1.20

1.增加一个简单的正文提取模块，在readability失败后启用。 2.增强的网页解码器，综合考虑http响应头/html文件头/chardet检测结果，效率更高，乱码更少。 3.支持需要登陆才能查看文章的网站，请参照FAQ如何使用。 4.针对一天推送多次的需求，书籍属性‘oldest_article’大于365则使用*秒*为单位。 5.增强的密码安全，加salt然后md5，无法通过密码词典破解，在可接受的代价范围内无法暴力破解。
fudongbai · May 9, 2014 · f58fa6c · f58fa6c
1 parent 5f41d25
commit f58fa6c
Show file tree

Hide file tree

Showing 291 changed files with 5,116 additions and 887 deletions.
diff --git a/apps/View/Admin.py b/apps/View/Admin.py
@@ -12,11 +12,10 @@
 
 from apps.BaseHandler import BaseHandler
 from apps.dbModels import *
+from apps.utils import new_secret_key
 
 from config import *
 
-#import main
-
 class Admin(BaseHandler):
     __url__ = "/admin"
     # 账户管理页面
@@ -31,10 +30,11 @@ def POST(self):
         op,p1,p2 = web.input().get('op'), web.input().get('p1'), web.input().get('p2')
         user = self.getcurrentuser()
         users = KeUser.all() if user.name == 'admin' else None
-        if op is not None and p1 is not None and p2 is not None: #修改密码
+        if all((op, p1, p2)): #修改当前登陆账号的密码
+            secret_key = user.secret_key or ''
             try:
-                pwd = hashlib.md5(op).hexdigest()
-                newpwd = hashlib.md5(p1).hexdigest()
+                pwd = hashlib.md5(op+secret_key).hexdigest()
+                newpwd = hashlib.md5(p1+secret_key).hexdigest()
             except:
                 tips = _("The password includes non-ascii chars!")
             else:
@@ -48,7 +48,7 @@ def POST(self):
                     user.put()
             return self.render('admin.html',"Admin",
                 current='admin', user=user, users=users,chpwdtips=tips)
-        elif u is not None and up1 is not None and up2 is not None: #添加账户
+        elif all((u, up1, up2)): #添加账户
             if user.name != 'admin':
                 raise web.seeother(r'/')
             elif not u:
@@ -58,17 +58,18 @@ def POST(self):
             elif KeUser.all().filter("name = ", u).get():
                 tips = _("Already exist the username!")
             else:
+                secret_key = new_secret_key()
                 try:
-                    pwd = hashlib.md5(up1).hexdigest()
+                    pwd = hashlib.md5(up1 + secret_key).hexdigest()
                 except:
                     tips = _("The password includes non-ascii chars!")
                 else:
                     myfeeds = Book(title=MY_FEEDS_TITLE,description=MY_FEEDS_DESC,
-                        builtin=False,keep_image=True,oldest_article=7)
+                        builtin=False,keep_image=True,oldest_article=7,needs_subscription=False)
                     myfeeds.put()
                     au = KeUser(name=u,passwd=pwd,kindle_email='',enable_send=False,
                         send_time=7,timezone=TIMEZONE,book_type="mobi",
-                        ownfeeds=myfeeds,merge_books=False)
+                        ownfeeds=myfeeds,merge_books=False,secret_key=secret_key)
                     au.expires = datetime.datetime.utcnow()+datetime.timedelta(days=180)
                     au.put()
                     users = KeUser.all() if user.name == 'admin' else None
@@ -97,8 +98,9 @@ def POST(self, _n=None):
             elif p1 != p2:
                 tips = _("The two new passwords are dismatch!")
             else:
+                secret_key = u.secret_key or ''
                 try:
-                    pwd = hashlib.md5(p1).hexdigest()
+                    pwd = hashlib.md5(p1 + secret_key).hexdigest()
                 except:
                     tips = _("The password includes non-ascii chars!")
                 else:
@@ -142,6 +144,10 @@ def POST(self, _n=None):
                         book.users.remove(name)
                         book.put()
 
+                #删掉书籍登陆信息
+                for subs_info in SubscriptionInfo.all().filter('user = ', u.key()):
+                    subs_info.delete()
+
                 if main.session.username == name:
                     raise web.seeother('/logout')
                 else:

diff --git a/apps/View/DbViewer.py b/apps/View/DbViewer.py
@@ -11,7 +11,7 @@
 from apps.BaseHandler import BaseHandler
 from apps.dbModels import *
 
-from books.base import UrlEncoding
+from lib.autodecoder import UrlEncoding
 
 class DbViewer(BaseHandler):
     __url__ = "/dbviewer"

diff --git a/apps/View/Login.py b/apps/View/Login.py
@@ -12,11 +12,10 @@
 from apps.BaseHandler import BaseHandler
 from apps.dbModels import *
 from books import BookClasses, BookClass
+from apps.utils import new_secret_key
 
 from config import *
 
-#import main
-
 class Login(BaseHandler):
     __url__ = "/login"
     def CheckAdminAccount(self):
@@ -25,11 +24,12 @@ def CheckAdminAccount(self):
         u = KeUser.all().filter("name = ", 'admin').get()
         if not u:            
             myfeeds = Book(title=MY_FEEDS_TITLE,description=MY_FEEDS_DESC,
-                    builtin=False,keep_image=True,oldest_article=7)
+                    builtin=False,keep_image=True,oldest_article=7,needs_subscription=False)
             myfeeds.put()
-            au = KeUser(name='admin',passwd=hashlib.md5('admin').hexdigest(),
+            secret_key = new_secret_key()
+            au = KeUser(name='admin',passwd=hashlib.md5('admin'+secret_key).hexdigest(),
                 kindle_email='',enable_send=False,send_time=8,timezone=TIMEZONE,
-                book_type="mobi",device='kindle',expires=None,ownfeeds=myfeeds,merge_books=False)
+                book_type="mobi",device='kindle',expires=None,ownfeeds=myfeeds,merge_books=False,secret_key=secret_key)
             au.put()
             return False
         else:
@@ -63,25 +63,32 @@ def POST(self):
 
         self.CheckAdminAccount() #确认管理员账号是否存在
 
-        try:
-            pwdhash = hashlib.md5(passwd).hexdigest()
-        except:
-            u = None
-        else:
-            u = KeUser.all().filter("name = ", name).filter("passwd = ", pwdhash).get()
+        u = KeUser.all().filter("name = ", name).get()
+        if u:
+            secret_key = u.secret_key or ''
+            pwdhash = hashlib.md5(passwd + secret_key).hexdigest()
+            if u.passwd != pwdhash:
+                u = None
+
         if u:
             main.session.login = 1
             main.session.username = name
             if u.expires: #用户登陆后自动续期
                 u.expires = datetime.datetime.utcnow()+datetime.timedelta(days=180)
                 u.put()
+
+            #为了兼容性，对于新账号才一次性设置secret_key
+            #老账号删除重建则可以享受加强的加密
+            #if not u.secret_key:
+            #    u.secret_key = new_secret_key()
+            #    u.put()
 
             #修正从1.6.15之前的版本升级过来后自定义RSS丢失的问题
             for fd in Feed.all():
                 if not fd.time:
                     fd.time = datetime.datetime.utcnow()
                     fd.put()
-
+                
             #1.7新增各用户独立的白名单和URL过滤器，这些处理是为了兼容以前的版本
             if name == 'admin':
                 for wl in WhiteList.all():
@@ -92,24 +99,31 @@ def POST(self):
                     if not uf.user:
                         uf.user = u
                         uf.put()
-
-            #如果删除了内置书籍py文件，则在数据库中也清除
-            #放在同步数据库是为了推送任务的效率
+
+            #同步书籍数据库
             for bk in Book.all().filter('builtin = ', True):
                 found = False
                 for book in BookClasses():
                     if book.title == bk.title:
                         if bk.description != book.description:
                             bk.description = book.description
                             bk.put()
+                        if bk.needs_subscription != book.needs_subscription:
+                            bk.needs_subscription = book.needs_subscription
+                            bk.put()
                         found = True
                         break
 
+                #如果删除了内置书籍py文件，则在数据库中也清除
                 if not found:
+                    subs = u.subscription_info(bk.title)
+                    if subs:
+                        subs.delete()
                     for fd in bk.feeds:
                         fd.delete()
                     bk.delete()
-
+
+
             raise web.seeother(r'/my')
         else:
             tips = _("The username not exist or password is wrong!")

diff --git a/apps/View/Subscribe.py b/apps/View/Subscribe.py
@@ -15,15 +15,13 @@
 from apps.BaseHandler import BaseHandler
 from apps.dbModels import *
 
-#import main
-
 class MySubscription(BaseHandler):
     __url__ = "/my"
     # 管理我的订阅和杂志列表
     def GET(self, tips=None):
         user = self.getcurrentuser()
         myfeeds = user.ownfeeds.feeds if user.ownfeeds else None
-        return self.render('my.html', "My subscription",current='my',
+        return self.render('my.html', "My subscription",current='my',user=user,
             books=Book.all().filter("builtin = ",True),myfeeds=myfeeds,tips=tips)
 
     def POST(self): # 添加自定义RSS
@@ -46,8 +44,6 @@ class Subscribe(BaseHandler):
     __url__ = "/subscribe/(.*)"
     def GET(self, id):
         self.login_required()
-        if not id:
-            return "the id is empty!<br />"
         try:
             id = int(id)
         except:
@@ -65,9 +61,7 @@ def GET(self, id):
 class Unsubscribe(BaseHandler):
     __url__ = "/unsubscribe/(.*)"
     def GET(self, id):
-        self.login_required()
-        if not id:
-            return "the id is empty!<br />"
+        user = self.getcurrentuser()
         try:
             id = int(id)
         except:
@@ -80,14 +74,18 @@ def GET(self, id):
         if main.session.username in bk.users:
             bk.users.remove(main.session.username)
             bk.put()
+
+        #为安全起见，退订后也删除网站登陆信息（如果有的话）
+        subs_info = user.subscription_info(bk.title)
+        if subs_info:
+            subs_info.delete()
+
         raise web.seeother('/my')
 
 class DelFeed(BaseHandler):
     __url__ = "/delfeed/(.*)"
     def GET(self, id):
         user = self.getcurrentuser()
-        if not id:
-            return "the id is empty!<br />"
         try:
             id = int(id)
         except:
@@ -97,4 +95,48 @@ def GET(self, id):
         if feed:
             feed.delete()
 
-        raise web.seeother('/my')
+        raise web.seeother('/my')
+
+class BookLoginInfo(BaseHandler):
+    __url__ = "/booklogininfo/(.*)"
+    #修改书籍的网站登陆信息
+    def GET(self, id, tips=None):
+        user = self.getcurrentuser()
+        try:
+            bk = Book.get_by_id(int(id))
+        except:
+            bk = None
+        if not bk:
+            return "Not exist the book!<br />"
+
+        subs_info = user.subscription_info(bk.title)
+        return self.render('booklogininfo.html', "Book Login Infomation",bk=bk,subs_info=subs_info,tips=tips)
+
+    def POST(self,id):
+        user = self.getcurrentuser()
+        account = web.input().get('account')
+        password = web.input().get('password')
+
+        try:
+            bk = Book.get_by_id(int(id))
+        except:
+            bk = None
+        if not bk:
+            return "Not exist the book!<br />"
+
+        subs_info = user.subscription_info(bk.title)
+        if subs_info:
+            #任何一个留空则删除登陆信息
+            if not account or not password:
+                subs_info.delete()
+            else:
+                subs_info.account = account
+                subs_info.password = password
+                subs_info.put()
+        elif account and password:
+            subs_info = SubscriptionInfo(account=account,user=user,title=bk.title)
+            subs_info.put() #先保存一次才有user信息，然后才能加密
+            subs_info.password = password
+            subs_info.put()
+
+        raise web.seeother('/my')
diff --git a/apps/View/__init__.py b/apps/View/__init__.py
@@ -21,7 +21,7 @@
             continue
         globals()[name] = value
         __all__.append(name)
-        main.log.info('debug: %s loaded'%name)
+        #main.log.info('debug: %s loaded'%name)
 
         try:
             main.urls += [url,name]

diff --git a/apps/Work/Worker.py b/apps/Work/Worker.py
@@ -95,6 +95,11 @@ def GET(self):
                     continue
                 book = book(imgindex=imgindex)
                 book.url_filters = [flt.url for flt in user.urlfilter]
+                if bk.needs_subscription: #需要登录
+                    subs_info = user.subscription_info(bk.title)
+                    if subs_info:
+                        book.account = subs_info.account
+                        book.password = subs_info.password
             else: # 自定义RSS
                 if bk.feedscount == 0:
                     continue  #return "the book has no feed!<br />"

diff --git a/apps/Work/__init__.py b/apps/Work/__init__.py
@@ -21,7 +21,7 @@
             continue
         globals()[name] = value
         __all__.append(name)
-        main.log.info('debug: %s loaded'%name)
+        #main.log.info('debug: %s loaded'%name)
 
         try:
             main.urls += [url,name]

diff --git a/apps/__init__.py b/apps/__init__.py
@@ -6,8 +6,10 @@
 #Contributors:
 # rexdf <https://github.com/rexdf>
 
-import __builtin__
+import __builtin__, site
 
-__Version__ = "1.13.6"
+__Version__ = "1.20"
 
 __builtin__.__dict__['__Version__'] = __Version__
+
+site.addsitedir('lib')