def post(self):
"""This post is for priming/prefetching,
not actually delivering the widget
"""
start = time.time()
api_key = self.request.get('apikey')
account_id = self.request.get('accountid')
user_id = self.request.get('userid')
widget_type = self.request.get('widget')
logdiction = {'event':'prefetchwidget',
'api':'get_widget',
'user':user_id,
'is_api':'yes',
'ip':self.request.remote_addr,
'account':account_id,
'widget':widget_type,
'success':'true'}
if widget_type not in constants.VALID_WIDGETS:
logdiction['success'] = 'false'
logdiction['details'] = "Using an invalid widget name"
logs.create(logdiction)
self.response.out.write(bad_args())
return
# Get the account
acc_ref = accounts_dao.authorize_api(account_id, api_key)
if not acc_ref:
logdiction['success'] = 'false'
logdiction['details'] = auth_error()
logs.create(logdiction)
self.response.out.write(auth_error())
return
if not user_id and widget_type in constants.WIDGETS_THAT_DONT_NEED_A_USER:
user_id = constants.ANONYMOUS_USER
if not user_id:
logdiction['success'] = 'false'
logdiction['details'] = bad_args()
logs.create(logdiction)
self.response.out.write(bad_args())
return
user_ref = None
if user_id:
user_ref = users_dao.get_user_with_key(user_id)
if not user_ref and user_id == constants.ANONYMOUS_USER:
users_dao.create_new_user(account_id, constants.ANONYMOUS_USER)
#acc_ref = users_dao.get_account_from_user(user_ref)
# TODO Need to measure if there is an actual gain from this prefetching
# or if it's causing unnecessary contention
values = getattr(self, widget_type + "_values")(user_ref, acc_ref, 500, 300)
logs.create(logdiction)
return
def get(self):
current_session = Session().get_current_session(self)
account_entity = current_session.get_account_entity()
email = account_entity.email
""" notify anonymous account """
userhash = hashlib.sha1(email + '---' + constants.ANONYMOUS_USER).hexdigest()
user_ref = users_dao.get_user_with_key(userhash)
notifier.user_badge_award(user_ref, "This is a note", "/images/badges/test2.jpg", "Title", account_entity, "anonymous_badge")
self.response.out.write("done")
def get(self):
""" Users fetch their widgets from here """
start = time.time()
user_key = self.request.get('u')
if not user_key:
self.redirect('/html/404.html')
return
height = self.request.get('height')
width = self.request.get('width')
widget_type = self.request.get('widget')
if widget_type not in constants.VALID_WIDGETS:
self.redirect('/html/404.html')
error("Fetching widget type " + str(widget_type))
return
# TODO make sure the account has permission to the type of widget
# as of right now all widgets are enabled
user_ref = users_dao.get_user_with_key(user_key)
acc_ref = users_dao.get_account_from_user(user_ref)
user_id = ""
acc_id = ""
if user_ref: user_id = user_ref.key().name()
if acc_ref: acc_id = acc_ref.key().name()
logdiction = {'event':'viewwidget',
'api':'get_widget',
'user':user_id,
'is_api':'yes',
'ip':self.request.remote_addr,
'account':acc_id,
'widget':widget_type,
'success':'true'}
values = getattr(self, widget_type + "_values")(user_ref, acc_ref, height, width)
path = os.path.join(os.path.dirname(__file__), 'widgets/v1.0/' +
widget_type + ".html")
#TODO minify temp code, lots of white space right now
temp = template.render(path, values)
logs.create(logdiction)
self.response.out.write(temp)
timing(start)
return
def post(self):
start = time.time()
clean = XssCleaner()
api_key = self.request.get('apikey')
account_id = self.request.get('accountid')
new_user_id = self.request.get('userid')
# Anything that can possibly be rended should be cleaned
profile_link = self.request.get('profile_link')
# We can't clean it because it will not render if embedded into a site
# Be wary of doing any queries with this data
#profile_link = clean.strip(profile_link)
profile_img = self.request.get('profile_img')
#profile_img = clean.strip(profile_img)
profile_name = self.request.get('profile_name')
profile_name = clean.strip(profile_name)
logdiction = {'event':'loginuser',
'api': 'update_user',
'is_api':'yes',
'ip':self.request.remote_addr,
'user':new_user_id,
'account':account_id,
'success':'true'}
if not account_id or not new_user_id or not api_key:
self.response.out.write(bad_args())
logdiction['success'] = 'false'
logdiction['details'] = bad_args()
logs.create(logdiction)
return
acc = accounts_dao.authorize_api(account_id, api_key)
if not acc:
self.response.out.write(auth_error())
logdiction['success'] = 'false'
logdiction['details'] = auth_error()
logs.create(logdiction)
return
# Create a new user
user_key = users_dao.get_user_key(account_id, new_user_id)
#Update
user_ref = users_dao.get_user_with_key(user_key)
if user_ref:
dict = {}
update = False
if profile_link and profile_link != user_ref.profileLink:
dict["profileLink"] = profile_link
update = True
if profile_img and profile_img != user_ref.profileImg:
dict["profileImg"] = profile_img
update = True
if profile_name and profile_name != user_ref.profileName:
dict["profileName"] = profile_name
update = True
if update:
logdiction['event'] = 'updateuser'
try:
users_dao.update_user(user_key, dict, None)
except:
logdiction['success'] = 'false'
logdiction['details'] = db_error()
logs.create(logdiction)
self.response.out.write(db_error())
error("Error updating user with id %s"%new_user_id)
return
logs.create(logdiction)
self.response.out.write(success_ret())
timing(start)
return
if not profile_img:
profile_img = constants.IMAGE_PARAMS.USER_AVATAR
new_user = Users(key_name=user_key,
userid=new_user_id,
isEnabled="yes",
accountRef=acc,
profileName=profile_name,
profileLink=profile_link,
profileImg=profile_img)
logdiction['event'] = 'createuser'
try:
users_dao.save_user(new_user, user_key)
except:
logdiction['success'] = 'false'
logdiction['details'] = db_error()
logs.create(logdiction)
self.response.out.write(db_error())
error("Error getting user with key %s"%key)
return
logs.create(logdiction)
self.response.out.write(success_ret())
timing(start)
return
