huty
f103148ebf
基于 Flask + MySQL + Bootstrap 5 的全栈个人资料库管理系统。 主要功能: - 管理员/普通用户双角色权限体系,全站登录保护 - 资源管理:文本、图片、音频、视频四类资源 - 三种添加方式:本地上传(拖拽)、URL 后台下载、磁力下载(aria2c) - 在线预览:文本、图片、HTML5 音视频播放器 - 安全:bcrypt 加盐密码哈希、CSRF 防护、SQLAlchemy ORM 防注入 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
58 lines
1.6 KiB
Python
58 lines
1.6 KiB
Python
import os
|
|
from datetime import timedelta
|
|
from dotenv import load_dotenv
|
|
|
|
load_dotenv()
|
|
|
|
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
|
|
|
|
|
|
class Config:
|
|
SECRET_KEY = os.environ.get('SECRET_KEY', 'dev-secret-key-please-change')
|
|
SQLALCHEMY_DATABASE_URI = os.environ.get(
|
|
'DATABASE_URL',
|
|
'mysql+pymysql://root:password@localhost:3306/resource_library'
|
|
)
|
|
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
|
|
|
# 上传配置
|
|
UPLOAD_FOLDER = os.path.join(BASE_DIR, 'app', 'static', 'uploads')
|
|
MAX_CONTENT_LENGTH = int(os.environ.get('MAX_UPLOAD_SIZE_MB', 500)) * 1024 * 1024
|
|
|
|
# Session
|
|
PERMANENT_SESSION_LIFETIME = timedelta(hours=24)
|
|
SESSION_COOKIE_HTTPONLY = True
|
|
SESSION_COOKIE_SAMESITE = 'Lax'
|
|
|
|
# CSRF
|
|
WTF_CSRF_ENABLED = True
|
|
WTF_CSRF_TIME_LIMIT = 3600
|
|
|
|
# 允许的文件类型
|
|
ALLOWED_TEXT_EXT = {'txt', 'md', 'csv', 'json', 'xml', 'log', 'html', 'htm'}
|
|
ALLOWED_IMAGE_EXT = {'jpg', 'jpeg', 'png', 'gif', 'webp', 'bmp', 'svg', 'ico'}
|
|
ALLOWED_AUDIO_EXT = {'mp3', 'wav', 'ogg', 'flac', 'm4a', 'aac', 'wma'}
|
|
ALLOWED_VIDEO_EXT = {'mp4', 'webm', 'avi', 'mkv', 'mov', 'wmv', 'flv', 'm4v'}
|
|
|
|
@classmethod
|
|
def all_allowed_extensions(cls):
|
|
return (cls.ALLOWED_TEXT_EXT | cls.ALLOWED_IMAGE_EXT |
|
|
cls.ALLOWED_AUDIO_EXT | cls.ALLOWED_VIDEO_EXT)
|
|
|
|
|
|
class DevelopmentConfig(Config):
|
|
DEBUG = True
|
|
|
|
|
|
class ProductionConfig(Config):
|
|
DEBUG = False
|
|
SESSION_COOKIE_SECURE = True
|
|
WTF_CSRF_SSL_STRICT = True
|
|
|
|
|
|
config = {
|
|
'development': DevelopmentConfig,
|
|
'production': ProductionConfig,
|
|
'default': DevelopmentConfig
|
|
}
|