wixon/wixon_blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
wixon_blog/app.py
lbard33 39de8edde4 mobile - update
2026-01-16 16:12:48 +09:00

575 lines
21 KiB
Python
Raw Permalink Blame History

from flask import Flask, render_template, request, redirect, url_for, flash, session
import pymysql
from flask import session, g, jsonify
import bcrypt
from bs4 import BeautifulSoup
from werkzeug.utils import secure_filename
import os
import uuid
import re
from markupsafe import Markup
from jinja2 import filters
from functools import wraps
import math
UPLOAD_FOLDER = 'static/upload/img' # 경로를 Flask 앱 루트 기준으로 수정
ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif'}
app = Flask(__name__)
app.secret_key = 'your secret key'
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
def remove_html_tags(text):
clean = re.compile('<.*?>')
return re.sub(clean, '', text)
@app.before_request
def load_user():
g.is_login = False
g.user_info = None
if 'user_info' in session:
g.is_login = True
g.user_info = session['user_info']
def allowed_file(filename):
return '.' in filename and \
filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
@app.route('/upload_image', methods=['POST'])
def upload_image():
if 'file' not in request.files:
return jsonify(success=False, message='No file part'), 400
file = request.files['file']
if file.filename == '':
return jsonify(success=False, message='No selected file'), 400
if file and allowed_file(file.filename):
# Secure the filename and keep its extension
filename = secure_filename(file.filename)
ext = filename.rsplit('.', 1)[1].lower()
# Generate a random filename using uuid4
random_filename = f'{uuid.uuid4().hex}.{ext}'
file_path = os.path.join(app.config['UPLOAD_FOLDER'], random_filename)
# Create directories if not exist
os.makedirs(os.path.dirname(file_path), exist_ok=True)
file.save(file_path)
# Generate the URL of the saved image file
file_url = url_for('static', filename='upload/img/' + random_filename)
return jsonify(success=True, fileUrl=file_url), 200
return jsonify(success=False, message='File not allowed'), 400
# MySQL 데이터베이스 연결 설정
def connnect_db():
return pymysql.connect(
host='wxnasso.synology.me',
user='wixon5',
password='Wixon2022@!',
database='test',
charset="utf8mb4",
cursorclass=pymysql.cursors.DictCursor, # DictCursor를 사용하여 딕셔너리 형태로 결과를 반환
init_command='SET SQL_SAFE_UPDATES = 0;',
)
def sql_execute(q, d, is_data=False, is_last_id=False):
data = None
last_id = None
with connnect_db().cursor(pymysql.cursors.DictCursor) as cursor:
try:
res = cursor.execute(q, d)
data = cursor.fetchall() if is_data else None
last_id = cursor.lastrowid if cursor.lastrowid != 0 else None
cursor.connection.commit()
except Exception as e:
print(e)
cursor.connection.rollback()
res = False
return (res, last_id if is_last_id else data) if is_data or is_last_id else res
@app.route('/')
def index():
if 'user_info' in session: # 로그인된 사용자
query = "SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date` FROM `blog` WHERE `use_yn` = 'Y' ORDER BY `add_date` DESC limit 6;"
r_query = "SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date` FROM `blog` WHERE `use_yn` = 'Y' ORDER BY RAND() DESC limit 1;"
else:
query = "SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date` FROM `blog` WHERE `use_yn` = 'Y' and `public_yn` = 'Y' ORDER BY `add_date` DESC limit 6;"
r_query = "SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date` FROM `blog` WHERE `use_yn` = 'Y' and `public_yn` = 'Y' ORDER BY RAND() DESC limit 1;"
r, posts = sql_execute(query, (), is_data=True)
r, random_post = sql_execute(r_query, (), is_data=True)
if random_post:
posts.append(random_post[0])
# 태그 제거 후 150자로 제한
for post in posts:
post['contents'] = remove_html_tags(post['contents'])[:150]
return render_template('index.html', posts=posts)
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password').encode('utf-8')
# DB에서 사용자 정보 가져오기
res, user = sql_execute("SELECT * FROM member WHERE mb_id=%s", (username,), is_data=True)
if res and user and bcrypt.checkpw(password, user[0]['mb_passwd'].encode('utf-8')):
session['username'] = username
session['user_info'] = user[0]
return redirect(url_for('index'))
else:
flash('Username or password is incorrect')
return render_template('login.html')
@app.route('/logout')
def logout():
session.clear()
g.is_login = False
g.user_info = None
return redirect(url_for('index'))
@app.route('/post/<int:post_id>')
def post(post_id):
# SQL 쿼리와 삽입할 데이터 설정
query = "SELECT blog.*, member.mb_name, member.mb_id FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE blog.id = %s"
data = (post_id,)
# Post를 데이터베이스에서 검색
result, fetched_data = sql_execute(query, data, is_data=True)
if result:
# 검색 성공시, 포스트 상세 페이지로 이동
post = fetched_data[0]
# 이전과 다음 포스트를 찾기
if 'user_info' in session: # 로그인된 사용자가 있을 경우
# 외부 공개 안된 글도 포함하여 모든 블로그 포스트를 가져옵니다.
prev_query = "SELECT blog.*, member.mb_name, member.mb_id FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE blog.add_date < %s AND blog.use_yn = 'Y' ORDER BY blog.add_date DESC LIMIT 1"
next_query = "SELECT blog.*, member.mb_name, member.mb_id FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE blog.add_date > %s AND blog.use_yn = 'Y' ORDER BY blog.add_date ASC LIMIT 1"
else: # 로그인된 사용자가 없을 경우
# 외부 공개된 블로그 포스트만 가져옵니다.
prev_query = "SELECT blog.*, member.mb_name, member.mb_id FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE blog.add_date < %s AND blog.public_yn = 'Y' AND blog.use_yn = 'Y' ORDER BY blog.add_date DESC LIMIT 1"
next_query = "SELECT blog.*, member.mb_name, member.mb_id FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE blog.add_date > %s AND blog.public_yn = 'Y' AND blog.use_yn = 'Y' ORDER BY blog.add_date ASC LIMIT 1"
prev_post = None
next_post = None
prev_result, prev_fetched_data = sql_execute(prev_query, (post['add_date'],), is_data=True)
next_result, next_fetched_data = sql_execute(next_query, (post['add_date'],), is_data=True)
if prev_result and prev_fetched_data:
prev_post = prev_fetched_data[0]
if next_result and next_fetched_data:
next_post = next_fetched_data[0]
return render_template('post.html', post=post, prev_post=prev_post, next_post=next_post)
else:
# 검색 실패시, 에러 메시지 반환
return "Failed to fetch the post", 500
@app.route('/edit_post/<int:post_id>', methods=['GET', 'POST'])
def edit_post(post_id):
if 'username' not in session or ('username' in session and session['username'] not in ['admin', 'wixon']):
flash('You are not allowed to edit this post.')
return redirect(url_for('index'))
if request.method == 'POST':
# 포스트 업데이트 로직
title = request.form.get('title')
category = request.form.get('category')
public_yn = 'Y' if request.form.get('public') == 'on' else 'N'
contents = request.form.get('contents')
query = "UPDATE blog SET title = %s, category = %s, public_yn = %s, contents = %s WHERE id = %s"
data = (title, category, public_yn, contents, post_id)
res = sql_execute(query, data)
if res:
flash('Post updated successfully.')
return redirect(url_for('post', post_id=post_id))
else:
flash('Failed to update the post.')
return redirect(url_for('edit_post', post_id=post_id))
else:
# 포스트 가져오기 로직
query = "SELECT * FROM blog WHERE id = %s"
data = (post_id,)
res, fetched_data = sql_execute(query, data, is_data=True)
if res and fetched_data:
return render_template('edit_post.html', post=fetched_data[0])
else:
flash('Failed to fetch the post.')
return redirect(url_for('index'))
@app.route('/write', methods=['GET', 'POST'])
def write():
if 'user_info' not in session:
flash("You need to login first.")
return redirect(url_for('login'))
if request.method == 'POST':
user_id = session['user_info']['mb_idx']
title = request.form['title']
category = request.form['category']
contents = request.form['contents']
is_public = 'Y' if request.form.get('public') == 'on' else 'N'
soup = BeautifulSoup(contents, 'html.parser')
first_image = soup.find('img')
thumbnail_img = first_image['src'] if first_image else None
query = "INSERT INTO blog (user_id, title, category, contents, thumbnail_img, public_yn) VALUES (%s, %s, %s, %s, %s, %s)"
data = (user_id, title, category, contents, thumbnail_img, is_public)
result, last_id = sql_execute(query, data, is_last_id=True)
if result:
return redirect(url_for('index'))
else:
return "Failed to write post", 500
else:
return render_template('write.html')
@app.route('/blog/<int:id>', methods=['DELETE'])
def delete_post(id):
query = "UPDATE `blog` SET `use_yn` = 'N' WHERE `id` = %s;"
res = sql_execute(query, (id,))
if res:
return jsonify(success=True, message='Post deleted successfully'), 200
else:
return jsonify(success=False, message='Could not delete the post'), 500
@app.route('/list')
@app.route('/list/<string:cate>')
def list(cate=None):
params = ()
cate_condition = ""
if cate:
cate_condition = "AND `category` = %s"
params = (cate,)
if 'user_info' in session: # 로그인된 사용자
query = f"""SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date`
FROM `blog`
WHERE `use_yn` = 'Y' {cate_condition}
ORDER BY `add_date` DESC LIMIT 10;"""
else:
query = f"""SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date`
FROM `blog`
WHERE `use_yn` = 'Y' AND `public_yn` = 'Y' {cate_condition}
ORDER BY `add_date` DESC LIMIT 10;"""
r, posts = sql_execute(query, params, is_data=True)
# 태그 제거 후 150자로 제한
for post in posts:
post['contents'] = remove_html_tags(post['contents'])[:150]
return render_template('list.html', posts=posts)
@app.route('/list_more')
def list_more():
page = int(request.args.get('page', 1))
limit = 10
offset = (page - 1) * limit
cate = request.args.get('cate')
cate_condition = ""
params = []
if cate:
cate_condition = "AND `category` = %s"
params.append(cate)
query = f"""
SELECT `id`, `title`, `category`, `thumbnail_img`, `contents`, `add_date`
FROM `blog`
WHERE `use_yn` = 'Y'
{ "AND `public_yn` = 'Y'" if 'user_info' not in session else "" }
{cate_condition}
ORDER BY `add_date` DESC
LIMIT %s OFFSET %s
"""
params.extend([limit, offset])
r, posts = sql_execute(query, tuple(params), is_data=True)
for post in posts:
post['contents'] = remove_html_tags(post['contents'])[:150]
post['add_date_str'] = post['add_date'].strftime("%b %d / %Y")
return jsonify(posts)
# ============================================
# 관리자 페이지
# ============================================
def admin_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'username' not in session or session['username'] not in ['admin', 'wixon', 'javamon']:
flash('관리자 권한이 필요합니다.')
return redirect(url_for('login'))
return f(*args, **kwargs)
return decorated_function
@app.route('/admin/')
@admin_required
def admin_dashboard():
stats = {
'total_posts': 0,
'public_posts': 0,
'private_posts': 0,
'deleted_posts': 0,
'total_members': 0
}
r, data = sql_execute("SELECT COUNT(*) as cnt FROM blog WHERE use_yn='Y'", (), is_data=True)
if r and data:
stats['total_posts'] = data[0]['cnt']
r, data = sql_execute("SELECT COUNT(*) as cnt FROM blog WHERE use_yn='Y' AND public_yn='Y'", (), is_data=True)
if r and data:
stats['public_posts'] = data[0]['cnt']
r, data = sql_execute("SELECT COUNT(*) as cnt FROM blog WHERE use_yn='Y' AND public_yn='N'", (), is_data=True)
if r and data:
stats['private_posts'] = data[0]['cnt']
r, data = sql_execute("SELECT COUNT(*) as cnt FROM blog WHERE use_yn='N'", (), is_data=True)
if r and data:
stats['deleted_posts'] = data[0]['cnt']
r, data = sql_execute("SELECT COUNT(*) as cnt FROM member", (), is_data=True)
if r and data:
stats['total_members'] = data[0]['cnt']
return render_template('admin/dashboard.html', stats=stats)
@app.route('/admin/posts')
@admin_required
def admin_posts():
page = request.args.get('page', 1, type=int)
per_page = 20
offset = (page - 1) * per_page
category = request.args.get('category', '')
public_yn = request.args.get('public_yn', '')
use_yn = request.args.get('use_yn', 'Y')
search = request.args.get('search', '')
where_clauses = []
params = []
if category:
where_clauses.append("blog.category = %s")
params.append(category)
if public_yn:
where_clauses.append("blog.public_yn = %s")
params.append(public_yn)
if use_yn:
where_clauses.append("blog.use_yn = %s")
params.append(use_yn)
if search:
where_clauses.append("blog.title LIKE %s")
params.append(f"%{search}%")
where_sql = " AND ".join(where_clauses) if where_clauses else "1=1"
count_query = f"SELECT COUNT(*) as cnt FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE {where_sql}"
r, count_data = sql_execute(count_query, tuple(params), is_data=True)
total = count_data[0]['cnt'] if r and count_data else 0
total_pages = math.ceil(total / per_page) if total > 0 else 1
query = f"""
SELECT blog.*, member.mb_name, member.mb_id
FROM blog
INNER JOIN member ON blog.user_id = member.mb_idx
WHERE {where_sql}
ORDER BY blog.add_date DESC
LIMIT %s OFFSET %s
"""
params.extend([per_page, offset])
r, posts = sql_execute(query, tuple(params), is_data=True)
pagination = {
'page': page,
'per_page': per_page,
'total': total,
'total_pages': total_pages,
'has_prev': page > 1,
'has_next': page < total_pages,
'prev_num': page - 1,
'next_num': page + 1
}
return render_template('admin/posts.html', posts=posts if posts else [], pagination=pagination)
@app.route('/admin/posts/<int:post_id>', methods=['GET', 'POST'])
@admin_required
def admin_post_detail(post_id):
if request.method == 'POST':
title = request.form.get('title')
category = request.form.get('category')
public_yn = 'Y' if request.form.get('public') == 'on' else 'N'
contents = request.form.get('contents')
soup = BeautifulSoup(contents, 'html.parser')
first_image = soup.find('img')
thumbnail_img = first_image['src'] if first_image else None
query = "UPDATE blog SET title=%s, category=%s, public_yn=%s, contents=%s, thumbnail_img=%s WHERE id=%s"
res = sql_execute(query, (title, category, public_yn, contents, thumbnail_img, post_id))
if res:
flash('포스트가 수정되었습니다.')
return redirect(url_for('admin_posts'))
else:
flash('포스트 수정에 실패했습니다.')
query = "SELECT blog.*, member.mb_name, member.mb_id FROM blog INNER JOIN member ON blog.user_id = member.mb_idx WHERE blog.id = %s"
r, data = sql_execute(query, (post_id,), is_data=True)
if r and data:
return render_template('admin/post_detail.html', post=data[0])
else:
flash('포스트를 찾을 수 없습니다.')
return redirect(url_for('admin_posts'))
@app.route('/admin/posts/<int:post_id>/delete', methods=['DELETE'])
@admin_required
def admin_post_delete(post_id):
query = "UPDATE blog SET use_yn='N' WHERE id=%s"
res = sql_execute(query, (post_id,))
if res:
return jsonify(success=True, message='포스트가 삭제되었습니다.')
return jsonify(success=False, message='삭제 실패'), 500
@app.route('/admin/posts/<int:post_id>/restore', methods=['POST'])
@admin_required
def admin_post_restore(post_id):
query = "UPDATE blog SET use_yn='Y' WHERE id=%s"
res = sql_execute(query, (post_id,))
if res:
return jsonify(success=True, message='포스트가 복구되었습니다.')
return jsonify(success=False, message='복구 실패'), 500
@app.route('/admin/members')
@admin_required
def admin_members():
query = "SELECT mb_idx, mb_id, mb_name FROM member ORDER BY mb_idx DESC"
r, members = sql_execute(query, (), is_data=True)
return render_template('admin/members.html', members=members if members else [])
@app.route('/admin/members/add', methods=['GET', 'POST'])
@admin_required
def admin_member_add():
if request.method == 'POST':
mb_id = request.form.get('mb_id')
mb_name = request.form.get('mb_name')
password = request.form.get('password').encode('utf-8')
hashed_pw = bcrypt.hashpw(password, bcrypt.gensalt()).decode('utf-8')
r, existing = sql_execute("SELECT mb_id FROM member WHERE mb_id=%s", (mb_id,), is_data=True)
if r and existing:
flash('이미 존재하는 아이디입니다.')
return render_template('admin/member_form.html', member=None)
query = "INSERT INTO member (mb_id, mb_passwd, mb_name) VALUES (%s, %s, %s)"
res = sql_execute(query, (mb_id, hashed_pw, mb_name))
if res:
flash('회원이 추가되었습니다.')
return redirect(url_for('admin_members'))
flash('회원 추가에 실패했습니다.')
return render_template('admin/member_form.html', member=None)
@app.route('/admin/members/<int:mb_idx>', methods=['GET', 'POST'])
@admin_required
def admin_member_detail(mb_idx):
if request.method == 'POST':
mb_name = request.form.get('mb_name')
query = "UPDATE member SET mb_name=%s WHERE mb_idx=%s"
res = sql_execute(query, (mb_name, mb_idx))
if res:
flash('회원 정보가 수정되었습니다.')
return redirect(url_for('admin_members'))
flash('회원 정보 수정에 실패했습니다.')
query = "SELECT mb_idx, mb_id, mb_name FROM member WHERE mb_idx=%s"
r, member = sql_execute(query, (mb_idx,), is_data=True)
if r and member:
return render_template('admin/member_form.html', member=member[0])
else:
flash('회원을 찾을 수 없습니다.')
return redirect(url_for('admin_members'))
@app.route('/admin/members/<int:mb_idx>/delete', methods=['DELETE'])
@admin_required
def admin_member_delete(mb_idx):
if session.get('user_info', {}).get('mb_idx') == mb_idx:
return jsonify(success=False, message='자기 자신은 삭제할 수 없습니다.'), 400
query = "DELETE FROM member WHERE mb_idx=%s"
res = sql_execute(query, (mb_idx,))
if res:
return jsonify(success=True, message='회원이 삭제되었습니다.')
return jsonify(success=False, message='삭제 실패'), 500
@app.route('/admin/members/<int:mb_idx>/reset-password', methods=['POST'])
@admin_required
def admin_member_reset_password(mb_idx):
data = request.get_json()
new_password = data.get('password', '').encode('utf-8')
if len(new_password) < 4:
return jsonify(success=False, message='비밀번호는 4자 이상이어야 합니다.'), 400
hashed_pw = bcrypt.hashpw(new_password, bcrypt.gensalt()).decode('utf-8')
query = "UPDATE member SET mb_passwd=%s WHERE mb_idx=%s"
res = sql_execute(query, (hashed_pw, mb_idx))
if res:
return jsonify(success=True, message='비밀번호가 재설정되었습니다.')
return jsonify(success=False, message='비밀번호 재설정 실패'), 500
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8899)
Reference in New Issue View Git Blame Copy Permalink