def route(self, req, res): if (req.user and not req.method in ("GET", "HEAD", "OPTIONS", "TRACE") and req.params.pop("csrfToken", "") != req.session.csrfToken and req.body.pop("csrfToken", "") != req.session.csrfToken): res.status = 400 return for possibleRoute, handlers in self.routes.iteritems(): match = possibleRoute.match(req.path) if match: if req.method in handlers: res.status = 200 req.params.update(match.groupdict()) handlers[req.method](req, res) else: res.status = 405 break else: res.status = 404 if not res.body: if 200 <= res.status <= 299: res.status = 204 else: render(req, res, "static/{0}.html".format(res.status))
def createOne(cls, req, res): password = req.body.pop("password", "") user = User.findOne(req.body) if not user or not checkPassword(password, user.passwordHash): res.status = 400 render(req, res, "session/new.html.bepy") return user.isDisabled = False user.save() session = Session.create({ "user": user.id, "passwordHash": user.passwordHash, "lastAddress": req.remoteAddress, "lastUse": datetime.utcnow() }) res.cookies["session"] = session.id res.cookies["session"]["httponly"] = True res.cookies["session"]["max-age"] = 365 * 24 * 60 * 60 # 1 year should be permanent enough res.status = 201 res.headers["Location"] = "/session/{0}".format(session.id) render(req, res, "redirect-home.html.bepy") return session
def createOne(cls, req, res): password = req.body.pop("password", "") user = User.findOne(req.body) if not user or not checkPassword(password, user.passwordHash): res.status = 400 render(req, res, "session/new.html.bepy") return user.isDisabled = False user.save() session = Session.create({ "user": user.id, "passwordHash": user.passwordHash, "lastAddress": req.remoteAddress, "lastUse": datetime.utcnow() }) res.cookies["session"] = session.id res.cookies["session"]["httponly"] = True res.cookies["session"][ "max-age"] = 365 * 24 * 60 * 60 # 1 year should be permanent enough res.status = 201 res.headers["Location"] = "/session/{0}".format(session.id) render(req, res, "redirect-home.html.bepy") return session
def find(cls, req, res): if "home" in req.params: if req.user: req.params["home"] = req.user.id else: del req.params["home"] render(req, res, "session/new.html.bepy") return super(BleatController, cls).find(req, res)
def findAndRender(cls, req, res): try: req.params = cls._validateParams(getattr(cls, "findSchema", cls.overallSchema), req.params) except (TypeError, ValueError): res.status = 400 return models = cls.find(req, res) if 200 <= res.status <= 299 and res.status != 204 and not res.body: render(req, res, "{0}/find.html.bepy".format(cls._Model.__name__.lower()), models)
def createOneAndRender(cls, req, res): try: req.body = cls._validateParams(getattr(cls, "createOneSchema", cls.overallSchema), req.body) if "id" in req.body: del req.body["id"] except (TypeError, ValueError): res.status = 400 return model = cls.createOne(req, res) if 200 <= res.status <= 299 and res.status != 204 and not res.body: render(req, res, "{0}/findOne.html.bepy".format(cls._Model.__name__.lower()), model)
def deleteOneAndRender(cls, req, res): try: req.params = cls._validateParams({"id": getattr(cls, "idType", int)}, req.params) except (TypeError, ValueError): res.status = 400 return isDeleted = cls.deleteOne(req, res) if 200 <= res.status <= 299 and res.status != 204: if not isDeleted: res.status = 404 elif not res.body: render(req, res, "{0}/deleteOne.html.bepy".format(cls._Model.__name__.lower()))
return bleat @classmethod def updateOne(cls, req, res): res.status = 403 @classmethod def deleteOne(cls, req, res): if not req.user: res.status = 403 return bleat = Bleat.findOne(req.params) if not bleat: return if req.user.id != bleat.user: res.status = 403 return bleat.erase() return True _Model = Bleat defaultRoutes[( "GET", "^/bleat/new$")] = lambda req, res: render(req, res, "bleat/new.html.bepy") defaultRoutes[("GET", "^(?P<home>/index|/|)$")] = BleatController.findAndRender