// @api put /admin/api/themes/current 更改当前的主题
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam value string 新值
//
// @apiSuccess 200 OK
func adminPutCurrentTheme(w http.ResponseWriter, r *http.Request) {
v := &struct {
Value string `json:"value"`
}{}
if !util.ReadJSON(w, r, v) {
return
}
if len(v.Value) == 0 {
util.RenderJSON(w, http.StatusBadRequest, &util.ErrorResult{Message: "必须指定一个值!"}, nil)
return
}
if err := app.SetOption("theme", v.Value, false); err != nil {
logs.Error("adminPutTheme:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if err := front.Switch(v.Value); err != nil {
logs.Error("adminPutTheme:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
lastUpdated()
util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
// @api patch /admin/api/options/{key} 修改设置项的值
// @apiParam key string 需要修改项的key
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam value string 新值
// @apiExample json
// { "value": "abcdef" }
// @apiSuccess 204 no content
func adminPatchOption(w http.ResponseWriter, r *http.Request) {
key, ok := util.ParamString(w, r, "key")
if !ok {
return
}
if _, found := app.GetOption(key); !found {
util.RenderJSON(w, http.StatusNotFound, nil, nil)
return
}
data := &struct {
Value string `json:"value"`
}{}
if !util.ReadJSON(w, r, data) {
return
}
if err := app.SetOption(key, data.Value, false); err != nil {
logs.Error("adminPatchOption:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
lastUpdated()
util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
// @api put /admin/api/password 理发密码
// @apiGroup admin
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam old string 旧密码
// @apiParam new string 新密码
// @apiExample json
// {
// "old": "123",
// "new": "456"
// }
//
// @apiSuccess 204 no content
func adminChangePassword(w http.ResponseWriter, r *http.Request) {
l := &struct {
Old string `json:"old"`
New string `json:"new"`
}{}
if !util.ReadJSON(w, r, l) {
return
}
errs := &util.ErrorResult{Message: "提交数据错误", Detail: map[string]string{}}
if len(l.New) == 0 {
errs.Add("new", "新密码不能为空")
}
if opt.Password != app.Password(l.Old) {
errs.Add("old", "旧密码错误")
}
if len(errs.Detail) > 0 {
util.RenderJSON(w, http.StatusBadRequest, errs, nil)
return
}
o := &models.Option{Key: "password", Value: app.Password(l.New)}
if _, err := db.Update(o); err != nil {
logs.Error("adminChangePassword:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
opt.Password = o.Value
util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
// @api put /admin/api/tags/{id} 修改某id的标签内容
// @apiParam id int 需要修改的标签id
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name string 唯一名称
// @apiParam title string 显示的标题
// @apiParam description string 描述信息,可以是html
// @apiExample json
// {
// "name": "tag-1",
// "title":"标签1",
// "description": "<h1>desc</h1>"
// }
//
// @apiSuccess 204 no content
//
// @apiError 400 bad request
// @apiParam message string 错误信息
// @apiParam detail array 说细的错误信息,用于描述哪个字段有错
// @apiExample json
// {
// "message": "格式错误",
// "detail":[
// {"title":"不能包含特殊字符"},
// {"name": "已经存在同名"}
// ]
// }
func adminPutTag(w http.ResponseWriter, r *http.Request) {
t := &models.Tag{}
if !util.ReadJSON(w, r, t) {
return
}
// 检测是否为空
errs := &util.ErrorResult{Message: "格式错误", Detail: map[string]string{}}
if len(t.Name) == 0 {
errs.Add("name", "不能为空")
}
if len(t.Title) == 0 {
errs.Add("title", "不能为空")
}
if errs.HasErrors() {
util.RenderJSON(w, http.StatusBadRequest, errs, nil)
return
}
var ok bool
t.ID, ok = util.ParamID(w, r, "id")
if !ok {
return
}
// 检测是否存在同名
titleExists, nameExists, err := tagIsExists(t)
if err != nil {
logs.Error("adminPutTag:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if titleExists {
errs.Add("title", "与已有标签同名")
}
if nameExists {
errs.Add("name", "与已有标签同名")
}
if errs.HasErrors() {
util.RenderJSON(w, http.StatusBadRequest, errs, nil)
return
}
if _, err := db.Update(t); err != nil {
logs.Error("adminPutTag:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
lastUpdated()
util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
// @api post /admin/api/tags 添加新标签
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name string 唯一名称
// @apiParam title string 显示的标题
// @apiParam description string 描述信息,可以是html
// @apiExample json
// {
// "name": "tag-1",
// "title":"标签1",
// "description": "<h1>desc</h1>"
// }
//
// @apiSuccess 201 created
// @apiError 400 bad request
// @apiParam message string 错误信息
// @apiParam detail array 说细的错误信息,用于描述哪个字段有错
// @apiExample json
// {
// "message": "格式错误",
// "detail":[
// {"title":"不能包含特殊字符"},
// {"name": "已经存在同名"}
// ]
// }
func adminPostTag(w http.ResponseWriter, r *http.Request) {
t := &models.Tag{}
if !util.ReadJSON(w, r, t) {
return
}
errs := &util.ErrorResult{Message: "格式错误"}
if t.ID != 0 {
errs.Add("id", "不允许的字段")
}
if len(t.Title) == 0 {
errs.Add("title", "不能为空")
}
if len(t.Name) == 0 {
errs.Add("name", "不能为空")
}
if errs.HasErrors() {
util.RenderJSON(w, http.StatusBadRequest, errs, nil)
return
}
t.ID = 0
titleExists, nameExists, err := tagIsExists(t)
if err != nil {
logs.Error("adminPostTag:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if titleExists {
errs.Add("title", "已有同名字体段")
}
if nameExists {
errs.Add("name", "已有同名字体段")
}
if errs.HasErrors() {
util.RenderJSON(w, http.StatusBadRequest, errs, nil)
return
}
if _, err := db.Insert(t); err != nil {
logs.Error("adminPostTag:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
lastUpdated()
util.RenderJSON(w, http.StatusCreated, "{}", nil)
}
// @api put /admin/api/comments/{id} 修改评论,只能修改管理员发布的评论
// @apiParam id int 需要修改的评论id
// @apiGroup admin
//
// @apiRequest json
// @apiParam content string 新的评论内容
// @apiExample json
// { "content", "content..." }
//
// @apiSuccess 200 ok
func adminPutComment(w http.ResponseWriter, r *http.Request) {
id, ok := util.ParamID(w, r, "id")
if !ok {
return
}
c := &models.Comment{ID: id}
cnt, err := db.Count(c)
if err != nil {
logs.Error("putComment:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if cnt == 0 {
util.RenderJSON(w, http.StatusNotFound, nil, nil)
return
}
ct := &struct {
Content string `json:"content"`
}{}
if !util.ReadJSON(w, r, ct) {
return
}
c.Content = ct.Content
if _, err = db.Update(c); err != nil {
logs.Error("putComment", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if err := stats.UpdateCommentsSize(); err != nil {
logs.Error("admin.adminPutComment:", err)
}
lastUpdated()
util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
// @api post /admin/api/login 登录
// @apiGroup admin
//
// @apiRequest json
// @apiParam password string 登录密码
// @apiExample json
// { "password": "******" }
//
// @apiSuccess 201
// @apiHeader Cache-Control:no-cache
// @apiHeader Pragma:no-cache
// @apiParam token string 登录凭证;
// @apiExample json
// { "token": "adfwerqeqaeqe313aa" }
func adminPostLogin(w http.ResponseWriter, r *http.Request) {
inst := &struct {
Password string `json:"password"`
}{}
if !util.ReadJSON(w, r, inst) {
return
}
if app.Password(inst.Password) != opt.Password {
util.RenderJSON(w, http.StatusUnauthorized, nil, nil)
return
}
ret := make([]byte, 64)
n, err := io.ReadFull(rand.Reader, ret)
if err != nil {
logs.Error("login:无法产生一个随机的token", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if n == 0 {
logs.Error("login:无法产生一个随机的token")
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
token = utils.MD5(string(ret))
if len(token) == 0 {
logs.Error("login:无法正确生成登录的token")
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
// 记录日志出错,仅输出错误内容,但不返回500错误。
if err = writeLastLogs(r); err != nil {
logs.Error("login:"******"token": token}, nil)
}
// @api post /admin/api/comments 提交新评论
// @apiGroup admin
//
// @apiRequest json
// @apiParam parent int 评论的父级内容
// @apiParam postID int 评论的文章
// @apiParam content string 评论的内容
//
// @apiSuccess 201 created
func adminPostComment(w http.ResponseWriter, r *http.Request) {
c := &struct {
Parent int64 `json:"parent"`
PostID int64 `json:"postID"`
Content string `json:"content"`
}{}
if !util.ReadJSON(w, r, c) {
return
}
comm := &models.Comment{
Parent: c.Parent,
PostID: c.PostID,
Content: c.Content,
State: models.CommentStateApproved,
IP: "",
Agent: "",
Created: time.Now().Unix(),
IsAdmin: true,
AuthorURL: opt.SiteURL,
AuthorName: opt.ScreenName,
AuthorEmail: opt.Email,
}
if _, err := db.Insert(comm); err != nil {
logs.Error("adminPostComment:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if err := stats.UpdateCommentsSize(); err != nil {
logs.Error("admin.adminPostComment:", err)
}
lastUpdated()
util.RenderJSON(w, http.StatusCreated, nil, nil)
}
// @api put /admin/api/posts/{id} 修改文章
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name string 唯一名称,可以为空
// @apiParam title string 标题
// @apiParam summary string 文章摘要
// @apiParam content string 文章内容
// @apiParam state int 状态
// @apiParam order int 排序
// @apiParam template string 所使用的模板
// @apiParam allowPing bool 允许ping
// @apiParam allowComment bool 允许评论
// @apiParam tags array 关联的标签
//
// @apiSuccess 200 no content
func adminPutPost(w http.ResponseWriter, r *http.Request) {
id, ok := util.ParamID(w, r, "id")
if !ok {
return
}
p := &struct {
Name string `json:"name"`
Title string `json:"title"`
Summary string `json:"summary"`
Content string `json:"content"`
State int `json:"state"`
Order int `json:"order"`
Template string `json:"template"`
AllowPing bool `json:"allowPing"`
AllowComment bool `json:"allowComment"`
Tags []int64 `json:"tags"`
}{}
if !util.ReadJSON(w, r, p) {
return
}
op := &models.Post{ID: id}
if err := db.Select(op); err != nil {
logs.Error("adminPutPost-0:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
pp := &models.Post{
ID: id,
Name: p.Name,
Title: p.Title,
Summary: p.Summary,
Content: p.Content,
State: p.State,
Order: p.Order,
Template: p.Template,
AllowPing: p.AllowPing,
AllowComment: p.AllowComment,
Modified: time.Now().Unix(),
Created: op.Created,
}
// TODO 是否有必要检测标签是否真实存在
tx, err := db.Begin()
if err != nil {
logs.Error("adminPutPost-1:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
tx.Rollback()
return
}
// 更新文档内容
if _, err := tx.UpdateZero(pp); err != nil {
logs.Error("adminPutPost-2:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
tx.Rollback()
return
}
// 删除旧的关联内容
sql := "DELETE FROM #relationships WHERE {postID}=?"
if _, err := tx.Exec(true, sql, pp.ID); err != nil {
logs.Error("adminPutPost-3:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
tx.Rollback()
return
}
// 添加新的关联
if len(p.Tags) > 0 {
rs := make([]interface{}, 0, len(p.Tags))
for _, tag := range p.Tags {
rs = append(rs, &models.Relationship{TagID: tag, PostID: pp.ID})
}
if err := tx.MultInsert(rs...); err != nil {
logs.Error("adminPutPost-4:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
tx.Rollback()
return
}
}
if err := tx.Commit(); err != nil {
logs.Error("adminPutPost-5:", err)
tx.Rollback()
return
}
if err := stats.UpdatePostsSize(); err != nil {
logs.Error("admin.adminPutPost:", err)
}
lastUpdated()
util.RenderJSON(w, http.StatusNoContent, nil, nil)
}
// @api post /admin/api/posts 新建文章
// @apiGroup admin
//
// @apiRequest json
// @apiHeader Authorization xxx
// @apiParam name string 唯一名称,可以为空
// @apiParam title string 标题
// @apiParam summary string 文章摘要
// @apiParam content string 文章内容
// @apiParam state int 状态
// @apiParam order int 排序
// @apiParam template string 所使用的模板
// @apiParam allowPing bool 允许ping
// @apiParam allowComment bool 允许评论
// @apiParam tags array 关联的标签
//
// @apiSuccess 201 created
func adminPostPost(w http.ResponseWriter, r *http.Request) {
p := &struct {
Name string `json:"name"`
Title string `json:"title"`
Summary string `json:"summary"`
Content string `json:"content"`
State int `json:"state"`
Order int `json:"order"`
Template string `json:"template"`
AllowPing bool `json:"allowPing"`
AllowComment bool `json:"allowComment"`
Tags []int64 `json:"tags"`
}{}
if !util.ReadJSON(w, r, p) {
return
}
t := time.Now().Unix()
pp := &models.Post{
Name: p.Name,
Title: p.Title,
Summary: p.Summary,
Content: p.Content,
State: p.State,
Order: p.Order,
Template: p.Template,
AllowPing: p.AllowPing,
AllowComment: p.AllowComment,
Created: t,
Modified: t,
}
tx, err := db.Begin()
if err != nil {
logs.Error("adminPostPost:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
// 插入文章
result, err := tx.Insert(pp)
if err != nil {
tx.Rollback()
logs.Error("adminPostPost:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
postID, err := result.LastInsertId()
if err != nil {
tx.Rollback()
logs.Error("adminPostPost:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
// 插入relationship
rs := make([]interface{}, 0, len(p.Tags))
for _, tag := range p.Tags {
rs = append(rs, &models.Relationship{PostID: postID, TagID: tag})
}
if err := tx.MultInsert(rs...); err != nil {
tx.Rollback()
logs.Error("adminPostPost:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
// commit
if err := tx.Commit(); err != nil {
tx.Rollback()
logs.Error("adminPostPost:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
lastUpdated()
util.RenderJSON(w, http.StatusCreated, "{}", nil)
}
// @api post /api/posts/{id}/comments 提交新评论
// @apiGroup front
//
// @apiRequest json
// @apiParam parent int 评论的父级内容
// @apiParam postID int 评论的文章
// @apiParam content string 评论的内容
// @apiParam authorName string 评论的作者
// @apiParam authorURL string 评论作者的网站地址,可为空
// @apiParam authorEmail string 评论作者的邮箱
//
// @apiSuccess 201 created
func frontPostPostComment(w http.ResponseWriter, r *http.Request) {
c := &struct {
Parent int64 `json:"parent"`
PostID int64 `json:"postID"`
Content string `json:"content"`
AuthorName string `json:"authorName"`
AuthorURL string `json:"authorURL"`
AuthorEmail string `json:"authorEmail"`
}{}
if !util.ReadJSON(w, r, c) {
return
}
// 判断文章状态
if c.PostID <= 0 {
util.RenderJSON(w, http.StatusNotFound, nil, nil)
return
}
p := &models.Post{ID: c.PostID}
if err := db.Select(p); err != nil {
logs.Error("forntPostPostComment:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
if (len(p.Title) == 0 && len(p.Content) == 0) || p.State != models.PostStatePublished {
util.RenderJSON(w, http.StatusNotFound, nil, nil)
return
}
if !p.AllowComment {
util.RenderJSON(w, http.StatusMethodNotAllowed, nil, nil)
return
}
// 判断提交数据的状态
errs := &util.ErrorResult{}
if c.Parent < 0 {
errs.Detail["parent"] = "无效的parent"
}
if len(c.Content) == 0 {
errs.Detail["content"] = "content不能为空"
}
if len(c.AuthorURL) > 0 && !is.URL(c.AuthorURL) {
errs.Detail["authorURL"] = "无效的authorURL"
}
if !is.Email(c.AuthorEmail) {
errs.Detail["authorEmail"] = "无效的authorEmail"
}
if len(c.AuthorName) == 0 {
errs.Detail["authorName"] = "authorName不能为空"
}
c.AuthorName = html.EscapeString(c.AuthorName)
// url只提取其host部分,其余的都去掉
u, err := url.Parse(c.AuthorURL)
if err != nil {
logs.Error("frontPostComment:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
c.AuthorURL = u.Scheme + ":" + u.Host
c.Content = html.EscapeString(c.Content)
c.Content = strings.Replace(c.Content, "\n", "<br />", -1)
comm := &models.Comment{
PostID: c.PostID,
Parent: c.Parent,
AuthorURL: c.AuthorURL,
AuthorName: c.AuthorName,
AuthorEmail: c.AuthorEmail,
Content: c.Content,
Created: time.Now().Unix(),
State: models.CommentStateWaiting,
IP: r.RemoteAddr,
Agent: r.UserAgent(),
IsAdmin: false,
}
if _, err := db.Insert(comm); err != nil {
logs.Error("frontPostComment:", err)
util.RenderJSON(w, http.StatusInternalServerError, nil, nil)
return
}
util.RenderJSON(w, http.StatusCreated, nil, nil)
}