from flask import Flask, request, jsonify from flask_cors import CORS from pymongo import MongoClient from bson import ObjectId import os import oss2 import bcrypt from datetime import datetime, timedelta import jwt from functools import wraps import random from dotenv import load_dotenv # 加载 .env 文件中的环境变量 load_dotenv() app = Flask(__name__) CORS(app) # MongoDB configuration # 从环境变量中获取 MongoDB 配置信息 mongo_uri = os.getenv("MONGO_URI") client = MongoClient(mongo_uri) db = client['stylespace'] if 'carts' not in db.list_collection_names(): db.create_collection('carts') # 从环境变量中获取阿里云 OSS 配置信息 access_key_id = os.getenv("OSS_ACCESS_KEY_ID") access_key_secret = os.getenv("OSS_ACCESS_KEY_SECRET") bucket_name = os.getenv("OSS_BUCKET_NAME") endpoint = os.getenv("OSS_ENDPOINT") # Create Aliyun OSS bucket object bucket = oss2.Bucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name) # JWT configuration app.config['SECRET_KEY'] = '1234' # Change this to a secure secret key def token_required(f): @wraps(f) def decorated(*args, **kwargs): token = request.headers.get('Authorization') if not token: print("No token provided") return jsonify({'message': 'Token is missing!'}), 401 try: token = token.split(" ")[1] if token.startswith("Bearer ") else token data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"]) current_user = db.users.find_one({'_id': ObjectId(data['user_id'])}) if not current_user: print(f"User not found for id: {data['user_id']}") raise jwt.InvalidTokenError except jwt.ExpiredSignatureError: print("Token has expired") return jsonify({'message': 'Token has expired!'}), 401 except jwt.InvalidTokenError: print("Invalid token") return jsonify({'message': 'Invalid token!'}), 401 except Exception as e: print(f"Unexpected error: {str(e)}") return jsonify({'message': 'Token verification failed!'}), 401 return f(current_user, *args, **kwargs) return decorated @app.route('/api/auth/register', methods=['POST']) def register(): data = request.json if db.users.find_one({'username': data['username']}): return jsonify({'message': 'Username already exists'}), 400 if db.users.find_one({'email': data['email']}): return jsonify({'message': 'Email already exists'}), 400 hashed_password = bcrypt.hashpw(data['password'].encode('utf-8'), bcrypt.gensalt()) user = { 'username': data['username'], 'email': data['email'], 'password': hashed_password, 'created_at': datetime.utcnow() } result = db.users.insert_one(user) return jsonify({'message': 'User created successfully', 'id': str(result.inserted_id)}), 201 @app.route('/api/auth/login', methods=['POST']) def login(): data = request.json user = db.users.find_one({'username': data['username']}) if user and bcrypt.checkpw(data['password'].encode('utf-8'), user['password']): token = jwt.encode( {'user_id': str(user['_id']), 'exp': datetime.utcnow() + timedelta(hours=24)}, app.config['SECRET_KEY'], algorithm="HS256" ) return jsonify({'token': token, 'user': {'id': str(user['_id']), 'username': user['username'], 'email': user['email']}}), 200 return jsonify({'message': 'Invalid username or password'}), 401 @app.route('/api/auth/verify-token', methods=['POST']) @token_required def verify_token(current_user): return jsonify({'user': {'id': str(current_user['_id']), 'username': current_user['username'], 'email': current_user['email']}}), 200 @app.route('/api/products', methods=['GET']) def get_products(): product_type = request.args.get('type', 'all') limit = int(request.args.get('limit', 20)) all_products = list(db.products.find()) if product_type == 'hot': selected_products = random.sample(all_products, min(4, len(all_products))) elif product_type == 'new': selected_products = random.sample(all_products, min(4, len(all_products))) else: selected_products = all_products[:limit] result = [] for product in selected_products: result.append({ '_id': str(product['_id']), 'name': product.get('name', 'Unknown Product'), 'price': float(product.get('price', 0)), 'originalPrice': float(product.get('originalPrice', 0)), 'brief': product.get('brief', 'No description available'), 'image': product.get('images', [None])[0], 'description': product.get('description', ''), 'images': product.get('images', []), 'sizes': product.get('sizes', []) }) return jsonify({'data': result}), 200 @app.route('/api/products/', methods=['GET']) def get_product_details(product_id): product = db.products.find_one({'_id': ObjectId(product_id)}) if product: product['_id'] = str(product['_id']) return jsonify({'data': product}), 200 return jsonify({'message': 'Product not found'}), 404 @app.route('/api/cart', methods=['GET']) @token_required def get_cart(current_user): cart = db.carts.find_one({'user_id': str(current_user['_id'])}) if cart: cart_items = [] for item in cart['items']: product = db.products.find_one({'_id': item['product_id']}) if product: cart_items.append({ '_id': str(item['_id']), 'product_id': str(product['_id']), 'name': product['name'], 'price': product['price'], 'image': product['images'][0] if product['images'] else None, 'quantity': item['quantity'], 'size': item['size'] }) return jsonify({'data': cart_items}), 200 else: return jsonify({'data': []}), 200 @app.route('/api/cart', methods=['POST']) @token_required def add_to_cart(current_user): data = request.json cart = db.carts.find_one({'user_id': str(current_user['_id'])}) if not cart: cart = { 'user_id': str(current_user['_id']), 'items': [] } result = db.carts.insert_one(cart) cart['_id'] = result.inserted_id item = next((item for item in cart['items'] if str(item['product_id']) == data['productId'] and item['size'] == data['size']), None) if item: item['quantity'] += data['quantity'] else: cart['items'].append({ '_id': ObjectId(), 'product_id': ObjectId(data['productId']), 'quantity': data['quantity'], 'size': data['size'] }) db.carts.update_one({'_id': cart['_id']}, {'$set': cart}) return jsonify({'message': 'Item added to cart successfully'}), 200 @app.route('/api/cart/', methods=['PUT']) @token_required def update_cart_item(current_user, item_id): data = request.json cart = db.carts.find_one({'user_id': str(current_user['_id'])}) if cart: for item in cart['items']: if str(item['_id']) == item_id: item['quantity'] = data['quantity'] break db.carts.update_one({'_id': cart['_id']}, {'$set': cart}) updated_item = next((item for item in cart['items'] if str(item['_id']) == item_id), None) if updated_item: product = db.products.find_one({'_id': updated_item['product_id']}) if product: return jsonify({ 'data': { '_id': str(updated_item['_id']), 'product_id': str(product['_id']), 'name': product['name'], 'price': product['price'], 'image': product['images'][0] if product['images'] else None, 'quantity': updated_item['quantity'], 'size': updated_item['size'] } }), 200 return jsonify({'message': 'Cart item updated successfully'}), 200 return jsonify({'message': 'Cart not found'}), 404 @app.route('/api/cart/', methods=['DELETE']) @token_required def remove_from_cart(current_user, item_id): cart = db.carts.find_one({'user_id': str(current_user['_id'])}) if cart: cart['items'] = [item for item in cart['items'] if str(item['_id']) != item_id] db.carts.update_one({'_id': cart['_id']}, {'$set': cart}) return jsonify({'message': 'Item removed from cart successfully'}), 200 return jsonify({'message': 'Cart not found'}), 404 @app.route('/api/orders', methods=['POST']) @token_required def create_order(current_user): data = request.json order = { 'user_id': current_user['_id'], 'items': data['items'], 'total': data['total'], 'status': 'pending', 'created_at': datetime.utcnow(), 'updated_at': datetime.utcnow() } result = db.orders.insert_one(order) return jsonify({'message': 'Order created successfully', 'order_id': str(result.inserted_id)}), 201 @app.route('/api/orders', methods=['GET']) @token_required def get_orders(current_user): orders = list(db.orders.find({'user_id': current_user['_id']})) for order in orders: order['_id'] = str(order['_id']) order['user_id'] = str(order['user_id']) for item in order['items']: item['product_id'] = str(item['product_id']) return jsonify({'data': orders}), 200 @app.route('/api/orders/', methods=['GET']) @token_required def get_order_details(current_user, order_id): order = db.orders.find_one({'_id': ObjectId(order_id), 'user_id': current_user['_id']}) if order: order['_id'] = str(order['_id']) order['user_id'] = str(order['user_id']) for item in order['items']: item['product_id'] = str(item['product_id']) return jsonify({'data': order}), 200 return jsonify({'message': 'Order not found'}), 404 @app.route('/api/upload', methods=['POST']) @token_required def upload_image(current_user): if 'file' not in request.files: return jsonify({'message': 'No file part in the request'}), 400 file = request.files['file'] if file.filename == '': return jsonify({'message': 'No file selected for uploading'}), 400 if file: filename = f"uploads/{datetime.now().strftime('%Y%m%d%H%M%S')}_{file.filename}" bucket.put_object(filename, file) url = f"https://{bucket_name}.{endpoint}/{filename}" return jsonify({'message': 'File uploaded successfully', 'url': url}), 200 @app.route('/api/auth/logout', methods=['POST']) @token_required def logout(current_user): # 在这里,我们实际上不需要做太多事情,因为 JWT 是无状态的 # 客户端只需要删除本地存储的 token 即可 # 但是,我们可以在这里添加一些额外的逻辑,比如记录用户登出时间等 return jsonify({'message': 'Successfully logged out'}), 200 if __name__ == '__main__': app.run(host='0.0.0.0', port=7860, debug=True)