Example #1
0
// @api put /admin/api/themes/current 更改当前的主题
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam value string 新值
//
// @apiSuccess 200 OK
func adminPutCurrentTheme(w http.ResponseWriter, r *http.Request) {
	v := &struct {
		Value string `json:"value"`
	}{}
	if !util.ReadJSON(w, r, v) {
		return
	}

	if len(v.Value) == 0 {
		util.RenderJSON(w, http.StatusBadRequest, &util.ErrorResult{Message: "必须指定一个值!"}, nil)
		return
	}

	if err := app.SetOption("theme", v.Value, false); err != nil {
		logs.Error("adminPutTheme:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	if err := front.Switch(v.Value); err != nil {
		logs.Error("adminPutTheme:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	lastUpdated()
	util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
Example #2
0
// @api patch /admin/api/options/{key} 修改设置项的值
// @apiParam key string 需要修改项的key
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam value string 新值
// @apiExample json
// { "value": "abcdef" }
// @apiSuccess 204 no content
func adminPatchOption(w http.ResponseWriter, r *http.Request) {
	key, ok := util.ParamString(w, r, "key")
	if !ok {
		return
	}

	if _, found := app.GetOption(key); !found {
		util.RenderJSON(w, http.StatusNotFound, nil, nil)
		return
	}

	data := &struct {
		Value string `json:"value"`
	}{}
	if !util.ReadJSON(w, r, data) {
		return
	}

	if err := app.SetOption(key, data.Value, false); err != nil {
		logs.Error("adminPatchOption:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	lastUpdated()
	util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
Example #3
0
// @api put /admin/api/password 理发密码
// @apiGroup admin
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam old string 旧密码
// @apiParam new string 新密码
// @apiExample json
// {
//     "old": "123",
//     "new": "456"
// }
//
// @apiSuccess 204 no content
func adminChangePassword(w http.ResponseWriter, r *http.Request) {
	l := &struct {
		Old string `json:"old"`
		New string `json:"new"`
	}{}

	if !util.ReadJSON(w, r, l) {
		return
	}

	errs := &util.ErrorResult{Message: "提交数据错误", Detail: map[string]string{}}
	if len(l.New) == 0 {
		errs.Add("new", "新密码不能为空")
	}
	if opt.Password != app.Password(l.Old) {
		errs.Add("old", "旧密码错误")
	}
	if len(errs.Detail) > 0 {
		util.RenderJSON(w, http.StatusBadRequest, errs, nil)
		return
	}

	o := &models.Option{Key: "password", Value: app.Password(l.New)}
	if _, err := db.Update(o); err != nil {
		logs.Error("adminChangePassword:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	opt.Password = o.Value
	util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
Example #4
0
File: tags.go Project: caixw/typing
// @api put /admin/api/tags/{id} 修改某id的标签内容
// @apiParam id int 需要修改的标签id
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name        string 唯一名称
// @apiParam title       string 显示的标题
// @apiParam description string 描述信息,可以是html
// @apiExample json
// {
//     "name": "tag-1",
//     "title":"标签1",
//     "description": "<h1>desc</h1>"
// }
//
// @apiSuccess 204 no content
//
// @apiError 400 bad request
// @apiParam message string 错误信息
// @apiParam detail  array  说细的错误信息,用于描述哪个字段有错
// @apiExample json
// {
//     "message": "格式错误",
//     "detail":[
//         {"title":"不能包含特殊字符"},
//         {"name": "已经存在同名"}
//     ]
// }
func adminPutTag(w http.ResponseWriter, r *http.Request) {
	t := &models.Tag{}
	if !util.ReadJSON(w, r, t) {
		return
	}

	// 检测是否为空
	errs := &util.ErrorResult{Message: "格式错误", Detail: map[string]string{}}
	if len(t.Name) == 0 {
		errs.Add("name", "不能为空")
	}
	if len(t.Title) == 0 {
		errs.Add("title", "不能为空")
	}
	if errs.HasErrors() {
		util.RenderJSON(w, http.StatusBadRequest, errs, nil)
		return
	}

	var ok bool
	t.ID, ok = util.ParamID(w, r, "id")
	if !ok {
		return
	}

	// 检测是否存在同名
	titleExists, nameExists, err := tagIsExists(t)
	if err != nil {
		logs.Error("adminPutTag:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	if titleExists {
		errs.Add("title", "与已有标签同名")
	}
	if nameExists {
		errs.Add("name", "与已有标签同名")
	}
	if errs.HasErrors() {
		util.RenderJSON(w, http.StatusBadRequest, errs, nil)
		return
	}

	if _, err := db.Update(t); err != nil {
		logs.Error("adminPutTag:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	lastUpdated()
	util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
Example #5
0
File: tags.go Project: caixw/typing
// @api post /admin/api/tags 添加新标签
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name        string 唯一名称
// @apiParam title       string 显示的标题
// @apiParam description string 描述信息,可以是html
// @apiExample json
// {
//     "name": "tag-1",
//     "title":"标签1",
//     "description": "<h1>desc</h1>"
// }
//
// @apiSuccess 201 created
// @apiError 400 bad request
// @apiParam message string 错误信息
// @apiParam detail  array  说细的错误信息,用于描述哪个字段有错
// @apiExample json
// {
//     "message": "格式错误",
//     "detail":[
//         {"title":"不能包含特殊字符"},
//         {"name": "已经存在同名"}
//     ]
// }
func adminPostTag(w http.ResponseWriter, r *http.Request) {
	t := &models.Tag{}
	if !util.ReadJSON(w, r, t) {
		return
	}

	errs := &util.ErrorResult{Message: "格式错误"}
	if t.ID != 0 {
		errs.Add("id", "不允许的字段")
	}
	if len(t.Title) == 0 {
		errs.Add("title", "不能为空")
	}
	if len(t.Name) == 0 {
		errs.Add("name", "不能为空")
	}
	if errs.HasErrors() {
		util.RenderJSON(w, http.StatusBadRequest, errs, nil)
		return
	}

	t.ID = 0
	titleExists, nameExists, err := tagIsExists(t)
	if err != nil {
		logs.Error("adminPostTag:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	if titleExists {
		errs.Add("title", "已有同名字体段")
	}
	if nameExists {
		errs.Add("name", "已有同名字体段")
	}
	if errs.HasErrors() {
		util.RenderJSON(w, http.StatusBadRequest, errs, nil)
		return
	}

	if _, err := db.Insert(t); err != nil {
		logs.Error("adminPostTag:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	lastUpdated()
	util.RenderJSON(w, http.StatusCreated, "{}", nil)
}
Example #6
0
// @api put /admin/api/comments/{id} 修改评论,只能修改管理员发布的评论
// @apiParam id int 需要修改的评论id
// @apiGroup admin
//
// @apiRequest json
// @apiParam content string 新的评论内容
// @apiExample json
// { "content", "content..." }
//
// @apiSuccess 200 ok
func adminPutComment(w http.ResponseWriter, r *http.Request) {
	id, ok := util.ParamID(w, r, "id")
	if !ok {
		return
	}

	c := &models.Comment{ID: id}
	cnt, err := db.Count(c)
	if err != nil {
		logs.Error("putComment:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	if cnt == 0 {
		util.RenderJSON(w, http.StatusNotFound, nil, nil)
		return
	}

	ct := &struct {
		Content string `json:"content"`
	}{}

	if !util.ReadJSON(w, r, ct) {
		return
	}

	c.Content = ct.Content

	if _, err = db.Update(c); err != nil {
		logs.Error("putComment", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	if err := stats.UpdateCommentsSize(); err != nil {
		logs.Error("admin.adminPutComment:", err)
	}

	lastUpdated()
	util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
Example #7
0
// @api post /admin/api/login 登录
// @apiGroup admin
//
// @apiRequest json
// @apiParam password string 登录密码
// @apiExample json
// { "password": "12345" }
//
// @apiSuccess 201
// @apiHeader Cache-Control:no-cache
// @apiHeader Pragma:no-cache
// @apiParam token string 登录凭证;
// @apiExample json
// { "token":  "adfwerqeqaeqe313aa" }
func adminPostLogin(w http.ResponseWriter, r *http.Request) {
	inst := &struct {
		Password string `json:"password"`
	}{}
	if !util.ReadJSON(w, r, inst) {
		return
	}

	if app.Password(inst.Password) != opt.Password {
		util.RenderJSON(w, http.StatusUnauthorized, nil, nil)
		return
	}

	ret := make([]byte, 64)
	n, err := io.ReadFull(rand.Reader, ret)
	if err != nil {
		logs.Error("login:无法产生一个随机的token", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	if n == 0 {
		logs.Error("login:无法产生一个随机的token")
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	token = utils.MD5(string(ret))
	if len(token) == 0 {
		logs.Error("login:无法正确生成登录的token")
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	// 记录日志出错,仅输出错误内容,但不返回500错误。
	if err = writeLastLogs(r); err != nil {
		logs.Error("login:", err)
	}

	util.RenderJSON(w, http.StatusCreated, map[string]string{"token": token}, nil)
}
Example #8
0
// @api post /admin/api/comments 提交新评论
// @apiGroup admin
//
// @apiRequest json
// @apiParam parent int 评论的父级内容
// @apiParam postID int 评论的文章
// @apiParam content string 评论的内容
//
// @apiSuccess 201 created
func adminPostComment(w http.ResponseWriter, r *http.Request) {
	c := &struct {
		Parent  int64  `json:"parent"`
		PostID  int64  `json:"postID"`
		Content string `json:"content"`
	}{}

	if !util.ReadJSON(w, r, c) {
		return
	}

	comm := &models.Comment{
		Parent:      c.Parent,
		PostID:      c.PostID,
		Content:     c.Content,
		State:       models.CommentStateApproved,
		IP:          "",
		Agent:       "",
		Created:     time.Now().Unix(),
		IsAdmin:     true,
		AuthorURL:   opt.SiteURL,
		AuthorName:  opt.ScreenName,
		AuthorEmail: opt.Email,
	}
	if _, err := db.Insert(comm); err != nil {
		logs.Error("adminPostComment:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	if err := stats.UpdateCommentsSize(); err != nil {
		logs.Error("admin.adminPostComment:", err)
	}

	lastUpdated()
	util.RenderJSON(w, http.StatusCreated, nil, nil)
}
Example #9
0
// @api put /admin/api/posts/{id} 修改文章
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name         string 唯一名称,可以为空
// @apiParam title        string 标题
// @apiParam summary      string 文章摘要
// @apiParam content      string 文章内容
// @apiParam state        int    状态
// @apiParam order        int    排序
// @apiParam template     string 所使用的模板
// @apiParam allowPing    bool   允许ping
// @apiParam allowComment bool   允许评论
// @apiParam tags         array 关联的标签
//
// @apiSuccess 200 no content
func adminPutPost(w http.ResponseWriter, r *http.Request) {
	id, ok := util.ParamID(w, r, "id")
	if !ok {
		return
	}

	p := &struct {
		Name         string  `json:"name"`
		Title        string  `json:"title"`
		Summary      string  `json:"summary"`
		Content      string  `json:"content"`
		State        int     `json:"state"`
		Order        int     `json:"order"`
		Template     string  `json:"template"`
		AllowPing    bool    `json:"allowPing"`
		AllowComment bool    `json:"allowComment"`
		Tags         []int64 `json:"tags"`
	}{}
	if !util.ReadJSON(w, r, p) {
		return
	}
	op := &models.Post{ID: id}
	if err := db.Select(op); err != nil {
		logs.Error("adminPutPost-0:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	pp := &models.Post{
		ID:           id,
		Name:         p.Name,
		Title:        p.Title,
		Summary:      p.Summary,
		Content:      p.Content,
		State:        p.State,
		Order:        p.Order,
		Template:     p.Template,
		AllowPing:    p.AllowPing,
		AllowComment: p.AllowComment,
		Modified:     time.Now().Unix(),
		Created:      op.Created,
	}

	// TODO 是否有必要检测标签是否真实存在

	tx, err := db.Begin()
	if err != nil {
		logs.Error("adminPutPost-1:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		tx.Rollback()
		return
	}

	// 更新文档内容
	if _, err := tx.UpdateZero(pp); err != nil {
		logs.Error("adminPutPost-2:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		tx.Rollback()
		return
	}

	// 删除旧的关联内容
	sql := "DELETE FROM #relationships WHERE {postID}=?"
	if _, err := tx.Exec(true, sql, pp.ID); err != nil {
		logs.Error("adminPutPost-3:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		tx.Rollback()
		return
	}

	// 添加新的关联
	if len(p.Tags) > 0 {
		rs := make([]interface{}, 0, len(p.Tags))
		for _, tag := range p.Tags {
			rs = append(rs, &models.Relationship{TagID: tag, PostID: pp.ID})
		}
		if err := tx.MultInsert(rs...); err != nil {
			logs.Error("adminPutPost-4:", err)
			util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
			tx.Rollback()
			return
		}
	}

	if err := tx.Commit(); err != nil {
		logs.Error("adminPutPost-5:", err)
		tx.Rollback()
		return
	}

	if err := stats.UpdatePostsSize(); err != nil {
		logs.Error("admin.adminPutPost:", err)
	}
	lastUpdated()
	util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
Example #10
0
// @api post /admin/api/posts 新建文章
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name         string 唯一名称,可以为空
// @apiParam title        string 标题
// @apiParam summary      string 文章摘要
// @apiParam content      string 文章内容
// @apiParam state        int    状态
// @apiParam order        int    排序
// @apiParam template     string 所使用的模板
// @apiParam allowPing    bool   允许ping
// @apiParam allowComment bool   允许评论
// @apiParam tags         array  关联的标签
//
// @apiSuccess 201 created
func adminPostPost(w http.ResponseWriter, r *http.Request) {
	p := &struct {
		Name         string  `json:"name"`
		Title        string  `json:"title"`
		Summary      string  `json:"summary"`
		Content      string  `json:"content"`
		State        int     `json:"state"`
		Order        int     `json:"order"`
		Template     string  `json:"template"`
		AllowPing    bool    `json:"allowPing"`
		AllowComment bool    `json:"allowComment"`
		Tags         []int64 `json:"tags"`
	}{}

	if !util.ReadJSON(w, r, p) {
		return
	}

	t := time.Now().Unix()
	pp := &models.Post{
		Name:         p.Name,
		Title:        p.Title,
		Summary:      p.Summary,
		Content:      p.Content,
		State:        p.State,
		Order:        p.Order,
		Template:     p.Template,
		AllowPing:    p.AllowPing,
		AllowComment: p.AllowComment,
		Created:      t,
		Modified:     t,
	}

	tx, err := db.Begin()
	if err != nil {
		logs.Error("adminPostPost:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	// 插入文章
	result, err := tx.Insert(pp)
	if err != nil {
		tx.Rollback()
		logs.Error("adminPostPost:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	postID, err := result.LastInsertId()
	if err != nil {
		tx.Rollback()
		logs.Error("adminPostPost:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	// 插入relationship
	rs := make([]interface{}, 0, len(p.Tags))
	for _, tag := range p.Tags {
		rs = append(rs, &models.Relationship{PostID: postID, TagID: tag})
	}
	if err := tx.MultInsert(rs...); err != nil {
		tx.Rollback()
		logs.Error("adminPostPost:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	// commit
	if err := tx.Commit(); err != nil {
		tx.Rollback()
		logs.Error("adminPostPost:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}

	lastUpdated()
	util.RenderJSON(w, http.StatusCreated, "{}", nil)
}
Example #11
0
// @api post /api/posts/{id}/comments 提交新评论
// @apiGroup front
//
// @apiRequest json
// @apiParam parent      int    评论的父级内容
// @apiParam postID      int    评论的文章
// @apiParam content     string 评论的内容
// @apiParam authorName  string 评论的作者
// @apiParam authorURL   string 评论作者的网站地址,可为空
// @apiParam authorEmail string 评论作者的邮箱
//
// @apiSuccess 201 created
func frontPostPostComment(w http.ResponseWriter, r *http.Request) {
	c := &struct {
		Parent      int64  `json:"parent"`
		PostID      int64  `json:"postID"`
		Content     string `json:"content"`
		AuthorName  string `json:"authorName"`
		AuthorURL   string `json:"authorURL"`
		AuthorEmail string `json:"authorEmail"`
	}{}

	if !util.ReadJSON(w, r, c) {
		return
	}

	// 判断文章状态
	if c.PostID <= 0 {
		util.RenderJSON(w, http.StatusNotFound, nil, nil)
		return
	}

	p := &models.Post{ID: c.PostID}
	if err := db.Select(p); err != nil {
		logs.Error("forntPostPostComment:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	if (len(p.Title) == 0 && len(p.Content) == 0) || p.State != models.PostStatePublished {
		util.RenderJSON(w, http.StatusNotFound, nil, nil)
		return
	}
	if !p.AllowComment {
		util.RenderJSON(w, http.StatusMethodNotAllowed, nil, nil)
		return
	}

	// 判断提交数据的状态
	errs := &util.ErrorResult{}
	if c.Parent < 0 {
		errs.Detail["parent"] = "无效的parent"
	}
	if len(c.Content) == 0 {
		errs.Detail["content"] = "content不能为空"
	}
	if len(c.AuthorURL) > 0 && !is.URL(c.AuthorURL) {
		errs.Detail["authorURL"] = "无效的authorURL"
	}
	if !is.Email(c.AuthorEmail) {
		errs.Detail["authorEmail"] = "无效的authorEmail"
	}
	if len(c.AuthorName) == 0 {
		errs.Detail["authorName"] = "authorName不能为空"
	}

	c.AuthorName = html.EscapeString(c.AuthorName)

	// url只提取其host部分,其余的都去掉
	u, err := url.Parse(c.AuthorURL)
	if err != nil {
		logs.Error("frontPostComment:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	c.AuthorURL = u.Scheme + ":" + u.Host

	c.Content = html.EscapeString(c.Content)
	c.Content = strings.Replace(c.Content, "\n", "<br />", -1)

	comm := &models.Comment{
		PostID:      c.PostID,
		Parent:      c.Parent,
		AuthorURL:   c.AuthorURL,
		AuthorName:  c.AuthorName,
		AuthorEmail: c.AuthorEmail,
		Content:     c.Content,
		Created:     time.Now().Unix(),
		State:       models.CommentStateWaiting,
		IP:          r.RemoteAddr,
		Agent:       r.UserAgent(),
		IsAdmin:     false,
	}
	if _, err := db.Insert(comm); err != nil {
		logs.Error("frontPostComment:", err)
		util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
		return
	}
	util.RenderJSON(w, http.StatusCreated, nil, nil)
}