talelin / lin-cms-flask Goto Github PK

python3.8的文档中说明，time.clock()自Python 3.3起不推荐使用此功能，该功能已被删除：使用time.perf_counter()或time.process_time()代替，确定明确的行为。是不是要跟进下啊

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。

一点疑问：

发觉有些 api 接口返回格式没有统一的样子

例如 log.py

    return jsonify({
        "total_nums": total_nums,
        "collection": logs
    })

请问为何不结合 APIException 返回一个统一的格式
例如增加 data 字段 (默认为空)

{
"error_code":xxx,
"code":xxx,
"msg":xxx,
"data":xxx
}

也有可能某些地方是我没考虑的。
还望收到回复。谢谢。

情况描述：
若当前用户组有5个，我删除第2个用户组的时候，页面显示把第5个删掉了，提示删除成功。当F5刷新后，结果是正确的。

描述 bug

• 前端管理系统添加用户
• 后端报错500

你使用哪个版本出现该问题？

master 分支
接口地址: /cms/user/register
错误信息：
Traceback (most recent call last):
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 2309, in call
return self.wsgi_app(environ, start_response)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 2295, in wsgi_app
response = self.handle_exception(e)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask_cors/extension.py", line 110, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 1741, in handle_exception
reraise(exc_type, exc_value, tb)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask_cors/extension.py", line 110, in wrapped_function
return cors_after_request(app.make_response(f(*args, **kwargs)))
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 1719, in handle_user_exception
return handler(e)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/lin/core.py", line 206, in handler
raise e
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functionsrule.endpoint
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/lin/log.py", line 37, in wrap
response: Response = func(*args, **kwargs)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/lin/jwt.py", line 30, in wrapper
return fn(*args, **kwargs)
File "/Users/fanwei/Desktop/project/python/starter/app/api/cms/user.py", line 32, in register
form = RegisterForm().validate_for_api()
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/lin/forms.py", line 25, in validate_for_api
valid = super(Form, self).validate()
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/wtforms/form.py", line 310, in validate
return super(Form, self).validate(extra)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/wtforms/form.py", line 152, in validate
if not field.validate(self, extra):
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/wtforms/fields/core.py", line 206, in validate
stop_validation = self._run_validation_chain(form, chain)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/wtforms/fields/core.py", line 226, in _run_validation_chain
validator(form, self)
File "/Users/fanwei/.local/share/virtualenvs/starter-7VRm1H9r/lib/python3.7/site-packages/wtforms/validators.py", line 134, in call
if data is None or (self.min is not None and data < self.min) or
TypeError: '<' not supported between instances of 'str' and 'int'

在项目中config的log.py中LEVEL配置项没有生效,Linlog中是写死的logging.basicConfig(level=logging.DEBUG)

疑问点：lin_file表中name字段保存的是基于时间戳的uuid，而不是保存的真实文件名。若cms的用户再对上传的文件进行统计或查看时，显示的上传文件名都是uuid格式的。用户怎么知道哪个文件是我想要的？

改善意见：目前lin file中规定文件名必须以uuid的方式进行保存，开发者没得选。虽然开发者可以自己更改保存的方式，但我认为lin file可以做得更好。完全可以再方法_get_store_path中设置一个标识，当标识为1时，以uuid名存储；若为空或其它值时，以真实文件名保存。

一点愚见~

下载了lin-cms-vue 登录的时候，发现flask项目中没有/cms/user/permissions 接口

Hi, I would like to report login brute force vulnerability in latest release.

Description:
Login brute force vulnerability in app/api/cms/user.py 43 line login() function.
No need to limit the number of logins and set the verification code will cause the username and password to be brute force, like this:

author by [email protected]

希望能够加上数据库注解，方便更好的使用和理解数据库设计。

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。

系统实际情况：
添加用户成功后，只是提示添加成功，依然停留在添加用户的界面，此时点击用户列表时，查询不到已添加的用户，我试了3次，都没有显示，最后只能F5刷新后才能显示出来，感觉交互体验不好。

我的理解：1、要么就是添加用户成功后，应返回到用户列表，这样操作者就能看到自己添加的信息是否真的成功的，但也有一个弊端，对于批量添加用户可能当前系统采用的更好，但是我觉得批量添加的情况比较少。
2、若保持当前系统状况，应该在用户点击用户列表时及时显示出最新的数据，这样也有弊端，需要频繁从数据库提取数据。但我认为一个好的产品，用户体验应该是第一位，尤其是开源的，越是傻瓜式的越好~
一点愚见~

下载后，安装需要的软件包：
pip install -r requirements.txt
出现以下错误信息。
Could not find a version that satisfies the requirement Lin-CMS==0.1.1 (from -r requirements.txt (line 13)) (from versions: 0.1.1a1, 0.1.1a2, 0.1.1a3, 0.1.1a4, 0.1.1a5, 0.1.1a6, 0.1.1a7, 0.1.1a8, 0.1.1b1, 0.1.1b2) No matching distribution found for Lin-CMS==0.1.1 (from -r requirements.txt (line 13))
在https://pypi.org/网站上也只能找到Lin-CMS 0.1.1b2。
https://pypi.org/project/Lin-CMS/

运行网站程序，出现以下错误：
ImportError: cannot import name 'UserSuper' from 'lin.enums' (E:\Dev\python\hospital\sante-flask\venv370\lib\site-packages\lin\enums.py)

这是怎么回事？

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。
在业务过程中,系统经常需要做后台统计和多表并联,

最新版本：

再前端操作这个提交添加的时候，相关的：

这个地方会报错：

报错的异常信息为：

• Detected change in 'D:\code\python\local_python\afinlflask\aframecore\log.py', reloading
• Restarting with stat
  石大胜华L v1.book+delete_book meta(auth='退订业务', module='退订')
  石大胜华L v1.book+tuiding meta(auth='退订业务222', module='退订')
  石大胜华L v1.book+tuidi343ng meta(auth='342345235', module='退订')
  石大胜华L v1.book+xxxxx meta(auth='cedshiu', module='退订')
  石大胜华L cms.auth+ceshiquanxian_01 meta(auth='订购11111', module='订购')
  石大胜华L cms.auth+ceshiquanxian_02 meta(auth='订购22222', module='订购')
  石大胜华L cms.auth+ceshiquanxian_03 meta(auth='订购3333', module='订购')
  石大胜华L cms.auth+ceshiquanxian_04 meta(auth='订购4444', module='订购')
  石大胜华L cms.auth+ceshiquanxian_05 meta(auth='订购55555', module='订购')
  石大胜华L cms.auth+ceshiquanxian_fyabdab_01 meta(auth='孤单and收到货--002', module='滚蛋')
  石大胜华L cms.auth+ceshiquanxian_fyabdab_02 meta(auth='孤单and收到货--001', module='滚蛋')
  石大胜华L cms.log+get_logs meta(auth='查询所有日志', module='日志')
  石大胜华L cms.log+get_user_logs meta(auth='搜索日志', module='日志')
  石大胜华L cms.log+get_users meta(auth='查询日志记录的用户', module='日志')
  石大胜华L cms.test+info meta(auth='查看lin的信息', module='信息')
• Debugger is active!
• Debugger PIN: 228-255-610
• Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
  127.0.0.1 - - [13/Jun/2019 12:45:15] "OPTIONS /cms/admin/authority HTTP/1.1" 200 -
  2019-06-13 12:45:15.188 | INFO | xmly_pro.app.app:request_cost_time:73 - =====================================================>>>>
  2019-06-13 12:45:15.189 | INFO | xmly_pro.app.app:request_cost_time:85 - 请求开始===>{"url": "http://localhost:5000/cms/admin/authority", "path": "/cms/admin/authority", "args": {}, "form": {}, "request_start_time": "2019-06-13T12:45:15.188432"}
  2019-06-13 12:45:15.196 | INFO | xmly_pro.app.app:log_response:120 - 请求结束===>{"url": "http://localhost:5000/cms/admin/authority", "path": "/cms/admin/authority", "args": {}, "form": {}, "request_start_time": "2019-06-13T12:45:15.188432", "req_time": "2019-06-13T12:45:15.196438", "resp_data": {"信息": {"查看lin的信息": ["cms.test+info"]}, "日志": {"搜索日志": ["cms.log+get_user_logs"], "查询所有日志": ["cms.log+get_logs"], "查询日志记录的用户": ["cms.log+get_users"]}, "滚蛋": {"孤单and收到货--001": ["cms.auth+ceshiquanxian_fyabdab_02"], "孤单and收到货--002": ["cms.auth+ceshiquanxian_fyabdab_01"]}, "订购": {"订购11111": ["cms.auth+ceshiquanxian_01"], "订购22222": ["cms.auth+ceshiquanxian_02"], "订购3333": ["cms.auth+ceshiquanxian_03"], "订购4444": ["cms.auth+ceshiquanxian_04"], "订购55555": ["cms.auth+ceshiquanxian_05"]}, "退订": {"342345235": ["v1.book+tuidi343ng"], "cedshiu": ["v1.book+xxxxx"], "退订业务": ["v1.book+delete_book"], "退订业务222": ["v1.book+tuiding"]}}, "cost_time": "0.00801"}
  127.0.0.1 - - [13/Jun/2019 12:45:15] "GET /cms/admin/authority HTTP/1.1" 200 -
  127.0.0.1 - - [13/Jun/2019 12:45:21] "OPTIONS /cms/admin/group HTTP/1.1" 200 -
  2019-06-13 12:45:21.996 | INFO | xmly_pro.app.app:request_cost_time:73 - =====================================================>>>>
  2019-06-13 12:45:21.996 | INFO | xmly_pro.app.app:request_cost_time:85 - 请求开始===>{"url": "http://localhost:5000/cms/admin/group", "path": "/cms/admin/group", "args": {}, "form": {}, "request_start_time": "2019-06-13T12:45:21.996219"}
  127.0.0.1 - - [13/Jun/2019 12:45:22] "POST /cms/admin/group HTTP/1.1" 500 -
  Traceback (most recent call last):
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 2309, in call
  return self.wsgi_app(environ, start_response)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 2295, in wsgi_app
  response = self.handle_exception(e)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask_cors\extension.py", line 110, in wrapped_function
  return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 1741, in handle_exception
  reraise(exc_type, exc_value, tb)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask_compat.py", line 35, in reraise
  raise value
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 2292, in wsgi_app
  response = self.full_dispatch_request()
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request
  rv = self.handle_user_exception(e)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask_cors\extension.py", line 110, in wrapped_function
  return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 1719, in handle_user_exception
  return handler(e)
  File "D:\code\python\local_python\afinlflask\aframecore\core.py", line 209, in handler
  raise e
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 1813, in full_dispatch_request
  rv = self.dispatch_request()
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\flask\app.py", line 1799, in dispatch_request
  return self.view_functionsrule.endpoint
  File "D:\code\python\local_python\afinlflask\aframecore\log.py", line 43, in wrap
  self.write_log()
  File "D:\code\python\local_python\afinlflask\aframecore\log.py", line 57, in write_log
  Log.create_log(message=self.message, user_id=self.user.id, user_name=self.user.nickname,
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\sqlalchemy\orm\attributes.py", line 242, in get
  return self.impl.get(instance_state(instance), dict_)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\sqlalchemy\orm\attributes.py", line 594, in get
  value = state._load_expired(state, passive)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\sqlalchemy\orm\state.py", line 608, in _load_expired
  self.manager.deferred_scalar_loader(self, toload)
  File "D:\code\python\local_python\lin-cms-flask-master03\venv\lib\site-packages\sqlalchemy\orm\loading.py", line 813, in load_scalar_attributes
  (state_str(state)))
  sqlalchemy.orm.exc.DetachedInstanceError: Instance <User at 0x24bbff5a550> is not bound to a Session; attribute refresh operation cannot proceed (Background on this error at: http://sqlalche.me/e/bhk3)

场景：对于用户的业务操作，可能用户想在一个特定时间去执行，但是那个时间点用户不能或没有时间去操作系统。 所以，希望有一个功能可以实现用户自定义的定时任务（用户定义时间、要执行的任务）。
我目前用Flask-APScheduler 基本实现了这么一个功能。但还是有一些不完美的地方，例如用uwsgi部署时有问题。主要还是我自己能力有限，想看看如果要实现这样一个功能，更专业的开发者是怎么做的。

Hi, I would like to report Cross-site request forgery vulnerability in latest release.

Description:
Cross-site request forgery(CSRF) vulnerability in app/api/cms/user.py and app/api/cms/admin.py.
When register, update user info, change password, delete user, disable user, active user, create group, etc do not validate to cause an CSRF vulnerability， Suggested to add Token.

author by [email protected]

如果开发者忘记加了@login，@admin注解，直接使用@logger的话，希望添加相应提示，而不是直接报错。

使用tinymac富文本编辑器顺序上传图片，第一张成功，之后就失败

使用tinymac插入第一张图片能正常显示，插入第二张时，前端报错：
Failed to load resource: net::ERR_CONNECTION_ABORTED

同时使用postman上传同一张图片就成功

后端使用flask, 前端版本是 0.2.2

tinymac用的是lin-cms的控件代码，无修改

大神好,在qq群里,没人解答,来这里提问
现在遇到2个问题.我们数据库变得非常庞大,之前用lin读写一体的,现在mysql经常锁死,和访问迟缓,因此公司数据库架构升级了,采用新的策略:分库分表,以及主从表.
问题1,现在数据库里有note_1,note_2,note_3...note99,100个表,是从原note表拆分的,在model里根据hash判断了要访问哪个表,但是定义class/db.model那里应该如何写
问题2.现在主数据库负责写,子数据库负责读,在lin的config->secure里,怎么指定数据库读写分离

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。

lin/db.py

    def filter_by(self, soft=False, **kwargs):
        # soft 应用软删除
        if soft:
            kwargs['delete_time'] = None
        return super(Query, self).filter_by(**kwargs)

filter_by(soft=True).all() 或者 filter_by(delete_time=None).all() 可以获取没有被软删除的数据
filter_by().all() 可以获取所有数据

那么请问如何只获取已经被软删除的数据
使用 filter(<Model>.delete_time != None).all() 可以实现
⚠️使用 filter_by() 不知道怎么传参数

可能是我对 flask sqlalchemy 不熟悉。
还望能够收到回复。谢谢。

(starter) bash-3.2$ python starter.py
Traceback (most recent call last):
File "starter.py", line 6, in
from app.app import create_app
File "/Users/pc/Documents/starter/app/app.py", line 8, in
from flask import Flask, request, g
ModuleNotFoundError: No module named 'flask'

• bug 描述

使用扩展过的 user_model 模型（类名为User）建立多对多关系，程序可以跑起来，但是接收 http 请求时就会报错

• 模型定义

1. 关联表 like_and_quota

# /app/models/association_tables.py

from sqlalchemy import Table, Column, Integer, ForeignKey
from lin.interface import InfoCrud as Base


# 用户点赞的语录
like_and_quota = Table('like_and_quota',
                   Base.metadata,
                   Column('user_id', Integer, ForeignKey('lin_user.id')),
                   Column('quota_id', Integer, ForeignKey('quota.id')))

2. 扩展 user_model 的 User 模型

# /app/models/user.py

from lin import db
from lin.core import User as _User
from sqlalchemy import Column, String
from sqlalchemy.orm import relationship
from app.models.association_tables import like_and_quota


class User(_User):
    wx_openid = Column(String(190)) # 微信 openid
    liked_quotas = relationship('Quota', secondary=like_and_quota, back_populates='liked_users') # 该用户点赞的语录（与 Quota 模型建立多对多关系）

3. 业务模型 Quota

# /app/models/quota.py

from lin import db
from lin.exception import NotFound
from lin.interface import InfoCrud as Base
from sqlalchemy import Column, Integer, Text, ForeignKey
from sqlalchemy.orm import relationship
from app.models.category import Category
from app.models.association_tables import like_and_quota


class Quota(Base):
    id = Column(Integer, primary_key=True, autoincrement=True)
    content = Column(Text) # html 格式
    content_text = Column(Text) # 纯文本格式
    category_id = Column(Integer, ForeignKey('category.id'))
    category = relationship('Category', back_populates='quotas') # 所属分类
    liked_users = relationship('User', secondary=like_and_quota ,back_populates='liked_quotas') # 点赞该语录的用户

• create_app

def create_app(register_all=True, environment='production'):
    app = LinFlask(__name__, static_folder='./assets')
    app.config['ENV'] = environment
    env = app.config.get('ENV')
    if env == 'production':
        app.config.from_object('app.config.setting.ProductionConfig')
        app.config.from_object('app.config.secure.ProductionSecure')
    elif env == 'development':
        app.config.from_object('app.config.setting.DevelopmentConfig')
        app.config.from_object('app.config.secure.DevelopmentSecure')
    app.config.from_object('app.config.log')
    if register_all:
        register_blueprints(app)
        from app.models.user import User
        Lin(app, user_model=User)
        register_before_request(app)
        register_after_request(app)
        apply_cors(app)
        # 创建所有表格
        create_tables(app)

    return app

• 报错信息

sqlalchemy.exc.InvalidRequestError: Multiple classes found for path "User" in the registry of this declarative base. Please use a fully module-qualified path.

• bug 修复
  将 User 模型换个名称即可，但是官方文档中扩展 user_model 模型的示例使用的名称是 User，且未说明扩展模型名称不能为 User。以下示例中我将 User 改为 CUser，则不会报错。

正确代码：

# /app/models/user.py

class CUser(_User):

# /app/models/quota.py

liked_users = relationship('CUser', secondary=like_and_quota ,back_populates='liked_quotas') # 点赞该语录的用户

# /app/app.py

from app.models.user import CUser
Lin(app, user_model=CUser)

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。

def paginate():
    count = int(request.args.get('count', current_app.config.get('COUNT_DEFAULT') if current_app.config.get(
        'COUNT_DEFAULT') else 5))
    start = int(request.args.get('page', current_app.config.get('PAGE_DEFAULT') if current_app.config.get(
        'PAGE_DEFAULT') else 0))
    count = 15 if count >= 15 else count
    start = start * count
    if start < 0 or count < 0:
        raise ParameterException()
    return start, count

直接 int 转前端穿过来的 count 会不会不太好(如果不传数字传字母或其他字符会报错)。为何不考虑使用 wtf-form 验证。还望收到回复。谢谢。

查询的时候，过滤字段以及多表关联查询都是非常常用的。但是内置封装的get函数不能满足这些需求，也不兼容原生的方法，所以涉及到这些方面的查询函数就要完全手写。但是这些内容往往才是最麻烦的。

同时，不一样的开发方法容易导致失误，比如，查询的时候没有过滤 delete_time 软删除字段，所以希望同一封装一些更高级的api，或者兼容原生api

跨域是没有配置吗？

Hi, I would like to report Cross Site Scripting vulnerability in latest release.

Description:
Cross-site scripting (XSS) vulnerability in app/api/cms/user.py 12 line register() function and app/api/cms/log.py 23 line get_logs() function.
User name usage XSS payload will be executed in the log when registering users
Steps To Reproduce:
1.Add a user, the username is xss payload.

2.Then use the username login, see the log manager find the xss payload already executed, the super user also can find.

author by [email protected]

描述 bug
在编写一个Form的时候加了Optional校验器，发现没有执行我的自定义校验器。

• 你是如何操作的？
  于是DEBUG了一下 发现Optional这个类的实现中__call__方法下进行了表单校验，其中引用的数据是field.raw_data，其它校验器引用的是field.data，debug中发现raw_data永远为空。
• 发生了什么？
  Optional校验器永远判空，停止后续校验。
• 你觉得应该出现什么？
  对于非空的参数应该不要停止校验
  你使用哪个版本出现该问题？
  Lin-CMS==0.2.0b2

执行pipenv install --dev的时候报错如下
Virtualenv location: C:\Users\Administrator.virtualenvs\lin-cms-flask-19JFeIB4
Warning: Your Pipfile requires python_version 3.6, but you are using 3.7.6 (C:\Users\A.\l\S\python.exe).
$ pipenv --rm and rebuilding the virtual environment may resolve the issue.
$ pipenv check will surely fail.

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。

class InfoCrud

    @property
    def create_time(self):
        if self._create_time is None:
            return None
        return int(round(self._create_time.timestamp() * 1000))

是否可以考虑到用户要生成假数据给 create_time 一个 setter 方法

    @create_time.setter
    def create_time(self, raw):
        self._create_time = raw

class UserInterface
是否可以不设置表名 即__abstract__ = True
然后在 lin.core.py 中class User再指定 __tablename__='lin-user'
这样如果我有自定义的user_model ,并且user_model的表名自定义例如 my_user
如果继承UserInterface 就不会自动生成 lin-user 表

可能我的想法中也有错误，希望可以收到您的回复，谢谢。

目前一套前端无法对应2套后端代码，2套后端要分别对应2套前端

描述 bug

group_required 装饰器和route_meta装饰器功能重复。这俩总要同时出现，可以合并

• 你觉得应该出现什么？
  合并这两个装饰器

【建议】文档-常见问题补充
项目部署到服务器后，启动5000端口外网依然无法访问

解决方案
服务器环境示例： 腾讯云centos7
如果在开启服务器安全组和防火墙端口后，启动项目外网依然无法访问，请修改根目录starter.py末尾app.run()部分的代码，加入host参数并指定port端口

if __name__ == '__main__':
    app.run(host="127.0.0.1", port=5000, debug=True)

遇到问题时，搜索了一下，貌似flask都会有这个问题

请教一下目前多个权限可以assign给一个分组。如何把同一个权限assign给多个分组呢？比如editor可以同时edit和view。 viewer只能view。我看到代码里面目前auth的部分group_id只有一个id。谢谢。

{"error_code": 10000, "msg": "\u8ba4\u8bc1\u5931\u8d25\uff0c\u8bf7\u68c0\u67e5\u8bf7\u6c42\u5934\u6216\u8005\u91cd\u65b0\u767b\u9646", "request": "GET /v1/book/1"}

当我按照
http://doc.cms.7yue.pro/lin/start/flask/backend-demo.html#%E8%A7%86%E5%9B%BE%E6%8E%A7%E5%88%B6 这个文档进行测试的时候，浏览器打开
http://127.0.0.1:5000/v1/book/1
并没有返回'hello, I am a book'，而是返回最上面的err。

严格按照你们的文档来的，为什么不行呢？？

Hi, I would like to report Cross Site Scripting vulnerability in latest release.

Description:
Identity authentication vulnerability in the logout, When you log out, the authentication token is still valid.

Steps To Reproduce:
1.Login the background
2.Do something, like list users
3.Logout
4.Replay packet, can see the user list.

author by [email protected]

请问下 之后项目是否会用到WebSocket相关的库
如果有
是使用Flask-Sockets 还是 Flask-SocketIO 或者其他什么
这2个库是不兼容的，目前项目需要，想选择和cms一致的，避免后续升级有问题。

我是通过pip install lin 安装的

CMS 是一个颇为复杂的应用，它需要的东西太多。我们无法涉及到方方面面，因此关于新特性，我们会以讨论的形式来确定这个特性是否去实现，以什么形式实现。
我们鼓励所有对这个特性感兴趣的人来参与讨论，当然如果你想参与特性的开发那就更好了。

如果你实现了一个 feature，并通过了单元测试，请用git rebase合并成一条标准的feat: description提交，然后向我们的
项目提 PR，我们会在第一时间审核，并感谢您的参与。

如果有考虑添加这个功能，我愿意尝试贡献code

请问这个特性跟什么问题相关？ 有哪些应用场景？请详细描述。
请清晰准确的描述问题的内容，以及真实的场景。

搭建环境更快速，应该主要是方便前端开发吧

请描述一下你想怎么实现这个特性
怎么样去实现这个特性？加入核心库？加入工程项目？还是其他方式。
当然你也可以描述它的具体实现.

添加Dockerfile

讨论
如果这个特性应用场景非常多，或者非常重要，我们会第一时间去处理。但更多的我们希望更多的人参与讨论，来斟酌它的可行性。

添加数据库用户脚本报错

在cmd执行命令 python add_super.py

(lin-cms-flask--LqTYnzq) C:\Users\wy\Desktop\lin-cms-flask>python add_super.py C:\Users\wy\.virtualenvs\lin-cms-flask--LqTYnzq\lib\site-packages\flask_sqlalchemy\__init__.py:794: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning. 'SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and '

• 我觉得应该 返回 add super user Successed

我使用的最新的master版本，pip 扩展也是最新的
`(lin-cms-flask) C:\Users\wy\Desktop\lin-cms-flask>pipenv graph
cymysql==0.9.1
Flask-Cors==2.1.0

• Flask [required: >=0.9, installed: 1.0.2]
  • click [required: >=5.1, installed: 7.0]
  • itsdangerous [required: >=0.24, installed: 1.1.0]
  • Jinja2 [required: >=2.10, installed: 2.10.1]
    • MarkupSafe [required: >=0.23, installed: 1.1.1]
  • Werkzeug [required: >=0.14, installed: 0.14.1]
• Six [required: Any, installed: 1.12.0]
  Flask-WTF==0.14.2
• Flask [required: Any, installed: 1.0.2]
  • click [required: >=5.1, installed: 7.0]
  • itsdangerous [required: >=0.24, installed: 1.1.0]
  • Jinja2 [required: >=2.10, installed: 2.10.1]
    • MarkupSafe [required: >=0.23, installed: 1.1.1]
  • Werkzeug [required: >=0.14, installed: 0.14.1]
• WTForms [required: Any, installed: 2.2.1]
  Lin-CMS==0.1.1a6
• Flask [required: ==1.0.2, installed: 1.0.2]
  • click [required: >=5.1, installed: 7.0]
  • itsdangerous [required: >=0.24, installed: 1.1.0]
  • Jinja2 [required: >=2.10, installed: 2.10.1]
    • MarkupSafe [required: >=0.23, installed: 1.1.1]
  • Werkzeug [required: >=0.14, installed: 0.14.1]
• Flask-JWT-Extended [required: ==3.12.1, installed: 3.12.1]
  • Flask [required: Any, installed: 1.0.2]
    • click [required: >=5.1, installed: 7.0]
    • itsdangerous [required: >=0.24, installed: 1.1.0]
    • Jinja2 [required: >=2.10, installed: 2.10.1]
      • MarkupSafe [required: >=0.23, installed: 1.1.1]
    • Werkzeug [required: >=0.14, installed: 0.14.1]
  • PyJWT [required: Any, installed: 1.7.1]
  • Werkzeug [required: >=0.14, installed: 0.14.1]
• Flask-SQLAlchemy [required: ==2.3.2, installed: 2.3.2]
  • Flask [required: >=0.10, installed: 1.0.2]
    • click [required: >=5.1, installed: 7.0]
    • itsdangerous [required: >=0.24, installed: 1.1.0]
    • Jinja2 [required: >=2.10, installed: 2.10.1]
      • MarkupSafe [required: >=0.23, installed: 1.1.1]
    • Werkzeug [required: >=0.14, installed: 0.14.1]
  • SQLAlchemy [required: >=0.8.0, installed: 1.2.11]
• SQLAlchemy [required: ==1.2.11, installed: 1.2.11]
• Werkzeug [required: ==0.14.1, installed: 0.14.1]
• WTForms [required: ==2.2.1, installed: 2.2.1]
  oss2==2.6.1
• aliyun-python-sdk-core-v3 [required: >=2.5.5, installed: 2.13.3]
  • jmespath [required: >=0.9.3,<1.0.0, installed: 0.9.4]
• aliyun-python-sdk-kms [required: >=2.4.1, installed: 2.5.1]
  • aliyun-python-sdk-core [required: >=2.11.5, installed: 2.13.4]
    • jmespath [required: >=0.9.3,<1.0.0, installed: 0.9.4]
• crcmod [required: >=1.7, installed: 1.7]
• pycryptodome [required: >=3.4.7, installed: 3.8.1]
• requests [required: !=2.9.0, installed: 2.18.4]
  • certifi [required: >=2017.4.17, installed: 2019.3.9]
  • chardet [required: >=3.0.2,<3.1.0, installed: 3.0.4]
  • idna [required: >=2.5,<2.7, installed: 2.6]
  • urllib3 [required: >=1.21.1,<1.23, installed: 1.22]
    pipfile==0.0.2
• toml [required: Any, installed: 0.10.0]
  pylint==2.3.1
• astroid [required: >=2.2.0,<3, installed: 2.2.5]
  • lazy-object-proxy [required: Any, installed: 1.3.1]
  • six [required: Any, installed: 1.12.0]
  • typed-ast [required: >=1.3.0, installed: 1.3.1]
  • wrapt [required: Any, installed: 1.11.1]
• colorama [required: Any, installed: 0.4.1]
• isort [required: >=4.2.5,<5, installed: 4.3.16]
• mccabe [required: >=0.6,<0.7, installed: 0.6.1]
  pytest==4.4.0
• atomicwrites [required: >=1.0, installed: 1.3.0]
• attrs [required: >=17.4.0, installed: 19.1.0]
• colorama [required: Any, installed: 0.4.1]
• more-itertools [required: >=4.0.0, installed: 7.0.0]
• pluggy [required: >=0.9, installed: 0.9.0]
• py [required: >=1.5.0, installed: 1.8.0]
• setuptools [required: Any, installed: 40.9.0]
• six [required: >=1.10.0, installed: 1.12.0]`

如何再现

• 拉取最新的master版本
• 执行 pipenv install --dev
• 设置 app/config/secure.py
• 执行 python add_super.py

然后就报错了呀，真奇妙啊

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。

不管我用3.7还是3.8的，都一直提示我上图中的这个错误

同上

File "starter.py", line 13
SyntaxError: Non-ASCII character '\xe5' in file starter.py on line 14, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details
python版本3.7.2 3.6.2均报错

I am from Cuba, I am trying to try this lin-cms, I find this project interesting but I am having problems because of the language.

I would like to know: lin-cms-vue the frontend and lin-cms-flaks the backend?

I created the database and configured the connection:
SQLALCHEMY_DATABASE_URI = 'mysql+cymysql://lincms:xxxxx@localhost:3306/lincms'

and run lin-cms flask and vue but when I try "sing in" I get a params error: (look down)
Network Error
请检查 API 是否异常

(venv) barcelo@nova:~/flask_vuejs/lin-cms-vue$ npm run serve

> [email protected] serve /home/barcelo/flask_vuejs/lin-cms-vue
> node script/plugin-get-config.js && vue-cli-service serve

配置插件...
插件配置完成: /home/barcelo/flask_vuejs/lin-cms-vue/src/config/stage/plugins.js

 INFO  Starting development server...
 13% building 25/28 modules 3 active ...cms-vue/node_modules/ansi-html/index.jsBrowserslist: caniuse-lite is outdated. Please run next command `yarn upgrade`
 53 5 98% after emitting CopyPlugin                                                      

 DONE  Compiled successfully in 196612ms                                                                                                     2:16:41 AM

 
  App running at:
  - Local:   http://localhost:8080/ 
  - Network: http://.....:8080/

  Note that the development build is not optimized.
  To create a production build, run yarn build.

---------------------------------------------------

(venv) barcelo@nova:~/flask_vuejs/lin-cms-flask$ python starter.py 
 * Serving Flask app "app.app" (lazy loading)
 * Environment: development
 * Debug mode: on
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 147-025-700
[2020-01-10 02:28:57,491] DEBUG in app: [OPTIONS] -> [/cms/user/login] from:127.0.0.1 costs:5.330 ms data:{
	param: {}, 
	body: {}
} 
127.0.0.1 - - [10/Jan/2020 02:28:57] "OPTIONS /cms/user/login HTTP/1.1" 200 -
[2020-01-10 02:28:57,562] DEBUG in app: [POST] -> [/cms/user/login] from:127.0.0.1 costs:61.640 ms data:{
	param: {}, 
	body: {'username': 'super', 'password': '123456'}
} 
127.0.0.1 - - [10/Jan/2020 02:28:57] "POST /cms/user/login HTTP/1.1" 404 -
[2020-01-10 02:46:54,466] DEBUG in app: [OPTIONS] -> [/cms/user/login] from:127.0.0.1 costs:7.240 ms data:{
	param: {}, 
	body: {}
} 
127.0.0.1 - - [10/Jan/2020 02:46:54] "OPTIONS /cms/user/login HTTP/1.1" 200 -
[2020-01-10 02:46:54,666] DEBUG in app: [POST] -> [/cms/user/login] from:127.0.0.1 costs:185.290 ms data:{
	param: {}, 
	body: {'username': 'test', 'password': '123456'}
} 
127.0.0.1 - - [10/Jan/2020 02:46:54] "POST /cms/user/login HTTP/1.1" 400 -

用户管理列表，在首页进行删除用户时，有两个问题：
1、出现参数错误提示，页面转白~
2、提示删除成功，但是页面没有及时刷新过来~

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。
依赖已安装
D:\lin-cms-flask-master\lin-cms-flask-master> python starter.py Traceback (most recent call last): File "starter.py", line 8, in <module> app = create_app(environment='development') File "D:\lin-cms-flask-master\lin-cms-flask-master\app\app.py", line 79, in create_app Lin(app) File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\lin\core.py", line 132, in __init__ self.init_app(app, group_model, user_model, auth_model, create_all, mount, handle, json_encoder, logger) File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\lin\core.py", line 164, in init_app auth_model) File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\lin\core.py", line 239, in __init__ self.loader: Loader = Loader(plugin_path) File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\lin\loader.py", line 26, in __init__ self.load_plugins() File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\lin\loader.py", line 34, in load_plugins path and self._load_plugin(f'{path}.app.__init__', name) File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\lin\loader.py", line 43, in _load_plugin mod = import_module(path) File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\importlib\__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1006, in _gcd_import File "<frozen importlib._bootstrap>", line 983, in _find_and_load File "<frozen importlib._bootstrap>", line 953, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "<frozen importlib._bootstrap>", line 1006, in _gcd_import File "<frozen importlib._bootstrap>", line 983, in _find_and_load File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 677, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 728, in exec_module File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "D:\lin-cms-flask-master\lin-cms-flask-master\app\plugins\oss\app\__init__.py", line 1, in <module> from .controller import api File "D:\lin-cms-flask-master\lin-cms-flask-master\app\plugins\oss\app\controller.py", line 4, in <module> from .oss import upload_image_bytes File "D:\lin-cms-flask-master\lin-cms-flask-master\app\plugins\oss\app\oss.py", line 1, in <module> import oss2 File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\oss2\__init__.py", line 3, in <module> from . import models, exceptions File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\oss2\models.py", line 10, in <module> from .utils import http_to_unixtime, make_progress_adapter, make_crc_adapter File "C:\Users\qiufeihong\AppData\Local\Programs\Python\Python37-32\lib\site-packages\oss2\utils.py", line 30, in <module> from Crypto.Cipher import AES ModuleNotFoundError: No module named 'Crypto'

前端展示的用户组都为
前端在显示用户分组信息groupName时,需要使用后端/cms/user/auths接口中返回的的group_name.

由于没有传递这个参数,前端现在将所有的用户分组都显示为超级管理员

这个项目不错，用起来很好，但碰到了编码的问题。
在办公室的电脑上，一直可以正常用。但在家里的电脑上运行时，出现下面错误：
(venv) E:\Dev\python\sante-flask>Python starter.py File "starter.py", line 2 SyntaxError: Non-ASCII character '\xc2' in file starter.py on line 3, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details
我改动了所有.py文件，在第一行加上：
#coding=utf-8
以为会好了，但是，问题继续出现，但出现问题的路径变成了“C:\Python27\Lib\site-packages\lin”。还需要改下去吗？

我的疑惑是：
lin-CMS在文件头没有加编码注释，这个会不会导致出现编码问题？
都是pycharm，为啥有的不报错，有的就报错呢？是和IDE的设置有关吗？

期待您的答复，谢谢。

之前看你们团队说下个版本发布消息的订阅与推送，请问下有无此计划

请详细描述您对本项目的任何问题，我们会在第一时间查阅和解决。