Merge branch 'develop' of http://git.trustie.net/jasder/forgeplus into develop

app/controllers/application_controller.rb

@@ -5,7 +5,7 @@ class ApplicationController < ActionController::Base
 	include RenderExpand
 	include RenderHelper
 	include ControllerRescueHandler
-	# include LaboratoryHelper
+	include LaboratoryHelper
 	include GitHelper
 	include LoggerHelper
 	include LoginHelper
@@ -23,23 +23,23 @@ class ApplicationController < ActionController::Base
 
 	# 所有请求必须合法签名
 	def check_sign
-		if !Rails.env.development?
-			Rails.logger.info("66666  #{params}")
-			# suffix = request.url.split(".").last.split("?").first
-			# suffix_arr = ["xls", "xlsx", "pdf", "zip"] # excel文件先注释
-			# unless suffix_arr.include?(suffix)
-				if params[:client_key].present?
-					randomcode = params[:randomcode]
-					# tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5)
-
-					sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}")
-					Rails.logger.info("2222  #{sign}")
-					tip_exception(501, "请求不合理") if sign != params[:client_key]
-				else
-					tip_exception(501, "请求不合理")
-				end
-			# end
-		end
+		# if !Rails.env.development?
+		# 	Rails.logger.info("66666  #{params}")
+		# 	# suffix = request.url.split(".").last.split("?").first
+		# 	# suffix_arr = ["xls", "xlsx", "pdf", "zip"] # excel文件先注释
+		# 	# unless suffix_arr.include?(suffix)
+		# 		if params[:client_key].present?
+		# 			randomcode = params[:randomcode]
+		# 			# tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5)
+		#
+		# 			sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}")
+		# 			Rails.logger.info("2222  #{sign}")
+		# 			tip_exception(501, "请求不合理") if sign != params[:client_key]
+		# 		else
+		# 			tip_exception(501, "请求不合理")
+		# 		end
+		# 	# end
+		# end
 	end
 
 	# 全局配置参数

app/controllers/concerns/laboratory_helper.rb

@@ -29,4 +29,4 @@ module LaboratoryHelper
     laboratory ||= (Laboratory.find_by_subdomain(request.subdomain) || Laboratory.find(1))
     @_default_yun_session = "#{laboratory.try(:identifier).split('.').first}_user_id"
   end
-end
+end

app/controllers/users_controller.rb

@@ -29,25 +29,6 @@ class UsersController < ApplicationController
       @user = current_user
       # TODO 等消息上线再打开注释
       #@tidding_count = unviewed_tiddings(current_user) if current_user.present?
-      @course =
-          if params[:course_id]
-            Course.find params[:course_id]
-          elsif params[:board_id]
-            Board.find(params[:board_id]).course
-          elsif params[:graduation_topic_id]
-            GraduationTopic.find(params[:graduation_topic_id]).course
-          elsif params[:graduation_group_id]
-            GraduationGroup.find(params[:graduation_group_id]).course
-          elsif params[:graduation_work_id]
-            GraduationWork.find(params[:graduation_work_id]).course
-          elsif params[:graduation_task_id]
-            GraduationTask.find(params[:graduation_task_id]).course
-          elsif params[:poll_id]
-            Poll.find(params[:poll_id]).course
-          elsif params[:attachment_id]
-            Attachment.find(params[:attachment_id]).course
-          end
-      @course_identity = current_user.course_identity(@course) if @course
     rescue Exception => e
       uid_logger_error(e.message)
       missing_template
@@ -72,14 +53,14 @@ class UsersController < ApplicationController
 
   # Redo: 消息总数缓存
   def get_navigation_info
-    @old_domain = edu_setting('old_edu_host')
-    @user = current_user
-    # 新消息数
-    @new_message = @user.tidings.where("created_at > '#{@user.click_time}'").count > 0 || @user.private_messages.where("created_at > '#{@user.click_time}'").count > 0
-
-    @user_url = "/users/#{@user.login}"
-    @career = Career.where(status: true).order("created_at asc").pluck(:id, :name)
-    @auth =  User.current.ec_school.present? ? "#{@old_domain}/ecs/department?school_id=#{User.current.ec_school}" : nil
+    # @old_domain = edu_setting('old_edu_host')
+    # @user = current_user
+    # # 新消息数
+    # @new_message = @user.tidings.where("created_at > '#{@user.click_time}'").count > 0 || @user.private_messages.where("created_at > '#{@user.click_time}'").count > 0
+    #
+    # @user_url = "/users/#{@user.login}"
+    # @career = Career.where(status: true).order("created_at asc").pluck(:id, :name)
+    # @auth =  User.current.ec_school.present? ? "#{@old_domain}/ecs/department?school_id=#{User.current.ec_school}" : nil
   end
 
   # 用户回复功能

app/libs/limit_forbid_control/base.rb

@@ -0,0 +1,66 @@
+class LimitForbidControl::Base
+  def initialize
+  end
+
+  def cache_key
+    raise 'Please overwrite method :cache_Key'
+  end
+
+  def forbid_cache_key
+    "#{cache_key}:forbid"
+  end
+
+  def allow_times
+    5
+  end
+
+  def cumulative_expires
+    1.days
+  end
+
+  def forbid_expires
+    1.hours
+  end
+
+  def forbid?
+    Rails.cache.read(forbid_cache_key)
+  end
+
+  def increment!
+    value = Rails.cache.read(cache_key)
+    value = value.to_i + 1
+
+    # 锁定
+    if value >= allow_times.to_i
+      Rails.logger.info("[LimitForbidControl] Lock #{cache_key}")
+      Rails.cache.write(forbid_cache_key, true, expires_in: forbid_expires)
+      Rails.cache.delete(cache_key)
+    else
+      Rails.cache.write(cache_key, value, expires_in: cumulative_expires)
+    end
+  end
+
+  def error_times
+    Rails.cache.read(cache_key).to_i
+  end
+
+  def remain_times
+    allow_times.to_i - error_times
+  end
+
+  def clear
+    Rails.logger.info("[LimitForbidControl] Clear #{cache_key}")
+    Rails.cache.delete(forbid_cache_key)
+    Rails.cache.delete(cache_key)
+  end
+
+  private
+
+  def redis_cache?
+    Rails.cache.is_a?(ActiveSupport::Cache::RedisStore)
+  end
+
+  def day
+    Time.current.strftime('%Y%m%d')
+  end
+end

app/libs/limit_forbid_control/send_email_code.rb

@@ -0,0 +1,25 @@
+class LimitForbidControl::SendEmailCode < LimitForbidControl::Base
+  attr_reader :email
+
+  def initialize(email)
+    super()
+    @email = email
+  end
+
+  def allow_times
+    EduSetting.get('daily_send_email_code_times').presence || 5
+  end
+
+  def forbid_expires
+    num = EduSetting.get('daily_send_email_code_forbid_time').presence.to_i
+    num.zero? ? 10.minutes : num.to_i.hours
+  end
+
+  def cumulative_expires
+    1.hours
+  end
+
+  def cache_key
+    @_cache_key ||= "limit_forbid_control:#{day}:send_email_code:#{email}"
+  end
+end

app/libs/limit_forbid_control/user_login.rb

@@ -0,0 +1,25 @@
+class LimitForbidControl::UserLogin < LimitForbidControl::Base
+  attr_reader :user
+
+  def initialize(user)
+    super()
+    @user = user
+  end
+
+  def allow_times
+    EduSetting.get('daily_error_password_times').presence || 5
+  end
+
+  def forbid_expires
+    num = EduSetting.get('daily_error_password_forbid_time').presence.to_i
+    num.zero? ? 1.hours : num.to_i.minutes
+  end
+
+  def cumulative_expires
+    1.days
+  end
+
+  def cache_key
+    @_cache_key ||= "limit_forbid_control:#{day}:user_login:#{user.id}"
+  end
+end

app/views/users/get_navigation_info.json.jbuilder

@@ -1,60 +0,0 @@
-json.top do
-  json.shixun_url "/shixuns"
-  json.shixun_paths_url "/paths"
-  json.course_url "/courses"
-  json.competitions_url "#{@old_domain}/competitions"
-  json.topic_url "/forums"
-  json.new_course_url "/courses/new"
-  json.new_shixun_url "/shixuns/new"
-  json.new_shixun_path_url "/paths/new"
-  json.new_project_url "#{@old_domain}/projects/new"
-  json.join_course_url "/courses/join_course_multi_role"
-  json.join_project_url "#{@old_domain}/applied_project/applied_project_info"
-  json.message_url "#{@user_url}/user_tidings"
-  json.new_message @new_message
-
-  json.moop_cases_url "#{@old_domain}/moop_cases"
-  json.crowdsourcing_url "/crowdsourcing"
-
-  # 客户管理
-  json.customer_management_url current_user.partner_managers.exists? ? "/partners/#{current_user.partner_managers.first.partner_id}/customers" : nil
-
-  json.career_url do
-    json.array! @career.to_a do |c|
-      if c[1].present?
-        json.name c[1]
-        json.url "#{@old_domain}/careers/#{c[0]}/introduction"
-      end
-    end
-  end
-  json.auth @auth
-
-  json.avatar_url "#{@user_url}"
-  json.my_course_url "#{@user_url}"
-  json.my_shixun_url "#{@user_url}?type=a_shixun"
-  json.my_shixun_paths_url "#{@user_url}?type=a_path"
-  json.my_project_url "#{@user_url}?type=a_project"
-  json.account_manager_url "#{@old_domain}/my/account"
-  json.logout_url logout_accounts_path
-  json.college_identifier @user.college_identifier
-  # 旧版的域名
-  json.old_url @old_domain
-
-  # 云上实验室管理权限
-  laboratory_user = current_laboratory.laboratory_users.exists?(user_id: @user&.id) || @user&.admin_or_business?
-  json.laboratory_user laboratory_user
-  json.laboratory_admin_url laboratory_user ? "/cooperative" : nil
-  json.laboratory_user @user&.admin_or_business? || current_laboratory&.laboratory_users.exists?(user_id: @user&.id)
-end
-
-json.down do
-  json.web_root "#{@old_domain}"
-  json.about_us "#{@old_domain}/help?index=1"
-  json.connect_us "#{@old_domain}/help?index=2"
-  json.cooperation_partner "#{@old_domain}/help?index=3"
-  json.service_agreement "#{@old_domain}/help?index=4"
-  json.help_center "#{@old_domain}/help?index=5"
-  json.feedback "#{@old_domain}/help?index=6"
-end
-
-json.online_consult "https://shang.qq.com/wpa/qunwpa?idkey=2f2043d88c1bd61d182b98bf1e061c6185e23055bec832c07d8148fe11c5a6cd"

app/views/users/get_user_info.json.jbuilder

@@ -13,20 +13,3 @@ json.phone @user.phone
 json.email @user.mail
 json.profile_completed @user.profile_completed?
 json.professional_certification @user.professional_certification
-json.main_site current_laboratory.main_site?
-json.is_shixun_marker current_user.is_shixun_marker? || current_user.admin_or_business?
-if @course
-  json.course_identity @course_identity
-  json.course_name @course.name
-  json.course_public @course.is_public
-  json.course_excellent @course.excellent
-  if params[:group_info]
-    json.group_info @course.teacher_group(@user.id) if @course_identity < Course::STUDENT
-  end
-  json.first_category_url module_url(@course.none_hidden_course_modules.first, @course)
-  json.course_is_end @course.is_end
-end
-
-if params[:school]
-  json.user_school @user.school_name
-end