From 08b822fff8d06472a2a3ec5120f9a238e0eb6bb3 Mon Sep 17 00:00:00 2001 From: cxykevin Date: Tue, 20 Aug 2024 21:37:47 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E9=87=8D=E7=BD=AE=E5=AF=86?= =?UTF-8?q?=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/main.py | 43 ++++++++++++++++++++-- server/reg.py | 14 ++++---- src/resetpasswd.html | 86 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 134 insertions(+), 9 deletions(-) create mode 100644 src/resetpasswd.html diff --git a/server/main.py b/server/main.py index 7373e91..d70b99f 100644 --- a/server/main.py +++ b/server/main.py @@ -1,7 +1,7 @@ from fastapi.security import OAuth2PasswordBearer from fastapi import FastAPI, Cookie, Response, Form from fastapi.templating import Jinja2Templates -from fastapi.responses import RedirectResponse +from fastapi.responses import RedirectResponse, HTMLResponse from datetime import timedelta, datetime from contextlib import asynccontextmanager from . import db @@ -72,7 +72,7 @@ oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") def check_passwd(passwd: str): if (len(passwd) < 8): return 1 - pattern = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$' + pattern = r'^(?![a-zA-Z]+$)(?!\d+$)(?![^\da-zA-Z\s]+$).{8,40}$' if re.match(pattern, passwd): return 0 @@ -150,12 +150,14 @@ async def login_callback(username: str = Form(), password: str = Form(), email: @app.get("/api/checkemail") -async def login_callback(uid: str): +async def checkemail(uid: str): if (uid not in emails): return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "不存在的注册id"}) if (emails[uid][2] < datetime.now()): del emails[uid] return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "链接已过期"}) + if (emails[uid][1] == ""): + return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "不存在的注册id"}) if await db.create_user(emails[uid][0], emails[uid][1], emails[uid][3]) == 0: del emails[uid] return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "创建成功"}) @@ -164,6 +166,36 @@ async def login_callback(uid: str): return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "重复的用户名"}) +@app.get("/api/resetpasswd", response_class=HTMLResponse) +async def resetpasswd(uid: str, response: Response): + if (uid not in emails): + return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "不存在的验证id"}) + if (emails[uid][2] < datetime.now()): + del emails[uid] + return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "链接已过期"}) + if (emails[uid][1] != ""): + return templates.TemplateResponse("checkemail.html", {"request": {}, "msg": "不存在的注册id"}) + tokennow = await create_token(emails[uid][0]) + tkn = uuid.uuid4().hex + apikeys[tkn] = tokens[tokennow] + response.set_cookie("session", tokennow) + return '正在跳转正在跳转' + + +@app.post("/api/send_resetpasswd") +async def resetpasswd(username: str = Form()): + if (await db.check_user(username)): + email = await db.get_email(username) + tkn = uuid.uuid4().hex + emails[tkn] = (username, "", datetime.now() + + timedelta(minutes=float(ACCESS_EMAIL_EXPIRE_MINUTES)), email) + + email_send_lst.append((email, ROOT+"/api/resetpasswd?uid="+tkn)) + return {"msg": "验证邮件已发送到邮箱,请在10分钟内完成验证", "code": 0} + else: + return {"msg": "用户名不存在", "code": 1} + + @app.get("/api/getinfo") async def get_user_info(uid: str): username = await check_apikey(uid) @@ -219,6 +251,11 @@ async def login(session: Annotated[str | None, Cookie()] = None): return templates.TemplateResponse("manage.html", {"request": {}}) +@app.get("/resetpasswd") +async def resetpasswd(response: Response): + return templates.TemplateResponse("resetpasswd.html", {"request": {}}) + + @app.get("/manager/init") async def init(key: str): if (key != MANAGE_KEY): diff --git a/server/reg.py b/server/reg.py index 00afe6e..30bbf01 100644 --- a/server/reg.py +++ b/server/reg.py @@ -27,15 +27,16 @@ def main(app: FastAPI, ROOT: str, apikeys: dict): return Response(""" setTimeout(function() { var signup_obj = document.getElementsByClassName( - "item-signUp")[0] + "item-logIn")[0] if(signup_obj!=undefined){ signup_obj.style.display = "none"; } - document.getElementsByClassName( - "item-logIn")[0].innerHTML = "登录/注册"; + var btn_obj=document.getElementsByClassName("item-logIn")[0] + if(btn_obj != undefined){ + btn_obj.innerHTML = "注册/登录"} }, 500); - + setTimeout(function() { var hashs = window.location.hash if(hashs!==""){ @@ -45,17 +46,18 @@ def main(app: FastAPI, ROOT: str, apikeys: dict): var key = res[0] var xhr = new XMLHttpRequest() var csrf = JSON.parse(document.getElementById("flarum-json-payload").innerText)["session"]["csrfToken"] - xhr.open('post','"""+FL_SERVER+"""/app/flarum/login?apikey='+key+'&csrftoken='+csrf); + xhr.open('post','/app/flarum/login?apikey='+key+'&csrftoken='+csrf); xhr.onreadyStatechange = function () { if(xhr.readyState === 4 && xhr.status === 200) { console.log(xhr.responseText) + window.location.hash = "" + location.reload() } } xhr.send() } } }, 1000); - """, 200, None, media_type="application/javascript") @app.post("/app/flarum/login") diff --git a/src/resetpasswd.html b/src/resetpasswd.html new file mode 100644 index 0000000..7ce7c17 --- /dev/null +++ b/src/resetpasswd.html @@ -0,0 +1,86 @@ + + + + + + + StuyAreaCN Accout System + + + + + + + + + + + + StudyAreaCN + + + + + 开始学习 + 讨论区 + 查看本站源码 + + + + +
+ +
+ 重置密码 +
+ +
+ 发送邮件 +
+
+
+
+
+ + + + \ No newline at end of file