密钥查询功能完成

db.py

@@ -12,7 +12,7 @@ def dbIsOK():
     except:
         return False
 
-def userSurplus(userkey):
+def userSurplus(userkey): #查询userkey剩余配额
     #打开数据库连接
     db = pymysql.connect(host=config.readConf()["db"]["host"],
                      port=config.readConf()["db"]["port"],
@@ -45,7 +45,7 @@ def reduce_value(userkey, value):  # 减去对应的值
     cursor = db.cursor()
 
     # 执行 SQL 查询以获取当前值
-    cursor.execute(f"SELECT surplus FROM usersurplus WHERE userkey = '{userkey}';")
+    cursor.execute(f"SELECT surplus FROM usersurplus WHERE userkey = %s;",[userkey])
     current_value = cursor.fetchone()[0]
 
     # 如果没有找到用户，则返回错误信息
@@ -57,7 +57,7 @@ def reduce_value(userkey, value):  # 减去对应的值
     new_value = current_value - value
 
     # 更新数据库中的值
-    cursor.execute(f"UPDATE usersurplus SET surplus={new_value} WHERE userkey='{userkey}'")
+    cursor.execute(f"UPDATE usersurplus SET surplus= %s WHERE userkey= %s;",[new_value,userkey])
 
     # 提交事务
     db.commit()
@@ -100,7 +100,7 @@ def delKey(userkey):
     cursor = db.cursor()
  
     # 使用 execute()  方法执行 SQL 查询 
-    cursor.execute(f"DELETE FROM usersurplus WHERE userkey = '{userkey}';")
+    cursor.execute(f"DELETE FROM usersurplus WHERE userkey = %s;", [userkey])
 
     # 提交事务
     db.commit()
@@ -128,9 +128,9 @@ def createKey(quota,number=1,key="null"):
         for i in range(int(number)):
             key = str(uuid.uuid1())
             output.append(key)
-            cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES ('{key}',{int(quota)});")
+            cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES (%s, %s);", [key, quota])
     else:
-        cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES ('{key}',{int(quota)});")
+        cursor.execute(f"INSERT INTO usersurplus (userkey,surplus) VALUES (%s, %s);", [key, quota])
         output.append(key)
 
     # 提交事务

main.py

@@ -96,6 +96,15 @@ def createkey():
         return flask.render_template("createKey.html",resq=resq)
     return "未登录 "
 
+@app.route('/admin/lookupkey', methods=['POST','GET'])
+def lookupkey():
+    if "admin" in flask.session :
+        if flask.request.method == "GET":
+            return flask.render_template("lookupKey.html",resq="null")
+        resq = db.userSurplus(flask.request.form["key"])
+        return flask.render_template("lookupKey.html",resq=resq)
+    return "未登录 "
+
 @app.route('/admin/operate', methods=['POST','GET'])
 def operate():
     if "admin" in flask.session :

templates/lookupKey.html

@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+
+<head>
+    <meta charset="UTF-8">
+    <title>查询密钥</title>
+    <style>
+        body {
+            font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+            background-color: #f7f7f7;
+            padding: 20px;
+        }
+
+        .container {
+            background-color: #fff;
+            padding: 20px;
+            border-radius: 8px;
+            box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
+        }
+    </style>
+</head>
+
+<body>
+    <div class="container">
+        <h2>查询密钥</h2>
+        <form method="post">
+            <span>UserKey</span>
+            <input name="key" required>
+            <button type="submit">查询</button>
+        </form>
+    </div>
+    {% if resq != "null" %}
+    <hr>
+    <div class="container">
+        <h2>执行结果</h2>
+        {% if resq == -99999 %}
+        <h4>未找到UserKey</h4>
+        {% else %}
+        <h4>配额剩余 {{ resq }}</h4>
+        {% endif %}
+    </div>
+    {% endif %}
+    <script>
+
+    </script>
+</body>
+
+</html>

templates/status.html

@@ -92,7 +92,7 @@
 					<td><a href="/admin/list" class="nodecoration">列出所有Key</a></td>
 				</tr>
 				<tr>
-					<td>查询密钥</td>
+					<td><a href="/admin/lookupkey" class="nodecoration">查询密钥</a></td>
 				</tr>
 				<tr>
 					<td><a href="/admin/createkey" class="nodecoration">创建密钥</a></td>