Complete project files including setup.sh

2026-01-11 14:17:26 +08:00
commit 0bbe394cb5
29 changed files with 3060 additions and 0 deletions
--- a/routes/new_admin.py
+++ b/routes/new_admin.py
@@ -0,0 +1,178 @@
+from flask import Blueprint, render_template, redirect, url_for, flash, request
+from flask_login import current_user
+from functools import wraps
+from models import db, User, Post
+
+# 使用 new_admin 以避免任何命名冲突或缓存问题
+admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
+
+
+def admin_required(f):
+    """管理员权限装饰器 - 直接定义在此文件中以避免导入问题"""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not current_user.is_authenticated:
+            return redirect(url_for('auth.login', next=request.url))
+            
+        if not current_user.is_admin:
+            flash('需要管理员权限', 'error')
+            return redirect(url_for('posts.index'))
+            
+        return f(*args, **kwargs)
+    return decorated_function
+
+
+@admin_bp.route('/')
+@admin_required
+def dashboard():
+    """管理员仪表板"""
+    pending_users = User.query.filter_by(is_approved=False).count()
+    pending_posts = Post.query.filter_by(is_approved=False).count()
+    
+    return render_template('admin/dashboard.html', 
+                         pending_users=pending_users,
+                         pending_posts=pending_posts)
+
+
+@admin_bp.route('/users')
+@admin_required
+def users():
+    """待审核用户列表"""
+    pending_users = User.query.filter_by(is_approved=False).order_by(User.created_at.desc()).all()
+    approved_users = User.query.filter_by(is_approved=True).order_by(User.created_at.desc()).limit(20).all()
+    
+    return render_template('admin/users.html', 
+                         pending_users=pending_users,
+                         approved_users=approved_users)
+
+
+@admin_bp.route('/users/<int:user_id>/approve', methods=['POST'])
+@admin_required
+def approve_user(user_id):
+    """批准用户注册"""
+    user = User.query.get_or_404(user_id)
+    
+    if user.is_approved:
+        flash('该用户已经通过审核', 'info')
+        return redirect(url_for('admin.users'))
+    
+    user.is_approved = True
+    db.session.commit()
+    
+    flash(f'已批准用户 {user.username} 的注册', 'success')
+    return redirect(url_for('admin.users'))
+
+
+@admin_bp.route('/users/<int:user_id>/reject', methods=['POST'])
+@admin_required
+def reject_user(user_id):
+    """拒绝用户注册"""
+    user = User.query.get_or_404(user_id)
+    
+    if user.is_approved:
+        flash('该用户已经通过审核，无法拒绝', 'error')
+        return redirect(url_for('admin.users'))
+    
+    # 删除用户及其相关数据
+    db.session.delete(user)
+    db.session.commit()
+    
+    flash(f'已拒绝用户 {user.username} 的注册', 'success')
+    return redirect(url_for('admin.users'))
+
+
+@admin_bp.route('/posts')
+@admin_required
+def posts():
+    """待审核帖子列表"""
+    pending_posts = Post.query.filter_by(is_approved=False).order_by(Post.created_at.desc()).all()
+    approved_posts = Post.query.filter_by(is_approved=True).order_by(Post.created_at.desc()).limit(20).all()
+    
+    return render_template('admin/posts.html', 
+                         pending_posts=pending_posts,
+                         approved_posts=approved_posts)
+
+
+@admin_bp.route('/posts/<int:post_id>/approve', methods=['POST'])
+@admin_required
+def approve_post(post_id):
+    """批准帖子发布"""
+    post = Post.query.get_or_404(post_id)
+    
+    if post.is_approved:
+        flash('该帖子已经通过审核', 'info')
+        return redirect(url_for('admin.posts'))
+    
+    post.is_approved = True
+    db.session.commit()
+    
+    flash('已批准该帖子发布', 'success')
+    return redirect(url_for('admin.posts'))
+
+
+@admin_bp.route('/posts/<int:post_id>/reject', methods=['POST'])
+@admin_required
+def reject_post(post_id):
+    """拒绝帖子发布"""
+    post = Post.query.get_or_404(post_id)
+    
+    if post.is_approved:
+        flash('该帖子已经通过审核，无法拒绝', 'error')
+        return redirect(url_for('admin.posts'))
+    
+    # 删除帖子
+    db.session.delete(post)
+    db.session.commit()
+    
+    flash('已拒绝该帖子发布', 'success')
+    return redirect(url_for('admin.posts'))
+
+
+@admin_bp.route('/create-admin', methods=['GET', 'POST'])
+@admin_required
+def create_admin():
+    """创建新管理员"""
+    if request.method == 'POST':
+        username = request.form.get('username')
+        email = request.form.get('email')
+        password = request.form.get('password')
+        confirm_password = request.form.get('confirm_password')
+        
+        if not all([username, email, password, confirm_password]):
+            flash('请填写所有字段', 'error')
+            return render_template('admin/create_admin.html')
+        
+        if password != confirm_password:
+            flash('两次输入的密码不一致', 'error')
+            return render_template('admin/create_admin.html')
+        
+        if len(password) < 6:
+            flash('密码长度至少为6位', 'error')
+            return render_template('admin/create_admin.html')
+        
+        # 检查用户名和邮箱是否已存在
+        if User.query.filter_by(username=username).first():
+            flash('用户名已被使用', 'error')
+            return render_template('admin/create_admin.html')
+        
+        if User.query.filter_by(email=email).first():
+            flash('邮箱已被使用', 'error')
+            return render_template('admin/create_admin.html')
+        
+        # 创建新管理员
+        new_admin = User(
+            username=username,
+            email=email,
+            is_approved=True,
+            is_admin=True,
+            password_changed=True  # 新建管理员默认认为已知晓密码，或者后续再改
+        )
+        new_admin.set_password(password)
+        
+        db.session.add(new_admin)
+        db.session.commit()
+        
+        flash(f'成功创建管理员账号: {username}', 'success')
+        return redirect(url_for('admin.dashboard'))
+    
+    return render_template('admin/create_admin.html')