新增个人中心页面，在注册后填写班级功能

accounts/views.py

@@ -15,7 +15,7 @@ from django.conf import settings
 
 from .es_client import get_user_by_username
 from .crypto import get_public_key_spki_b64, rsa_oaep_decrypt_b64, aes_gcm_decrypt_b64, verify_password, generate_rsa_private_pem_b64, public_spki_b64_from_private_pem_b64, rsa_oaep_decrypt_b64_with_private_pem
-from elastic.es_connect import get_registration_code, get_user_by_username as es_get_user_by_username, get_all_users as es_get_all_users, write_user_data
+from elastic.es_connect import get_registration_code, get_user_by_username as es_get_user_by_username, get_all_users as es_get_all_users, write_user_data, update_user_by_id, get_user_by_id
 
 
 @require_http_methods(["GET"])
@@ -71,6 +71,40 @@ def set_session_key(request):
     request.session["session_enc_key_b64"] = base64.b64encode(key_bytes).decode("ascii")
     return JsonResponse({"ok": True})
 
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def profile_page(request):
+    session_user_id = request.session.get("user_id")
+    if session_user_id is None:
+        return redirect("/accounts/login/")
+    
+    # 获取用户信息
+    user = get_user_by_id(session_user_id)
+    if not user:
+        return redirect("/accounts/login/")
+    
+    # 获取个人提交的成就（图片）
+    from elastic.es_connect import search_all
+    from elastic.views import _attach_image_urls
+    
+    raw_results = [r for r in search_all() if str(r.get("writer_id", "")) == str(session_user_id)]
+    achievements = _attach_image_urls(request, raw_results)
+    
+    # 提取班级信息 (key 字段中的第一个值)
+    keys = user.get("key") or []
+    user_class = keys[0] if keys else ""
+    
+    permission_name = "管理员" if int(user.get("permission", 1)) == 0 else "普通用户"
+    
+    context = {
+        "username": request.session.get("username"),
+        "profile_user": user,
+        "user_class": user_class,
+        "permission_name": permission_name,
+        "achievements": achievements,
+    }
+    return render(request, "accounts/profile.html", context)
+
 @require_http_methods(["POST"])
 @csrf_protect
 def secure_login_submit(request):
@@ -238,7 +272,43 @@ def register_submit(request):
             del request.session["email_verify"]
     except Exception:
         pass
-    return JsonResponse({"ok": True, "redirect_url": "/accounts/login/"})
+    # 修改：注册成功后跳转到完善班级信息页面
+    return JsonResponse({"ok": True, "redirect_url": f"/accounts/class-info/?user_id={next_id}"})
+
+@require_http_methods(["GET"])
+@ensure_csrf_cookie
+def class_info_page(request):
+    user_id = request.GET.get("user_id")
+    if not user_id:
+        return redirect("/accounts/register/")
+    return render(request, "accounts/class_info.html", {"user_id": user_id})
+
+@require_http_methods(["POST"])
+@csrf_protect
+def class_info_submit(request):
+    try:
+        payload = json.loads(request.body.decode("utf-8"))
+    except json.JSONDecodeError:
+        return HttpResponseBadRequest("Invalid JSON")
+    
+    user_id = payload.get("user_id")
+    class_name = (payload.get("class_name") or "").strip()
+    
+    if not user_id or not class_name:
+        return HttpResponseBadRequest("Missing fields")
+    
+    # 后端校验：2024级**专业*班
+    import re
+    pattern = r"^\d{4}级.+专业\d+班$"
+    if not re.match(pattern, class_name):
+        return JsonResponse({"ok": False, "message": "班级格式不正确"}, status=400)
+    
+    # 更新用户信息，将班级信息存入 key 列表
+    ok = update_user_by_id(user_id, key=[class_name])
+    if not ok:
+        return JsonResponse({"ok": False, "message": "保存班级信息失败"}, status=500)
+        
+    return JsonResponse({"ok": True})
 
 @require_http_methods(["POST"])
 @csrf_protect