div>
+      {% endfor %}
+      <button type="submit" class="btn btn-link btn-lg">提交</button>
+    </form>
+    {% else %}
 
-      <div id="new" class="new twin-collapse twin front">
+      <div id="new" class="new twin front">
         <form action="new" method="post">
           <div class="form-group qbox">
             <h1 style="margin: -14px -13px 20px">自荐提名</h1>
@@ -212,16 +232,6 @@
                 <input type="url" class="form-control" id="url" name="url" placeholder="清华云盘或safeShare链接，https://开头" pattern="https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)">
               </div>
             </div>
-            <hr />
-            <hr />
-            {% for v in vs %}
-            <div class="form-group row">
-              <label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
-              <div class="col-sm-4">
-                <input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
-              </div>
-            </div>
-            {% endfor %}
             <button type="submit" class="btn btn-link btn-lg">报名</button>
           </div>
         </form>
@@ -239,10 +249,10 @@
 
       </div>
 
-      <div class="judge twin-collapse twin behind">
+      <div class="judge twin behind">
         <form action="judge" method="post">
           <div class="form-group qbox">
-            <h1 style="text-align:right;margin:-12px -20px 20px">成为评委</h1>
+            <h1 style="text-align:right;margin:-12px -20px 16px">成为评委</h1>
             <div style="font-size:80%">
               <p>为了更好地选出十位普通人的代表，为了更好地展现大众的声音，我们希望招募更多的评委。</p>
               <p>成为评委的条件：</p>
@@ -270,36 +280,11 @@
                 <label class="form-check-label" for="wx">微信</label>
               </div>
             </div>
-            <hr/>
-            {% for v in vs %}
-            <div class="form-group row">
-              <label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
-              <div class="col-sm-4">
-                <input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
-              </div>
-            </div>
-            {% endfor %}
             <button type="submit" class="btn btn-link btn-lg">进群</button>
           </div>
         </form>
       </div>
-
-      <a href="##" onclick="showNew()" class="show-mask">
-        <span>
-          <svg fill="#fff" viewBox="0 12 24 48" width="24">
-            <path d="m0 24 l12 18 l12 -18 z"></path>
-          </svg>
-        </span>
-      </a>
-
-
-      <script>
-        function showNew() {
-          $('.twin').removeClass('twin-collapse');
-          $('.show-mask').hide();
-        }
-      </script>
-
+    {% endif %}
     </div>
 
     <div class="part2" id="part2">
@@ -357,7 +342,7 @@
 
       <nav>
         <ul class="pagination">
-          {%- for page in pagination.iter_pages() %}
+          {%- for page in pagination.iter_pages(left_edge=2, left_current=1, right_current=3, right_edge=2) %}
           {% if page %}
           {% if page != pagination.page %}
           <li class="page-item"><a class="page-link" href="{{ url_for('can_list', page=page, per_page=pagination.per_page, key=key, sort_by=sort_by) }}">{{ page }}</a></li>
@@ -367,7 +352,7 @@
           </li>
           {% endif %}
           {% else %}
-          <li class="page-item"><span class=ellipsis>…</span></li>
+          <li class="page-item"><span class=ellipsis>...</span></li>
           {% endif %}
           {%- endfor %}
         </ul>
@@ -395,6 +380,7 @@
       alert('赞都赞了，别撤回嘛');
       return;
     }
+    {% if verified %}
     $.ajax({
       type: 'POST',
       url: toot + '/like',
@@ -407,6 +393,7 @@
         alert(error + ': ' + xhr.responseText);
       }
     });
+    {% endif %}
   }
 
 $(document).ready(function(){