from flask_login import login_user, logout_user from flask import Blueprint, render_template, redirect, url_for, request, flash from werkzeug.security import generate_password_hash, check_password_hash from flask_login import login_required, current_user, login_manager from .models import User, Conversation from . import db import time auth = Blueprint('auth', __name__) @auth.route('/login') def login(): return render_template('login.html') @auth.route('/login', methods=['POST']) def login_post(): # login code goes here email = request.form.get('email') password = request.form.get('password') remember = True if request.form.get('remember') else False user = User.query.filter_by(email=email).first() # check if the user actually exists # take the user-supplied password, hash it, and compare it to the hashed password in the database if not user or not check_password_hash(user.password, password): flash('请检查登录信息') # if the user doesn't exist or password is wrong, reload the page return redirect(url_for('auth.login')) # if the above check passes, then we know the user has the right credentials login_user(user, remember=remember) return redirect(url_for('main.index')) @auth.route('/signup') def signup(): return render_template('signup.html') @auth.route('/signup', methods=['POST']) def signup_post(): # code to validate and add user to database goes here email = request.form.get('email') name = request.form.get('name') password = request.form.get('password') # if this returns a user, then the email already exists in database user = User.query.filter_by(email=email).first() if user: # if a user is found, we want to redirect back to signup page so user can try again flash('此邮箱已注册!') return redirect(url_for('auth.signup')) if not (email): flash('Email missing!') return redirect(url_for('auth.signup')) if not (name): name = email if not (password): flash('Password missing!') return redirect(url_for('auth.signup')) # create a new user with the form data. Hash the password so the plaintext version isn't saved. new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256'), role='user', isActivated=False) # first user is always admin if not User.query.count(): new_user.role = 'admin' new_user.isActivated = True # add the new user to the database db.session.add(new_user) db.session.commit() return redirect(url_for('auth.login')) @auth.route('/logout') def logout(): if current_user.is_authenticated: logout_user() return redirect(url_for('main.index')) @auth.route('/manage', methods=['POST']) @login_required def manage_post(): method = request.form.get('method') id = request.form.get('id') email = request.form.get('email') name = request.form.get('name') role = request.form.get('role') isActivated = True if request.form.get( 'isActivated') == "true" else False if current_user.role == "admin": if method == "update": account = User.query.filter_by( id=id, email=email, name=name).first() if account: if current_user.id != 1 and account.role == "admin" and role == "user": return "fail 您无权移除管理员!" if current_user.id != 1 and account.isActivated and not isActivated: return "fail 您无权禁用管理员!" if db.session.query(User).filter(User.id == id).update({"role": role, "isActivated": isActivated}) and not db.session.commit(): time.sleep(0.05) return "success" else: time.sleep(0.05) return "fail db_commit" time.sleep(1) return "fail no account" if method == "delete": if role == "admin" and id != current_user.id: return "fail 无法直接删除管理员" account = User.query.filter_by( id=id, email=email, name=name, role=role, isActivated=isActivated).first() if account: db.session.query(Conversation).filter( Conversation.userid == id).delete() db.session.commit() if db.session.query(User).filter(User.id == id).delete() and not db.session.commit(): time.sleep(0.05) return "success" else: time.sleep(0.2) return "fail db_commit" time.sleep(1) return "fail no account" if current_user.id == id and current_user.role == "user": flash("暂时无法更改信息") return redirect(url_for('main.index')) flash("您无权管理其他账户") return redirect(url_for('main.index'))