def do(data, resource):
body = {}
params = data['params']
user = data['user']
user_id = user.get('id', None)
parent_file_id = params.get('parent_file_id', None)
file_name = params.get('file_name', uuid())
file_b64 = params.get('file_b64')
read_groups = params.get('read_groups', [])
write_groups = params.get('write_groups', [])
meta_info = params.get('meta_info', {})
file_id = '{}'.format(uuid())
parent_file_info = None
file_size = sys.getsizeof(file_b64)
if parent_file_id:
parent_file_info = resource.db_get_item(parent_file_id)
if parent_file_info:
if match_policy_after_get_policy_code(resource, 'create', 'files',
user, parent_file_info):
file_name = parent_file_info.get('file_name', None)
parent_file_info['next_file_id'] = file_id
file_size += parent_file_info['file_size']
else:
body['error'] = error.PERMISSION_DENIED
return Response(body)
file_info = {
'file_id': file_id,
'parent_file_id': parent_file_id,
'file_name': file_name,
'owner': user_id,
'file_size': file_size,
'read_groups': read_groups,
'write_groups': write_groups,
'meta_info': meta_info,
}
if match_policy_after_get_policy_code(resource, 'create', 'files', user,
file_info):
resource.db_put_item('files', file_info, file_id)
if parent_file_id and parent_file_info:
resource.db_update_item(parent_file_id, parent_file_info)
file_b64 = file_b64.encode('utf-8')
file_b64 = base64.b64decode(file_b64)
resource.file_upload_bin(file_id, file_b64)
body['file_id'] = file_id
return Response(body)
else:
body['error'] = error.PERMISSION_DENIED
return Response(body)
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
description = params.get('description', None)
zip_file = params.get('zip_file', None)
runtime = params.get('runtime', None)
handler = params.get('handler', None)
runnable = params.get('runnable', None)
sdk_config = params.get('sdk_config', None)
items, _ = resource.db_query(partition, [{
'option': None,
'field': 'function_name',
'condition': 'eq',
'value': function_name
}])
if items:
item = items[0]
if description:
item['description'] = description
if handler:
item['handler'] = handler
if runtime:
item['runtime'] = runtime
if runnable is not None:
item['runnable'] = runnable
if sdk_config is not None:
item['sdk_config'] = sdk_config
if zip_file:
zip_file_id = uuid()
requirements_zip_file_id = uuid()
zip_file_b64 = zip_file.encode('utf-8')
zip_file_bin = base64.b64decode(zip_file_b64)
requirements_zip_file_bin = generate_requirements_zipfile(
zip_file_bin)
resource.file_upload_bin(zip_file_id, zip_file_bin)
resource.file_upload_bin(requirements_zip_file_id,
requirements_zip_file_bin)
item['zip_file_id'] = zip_file_id
item['requirements_zip_file_id'] = requirements_zip_file_id
resource.db_update_item(item['id'], item)
body['function_name'] = function_name
return Response(body)
else:
body['error'] = error.NO_SUCH_FUNCTION
return Response(body)
def put_item(self, table_name, partition, item, item_id=None, creation_date=None, indexing=True):
if item_id:
response = self.get_item(table_name, item_id=item_id)
if 'Item' in response:
need_counting = False
else:
need_counting = True
else:
item_id = str(shortuuid.uuid())
need_counting = True
if not creation_date:
creation_date = self.time()
table = self.resource.Table(table_name)
item['id'] = item_id
item['creation_date'] = creation_date
item['partition'] = partition
response = table.put_item(
Item=item,
)
if need_counting:
""" Counting if the item is a new one """
self._add_item_count(table_name, '{}-count'.format(partition))
for field, value in item.items():
self._add_item_count(table_name, '{}-{}-{}-count'.format(partition, field, value))
if indexing:
self._delete_inverted_query(table_name, item_id)
self._put_inverted_query(table_name, partition, item)
return response
def do(data, resource):
body = {}
params = data['params']
guest_id = params.get('guest_id', None)
data['params']['login_method'] = 'guest_login'
login_conf = get_login_method(data, resource)['body']['item']
default_group_name = login_conf['default_group_name']
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.GUEST_LOGIN_INVALID
return Response(body)
if guest_id:
item = resource.db_get_item(guest_id)
if item:
session_id = put_guest_session(resource, guest_id)
body['session_id'] = session_id
body['guest_id'] = guest_id
return Response(body)
else:
body['error'] = error.NO_SUCH_GUEST
return Response(body)
else:
guest_id = shortuuid.uuid()
email = '{}@guest.com'.format(shortuuid.uuid())
item = {
'email': email,
'groups': [default_group_name],
'login_method': 'guest_login',
}
resource.db_put_item('user', item, item_id=guest_id)
session_id = put_guest_session(resource, guest_id)
body['session_id'] = session_id
body['guest_id'] = guest_id
return Response(body)
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
description = params.get('description', None)
zip_file = params.get('zip_file', None)
runtime = params.get('runtime')
handler = params.get('handler')
runnable = params.get('runnable', True)
sdk_config = params.get('sdk_config', {})
zip_file_id = uuid()
requirements_zip_file_id = uuid()
item = dict()
item['function_name'] = function_name
item['description'] = description
item['handler'] = handler
item['runtime'] = runtime
item['runnable'] = runnable
item['zip_file_id'] = zip_file_id
item['requirements_zip_file_id'] = requirements_zip_file_id
item['sdk_config'] = sdk_config
item_ids, _ = resource.db_get_item_id_and_orders(partition,
'function_name',
function_name)
if len(item_ids) == 0:
zip_file_b64 = zip_file.encode('utf-8')
zip_file_bin = base64.b64decode(zip_file_b64)
requirements_zip_file_bin = generate_requirements_zipfile(zip_file_bin)
resource.file_upload_bin(zip_file_id, zip_file_bin)
resource.file_upload_bin(requirements_zip_file_id,
requirements_zip_file_bin)
resource.db_put_item(partition, item)
body['function_name'] = function_name
return body
else:
body['error'] = error.EXISTING_FUNCTION
return body
def do(data, resource):
body = {}
params = data['params']
user = data.get('user', None)
session_id = params.get('session_id', None)
data['params']['login_method'] = 'guest_login'
login_conf = get_login_method(data, resource)['item']
default_group_name = login_conf['default_group_name']
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.GUEST_LOGIN_INVALID
return body
if user:
body['session_id'] = session_id
body['guest_id'] = user['id']
return body
else:
guest_id = shortuuid.uuid()
email = '{}@guest.com'.format(shortuuid.uuid())
item = {
'email': email,
'groups': [default_group_name],
'login_method': 'guest_login',
'name': 'Guest'
}
resource.db_put_item('user', item, item_id=guest_id)
session_id = put_guest_session(resource, guest_id)
body['session_id'] = session_id
body['guest_id'] = guest_id
return body
def _put_inverted_query_field(self, table, partition, field, operand, operation, item_id, creation_date):
if len(str(operand)) > 1024:
return False
_inverted_query = '{}-{}-{}-{}'.format(partition, field, operand, operation)
query = {
'id': 'query-{}'.format(shortuuid.uuid()),
'partition': 'index-{}'.format(item_id),
'inverted_query': _inverted_query,
'creation_date': creation_date,
'item_id': item_id,
}
response = table.put_item(
Item=query,
)
return response
def try_put_item(idx, item):
item['id'] = uuid()
if 'owner' not in item:
item['owner'] = user_id
item = {
key: value
for key, value in item.items()
if value != '' and value != {} and value != []
}
if match_policy(policy_code, user, item):
resource.db_put_item(partition,
item,
item_id=item['id'],
index_keys=index_keys,
sort_keys=sort_keys)
item_ids[idx] = item.get('id', None)
else:
error_list[idx] = error.PERMISSION_DENIED
def do(data, resource):
body = {}
params = data['params']
user = data.get('user', None)
if user:
user_id = user.get('id', None)
else:
user_id = None
partition = params.get('partition', None)
item = params.get('item', {})
item['id'] = uuid()
if 'owner' not in item:
item['owner'] = user_id
item = {key: value for key, value in item.items() if value != '' and value != {} and value != []}
# 시스템 파티션 접근 제한
if database_can_not_access_to_item(partition):
body['error'] = error.PERMISSION_DENIED
return body
# Check partition has been existed
if resource.db_has_partition(partition):
if match_policy_after_get_policy_code(resource, 'create', partition, user, item):
index_keys = util.get_index_keys_to_index(resource, user, partition, 'w')
sort_keys = util.get_sort_keys(resource)
resource.db_put_item(partition, item, item_id=item['id'], index_keys=index_keys, sort_keys=sort_keys)
body['item_id'] = item.get('id', None)
return body
else:
body['error'] = error.PERMISSION_DENIED
return body
body['error'] = error.NO_SUCH_PARTITION
return body
def do(data, resource):
if not env.safe_to_run_code():
return {
'success': False,
'error': error.CANNOT_RUN_ON_NON_SERVERLESS
}
body = {}
params = data['params']
package_text = params.get('package_text')
if not package_text:
return {
'success': False,
'error': error.REQUIRED_PARAMS_NOT_EXIST
}
requirements_zip_file_id = uuid()
requirements_zip_file_bin, response_stdout = generate_requirements_zipfile(package_text)
resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin)
body['zip_file_id'] = requirements_zip_file_id
body['response_stdout'] = response_stdout
return body
def do(data, resource):
body = {}
params = data['params']
user = data['user']
id_token = params.get('id_token')
data['params']['login_method'] = 'google_login'
login_conf = get_login_method.do(data, resource)['item']
default_group_name = login_conf['default_group_name']
register_policy_code = login_conf.get('register_policy_code', None)
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.GOOGLE_LOGIN_INVALID
return body
extra_response = get_google_profile_response(id_token)
google_user_id = extra_response['sub']
google_user_email = extra_response['email']
if not data.get('admin', False):
if not match_policy(register_policy_code, extra_response, None):
body['error'] = error.REGISTER_POLICY_VIOLATION
return body
instructions = [
(None, ('google_user_id', 'eq', google_user_id)),
('and', ('login_method', 'eq', 'google_login')),
]
items, end_key = resource.db_query('user', instructions)
if items:
session_id = create_session(resource, items[0], data)
body['session_id'] = session_id
body['user_id'] = items[0]['id']
body['is_first_login'] = False
return body
elif not already_has_account_email(
google_user_email,
resource): # Create new user and create session also.
item = {
'id': uuid(),
'email': google_user_email,
'groups': [default_group_name],
'login_method': 'google_login',
'google_user_id': google_user_id,
}
# Put extra value in the item
key_map = {'name': 'name', 'picture': 'profile_image'}
for key in extra_response:
if key not in item:
if key in key_map:
item[key_map[key]] = extra_response[key]
else:
item[key] = extra_response[key]
resource.db_put_item('user', item, item.get('id'))
session_id = create_session(resource, item, data)
body['session_id'] = session_id
body['is_first_login'] = True
body['user_id'] = item['id']
return body
else:
body['error'] = error.EXISTING_ACCOUNT_VIA_OTHER_LOGIN_METHOD
return body
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
description = params.get('description', None)
zip_file = params.get('zip_file', None)
runtime = params.get('runtime')
handler = params.get('handler')
runnable = params.get('runnable', True)
sdk_config = params.get('sdk_config', {})
use_logging = params.get('use_logging', False)
use_traceback = params.get('use_traceback', False)
requirements_zip_file_id = params.get('requirements_zip_file_id', None)
use_standalone = params.get('use_standalone', False) #
zip_file_id = uuid()
item = dict()
item['function_name'] = function_name
item['description'] = description
item['handler'] = handler
item['runtime'] = runtime
item['runnable'] = runnable
item['zip_file_id'] = zip_file_id
item['requirements_zip_file_id'] = requirements_zip_file_id
item['sdk_config'] = sdk_config
item['use_logging'] = use_logging
item['use_traceback'] = use_traceback
item['use_standalone'] = use_standalone
functions, _ = resource.db_query(partition, [{
'condition': 'eq',
'field': 'function_name',
'value': function_name
}], None, 1000, False)
# item_ids, _ = resource.db_get_item_id_and_orders(partition, 'function_name', function_name)
function_version = 0
if functions:
function_version = int(functions[-1].get('function_version', 0)) + 1
item['function_version'] = function_version
zip_file_b64 = zip_file.encode('utf-8')
zip_file_bin = base64.b64decode(zip_file_b64)
resource.file_upload_bin(zip_file_id, zip_file_bin)
if use_standalone:
standalone_function_name = f'{function_name}_{function_version}'
item['standalone_function_name'] = standalone_function_name
if requirements_zip_file_id:
zip_file_bin = get_add_requirements_zip_file(
resource, zip_file_bin, requirements_zip_file_id)
resource.function_create_stand_alone_function(standalone_function_name,
zip_file_bin)
resource.db_put_item(partition, item)
body['function_name'] = function_name
body['function_version'] = function_version
return body
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
function_version = params.get('function_version', 0)
description = params.get('description', None)
zip_file = params.get('zip_file', None)
runtime = params.get('runtime', None)
handler = params.get('handler', None)
runnable = params.get('runnable', None)
sdk_config = params.get('sdk_config', None)
use_logging = params.get('use_logging', None)
use_traceback = params.get('use_traceback', None)
items, _ = resource.db_query(partition, [{
'option': None,
'field': 'function_name',
'condition': 'eq',
'value': function_name
}])
if function_version is None:
function_version = 0
items = list(
filter(
lambda x: int(x.get('function_version', 0)) == int(function_version
), items))
if items:
item = items[0]
if description:
item['description'] = description
if handler:
item['handler'] = handler
if runtime:
item['runtime'] = runtime
if runnable is not None:
item['runnable'] = runnable
if sdk_config is not None:
item['sdk_config'] = sdk_config
if use_traceback is not None:
item['use_traceback'] = use_traceback
if use_logging is not None:
item['use_logging'] = use_logging
if zip_file:
zip_file_id = uuid()
# requirements_zip_file_id = uuid()
zip_file_b64 = zip_file.encode('utf-8')
zip_file_bin = base64.b64decode(zip_file_b64)
# requirements_zip_file_bin = generate_requirements_zipfile(zip_file_bin)
resource.file_upload_bin(zip_file_id, zip_file_bin)
# resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin)
item['zip_file_id'] = zip_file_id
# item['requirements_zip_file_id'] = requirements_zip_file_id
resource.db_update_item(item['id'], item)
body['function_name'] = function_name
return body
else:
body['error'] = error.NO_SUCH_FUNCTION
return body
def do(data, resource):
body = {}
params = data['params']
email = params['email']
password = params['password']
# 추가적으로 삽입할 데이터들을 가져옵니다.
extra = params.get('extra', {})
# 빈 값들은 세팅에서 제외합니다.
extra = {
key: value
for key, value in extra.items()
if value != '' and value != {} and value != []
}
# 높은 암호화 수준을 위해 Salt 를 랜덤 생성합니다.
salt = Salt.get_salt(32)
# 사용자가 입력한 password 를 salt 와 함께 sha3_512 으로 해싱합니다.
password_hash = hash_password(password, salt)
# 비밀번호 정책 기준을 충족하는지 체크하기 위해 delegate 함수로 비밀번호의 메타 정보를 체크합니다.
password_meta = {
'count': len(password),
'count_lowercase': len([c for c in password if c.islower()]),
'count_uppercase': len([c for c in password if c.isupper()]),
'count_special': len([c for c in password if c in string.punctuation]),
}
partition = 'user'
data['params']['login_method'] = 'email_login'
login_conf = get_login_method(data, resource)['item']
# 사용자의 가입 정책기준을 가져옵니다.
register_policy_code = login_conf.get('register_policy_code', None)
if not data.get('admin', False):
# 사용자 가입 정책에 부합하는지 확인합니다. 부합하지 않으면 정책 위반 에러를 리턴합니다.
if not match_policy(register_policy_code, extra, password_meta):
body['error'] = error.REGISTER_POLICY_VIOLATION
return body
# 시스템의 Login config 에 저장된대 기본 가입 그룹 이름을 가져옵니다.
default_group_name = login_conf['default_group_name']
# 시스템에서 로그인이 허용되는지 체크합니다.
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
# 로그인 허용이 되지 않는 경우입니다.
if not enabled:
body['error'] = error.EMAIL_LOGIN_INVALID
return body
# email 로 사용자가 있는지 확인합니다.
instructions = [[None, 'email', 'eq', email]]
items, end_key = resource.db_query(partition, instructions)
users = list(items)
# 이미 해당 이메일로 가입된 멤버가 있는 경우
if len(users) > 0:
body['error'] = error.EXISTING_ACCOUNT
return body
else:
# 해싱된 비밀번호로 회원 가입을 진행합니다.
item = {
'id': str(uuid()),
'email': email,
'password_hash': password_hash,
'salt': salt,
'groups': [default_group_name],
'login_method': 'email_login',
}
# Put extra value in the item
for key in extra:
if key not in item:
item[key] = extra[key]
resource.db_put_item(partition, item, item_id=item['id'])
body['item'] = item
return body
