[Enhance] Add limiter & Building API

- Add a custom limiter and use it for limiting users' download instead of using database > So add a requirement `limits`. - Fix a character's value - Change the email max length to 64 - Change something about API's roles and powers - Add an API endpoint for getting users' roles and powers
2026-02-04 21:47:28 +08:00 · 2022-10-12 15:27:45 +08:00
parent a04df8bba6
commit 68a83a29d2
13 changed files with 140 additions and 104 deletions
--- a/version/api/users.py
+++ b/version/api/users.py
@@ -2,6 +2,7 @@ from core.error import InputError, NoAccess, NoData
 from core.score import Potential, UserScoreList
 from core.sql import Connect, Query, Sql
 from core.user import UserInfo, UserRegister
+from core.api_user import APIUser
 from flask import Blueprint, request

 from .api_auth import api_try, request_json_handle, role_required
@@ -15,7 +16,7 @@ bp = Blueprint('users', __name__, url_prefix='/users')
@role_required(request, ['change'])
@request_json_handle(request, ['name', 'password', 'email'])
@api_try
-def users_post(data, _):
+def users_post(data, user):
    '''注册一个用户'''
    with Connect() as c:
        new_user = UserRegister(c)
@@ -67,7 +68,7 @@ def users_user_get(user, user_id):
    if user_id <= 0:
        return error_return(InputError(api_error_code=-4))
    # 查别人需要select权限
-    if user_id != user.user_id and user.user_id != 0 and not user.role.has_power('select'):
+    if user_id != user.user_id and not user.role.has_power('select'):
        return error_return(NoAccess('No permission', api_error_code=-1), 403)

    with Connect() as c:
@@ -83,7 +84,7 @@ def users_user_b30_get(user, user_id):
    if user_id <= 0:
        return error_return(InputError(api_error_code=-4))
    # 查别人需要select权限
-    if user_id != user.user_id and user.user_id != 0 and not user.role.has_power('select'):
+    if user_id != user.user_id and not user.role.has_power('select'):
        return error_return(NoAccess('No permission', api_error_code=-1), 403)

    with Connect() as c:
@@ -105,7 +106,7 @@ def users_user_best_get(data, user, user_id):
    if user_id <= 0:
        return error_return(InputError(api_error_code=-4))
    # 查别人需要select权限
-    if user_id != user.user_id and user.user_id != 0 and not user.role.has_power('select'):
+    if user_id != user.user_id and not user.role.has_power('select'):
        return error_return(NoAccess('No permission', api_error_code=-1), 403)

    with Connect() as c:
@@ -125,9 +126,30 @@ def users_user_r30_get(user, user_id):
    if user_id <= 0:
        return error_return(InputError(api_error_code=-4))
    # 查别人需要select权限
-    if user_id != user.user_id and user.user_id != 0 and not user.role.has_power('select'):
+    if user_id != user.user_id and not user.role.has_power('select'):
        return error_return(NoAccess('No permission', api_error_code=-1), 403)

    with Connect() as c:
        p = Potential(c, UserInfo(c, user_id))
        return success_return({'user_id': user_id, 'r10_ptt': p.recent_10 / 10, 'data': p.recent_30_to_dict_list()})
+
+
+@bp.route('/<int:user_id>/role', methods=['GET'])
+@role_required(request, ['select', 'select_me'])
+@api_try
+def users_user_role_get(user, user_id):
+    '''查询用户role和powers'''
+
+    if user_id <= 0:
+        return error_return(InputError(api_error_code=-4))
+
+    if user_id == user.user_id:
+        return success_return({'user_id': user.user_id, 'role': user.role.role_id, 'powers': [i.power_id for i in user.role.powers]})
+    # 查别人需要select权限
+    if not user.role.has_power('select'):
+        return error_return(NoAccess('No permission', api_error_code=-1), 403)
+
+    with Connect() as c:
+        x = APIUser(c, user_id)
+        x.select_role_and_powers()
+        return success_return({'user_id': x.user_id, 'role': x.role.role_id, 'powers': [i.power_id for i in x.role.powers]})