diff --git a/internal/database.py b/internal/database.py index 5333c8f..912e1ca 100644 --- a/internal/database.py +++ b/internal/database.py @@ -1,7 +1,7 @@ import pymysql from fastapi import HTTPException, status DB_CONFIG = { - "host": "111.229.38.129", + "host": "www.wuruilin.cn", "user": "root", "password": "zl981023", "database": "blogapi", diff --git a/routers/bloglabel.py b/routers/bloglabel.py index d41c565..2d4af1e 100644 --- a/routers/bloglabel.py +++ b/routers/bloglabel.py @@ -1,22 +1,24 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists,raise_if_not_found from dependencies import get_current_active_user - +from limiter_config import limiter router = APIRouter( prefix="/bloglabels", tags=['博客标签'] ) # 获取列表 @router.get("/list") -async def label_list(): +@limiter.limit("10/minute") +async def label_list(request: Request,): select_query = "SELECT id,labelname,descr FROM labels;" label_list = fetch_all(select_query) return response_success(label_list, "label get list success") # 新增 @router.post("/add") -async def label_add(label:Label): +@limiter.limit("10/minute") +async def label_add(request: Request,label:Label,_: User = Depends(get_current_active_user)): insert_query="""INSERT INTO labels (labelname,descr) VALUES(%s,%s)""" insert_value=(label.labelname,label.descr) execute_query(insert_query,insert_value) @@ -24,7 +26,8 @@ async def label_add(label:Label): # 单条数据查询 @router.get("/list/search") -async def label_search(labelname:str=Query(description="标签名称")): +@limiter.limit("10/minute") +async def label_search(request: Request,labelname:str=Query(description="标签名称")): select_query="SELECT id,labelname,descr FROM labels WHERE 1=1 " params=[] if labelname: @@ -35,7 +38,8 @@ async def label_search(labelname:str=Query(description="标签名称")): # 标签修改 @router.put("/update/{id}") -async def label_put(label:Label,id: str = Path(description="标签id")): +@limiter.limit("10/minute") +async def label_put(request: Request,label:Label,id: str = Path(description="标签id"),_: User = Depends(get_current_active_user)): update_query = ( "UPDATE labels SET labelname=%s,descr=%s WHERE id=%s;" ) @@ -45,7 +49,8 @@ async def label_put(label:Label,id: str = Path(description="标签id")): # 标签删除 @router.delete("/delete/{id}") -async def label_del(id: str = Path(description="标签id")): +@limiter.limit("10/minute") +async def label_del(request: Request,id: str = Path(description="标签id"),_: User = Depends(get_current_active_user)): update_query = ( "DELETE FROM labels WHERE id=%s;" ) @@ -55,7 +60,8 @@ async def label_del(id: str = Path(description="标签id")): # 根据id查询标签 @router.get("/list/search/{id}") -async def label_search_id(id:str=Path(description="标签id")): +@limiter.limit("10/minute") +async def label_search_id(request: Request,id:str=Path(description="标签id")): select_query="SELECT * FROM labels WHERE id=%s" label_query=fetch_one(select_query,(id,)) return response_success(data=label_query,message="label search success") \ No newline at end of file diff --git a/routers/blogmanage.py b/routers/blogmanage.py index bc0c5e2..faec3e9 100644 --- a/routers/blogmanage.py +++ b/routers/blogmanage.py @@ -9,8 +9,8 @@ from internal.database import ( raise_if_exists, raise_if_not_found, ) -from dependencies import get_current_active_user import json +from dependencies import get_current_active_user from limiter_config import limiter router = APIRouter(prefix="/blogs", tags=["博客管理"]) @@ -18,7 +18,7 @@ router = APIRouter(prefix="/blogs", tags=["博客管理"]) @router.get("/list") -# @limiter.limit("5/minute") +@limiter.limit("10/minute") async def blog_list(request: Request, page: int = Query(None), page_size: int = Query(None)): limit_clause = "" if page is not None and page_size is not None: @@ -46,7 +46,7 @@ async def blog_list(request: Request, page: int = Query(None), page_size: int = @router.get("/list/{id}") -@limiter.limit("5/minute") +@limiter.limit("10/minute") async def blog_one(request: Request, id: int): # 列表参数:博客名称、博客内容、创建时间、博客图片、博客查看时间、博客阅读次数、博客字数、类型名称、标签名列表 @@ -61,7 +61,7 @@ async def blog_one(request: Request, id: int): # 博客新增 @router.post("/add") -@limiter.limit("5/minute") +@limiter.limit("10/minute") async def blog_add(request: Request, blog: Blog, labels: list[MoreLable], _: User = Depends(get_current_active_user)): select_query = "SELECT * FROM blogs WHERE blogtitle = %s" existing_blog = fetch_one(select_query, (blog.blogtitle,)) @@ -80,9 +80,9 @@ async def blog_add(request: Request, blog: Blog, labels: list[MoreLable], _: Use # 博客删除 -@router.delete("/delete/{id}") -@limiter.limit("5/minute") -async def blog_delete(request: Request, id: str = Path(description="博客id")): +@router.delete("/delete/{id}",) +@limiter.limit("10/minute") +async def blog_delete(request: Request, id: str = Path(description="博客id"),_: User = Depends(get_current_active_user)): select_query = "SELECT * FROM blogs WHERE id = %s" existing_blog = fetch_one(select_query, (id,)) raise_if_not_found(existing_blog, "blog not found") @@ -92,7 +92,7 @@ async def blog_delete(request: Request, id: str = Path(description="博客id")): # 博客修改 @router.put("/update/{id}") -@limiter.limit("5/minute") +@limiter.limit("10/minute") async def blog_update(request: Request, id: int, blog: Blog, labels: list[MoreLable], _: User = Depends(get_current_active_user)): # 检查要编辑的博客是否存在 select_query = "SELECT * FROM blogs WHERE id = %s" @@ -121,7 +121,7 @@ async def blog_update(request: Request, id: int, blog: Blog, labels: list[MoreLa @router.put("/update/{id}/readnum") -@limiter.limit("5/minute") +@limiter.limit("10/minute") async def blog_update_num(request: Request, id: int): update_query ="UPDATE blogs SET readnum = readnum + 1 WHERE id = %s" execute_query(update_query,(id,)) @@ -130,7 +130,7 @@ async def blog_update_num(request: Request, id: int): @router.get("/search") -# @limiter.limit("5/minute") +@limiter.limit("10/minute") async def blog_list_search( request: Request, blogtitle: str = Query(None, description="博客标题"), @@ -166,7 +166,7 @@ async def blog_list_search( # 根据id查询博客 @router.get("/search/{id}") -@limiter.limit("5/minute") +@limiter.limit("10/minute") async def get_id_blog(request: Request, id: str = Path(description="博客id")): select_query = """SELECT blogs.id, blogtitle, blogcontent,wordcount, blogs.typeid, blogs.descr,JSON_ARRAYAGG(labels.id) AS labelnames,imglink FROM blogs LEFT JOIN `blogtypes` ON blogs.typeid = blogtypes.id @@ -188,7 +188,7 @@ async def get_id_blog(request: Request, id: str = Path(description="博客id")): # 根据博客标签查询 @router.get("/search/label/") -# @limiter.limit("5/minute") +@limiter.limit("10/minute") async def get_label_blog(request: Request, labelname: str = Query(description="博客标签")): select_query = """ SELECT blogs.id,blogs.blogtitle,blogs.blogcontent,blogs.readnum, @@ -207,6 +207,5 @@ async def get_label_blog(request: Request, labelname: str = Query(description=" ORDER BY blogs.create_at DESC; """ label_blog_list = fetch_all(select_query, (labelname,)) - return response_success(data=label_blog_list, message="blog search success") diff --git a/routers/blogtype.py b/routers/blogtype.py index 229ae73..e878136 100644 --- a/routers/blogtype.py +++ b/routers/blogtype.py @@ -1,22 +1,24 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists,raise_if_not_found from dependencies import get_current_active_user - +from limiter_config import limiter router = APIRouter( prefix="/blogtypes", tags=['博客分类'] ) # 获取列表 @router.get("/list") -async def type_list(): +@limiter.limit("10/minute") +async def type_list(request: Request,): select_query = "SELECT id,typename,descr FROM blogtypes;" type_list = fetch_all(select_query) return response_success(type_list, "type get list success") # 新增 @router.post("/add") -async def type_add(type:Type): +@limiter.limit("10/minute") +async def type_add(request: Request,type:Type,_: User = Depends(get_current_active_user)): insert_query="""INSERT INTO blogtypes (typename,descr) VALUES(%s,%s)""" insert_value=(type.typename,type.descr) execute_query(insert_query,insert_value) @@ -24,7 +26,8 @@ async def type_add(type:Type): # 单条数据查询 @router.get("/list/search") -async def type_search(typename:str=Query(None,description="类型名称")): +@limiter.limit("10/minute") +async def type_search(request: Request,typename:str=Query(None,description="类型名称")): select_query="SELECT id,typename,descr FROM blogtypes WHERE 1=1 " params=[] if typename: @@ -35,7 +38,8 @@ async def type_search(typename:str=Query(None,description="类型名称")): # 语录修改 @router.put("/update/{id}") -async def type_put(type:Type,id: str = Path(description="类型id")): +@limiter.limit("10/minute") +async def type_put(request: Request,type:Type,id: str = Path(description="类型id"),_: User = Depends(get_current_active_user)): update_query = ( "UPDATE blogtypes SET typename=%s,descr=%s WHERE id=%s;" ) @@ -45,7 +49,8 @@ async def type_put(type:Type,id: str = Path(description="类型id")): # 语录删除 @router.delete("/delete/{id}") -async def type_del(id: str = Path(description="类型id")): +@limiter.limit("10/minute") +async def type_del(request: Request,id: str = Path(description="类型id"),_: User = Depends(get_current_active_user)): update_query = ( "DELETE FROM blogtypes WHERE id=%s;" ) @@ -55,7 +60,8 @@ async def type_del(id: str = Path(description="类型id")): # 根据id查询语录 @router.get("/search/{id}") -async def type_search_id(id:str=Path(description="类型id")): +@limiter.limit("10/minute") +async def type_search_id(request: Request,id:str=Path(description="类型id")): select_query="SELECT * FROM blogtypes WHERE id=%s" type_query=fetch_one(select_query,(id,)) return response_success(data=type_query,message="type search success") \ No newline at end of file diff --git a/routers/classticmanage.py b/routers/classticmanage.py index d0091fa..c954de8 100644 --- a/routers/classticmanage.py +++ b/routers/classticmanage.py @@ -1,22 +1,24 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists,raise_if_not_found from dependencies import get_current_active_user - +from limiter_config import limiter router = APIRouter( prefix="/classtics", tags=['语录管理'] ) # 获取列表 @router.get("/list") -async def classtic_list(): +@limiter.limit("10/minute") +async def classtic_list(request: Request,): select_query = "SELECT id,header,`text`,descr FROM classtics;" classtic_list = fetch_all(select_query) return response_success(classtic_list, "classtic get list success") # 新增 @router.post("/add") -async def classtic_add(classtic:Classtic): +@limiter.limit("10/minute") +async def classtic_add(request: Request,classtic:Classtic,_: User = Depends(get_current_active_user)): insert_query="""INSERT INTO classtics (header,`text`,descr) VALUES(%s,%s,%s)""" insert_value=(classtic.header,classtic.text,classtic.descr) execute_query(insert_query,insert_value) @@ -24,7 +26,8 @@ async def classtic_add(classtic:Classtic): # 单条数据查询 @router.get("/list/search") -async def classtic_search(header:str=Query(description="语录标题")): +@limiter.limit("10/minute") +async def classtic_search(request: Request,header:str=Query(description="语录标题")): select_query="SELECT id,header,text,descr FROM classtics WHERE 1=1 " params=[] if header: @@ -35,7 +38,8 @@ async def classtic_search(header:str=Query(description="语录标题")): # 语录修改 @router.put("/update/{id}") -async def classtic_put(classtic:Classtic,id: str = Path(description="语录id")): +@limiter.limit("10/minute") +async def classtic_put(request: Request,classtic:Classtic,id: str = Path(description="语录id"),_: User = Depends(get_current_active_user)): update_query = ( "UPDATE classtics SET header=%s,text=%s,descr=%s WHERE id=%s;" ) @@ -46,7 +50,8 @@ async def classtic_put(classtic:Classtic,id: str = Path(description="语录id")) # 语录删除 @router.delete("/delete/{id}") -async def classtic_del(id: str = Path(description="语录id")): +@limiter.limit("10/minute") +async def classtic_del(request: Request,id: str = Path(description="语录id"),_: User = Depends(get_current_active_user)): update_query = ( "DELETE FROM classtics WHERE id=%s;" ) @@ -56,7 +61,8 @@ async def classtic_del(id: str = Path(description="语录id")): # 根据id查询语录 @router.get("/list/search/{id}") -async def classtic_search_id(id:str=Path(description="语录id")): +@limiter.limit("10/minute") +async def classtic_search_id(request: Request,id:str=Path(description="语录id")): select_query="SELECT * FROM classtics WHERE id=%s" classtic_query=fetch_one(select_query,(id,)) return response_success(data=classtic_query,message="classtic search success") \ No newline at end of file diff --git a/routers/commonlinkmanage.py b/routers/commonlinkmanage.py index 9cbd31b..f51d93c 100644 --- a/routers/commonlinkmanage.py +++ b/routers/commonlinkmanage.py @@ -1,15 +1,16 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists,raise_if_not_found from dependencies import get_current_active_user - +from limiter_config import limiter router = APIRouter( prefix="/comlinks", tags=['链接管理'] ) # 获取列表 @router.get("/list") -async def comlink_list(): +@limiter.limit("10/minute") +async def comlink_list(request: Request,): select_query = "SELECT id,linktext,linkurl,descr FROM comlinks;" comlink_list = fetch_all(select_query) return response_success(comlink_list, "comlink get list success") @@ -17,7 +18,8 @@ async def comlink_list(): # 新增 @router.post("/add") -async def link_add(link:ComLink): +@limiter.limit("10/minute") +async def link_add(request: Request,link:ComLink,_: User = Depends(get_current_active_user)): insert_query="""INSERT INTO comlinks (linktext,linkurl,descr) VALUES(%s,%s,%s)""" insert_value=(link.linktext,link.linkurl,link.descr) execute_query(insert_query,insert_value) @@ -25,7 +27,8 @@ async def link_add(link:ComLink): # 单条数据查询 @router.get("/list/search") -async def link_search(linktext:str=Query(description="链接名称")): +@limiter.limit("10/minute") +async def link_search(request: Request,linktext:str=Query(description="链接名称")): select_query="SELECT id,linktext,linkurl,descr FROM comlinks WHERE 1=1 " params=[] if linktext: @@ -36,7 +39,8 @@ async def link_search(linktext:str=Query(description="链接名称")): # 链接修改 @router.put("/update/{id}") -async def link_put(link:ComLink,id: str = Path(description="链接id")): +@limiter.limit("10/minute") +async def link_put(request: Request,link:ComLink,id: str = Path(description="链接id"),_: User = Depends(get_current_active_user)): update_query = ( "UPDATE comlinks SET linktext=%s,linkurl=%s,descr=%s WHERE id=%s;" ) @@ -47,7 +51,8 @@ async def link_put(link:ComLink,id: str = Path(description="链接id")): # 链接删除 @router.delete("/delete/{id}") -async def link_del(id: str = Path(description="链接id")): +@limiter.limit("10/minute") +async def link_del(request: Request,id: str = Path(description="链接id"),_: User = Depends(get_current_active_user)): update_query = ( "DELETE FROM comlinks WHERE id=%s;" ) @@ -57,7 +62,8 @@ async def link_del(id: str = Path(description="链接id")): # 根据id查询链接 @router.get("/list/search/{id}") -async def link_search_id(id:str=Path(description="链接id")): +@limiter.limit("10/minute") +async def link_search_id(request: Request,id:str=Path(description="链接id")): select_query="SELECT * FROM comlinks WHERE id=%s" link_query=fetch_one(select_query,(id,)) return response_success(data=link_query,message="link search success") \ No newline at end of file diff --git a/routers/diarymanage.py b/routers/diarymanage.py index dc1983f..ae8a4ee 100644 --- a/routers/diarymanage.py +++ b/routers/diarymanage.py @@ -9,6 +9,7 @@ from internal.database import ( raise_if_not_found, ) from dependencies import get_current_active_user +from limiter_config import limiter import json router = APIRouter(prefix="/diarys", tags=["日记管理"]) @@ -16,7 +17,8 @@ router = APIRouter(prefix="/diarys", tags=["日记管理"]) @router.get("/list") -async def diary_list(page: int = Query(None), page_size: int = Query(None)): +@limiter.limit("10/minute") +async def diary_list(request: Request,page: int = Query(None), page_size: int = Query(None)): limit_clause = "" if page is not None and page_size is not None: offset = (page - 1) * page_size @@ -39,7 +41,8 @@ async def diary_list(page: int = Query(None), page_size: int = Query(None)): @router.get("/list/{id}") -async def diary_one(id: int): +@limiter.limit("10/minute") +async def diary_one(request: Request,id: int): # 列表参数:日记名称、日记内容、创建时间、日记图片、日记查看时间、日记阅读次数、日记字数、类型名称、标签名列表 select_query = """ SELECT id, diarytitle, diarycontent FROM diarys @@ -52,7 +55,8 @@ async def diary_one(id: int): # 日记新增 @router.post("/add") -async def diary_add(diary: Diary, _: User = Depends(get_current_active_user)): +@limiter.limit("10/minute") +async def diary_add(request: Request,diary: Diary, _: User = Depends(get_current_active_user)): select_query = "SELECT * FROM diarys WHERE diarytitle = %s" existing_diary = fetch_one(select_query, (diary.diarytitle,)) raise_if_exists(existing_diary, "diary already exists") @@ -67,7 +71,8 @@ async def diary_add(diary: Diary, _: User = Depends(get_current_active_user)): # 日记删除 @router.delete("/delete/{id}") -async def diary_delete(id: str = Path(description="日记id")): +@limiter.limit("10/minute") +async def diary_delete(request: Request,id: str = Path(description="日记id"),_: User = Depends(get_current_active_user)): select_query = "SELECT * FROM diarys WHERE id = %s" existing_diary = fetch_one(select_query, (id,)) raise_if_not_found(existing_diary, "diary not found") @@ -77,7 +82,7 @@ async def diary_delete(id: str = Path(description="日记id")): @router.put("/update/{id}") -async def diary_update(id: int, diary: Diary, _: User = Depends(get_current_active_user)): +async def diary_update(request: Request,id: int, diary: Diary, _: User = Depends(get_current_active_user)): # 检查要编辑的日记是否存在 select_query = "SELECT * FROM diarys WHERE id = %s" existing_diary = fetch_one(select_query, (id,)) @@ -93,8 +98,8 @@ async def diary_update(id: int, diary: Diary, _: User = Depends(get_current_acti return response_success("diary update sucess") @router.put("/update/{id}/readnum") -# @limiter.limit("5/minute") -async def diary_update_num(request: Request, id: int): +@limiter.limit("10/minute") +async def diary_update_num(request: Request, id: int,_: User = Depends(get_current_active_user)): update_query ="UPDATE diarys SET readnum = readnum + 1 WHERE id = %s" execute_query(update_query,(id,)) return response_success("diary update sucess") @@ -102,7 +107,9 @@ async def diary_update_num(request: Request, id: int): # 日记模糊查询 @router.get("/search") +@limiter.limit("10/minute") async def diary_list_search( + request: Request, diarytitle: str = Query(None, description="日记标题"), typename: str = Query(None, description="日记类型"), start_date: str = Query(None, description="开始时间"), @@ -134,7 +141,8 @@ async def diary_list_search( # 根据id查询日记 @router.get("/search/{id}") -async def get_id_diary(id: str = Path(description="日记id")): +@limiter.limit("10/minute") +async def get_id_diary(request: Request,id: str = Path(description="日记id")): select_query = """SELECT diarys.id, diarytitle, diarycontent,wordcount, diarys.typeid, diarys.descr,imglink FROM diarys LEFT JOIN `diarytypes` ON diarys.typeid = diarytypes.id WHERE diarys.id = %s diff --git a/routers/diarytype.py b/routers/diarytype.py index cdd727c..e44f34e 100644 --- a/routers/diarytype.py +++ b/routers/diarytype.py @@ -1,22 +1,24 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists,raise_if_not_found from dependencies import get_current_active_user - +from limiter_config import limiter router = APIRouter( prefix="/diarytypes", tags=['日记分类'] ) # 获取列表 @router.get("/list") -async def type_list(): +@limiter.limit("10/minute") +async def type_list(request: Request,): select_query = "SELECT id,typename,descr FROM diarytypes;" type_list = fetch_all(select_query) return response_success(type_list, "type get list success") # 新增 @router.post("/add") -async def type_add(type:Type): +@limiter.limit("10/minute") +async def type_add(request: Request,type:Type,_: User = Depends(get_current_active_user)): insert_query="""INSERT INTO diarytypes (typename,descr) VALUES(%s,%s)""" insert_value=(type.typename,type.descr) execute_query(insert_query,insert_value) @@ -24,7 +26,7 @@ async def type_add(type:Type): # 单条数据查询 @router.get("/search") -async def type_search(typename:str=Query(description="类型名称")): +async def type_search(request: Request,typename:str=Query(description="类型名称")): select_query="SELECT id,typename,descr FROM diarytypes WHERE 1=1 " params=[] if typename: @@ -35,7 +37,8 @@ async def type_search(typename:str=Query(description="类型名称")): # 语录修改 @router.put("/update/{id}") -async def type_put(type:Type,id: str = Path(description="类型id")): +@limiter.limit("10/minute") +async def type_put(request: Request,type:Type,id: str = Path(description="类型id"),_: User = Depends(get_current_active_user)): update_query = ( "UPDATE diarytypes SET typename=%s,descr=%s WHERE id=%s;" ) @@ -45,7 +48,8 @@ async def type_put(type:Type,id: str = Path(description="类型id")): # 语录删除 @router.delete("/delete/{id}") -async def type_del(id: str = Path(description="类型id")): +@limiter.limit("10/minute") +async def type_del(request: Request,id: str = Path(description="类型id"),_: User = Depends(get_current_active_user)): update_query = ( "DELETE FROM diarytypes WHERE id=%s;" ) @@ -55,7 +59,8 @@ async def type_del(id: str = Path(description="类型id")): # 根据id查询语录 @router.get("/search/{id}") -async def type_search_id(id:str=Path(description="类型id")): +@limiter.limit("10/minute") +async def type_search_id(request: Request,id:str=Path(description="类型id")): select_query="SELECT * FROM diarytypes WHERE id=%s" type_query=fetch_one(select_query,(id,)) return response_success(data=type_query,message="type search success") \ No newline at end of file diff --git a/routers/disbursemanage.py b/routers/disbursemanage.py index 3fa71ca..57b1efd 100644 --- a/routers/disbursemanage.py +++ b/routers/disbursemanage.py @@ -1,38 +1,218 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists, raise_if_not_found from dependencies import get_current_active_user from datetime import datetime +from limiter_config import limiter router = APIRouter( prefix="/disburses", tags=['支出管理'] ) -@router.get("/list/specificdate") -async def disburse_list(days: int): - select_query = """SELECT DATE(create_at) AS create_date, SUM(disburseprice) AS total_disburseprice - FROM disburses - WHERE DATE(create_at) >= DATE_SUB(CURDATE(), INTERVAL %s DAY) -- 一周前的日期 - GROUP BY DATE(create_at) - ORDER BY create_date ASC;""" - disburse_list = fetch_all(select_query, (days-1,)) +@router.get("/line/nighweek") +@limiter.limit("10/minute") +async def disburse_list(request: Request,): + select_query = """ + -- Generate dates for the current week (Monday to Sunday) + SELECT + dates.selected_date AS create_date, + COALESCE(SUM(d.disburseprice), 0) AS total_disburseprice + FROM ( + SELECT CURDATE() - INTERVAL (WEEKDAY(CURDATE()) - x.a) DAY AS selected_date + FROM ( + SELECT 0 AS a UNION ALL SELECT 1 UNION ALL SELECT 2 + UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 + UNION ALL SELECT 6 + ) x + ) AS dates + LEFT JOIN disburses d ON DATE(d.create_at) = dates.selected_date + WHERE dates.selected_date BETWEEN CURDATE() - INTERVAL WEEKDAY(CURDATE()) DAY + AND CURDATE() + INTERVAL (6 - WEEKDAY(CURDATE())) DAY + GROUP BY dates.selected_date + ORDER BY dates.selected_date ASC; + """ + disburse_list = fetch_all(select_query) + return response_success(disburse_list, "disburse get list success") + + +@router.get("/line/nighmonth") +@limiter.limit("10/minute") +async def disburse_list(request: Request,): + select_query = """ + -- Generate dates for the current month (1st to last day) + SELECT + dates.selected_date AS create_date, + COALESCE(SUM(d.disburseprice), 0) AS total_disburseprice + FROM ( + SELECT DATE_FORMAT(CURDATE() - INTERVAL (DAY(CURDATE()) - 1) DAY + INTERVAL x.a DAY, '%Y-%m-%d') AS selected_date + FROM ( + SELECT @rownum := @rownum + 1 AS a + FROM (SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 + UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9 UNION ALL SELECT 10 UNION ALL SELECT 11 + UNION ALL SELECT 12 UNION ALL SELECT 13 UNION ALL SELECT 14 UNION ALL SELECT 15 UNION ALL SELECT 16 + UNION ALL SELECT 17 UNION ALL SELECT 18 UNION ALL SELECT 19 UNION ALL SELECT 20 UNION ALL SELECT 21 + UNION ALL SELECT 22 UNION ALL SELECT 23 UNION ALL SELECT 24 UNION ALL SELECT 25 UNION ALL SELECT 26 + UNION ALL SELECT 27 UNION ALL SELECT 28 UNION ALL SELECT 29 UNION ALL SELECT 30 UNION ALL SELECT 31) t1, + (SELECT @rownum := -1) t2 + ) x + WHERE DATE_FORMAT(CURDATE() - INTERVAL (DAY(CURDATE()) - 1) DAY + INTERVAL x.a DAY, '%Y-%m') = DATE_FORMAT(CURDATE(), '%Y-%m') + ) AS dates + LEFT JOIN disburses d ON DATE(d.create_at) = dates.selected_date + GROUP BY dates.selected_date + ORDER BY dates.selected_date ASC; + """ + disburse_list = fetch_all(select_query) return response_success(disburse_list, "disburse get list success") -@router.get("/list/classifieddata") -async def classified_list(days: int): - select_query = """SELECT SUM(d.disburseprice) AS value,t.typename AS name FROM disburses d +@router.get("/line/nighyear") +@limiter.limit("10/minute") +async def disburse_list(request: Request,): + select_query = """ + -- Generate months for the current year (January to December) + SELECT + DATE_FORMAT(months.selected_month, '%Y-%m') AS create_date, -- Only keep the year and month + COALESCE(SUM(d.disburseprice), 0) AS total_disburseprice + FROM ( + -- Generate months from January to December of the current year + SELECT DATE_FORMAT(CONCAT(YEAR(CURDATE()), '-', LPAD(x.a, 2, '0'), '-01'), '%Y-%m-01') AS selected_month + FROM ( + SELECT 1 AS a UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 + UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9 UNION ALL SELECT 10 UNION ALL SELECT 11 + UNION ALL SELECT 12 + ) x + ) AS months + LEFT JOIN disburses d ON DATE_FORMAT(d.create_at, '%Y-%m') = DATE_FORMAT(months.selected_month, '%Y-%m') -- Match by year and month only + AND d.create_at >= DATE_FORMAT(CURDATE(), '%Y-01-01') + AND d.create_at < DATE_FORMAT(CURDATE() + INTERVAL 1 YEAR, '%Y-01-01') + GROUP BY DATE_FORMAT(months.selected_month, '%Y-%m') -- Group by year and month only + ORDER BY create_date ASC; + """ + disburse_list = fetch_all(select_query) + return response_success(disburse_list, "disburse get list success") + + +@router.get("/pie/nighweek") +@limiter.limit("10/minute") +async def classified_list(request: Request,): + select_query = """ + -- Generate classified data for the current week (Monday to Sunday) + SELECT + t.typename AS name, + COALESCE(SUM(daily_totals.value), 0) AS value + FROM ( + -- Generate dates for the current week + SELECT CURDATE() - INTERVAL (WEEKDAY(CURDATE()) - x.a) DAY AS selected_date + FROM ( + SELECT 0 AS a UNION ALL SELECT 1 UNION ALL SELECT 2 + UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 + UNION ALL SELECT 6 + ) x + ) AS dates + CROSS JOIN disbursetypes t -- Cross join to combine all dates with all typenames + LEFT JOIN ( + -- Subquery to aggregate daily totals per type + SELECT + DATE(d.create_at) AS create_date, + t.typename AS name, + SUM(d.disburseprice) AS value + FROM disburses d + JOIN disbursetypes t ON d.typeid = t.id + WHERE DATE(d.create_at) BETWEEN CURDATE() - INTERVAL WEEKDAY(CURDATE()) DAY + AND CURDATE() + INTERVAL (6 - WEEKDAY(CURDATE())) DAY + GROUP BY DATE(d.create_at), t.typename + ) AS daily_totals ON daily_totals.create_date = dates.selected_date AND daily_totals.name = t.typename + GROUP BY t.typename + ORDER BY t.typename ASC; + """ + classified_list = fetch_all(select_query) + return response_success(classified_list, "disburse get list success") + + +@router.get("/pie/nighmonth") +@limiter.limit("10/minute") +async def classified_list(request: Request,): + select_query = """ + -- Generate classified data for the current month (1st to last day of the month) + SELECT + t.typename AS name, + COALESCE(SUM(daily_totals.value), 0) AS value + FROM ( + -- Generate dates for the current month + SELECT DATE_FORMAT(CURDATE() - INTERVAL (DAY(CURDATE()) - 1) DAY + INTERVAL x.a DAY, '%Y-%m-%d') AS selected_date + FROM ( + SELECT @rownum := @rownum + 1 AS a + FROM (SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 + UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9 UNION ALL SELECT 10 UNION ALL SELECT 11 + UNION ALL SELECT 12 UNION ALL SELECT 13 UNION ALL SELECT 14 UNION ALL SELECT 15 UNION ALL SELECT 16 + UNION ALL SELECT 17 UNION ALL SELECT 18 UNION ALL SELECT 19 UNION ALL SELECT 20 UNION ALL SELECT 21 + UNION ALL SELECT 22 UNION ALL SELECT 23 UNION ALL SELECT 24 UNION ALL SELECT 25 UNION ALL SELECT 26 + UNION ALL SELECT 27 UNION ALL SELECT 28 UNION ALL SELECT 29 UNION ALL SELECT 30 UNION ALL SELECT 31) t1, + (SELECT @rownum := -1) t2 + ) x + WHERE DATE_FORMAT(CURDATE() - INTERVAL (DAY(CURDATE()) - 1) DAY + INTERVAL x.a DAY, '%Y-%m') = DATE_FORMAT(CURDATE(), '%Y-%m') + ) AS dates + CROSS JOIN disbursetypes t -- Cross join to combine all dates with all typenames + LEFT JOIN ( + -- Subquery to aggregate daily totals per type + SELECT + DATE(d.create_at) AS create_date, + t.typename AS name, + SUM(d.disburseprice) AS value + FROM disburses d JOIN disbursetypes t ON d.typeid = t.id - WHERE d.create_at >= DATE_SUB(CURDATE(), INTERVAL %s DAY) - GROUP BY t.typename - ;""" - classified_list = fetch_all(select_query, (days-1,)) + WHERE DATE(d.create_at) BETWEEN DATE_FORMAT(CURDATE() - INTERVAL (DAY(CURDATE()) - 1) DAY, '%Y-%m-%d') + AND LAST_DAY(CURDATE()) + GROUP BY DATE(d.create_at), t.typename + ) AS daily_totals ON daily_totals.create_date = dates.selected_date AND daily_totals.name = t.typename + GROUP BY t.typename + ORDER BY t.typename ASC; + """ + classified_list = fetch_all(select_query) + return response_success(classified_list, "disburse get list success") + + +@router.get("/pie/nighyear") +@limiter.limit("10/minute") +async def classified_list(request: Request,): + select_query = """ + -- Generate classified data for the current year (January to December) + SELECT + t.typename AS name, + COALESCE(SUM(monthly_totals.value), 0) AS value + FROM ( + -- Generate months for the current year + SELECT DATE_FORMAT(CONCAT(YEAR(CURDATE()), '-', LPAD(x.a, 2, '0'), '-01'), '%Y-%m-01') AS selected_month + FROM ( + SELECT 1 AS a UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 + UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9 UNION ALL SELECT 10 UNION ALL SELECT 11 + UNION ALL SELECT 12 + ) x + ) AS months + CROSS JOIN disbursetypes t -- Cross join to combine all months with all typenames + LEFT JOIN ( + -- Subquery to aggregate monthly totals per type + SELECT + DATE_FORMAT(d.create_at, '%Y-%m-01') AS create_month, + t.typename AS name, + SUM(d.disburseprice) AS value + FROM disburses d + JOIN disbursetypes t ON d.typeid = t.id + WHERE DATE_FORMAT(d.create_at, '%Y-%m') BETWEEN DATE_FORMAT(CURDATE() - INTERVAL (YEAR(CURDATE()) - YEAR(d.create_at)) YEAR, '%Y-01') + AND DATE_FORMAT(CURDATE(), '%Y-12') + GROUP BY DATE_FORMAT(d.create_at, '%Y-%m-01'), t.typename + ) AS monthly_totals ON monthly_totals.create_month = months.selected_month AND monthly_totals.name = t.typename + GROUP BY t.typename + ORDER BY t.typename ASC; + """ + classified_list = fetch_all(select_query) return response_success(classified_list, "disburse get list success") @router.get("/list/consume") -async def consume_list(days: int): +@limiter.limit("10/minute") +async def consume_list(request: Request,days: int): current_year = datetime.now().year target_year = current_year - days @@ -62,7 +242,8 @@ async def consume_list(days: int): @router.get("/list/calendar") -async def calendar_list(): +@limiter.limit("10/minute") +async def calendar_list(request: Request,): select_query = """ SELECT t.typename AS NAME, YEAR(d.create_at) AS YEAR, SUM(d.disburseprice) AS total_amount FROM disburses d diff --git a/routers/photomanage.py b/routers/photomanage.py index ee8e4f2..1426305 100644 --- a/routers/photomanage.py +++ b/routers/photomanage.py @@ -1,4 +1,4 @@ -from fastapi import FastAPI, File, UploadFile, HTTPException, Form +from fastapi import FastAPI, File, UploadFile, HTTPException, Form,Request import paramiko from fastapi import Depends, APIRouter, status, Query, Path, HTTPException from internal.models import * @@ -7,6 +7,7 @@ from dependencies import get_current_active_user from datetime import datetime import os from pathlib import Path +from limiter_config import limiter router = APIRouter( prefix="/photos", tags=['图片管理'] @@ -15,7 +16,7 @@ router = APIRouter( app = FastAPI() # 配置远程服务器信息 -REMOTE_HOST = "111.229.38.129" +REMOTE_HOST = "www.wuruilin.cn" REMOTE_PORT = 6000 # 默认为 22 REMOTE_USERNAME = "root" REMOTE_PASSWORD = "zl981023" @@ -50,7 +51,8 @@ def list_files_in_remote_directory(sftp, remote_directory): @router.post("/uploadfile/") -async def upload_file(file: UploadFile = File(...), album_key: str = Form(...), new_filename: str = None): +@limiter.limit("10/minute") +async def upload_file(request: Request,file: UploadFile = File(...), album_key: str = Form(...), new_filename: str = None): try: # 获取文件扩展名 file_extension = os.path.splitext(file.filename)[1] @@ -98,7 +100,8 @@ async def upload_file(file: UploadFile = File(...), album_key: str = Form(...), @router.get("/listfiles/") -async def list_files(album_key: str): +@limiter.limit("10/minute") +async def list_files(request: Request,album_key: str): try: remote_directory = Path(REMOTE_BASE_DIRECTORY) / album_key remote_directory = remote_directory.as_posix() diff --git a/routers/statistic.py b/routers/statistic.py index 74d5394..2f67d3b 100644 --- a/routers/statistic.py +++ b/routers/statistic.py @@ -1,16 +1,17 @@ -from fastapi import Depends, APIRouter, status, Query, Path, HTTPException +from fastapi import Depends, APIRouter, status, Query, Path, HTTPException,Request from internal.models import * from internal.database import fetch_one, fetch_all, execute_query, response_success, raise_if_exists, raise_if_not_found from dependencies import get_current_active_user from collections import defaultdict - +from limiter_config import limiter router = APIRouter( prefix="/statistics", tags=['统计'] ) # 统计编辑量 @router.get("/list") -async def statistic_list(): +@limiter.limit("10/minute") +async def statistic_list(request: Request): select_query = """SELECT DATE(create_at) AS date,COUNT(*) AS writCount FROM (SELECT create_at FROM diarys UNION ALL @@ -25,7 +26,8 @@ async def statistic_list(): # 获取首页数据 @router.get("/homepage") -async def get_homepage_data(): +@limiter.limit("10/minute") +async def get_homepage_data(request: Request): # 获取博客数据 select_blog = """ SELECT blogs.id, blogs.blogtitle, blogs.blogcontent, blogs.create_at, blogs.imglink, @@ -56,7 +58,8 @@ async def get_homepage_data(): return {"data": combined_data} @router.get("/searchtitle") -async def search_homepage_data(title: str = Query("", description="Title to search for")): +@limiter.limit("10/minute") +async def search_homepage_data(request: Request,title: str = Query("", description="Title to search for")): # 查询博客数据 select_blog = """ SELECT