from __future__ import annotations
import html
import json
import mimetypes
import os
from http import HTTPStatus
from http.cookies import SimpleCookie
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
from typing import Any
from urllib.parse import parse_qs, urlparse
from app.auth import COOKIE_NAME, check_credentials, hash_password, is_valid_session, make_session_cookie
from app.config import Settings, get_settings
from app.db import Database, from_json, now_iso, to_json
from app.dispatcher import Dispatcher, ValidationError
class AppContext:
def __init__(self, settings: Settings):
self.settings = settings
self.db = Database(settings)
self.db.migrate(settings)
self.dispatcher = Dispatcher(self.db, settings)
def json_response(handler: BaseHTTPRequestHandler, status: int, payload: dict[str, Any] | list[Any]) -> None:
body = json.dumps(payload, ensure_ascii=False).encode()
handler.send_response(status)
handler.send_header("Content-Type", "application/json; charset=utf-8")
handler.send_header("Content-Length", str(len(body)))
handler.end_headers()
handler.wfile.write(body)
def redirect(handler: BaseHTTPRequestHandler, location: str) -> None:
handler.send_response(HTTPStatus.SEE_OTHER)
handler.send_header("Location", location)
handler.end_headers()
def read_body(handler: BaseHTTPRequestHandler) -> bytes:
length = int(handler.headers.get("Content-Length", "0") or "0")
return handler.rfile.read(length)
def parse_form(handler: BaseHTTPRequestHandler) -> dict[str, str]:
data = read_body(handler).decode()
return {key: values[-1] for key, values in parse_qs(data).items()}
def parse_form_multi(handler: BaseHTTPRequestHandler) -> dict[str, list[str]]:
return parse_qs(read_body(handler).decode())
def parse_json_body(handler: BaseHTTPRequestHandler) -> dict[str, Any]:
try:
value = json.loads(read_body(handler).decode() or "{}")
except json.JSONDecodeError as exc:
raise ValidationError("Request body must be valid JSON") from exc
if not isinstance(value, dict):
raise ValidationError("Request body must be a JSON object")
return value
def target_select_options(
targets: list[dict[str, Any]],
selected_ids: list[int] | None = None,
placeholder: bool = False,
) -> str:
selected_ids = selected_ids or []
options = [''] if placeholder else []
for target in targets:
selected = "selected" if target["id"] in selected_ids else ""
disabled = "" if target["enabled"] else "disabled"
suffix = "" if target["enabled"] else " (停用)"
options.append(
f''
)
return "".join(options)
class Handler(BaseHTTPRequestHandler):
context: AppContext
def log_message(self, format: str, *args: Any) -> None:
print("%s - - [%s] %s" % (self.address_string(), self.log_date_time_string(), format % args))
def do_GET(self) -> None:
parsed = urlparse(self.path)
if parsed.path == "/health":
json_response(self, 200, {"ok": True})
return
if parsed.path == "/login":
self.render_login()
return
if parsed.path.startswith("/static/"):
self.serve_static(parsed.path)
return
if not self.require_auth():
return
if parsed.path in ("/", "/dashboard"):
self.render_dashboard()
elif parsed.path == "/targets":
self.render_targets()
elif parsed.path == "/rules":
self.render_rules()
elif parsed.path == "/logs":
self.render_logs()
elif parsed.path == "/test":
self.render_test()
elif parsed.path == "/account":
self.render_account()
elif parsed.path == "/api/targets":
json_response(self, 200, self.list_targets())
elif parsed.path == "/api/rules":
json_response(self, 200, self.list_rules())
elif parsed.path == "/api/logs":
json_response(self, 200, self.list_logs())
else:
self.send_error(404)
def do_POST(self) -> None:
parsed = urlparse(self.path)
if parsed.path == "/webhook/tradingview":
self.handle_tradingview_webhook()
return
if parsed.path == "/login":
self.handle_login()
return
if not self.require_auth():
return
routes = {
"/targets/create": self.create_target,
"/targets/update": self.update_target,
"/targets/delete": self.delete_target,
"/rules/create": self.create_rule,
"/rules/update": self.update_rule,
"/rules/delete": self.delete_rule,
"/test/send": self.send_test,
"/account/password": self.change_password,
"/deliveries/retry": self.retry_deliveries,
"/logout": self.logout,
}
handler = routes.get(parsed.path)
if not handler:
self.send_error(404)
return
handler()
def require_auth(self) -> bool:
if is_valid_session(self.context.settings, self.headers.get("Cookie")):
return True
redirect(self, "/login")
return False
def layout(self, title: str, body: str) -> bytes:
nav = [
("/dashboard", "概览"),
("/rules", "路由规则"),
("/targets", "飞书 Webhook"),
("/logs", "日志"),
("/test", "测试发送"),
("/account", "账号安全"),
]
items = "".join(f'{label}' for href, label in nav)
return f"""
{html.escape(title)}
{body}
""".encode()
def send_html(self, title: str, body: str) -> None:
content = self.layout(title, body)
self.send_response(200)
self.send_header("Content-Type", "text/html; charset=utf-8")
self.send_header("Content-Length", str(len(content)))
self.end_headers()
self.wfile.write(content)
def render_login(self) -> None:
content = """
Login
""".encode()
self.send_response(200)
self.send_header("Content-Type", "text/html; charset=utf-8")
self.send_header("Content-Length", str(len(content)))
self.end_headers()
self.wfile.write(content)
def handle_login(self) -> None:
form = parse_form(self)
if not check_credentials(
self.context.settings,
form.get("username", ""),
form.get("password", ""),
self.get_admin_password_hash(),
):
redirect(self, "/login")
return
cookie = SimpleCookie()
cookie[COOKIE_NAME] = make_session_cookie(self.context.settings)
cookie[COOKIE_NAME]["path"] = "/"
cookie[COOKIE_NAME]["httponly"] = True
cookie[COOKIE_NAME]["samesite"] = "Lax"
self.send_response(HTTPStatus.SEE_OTHER)
self.send_header("Location", "/dashboard")
self.send_header("Set-Cookie", cookie.output(header="").strip())
self.end_headers()
def get_admin_password_hash(self) -> str:
with self.context.db.connect() as conn:
row = conn.execute("SELECT password_hash FROM admin_settings WHERE id = 1").fetchone()
return row["password_hash"]
def logout(self) -> None:
self.send_response(HTTPStatus.SEE_OTHER)
self.send_header("Location", "/login")
self.send_header("Set-Cookie", f"{COOKIE_NAME}=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax")
self.end_headers()
def serve_static(self, path: str) -> None:
local_path = os.path.join(os.path.dirname(__file__), "static", os.path.basename(path))
if not os.path.exists(local_path):
self.send_error(404)
return
with open(local_path, "rb") as file:
content = file.read()
self.send_response(200)
self.send_header("Content-Type", mimetypes.guess_type(local_path)[0] or "application/octet-stream")
self.send_header("Content-Length", str(len(content)))
self.end_headers()
self.wfile.write(content)
def handle_tradingview_webhook(self) -> None:
try:
payload = parse_json_body(self)
result = self.context.dispatcher.receive_alert(payload)
json_response(self, 202, result)
except ValidationError as exc:
json_response(self, 400, {"error": str(exc)})
def list_targets(self) -> list[dict[str, Any]]:
with self.context.db.connect() as conn:
rows = conn.execute("SELECT * FROM webhook_targets ORDER BY id DESC").fetchall()
return [dict(row) for row in rows]
def list_rules(self) -> list[dict[str, Any]]:
with self.context.db.connect() as conn:
rows = conn.execute("SELECT * FROM routing_rules ORDER BY priority ASC, id DESC").fetchall()
rules = []
for row in rows:
item = dict(row)
item["target_ids"] = from_json(item["target_ids"], [])
rules.append(item)
return rules
def list_logs(self) -> dict[str, list[dict[str, Any]]]:
with self.context.db.connect() as conn:
alerts = conn.execute("SELECT * FROM alerts ORDER BY id DESC LIMIT 100").fetchall()
deliveries = conn.execute("SELECT * FROM deliveries ORDER BY id DESC LIMIT 200").fetchall()
return {"alerts": [dict(row) for row in alerts], "deliveries": [dict(row) for row in deliveries]}
def render_dashboard(self) -> None:
with self.context.db.connect() as conn:
counts = {
"alerts": conn.execute("SELECT COUNT(*) AS c FROM alerts").fetchone()["c"],
"rules": conn.execute("SELECT COUNT(*) AS c FROM routing_rules").fetchone()["c"],
"targets": conn.execute("SELECT COUNT(*) AS c FROM webhook_targets").fetchone()["c"],
"pending": conn.execute("SELECT COUNT(*) AS c FROM deliveries WHERE status IN ('pending','retry')").fetchone()["c"],
}
recent = conn.execute("SELECT * FROM alerts ORDER BY id DESC LIMIT 8").fetchall()
cards = "".join(f'{label}{value}
' for label, value in [
("Alerts", counts["alerts"]),
("Rules", counts["rules"]),
("Targets", counts["targets"]),
("Pending", counts["pending"]),
])
rows = "".join(
f"| {row['id']} | {html.escape(row['symbol'])} | {html.escape(row['timeframe'])} | {html.escape(row['strategy'])} | {html.escape(row['status'])} | {row['created_at']} |
"
for row in recent
)
self.send_html("概览", f"概览
结构化 alert 分发、飞书转发和重试状态。
")
def render_targets(self) -> None:
targets = self.list_targets()
rows = "".join(
f"""
| {target['id']} |
|
|
|
|
"""
for target in targets
)
form = """"""
self.send_html("飞书 Webhook", f"飞书 Webhook
维护所有可分发的飞书机器人地址。
{form}")
def render_rules(self) -> None:
targets = self.list_targets()
rules = self.list_rules()
rows = ""
for rule in rules:
message_type_options = "".join(
f''
for value, label in [("card", "Card"), ("text", "Text")]
)
selected_targets = target_select_options(targets, rule["target_ids"], placeholder=True)
rows += f"""
| {rule['id']} |
|
|
|
|
|
|
|
|
|
|
|
"""
create_target_options = target_select_options(targets, placeholder=True)
form = f""""""
self.send_html("路由规则", f"{form}| ID | 名称 | 周期 | 品种 | 策略 | 优先级 | 消息 | 标题模板 | 内容模板 | 发送到 | 状态 | 操作 |
{rows}
")
def render_logs(self) -> None:
logs = self.list_logs()
alert_rows = "".join(
f"| {row['id']} | {html.escape(row['symbol'])} | {html.escape(row['timeframe'])} | {html.escape(row['strategy'])} | {html.escape(row['status'])} | {html.escape(row['error'] or '')} | {row['created_at']} |
"
for row in logs["alerts"]
)
delivery_rows = "".join(
f"| {row['id']} | {row['alert_id']} | {html.escape(row['target_name'])} | {html.escape(row['status'])} | {row['attempts']} | {html.escape(str(row['response_code'] or ''))} | {html.escape(row['error'] or '')} | {html.escape(row['next_attempt_at'] or '')} |
"
for row in logs["deliveries"]
)
body = f"""
Alert 日志
| ID | 品种 | 周期 | 策略 | 状态 | 错误 | 时间 |
{alert_rows}
Delivery 日志
| ID | Alert | 目标 | 状态 | 次数 | HTTP | 错误 | 下次重试 |
{delivery_rows}
"""
self.send_html("日志", body)
def render_test(self) -> None:
sample = html.escape(json.dumps({"timeframe": "5m", "symbol": "BTCUSDT", "strategy": "breakout", "action": "buy", "price": 68000}, indent=2))
result = getattr(self, "_test_result_html", "")
body = f"""
"""
if result:
body += result
self.send_html("测试发送", body)
def render_account(self) -> None:
body = """账号安全
修改当前管理员密码,修改成功后会退出登录。
"""
self.send_html("账号安全", body)
def create_target(self) -> None:
form = parse_form(self)
now = now_iso()
with self.context.db.connect() as conn:
conn.execute(
"INSERT INTO webhook_targets (name, webhook_url, enabled, created_at, updated_at) VALUES (?, ?, ?, ?, ?)",
(form["name"].strip(), form["webhook_url"].strip(), 1 if form.get("enabled") == "on" else 0, now, now),
)
redirect(self, "/targets")
def update_target(self) -> None:
form = parse_form(self)
with self.context.db.connect() as conn:
conn.execute(
"UPDATE webhook_targets SET name = ?, webhook_url = ?, enabled = ?, updated_at = ? WHERE id = ?",
(form["name"].strip(), form["webhook_url"].strip(), 1 if form.get("enabled") == "on" else 0, now_iso(), form["id"]),
)
redirect(self, "/targets")
def delete_target(self) -> None:
form = parse_form(self)
with self.context.db.connect() as conn:
conn.execute("DELETE FROM webhook_targets WHERE id = ?", (form["id"],))
redirect(self, "/targets")
def create_rule(self) -> None:
form = parse_form_multi(self)
target_ids = [int(value) for value in form.get("target_ids", [])]
now = now_iso()
with self.context.db.connect() as conn:
conn.execute(
"""
INSERT INTO routing_rules (
name, timeframe, symbol, strategy, priority, message_type,
card_title_template, card_body_template, enabled, target_ids,
created_at, updated_at
)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
""",
(
form.get("name", [""])[-1].strip(),
form.get("timeframe", [""])[-1].strip(),
form.get("symbol", [""])[-1].strip().upper(),
form.get("strategy", [""])[-1].strip(),
int(form.get("priority", ["100"])[-1]),
form.get("message_type", ["card"])[-1],
form.get("card_title_template", ["TradingView {{symbol}} {{action}}"])[-1].strip(),
form.get("card_body_template", [""])[-1].strip(),
1 if form.get("enabled", [""])[-1] == "on" else 0,
to_json(target_ids),
now,
now,
),
)
redirect(self, "/rules")
def delete_rule(self) -> None:
form = parse_form(self)
with self.context.db.connect() as conn:
conn.execute("DELETE FROM routing_rules WHERE id = ?", (form["id"],))
redirect(self, "/rules")
def update_rule(self) -> None:
form = parse_form_multi(self)
target_ids = [int(value) for value in form.get("target_ids", [])]
with self.context.db.connect() as conn:
conn.execute(
"""
UPDATE routing_rules
SET name = ?, timeframe = ?, symbol = ?, strategy = ?, priority = ?,
message_type = ?, card_title_template = ?, card_body_template = ?,
enabled = ?, target_ids = ?, updated_at = ?
WHERE id = ?
""",
(
form.get("name", [""])[-1].strip(),
form.get("timeframe", [""])[-1].strip(),
form.get("symbol", [""])[-1].strip().upper(),
form.get("strategy", [""])[-1].strip(),
int(form.get("priority", ["100"])[-1]),
form.get("message_type", ["card"])[-1],
form.get("card_title_template", ["TradingView {{symbol}} {{action}}"])[-1].strip(),
form.get("card_body_template", [""])[-1].strip(),
1 if form.get("enabled", [""])[-1] == "on" else 0,
to_json(target_ids),
now_iso(),
form.get("id", [""])[-1],
),
)
redirect(self, "/rules")
def send_test(self) -> None:
form = parse_form(self)
payload_text = form.get("payload", "{}")
try:
payload = json.loads(payload_text)
result = self.context.dispatcher.receive_alert(payload)
delivery_text = ", ".join(str(item) for item in result.get("delivery_ids", [])) or "-"
self._test_result_html = f"""
测试结果
Alert ID{result.get("alert_id")}
状态{html.escape(str(result.get("status")))}
命中规则{html.escape(str(result.get("matched_rule_id") or "-"))}
Delivery{html.escape(delivery_text)}
查看响应 JSON
{html.escape(json.dumps(result, ensure_ascii=False, indent=2))}
"""
self.render_test()
except (json.JSONDecodeError, ValidationError) as exc:
self._test_result_html = f"""
测试失败
{html.escape(str(exc))}
"""
self.render_test()
def change_password(self) -> None:
form = parse_form(self)
current_password = form.get("current_password", "")
new_password = form.get("new_password", "")
confirm_password = form.get("confirm_password", "")
if not check_credentials(
self.context.settings,
self.context.settings.admin_username,
current_password,
self.get_admin_password_hash(),
):
json_response(self, 400, {"error": "当前密码不正确"})
return
if len(new_password) < 8:
json_response(self, 400, {"error": "新密码至少需要 8 位"})
return
if new_password != confirm_password:
json_response(self, 400, {"error": "两次输入的新密码不一致"})
return
with self.context.db.connect() as conn:
conn.execute(
"UPDATE admin_settings SET password_hash = ?, updated_at = ? WHERE id = 1",
(hash_password(new_password), now_iso()),
)
self.logout()
def retry_deliveries(self) -> None:
self.context.dispatcher.process_due_deliveries(limit=100)
redirect(self, "/logs")
def make_handler(context: AppContext) -> type[Handler]:
class BoundHandler(Handler):
pass
BoundHandler.context = context
return BoundHandler
def run() -> None:
settings = get_settings()
context = AppContext(settings)
context.db.cleanup_old_logs(settings.retention_days)
server = ThreadingHTTPServer((settings.host, settings.port), make_handler(context))
print(f"Serving {settings.app_name} on http://{settings.host}:{settings.port}")
server.serve_forever()
if __name__ == "__main__":
run()