def dispatchApiCall(reqJson):
print("Json request:", reqJson)
if not "mode" in reqJson:
print("API JSON Request without mode!")
return getResponse("No mode in API Request!", error=True)
mode = reqJson["mode"]
if not mode in DISPATCH_TABLE:
print("Invalid mode in request: '{mode}'".format(mode=mode))
return getResponse(
"Invalid mode in API Request ({mode})!".format(mode=mode),
error=True)
dispatch_method, auth_required, csrf_required = DISPATCH_TABLE[mode]
try:
if csrf_required:
csrf.protect()
if auth_required and not current_user.is_authenticated():
return getResponse(LOGIN_REQ, error=True)
else:
ret = dispatch_method(reqJson)
except AssertionError as e:
traceback.print_exc()
print(reqJson)
return getResponse("Error processing API request: '%s'!" % e,
error=True)
return ret
def dispatchApiCall(reqJson):
print("Json request:", reqJson)
if not "mode" in reqJson:
print("API JSON Request without mode!")
return getResponse("No mode in API Request!", error=True)
mode = reqJson["mode"]
if not mode in DISPATCH_TABLE:
print("Invalid mode in request: '{mode}'".format(mode=mode))
return getResponse("Invalid mode in API Request ({mode})!".format(mode=mode), error=True)
dispatch_method, auth_required, csrf_required = DISPATCH_TABLE[mode]
try:
if csrf_required:
csrf.protect()
if auth_required and not current_user.is_authenticated():
return getResponse(LOGIN_REQ, error=True)
else:
ret = dispatch_method(reqJson)
except AssertionError as e:
traceback.print_exc()
print(reqJson)
return getResponse("Error processing API request: '%s'!" % e, error=True)
return ret
def punch(id):
'''study.punch(id)'''
csrf.protect()
video = Video.query.get_or_404(id)
if not current_user.can_play(video=video):
abort(403)
if request.json is None:
abort(500)
if not current_user.punched(video=video):
add_user_log(user=current_user._get_current_object(),
event='视频研修:{}'.format(video.name),
category='study')
current_user.punch(video=video, play_time=request.json.get('play_time'))
db.session.commit()
if video.lesson.type.name in ['VB', 'Y-GRE', 'Y-GRE AW']:
# synchronize study progress with Y-System
punch = current_user.get_punch(video=video)
if punch.sync_required:
data = y_system_api_request(api='punch',
token_data={
'user_id': current_user.id,
'section': video.section,
})
if verify_data_keys(data=data, keys=['success']):
punch.set_synchronized()
add_user_log(user=current_user._get_current_object(),
event='同步研修进度至Y-System:{}'.format(video.section),
category='study')
db.session.commit()
return jsonify({
'progress': current_user.video_progress(video=video),
})
def signup(self,):
csrf.protect()
form = SignUpForm()
if form.validate_on_submit():
pass
# TODO Create User object
# Log User in
return redirect(url_for("main.MainView:index"))
def signup(self):
""" Render the login form.
Authentication and Authorisation handled by app.backend.auth
"""
csrf.protect()
context = {
'form': SignUpForm()}
return render_template(
"main/login.html",
**context)
def login(self,):
csrf.protect()
if current_user.is_authenticated:
return redirect(url_for("main.MainView:login"))
form = LoginForm()
if form.validate_on_submit():
pass
#TODO check user password
#Log user in
return redirect(url_for("main.MainView:index"))
def dispatchApiCall(reqJson):
forwarded_for = request.headers.get('X-Forwarded-For', None)
# if forwarded_for == '108.28.56.67':
# print("Bouncing possible abuse from %s" % (forwarded_for, ))
# return getResponse("Hi there! Please contact me on github.com/fake-name/wlnupdates before doing bulk scraping, please!", error=True)
if not "mode" in reqJson:
print("API JSON Request without mode!")
return getResponse("No mode in API Request!", error=True)
mode = reqJson["mode"]
if not mode in DISPATCH_TABLE:
print("Invalid mode in request: '{mode}'".format(mode=mode))
return getResponse("Invalid mode in API Request ({mode})!".format(mode=mode), error=True)
dispatch_method, auth_required, csrf_required, rate_limited = DISPATCH_TABLE[mode]
try:
if csrf_required:
csrf.protect()
if auth_required and not current_user.is_authenticated():
return getResponse(LOGIN_REQ, error=True)
if rate_limited and not current_user.is_authenticated():
limiter_key = forwarded_for + " " + mode
if limiter_key in RATE_LIMITER:
print("Anon User hit rate limiting. Bouncing.")
return getResponse("API calls when not logged in are rate limited. Please either log in, or slow down. "
"Complain at github.com/fake-name/wlnupdates/issues if this is a problem", error=True)
print("Inserting anon requester into rate-limit cache.")
RATE_LIMITER[limiter_key] = True
ret = dispatch_method(reqJson)
else:
ret = dispatch_method(reqJson)
except AssertionError as e:
traceback.print_exc()
print(reqJson)
return getResponse("Error processing API request: '%s'!" % e, error=True)
return ret
def login():
# Protect with csrf
csrf.protect()
# Here we use a class of some kind to represent and validate our
# client-side form data. For example, WTForms is a library that will
# handle this for us.
form = LoginForm()
if form.validate_on_submit():
# Login and validate the user.
login_user(form.user)
flask.flash('Logged in successfully.')
next = flask.request.args.get('next')
if not is_safe_url(next):
return flask.abort(400)
return flask.redirect(next or flask.url_for('index'))
return flask.render_template('login.html', form=form)
def check_csrf():
csrf.protect()
def decorated_function(*args, **kwargs):
csrf.protect()
return f(*args, **kwargs)
