closed-social
/
ordinary
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

更改验证方式&&界面

master
欧醚 4 years ago
parent
cf4ffde833
commit
072f13a2b6
Signed by: OmmyZhang GPG Key ID: 757D312E7C9D13F7
2 changed files with 53 additions and 60 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +25
    -19
      app.py
  2. +28
    -41
      templates/list.html

+ 25
- 19
app.py View File

@ -1,3 +1,4 @@
from functools import wraps
from flask import Flask, request, render_template, send_from_directory, abort, redirect, session from flask import Flask, request, render_template, send_from_directory, abort, redirect, session
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
from flask_limiter import Limiter from flask_limiter import Limiter
@ -61,16 +62,31 @@ class Like(db.Model):
db.create_all() db.create_all()
def need_verify(func):
@wraps(func)
def warp(*args, **kwargs):
print(session)
if not session.get('verified'):
abort(403)
return func(*args, **kwargs)
return warp
@app.route('/img/<path:path>') @app.route('/img/<path:path>')
def send_img(path): def send_img(path):
return send_from_directory('static/img', path) return send_from_directory('static/img', path)
@app.route('/ordinary/set_session')
@limiter.limit("2 / hour; 1 / 5 minute")
def set_session():
@app.route('/ordinary/verify', methods=['POST'])
@limiter.limit("3 / hour")
def verify():
for name, ques, hint, ans in C.verify:
if request.form.get(name) != ans:
return WRONG_ANS_HTML, 401
session.permanent = True
session['verified'] = True
if 'uid' not in session: if 'uid' not in session:
session['uid'] = random.randint(0, 2000000000) session['uid'] = random.randint(0, 2000000000)
session.permanent = True
return redirect('.') return redirect('.')
@app.route('/ordinary/') @app.route('/ordinary/')
@ -78,9 +94,7 @@ def can_list():
key = request.args.get('key') key = request.args.get('key')
sort_by = request.args.get('sort_by', 'time') sort_by = request.args.get('sort_by', 'time')
if 'uid' not in session:
return redirect('set_session')
uid = session['uid']
uid = session.get('uid')
q = Candidate.query q = Candidate.query
q = q.order_by(db.desc('likeNum')) if sort_by=='likeNum' else q.order_by(db.desc('id')) q = q.order_by(db.desc('likeNum')) if sort_by=='likeNum' else q.order_by(db.desc('id'))
@ -99,20 +113,16 @@ def can_list():
} for name, ques, hint, ans in C.verify } for name, ques, hint, ans in C.verify
] ]
return render_template('list.html', pagination=pag, vs=vs, showPrivate=(key==C.key), sort_by=sort_by, key=key, base_toot_url='https://%s/web/statuses/' % C.domain)
return render_template('list.html', pagination=pag, vs=vs, verified=session.get('verified'), showPrivate=(key==C.key), sort_by=sort_by, key=key, base_toot_url='https://%s/web/statuses/' % C.domain)
@app.route('/ordinary/new', methods=['POST']) @app.route('/ordinary/new', methods=['POST'])
@limiter.limit("5 / hour; 1 / 2 second") @limiter.limit("5 / hour; 1 / 2 second")
@need_verify
def new_one(): def new_one():
content = request.form.get('text') content = request.form.get('text')
private = request.form.get('privateText') private = request.form.get('privateText')
url = request.form.get('url') url = request.form.get('url')
for name, ques, hint, ans in C.verify:
if request.form.get(name) != ans:
return WRONG_ANS_HTML, 401
if not content or len(content)>4000: abort(422) if not content or len(content)>4000: abort(422)
if private and len(private)>1000: abort(422) if private and len(private)>1000: abort(422)
if url and not re.match('https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)', url): abort(422) if url and not re.match('https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)', url): abort(422)
@ -137,14 +147,9 @@ def new_one():
@app.route('/ordinary/judge', methods=['POST']) @app.route('/ordinary/judge', methods=['POST'])
@limiter.limit("10 / hour; 1 / 2 second") @limiter.limit("10 / hour; 1 / 2 second")
@need_verify
def judge(): def judge():
group = request.form.get('groupType') group = request.form.get('groupType')
for name, ques, hint, ans in C.verify:
if request.form.get(name) != ans:
return WRONG_ANS_HTML, 401
return redirect(C.groups.get(group)) return redirect(C.groups.get(group))
@limiter.limit("100 / hour; 2 / second") @limiter.limit("100 / hour; 2 / second")
@ -178,6 +183,7 @@ def get_comments(toot):
@limiter.limit("100 / hour") @limiter.limit("100 / hour")
@app.route('/ordinary/<int:toot>/like', methods=['POST']) @app.route('/ordinary/<int:toot>/like', methods=['POST'])
@need_verify
def like(toot): def like(toot):
c = Candidate.query.filter_by(toot=toot).first() c = Candidate.query.filter_by(toot=toot).first()
if not c: if not c:

+ 28
- 41
templates/list.html View File

@ -54,6 +54,12 @@
font-family: 'Noto Serif SC', serif; font-family: 'Noto Serif SC', serif;
} }
.verify-box {
padding: 20px;
background-color: #8884;
margin: 20px;
}
.part1 { .part1 {
max-width: 500px; max-width: 500px;
float: left; float: left;
@ -194,8 +200,22 @@
</div> </div>
<div class="part1"> <div class="part1">
{% if not verified %}
<form action="verify" method="post" class="verify-box">
<p>完成简易验证后,你可以提交报名、获取评委群、点赞以及发布匿名评论<sub>(火热开发中)</sub>)</p>
{% for v in vs %}
<div class="form-group row">
<label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
<div class="col-sm-4">
<input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
</div>
</div>
{% endfor %}
<button type="submit" class="btn btn-link btn-lg">提交</button>
</form>
{% else %}
<div id="new" class="new twin-collapse twin front">
<div id="new" class="new twin front">
<form action="new" method="post"> <form action="new" method="post">
<div class="form-group qbox"> <div class="form-group qbox">
<h1 style="margin: -14px -13px 20px">自荐提名</h1> <h1 style="margin: -14px -13px 20px">自荐提名</h1>
@ -212,16 +232,6 @@
<input type="url" class="form-control" id="url" name="url" placeholder="清华云盘或safeShare链接,https://开头" pattern="https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)"> <input type="url" class="form-control" id="url" name="url" placeholder="清华云盘或safeShare链接,https://开头" pattern="https://(cloud\.tsinghua\.edu\.cn/f/[0-9a-z]+/(\?dl=1)?|closed\.social/safeShare/\d([a-zA-Z]+)?)">
</div> </div>
</div> </div>
<hr />
<hr />
{% for v in vs %}
<div class="form-group row">
<label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
<div class="col-sm-4">
<input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
</div>
</div>
{% endfor %}
<button type="submit" class="btn btn-link btn-lg">报名</button> <button type="submit" class="btn btn-link btn-lg">报名</button>
</div> </div>
</form> </form>
@ -239,10 +249,10 @@
</div> </div>
<div class="judge twin-collapse twin behind">
<div class="judge twin behind">
<form action="judge" method="post"> <form action="judge" method="post">
<div class="form-group qbox"> <div class="form-group qbox">
<h1 style="text-align:right;margin:-12px -20px 20px">成为评委</h1>
<h1 style="text-align:right;margin:-12px -20px 16px">成为评委</h1>
<div style="font-size:80%"> <div style="font-size:80%">
<p>为了更好地选出十位普通人的代表,为了更好地展现大众的声音,我们希望招募更多的评委。</p> <p>为了更好地选出十位普通人的代表,为了更好地展现大众的声音,我们希望招募更多的评委。</p>
<p>成为评委的条件:</p> <p>成为评委的条件:</p>
@ -270,36 +280,11 @@
<label class="form-check-label" for="wx">微信</label> <label class="form-check-label" for="wx">微信</label>
</div> </div>
</div> </div>
<hr/>
{% for v in vs %}
<div class="form-group row">
<label for="{{v.name}}" class="col-sm-8 col-form-label">{{v.ques}}</label>
<div class="col-sm-4">
<input type="text" class="form-control" name="{{v.name}}" placeholder="{{v.hint}}" required="required">
</div>
</div>
{% endfor %}
<button type="submit" class="btn btn-link btn-lg">进群</button> <button type="submit" class="btn btn-link btn-lg">进群</button>
</div> </div>
</form> </form>
</div> </div>
<a href="##" onclick="showNew()" class="show-mask">
<span>
<svg fill="#fff" viewBox="0 12 24 48" width="24">
<path d="m0 24 l12 18 l12 -18 z"></path>
</svg>
</span>
</a>
<script>
function showNew() {
$('.twin').removeClass('twin-collapse');
$('.show-mask').hide();
}
</script>
{% endif %}
</div> </div>
<div class="part2" id="part2"> <div class="part2" id="part2">
@ -357,7 +342,7 @@
<nav> <nav>
<ul class="pagination"> <ul class="pagination">
{%- for page in pagination.iter_pages() %}
{%- for page in pagination.iter_pages(left_edge=2, left_current=1, right_current=3, right_edge=2) %}
{% if page %} {% if page %}
{% if page != pagination.page %} {% if page != pagination.page %}
<li class="page-item"><a class="page-link" href="{{ url_for('can_list', page=page, per_page=pagination.per_page, key=key, sort_by=sort_by) }}">{{ page }}</a></li> <li class="page-item"><a class="page-link" href="{{ url_for('can_list', page=page, per_page=pagination.per_page, key=key, sort_by=sort_by) }}">{{ page }}</a></li>
@ -367,7 +352,7 @@
</li> </li>
{% endif %} {% endif %}
{% else %} {% else %}
<li class="page-item"><span class=ellipsis></span></li>
<li class="page-item"><span class=ellipsis>...</span></li>
{% endif %} {% endif %}
{%- endfor %} {%- endfor %}
</ul> </ul>
@ -395,6 +380,7 @@
alert('赞都赞了,别撤回嘛'); alert('赞都赞了,别撤回嘛');
return; return;
} }
{% if verified %}
$.ajax({ $.ajax({
type: 'POST', type: 'POST',
url: toot + '/like', url: toot + '/like',
@ -407,6 +393,7 @@
alert(error + ': ' + xhr.responseText); alert(error + ': ' + xhr.responseText);
} }
}); });
{% endif %}
} }
$(document).ready(function(){ $(document).ready(function(){

Write Preview
Loading…
Cancel
Save