Merge pull request Ehco1996#226 from Ehco1996/dev

bug fix

Author: Ehco1996

README.md

@@ -54,8 +54,14 @@ Wiki: [Wiki](https://github.com/Ehco1996/django-sspanel/wiki)
 
 ## 部署教程：
 
+部署需要vps的支持  
+我推荐 Vultr 家，最便宜的机房2.5美金一个月  
+支持支付宝支付，对于新手来说，拿来练手最合适不过了  
+这里有一个推广链接 ：https://www.vultr.com/?ref=7914717-4F  
+**通过这个链接注册，你能得到50美元的回赠！,而我能得到25美元的回赠**
+
 硬核版: [部署教程](https://github.com/Ehco1996/django-sspanel/wiki/%E9%9D%A2%E6%9D%BF%E9%83%A8%E7%BD%B2)
 
 萌新版: [部署教程](https://github.com/Ehco1996/django-sspanel/wiki/%E9%9D%A2%E6%9D%BF%E5%AE%89%E8%A3%85%E6%95%99%E7%A8%8B-%E8%90%8C%E6%96%B0%E7%89%88)
 
-Docker版: [部署教程](https://github.com/Ehco1996/django-sspanel/wiki/Docker-%E4%B8%80%E9%94%AE%E5%AE%89%E8%A3%85)
+Docker版: [部署教程](https://github.com/Ehco1996/django-sspanel/wiki/Docker-%E4%B8%80%E9%94%AE%E5%AE%89%E8%A3%85)

apps/api/urls.py

@@ -11,6 +11,7 @@
     path("shop/", views.purchase, name="purchase"),
     path("traffic/query/", views.traffic_query, name="traffic_query"),
     path("change/theme/", views.change_theme, name="change_theme"),
+    path("change/sub_type/", views.change_sub_type, name="change_sub_type"),
     path("checkin/", views.checkin, name="checkin"),
     # 邀请码接口
     path("get/invitecode/", views.get_invitecode, name="get_invitecode"),

apps/api/views.py

@@ -6,12 +6,13 @@
 from django.conf import settings
 from django.http import JsonResponse
 from django.shortcuts import HttpResponse
+from ratelimit.decorators import ratelimit
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_http_methods
 from django.contrib.auth.decorators import login_required, permission_required
 
 from apps.payments import pay
-from apps.constants import NODE_USER_INFO_TTL
+from apps.constants import NODE_USER_INFO_TTL, NODE_USER_CACHE_KEY
 from apps.utils import traffic_format, simple_cached_view, get_node_user, authorized
 from apps.ssserver.models import Suser, TrafficLog, Node, NodeOnlineLog, AliveIp
 from apps.sspanel.models import InviteCode, Goods, User, Donate, UserOrder
@@ -160,8 +161,18 @@ def change_theme(request):
     user = request.user
     user.theme = theme
     user.save()
-    registerinfo = {"title": "修改成功！", "subtitle": "主题更换成功，刷新页面可见", "status": "success"}
-    return JsonResponse(registerinfo)
+    res = {"title": "修改成功！", "subtitle": "主题更换成功，刷新页面可见", "status": "success"}
+    return JsonResponse(res)
+
+
+@login_required
+def change_sub_type(request):
+    sub_type = request.POST.get("sub_type")
+    user = request.user
+    user.sub_type = sub_type
+    user.save()
+    res = {"title": "修改成功！", "subtitle": "订阅类型更换成功!", "status": "success"}
+    return JsonResponse(res)
 
 
 @authorized
@@ -219,7 +230,7 @@ def node_online_api(request):
 
 
 @authorized
-@simple_cached_view(ttl=NODE_USER_INFO_TTL)
+@simple_cached_view(key=NODE_USER_CACHE_KEY, ttl=NODE_USER_INFO_TTL)
 @require_http_methods(["GET"])
 def user_api(request, node_id):
     """
@@ -327,13 +338,14 @@ class OrderView(View):
     def get(self, request):
         user = request.user
         order = UserOrder.get_recent_created_order(user)
-        order.check_order_status()
+        order and order.check_order_status()
         if order and order.status == UserOrder.STATUS_FINISHED:
             info = {"title": "充值成功!", "subtitle": "请去商品界面购买商品！", "status": "success"}
         else:
             info = {"title": "支付查询失败!", "subtitle": "亲，确认支付了么？", "status": "error"}
         return JsonResponse({"info": info})
 
+    @ratelimit(key="user", rate="1/1s")
     def post(self, request):
         amount = int(request.POST.get("num"))
 

apps/constants.py

@@ -75,6 +75,7 @@
 # 判断节点在线时间间隔
 NODE_TIME_OUT = 75
 
-# 默认缓存时间
-DEFUALT_CACHE_TTL = 60 * 60 * 2
+
+DEFAULT_CACHE_TTL = 60 * 60 * 2
 NODE_USER_INFO_TTL = 60 * 5
+NODE_USER_CACHE_KEY = "cache.get.userF.info"

apps/sspanel/migrations/0006_user_sub_type.py

@@ -0,0 +1,20 @@
+# Generated by Django 2.1.7 on 2019-03-31 02:46
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [("sspanel", "0005_auto_20190224_0625")]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="sub_type",
+            field=models.SmallIntegerField(
+                choices=[(0, "只订阅SS"), (1, "只订阅SSR"), (2, "订阅所有")],
+                default=2,
+                verbose_name="订阅类型",
+            ),
+        )
+    ]

apps/sspanel/models.py

@@ -1,6 +1,7 @@
 import time
 import base64
 import datetime
+from urllib.parse import urlencode
 
 import pendulum
 import markdown
@@ -9,18 +10,28 @@
 from django.conf import settings
 from django.utils import timezone
 from django.db import transaction
-from requests import PreparedRequest
+from django.core.cache import cache
 from django.contrib.auth.models import AbstractUser
 from django.core.validators import MaxValueValidator, MinValueValidator
 
 from apps.payments import pay
-from apps.constants import THEME_CHOICES
+from apps.constants import THEME_CHOICES, NODE_USER_CACHE_KEY
 from apps.utils import get_long_random_string, traffic_format
 
 
 class User(AbstractUser):
     """SS账户模型"""
 
+    SUB_TYPE_SS = 0
+    SUB_TYPE_SSR = 1
+    SUB_TYPE_ALL = 2
+
+    SUB_TYPES = (
+        (SUB_TYPE_SS, "只订阅SS"),
+        (SUB_TYPE_SSR, "只订阅SSR"),
+        (SUB_TYPE_ALL, "订阅所有"),
+    )
+
     invitecode = models.CharField(verbose_name="邀请码", max_length=40)
     invited_by = models.PositiveIntegerField(verbose_name="邀请人id", default=1)
     balance = models.DecimalField(
@@ -47,6 +58,9 @@ class User(AbstractUser):
         default=settings.DEFAULT_THEME,
         max_length=10,
     )
+    sub_type = models.SmallIntegerField(
+        verbose_name="订阅类型", choices=SUB_TYPES, default=SUB_TYPE_ALL
+    )
 
     class Meta(AbstractUser.Meta):
         verbose_name = "用户"
@@ -102,12 +116,9 @@ def expire_time(self):
     @property
     def sub_link(self):
         """生成该用户的订阅地址"""
-        p = PreparedRequest()
-        token = base64.b64encode(self.username.encode()).decode()
-        url = settings.HOST + "/server/subscribe/"
+        token = base64.urlsafe_b64encode(self.username.encode()).decode()
         params = {"token": token}
-        p.prepare_url(url, params)
-        return p.url
+        return settings.HOST + f"/server/subscribe/?{urlencode(params)}"
 
     @property
     def ss_user(self):
@@ -309,6 +320,7 @@ def purchase_by_user(self, user):
         user.level = self.level
         ss_user.save()
         user.save()
+        cache.delete(NODE_USER_CACHE_KEY)
         # 增加购买记录
         PurchaseHistory.objects.create(
             good=self, user=user, money=self.money, purchtime=now
@@ -448,9 +460,11 @@ def gen_out_trade_no(cls):
 
     @classmethod
     def get_not_paid_order(cls, user, amount):
-        return cls.objects.filter(
-            user=user, status=cls.STATUS_CREATED, amount=amount
-        ).first()
+        return (
+            cls.objects.filter(user=user, status=cls.STATUS_CREATED, amount=amount)
+            .order_by("-created_at")
+            .first()
+        )
 
     @classmethod
     def get_recent_created_order(cls, user):
@@ -466,11 +480,11 @@ def make_up_lost_orders(cls):
 
     @classmethod
     def get_or_create_order(cls, user, amount):
+        now = pendulum.now()
+        order = cls.get_not_paid_order(user, amount)
+        if order and order.expired_at > now:
+            return order
         with transaction.atomic():
-            now = pendulum.now()
-            order = cls.get_not_paid_order(user, amount)
-            if order and order.expired_at > now:
-                return order
             out_trade_no = cls.gen_out_trade_no()
             trade = pay.alipay.api_alipay_trade_precreate(
                 subject=settings.ALIPAY_TRADE_INFO.format(amount),

apps/sspanel/views.py

@@ -87,24 +87,18 @@ def user_login(request):
     if request.method == "POST":
         form = LoginForm(request.POST)
         if form.is_valid():
-            # 获取表单用户名和密码
-            username = form.cleaned_data["username"]
-            password = form.cleaned_data["password"]
-            # 进行用户验证
-            user = authenticate(username=username, password=password)
-            if user is not None and user.is_active:
+            user = authenticate(
+                username=form.cleaned_data["username"],
+                password=form.cleaned_data["password"],
+            )
+            if user and user.is_active:
                 login(request, user)
                 messages.success(request, "自动跳转到用户中心", extra_tags="登录成功！")
                 return HttpResponseRedirect(reverse("sspanel:userinfo"))
             else:
-                form = LoginForm()
                 messages.error(request, "请重新填写信息！", extra_tags="登录失败！")
-                context = {"form": form}
-                return render(request, "sspanel/login.html", context=context)
-    else:
-        context = {"form": LoginForm()}
-
-        return render(request, "sspanel/login.html", context=context)
+    context = {"form": LoginForm()}
+    return render(request, "sspanel/login.html", context=context)
 
 
 def user_logout(request):
@@ -125,13 +119,15 @@ def userinfo(request):
     remain_traffic = "{:.2f}".format(100 - user.ss_user.used_percentage)
     context = {
         "user": user,
+        "user_sub_type": user.get_sub_type_display(),
         "anno": anno,
         "remain_traffic": remain_traffic,
         "min_traffic": min_traffic,
         "max_traffic": max_traffic,
         "sub_link": user.sub_link,
         "import_code": Node.get_import_code(user),
         "themes": THEME_CHOICES,
+        "sub_types": User.SUB_TYPES,
     }
     return render(request, "sspanel/userinfo.html", context=context)
 

apps/ssserver/models.py

@@ -218,24 +218,10 @@ class Node(ExportModelOperationsMixin("node"), models.Model):
 
     SS_TYPE_CHOICES = ((0, "SS"), (1, "SSR"), (2, "SS/SSR"))
 
-    @classmethod
-    def get_import_code(cls, user):
-        """获取该用户的所有节点的导入信息"""
-        ss_user = user.ss_user
-        sub_code_list = []
-        node_list = cls.objects.filter(level__lte=user.level, show=1)
-        for node in node_list:
-            sub_code_list.append(node.get_node_link(ss_user))
-        return "\n".join(sub_code_list)
-
-    @classmethod
-    def get_node_ids(cls, all=False):
-        """返回所有节点的id"""
-        if all is False:
-            nodes = cls.objects.filter(show=1)
-        else:
-            nodes = cls.objects.all()
-        return [node.node_id for node in nodes]
+    class Meta:
+        ordering = ["-show", "order"]
+        verbose_name_plural = "节点"
+        db_table = "ss_node"
 
     node_id = models.IntegerField("节点id", unique=True)
     port = models.IntegerField("节点端口", default=443, blank=True, help_text="单端口多用户时需要")
@@ -393,15 +379,29 @@ def human_used_traffic(self):
     def get_by_node_id(cls, node_id):
         return cls.objects.get(node_id=node_id)
 
+    @classmethod
+    def get_import_code(cls, user):
+        """获取该用户的所有节点的导入信息"""
+        ss_user = user.ss_user
+        sub_code_list = []
+        node_list = cls.objects.filter(level__lte=user.level, show=1)
+        for node in node_list:
+            sub_code_list.append(node.get_node_link(ss_user))
+        return "\n".join(sub_code_list)
+
+    @classmethod
+    def get_node_ids(cls, all=False):
+        """返回所有节点的id"""
+        if all is False:
+            nodes = cls.objects.filter(show=1)
+        else:
+            nodes = cls.objects.all()
+        return [node.node_id for node in nodes]
+
     # verbose_name
     human_total_traffic.short_description = "总流量"
     human_used_traffic.short_description = "使用流量"
 
-    class Meta:
-        ordering = ["-show", "order"]
-        verbose_name_plural = "节点"
-        db_table = "ss_node"
-
 
 class TrafficLog(ExportModelOperationsMixin("traffic_log"), models.Model):
     """用户流量记录"""

apps/ssserver/views.py

@@ -1,13 +1,15 @@
 import json
 import base64
+import binascii
+from urllib import parse
 
 from django.urls import reverse
 from django.conf import settings
 from django.shortcuts import render
 from django.contrib import messages
 from django.shortcuts import get_object_or_404
 from django.views.decorators.http import require_http_methods
-from django.http import StreamingHttpResponse, HttpResponseRedirect
+from django.http import StreamingHttpResponse, HttpResponseRedirect, HttpResponseNotFound
 from django.contrib.auth.decorators import login_required, permission_required
 
 from .models import Suser, Node
@@ -116,13 +118,25 @@ def subscribe(request):
     """
     返回ssr订阅链接
     """
-    token = request.GET.get("token", "")
-    username = base64.b64decode(token).decode()
+    url = request.build_absolute_uri()
+    token = parse.parse_qs(parse.urlparse(url).query).get("token", [])
+    if token:
+        try:
+            username = base64.b64decode(token[0]).decode()
+        except binascii.Error:
+            return HttpResponseNotFound()
+    else:
+        return HttpResponseNotFound()
     # 验证token
     user = get_object_or_404(User, username=username)
     ss_user = user.ss_user
     # 遍历该用户所有的节点
-    node_list = Node.objects.filter(level__lte=user.level, show=1)
+    if user.sub_type == User.SUB_TYPE_ALL:
+        node_list = Node.objects.filter(level__lte=user.level, show=1)
+    else:
+        node_list = Node.objects.filter(
+            level__lte=user.level, show=1, node_type=user.sub_type
+        )
     # 生成订阅链接部分
     sub_code = "MAX={}\n".format(len(node_list))
     for node in node_list:

apps/utils.py

@@ -9,7 +9,7 @@
 from django.core.cache import cache
 from django.http import JsonResponse
 
-from apps.constants import DEFUALT_CACHE_TTL
+from apps.constants import DEFAULT_CACHE_TTL
 from apps.cachext import make_default_key
 
 
@@ -71,7 +71,7 @@ def decorator(func):
         @wraps(func)
         def cached_view(*agrs, **kwagrs):
             cache_key = key if key else make_default_key(func, *agrs, **kwagrs)
-            cache_ttl = ttl if ttl else DEFUALT_CACHE_TTL
+            cache_ttl = ttl if ttl else DEFAULT_CACHE_TTL
             resp = cache.get(cache_key)
             if resp:
                 return resp