def from_sql(self, utoken):
cur, con = mysql_connect()
try:
qstr = sql_selectall("uploadtokens", ["tokenid"], [utoken], [sq.token])
except SQLParamError:
do_param_error("UploadToken.from_sql")
raise SQLParamError()
#qstr = "SELECT * FROM uploadtokens WHERE tokenid="+estr(utoken)
cur.execute(qstr)
ret = cur.fetchone()
if ret == None:
self.invalid = True
return
self.token = ret["tokenid"]
self.path = ret["path"]
self.time = ret["time"]
self.name = ret["name"]
self.fileid = ret["fileid"]
self.realpath = ret["realpath"]
self.userid = ret["userid"]
self.permissions = ret["permissions"]
self.expiration = ret["expiration"]
self.size = ret["size"]
self.cur = ret["cur"]
def create_file(userid, filename, mimetype, parentid):
#fileid "1" is root for active user
cur, con = mysql_connect()
types = [sq.int, sq.int, sq.str(255), sq.str(100), sq.str(100), sq.str(255)]
cols = ["userid", "parentid", "mimeType", "name", "other_meta", "diskpath" ]
values = [userid, parentid, mimetype, filename, "" , "" ]
try:
qstr = sql_insertinto("filedata", cols, values, types)
except SQLParamError:
do_param_error("file creation, userid=" + str(userid) + ", filename="+filename + ", mimetype=" + mimetype, "parentid="+str(parentid))
raise SQLParamError()
#cur.execute("INSERT INTO filedata (userid,parentid,mimeType,name) VALUES (%d,%d,\"%s\",\"%s\")"%(userid,parentid,mimetype,filename))
cur.execute(qstr);
con.commit()
return db_engine.get_last_rowid(cur)
cur.execute("SELECT LAST_INSERT_ID()")
ret = cur.fetchone()
return ret["LAST_INSERT_ID()"]
def resolve_path(path):
cs = path.split("/")
while "" in cs:
cs.remove("")
if cs == None or len(cs) == 0:
return ROOT_PARENT_ID
parentid = ROOT_PARENT_ID
cur, con = mysql_connect()
for i, c in enumerate(cs):
c = c.strip()
types = [sq.int, sq.str(512)]
cols = ["parentid", "name" ]
values = [parentid, c ]
try:
qstr = sql_selectall("filedata", cols, values, types)
except SQLParamError:
do_param_error("resolve_path: \"%s\"" % path)
raise SQLParamError
cur.execute(qstr);
ret = cur.fetchone()
if ret == None:
return None
parentid = ret["fileid"];
return parentid
def commit(self):
cur, con = mysql_connect()
dnow = datetime.datetime.now()
dend = datetime.datetime.now()+datetime.timedelta(days=1)
types = [sq.token, sq.path, sq.datetime, sq.int ]
cols = ["tokenid", "path", "time", "fileid" ]
values = [self.token, self.path, dnow, 32423423] #we don't use database fileids in local mode
types += [sq.str(100), sq.path, sq.int, sq.int ]
cols += ["name", "realpath", "userid", "permissions"]
values += [self.name, self.realpath, self.userid, 0 ]
types += [sq.datetime, sq.int, sq.int ]
cols += ["expiration", "size", "cur" ]
values += [dend, self.size, self.cur]
try:
qstr = sql_insertinto("uploadtokens", cols, values, types)
except SQLParamError:
#do_param_error(json.dumps(self));
raise SQLParamError("upload token error; see error.log for details")
print("QSTR", qstr)
cur.execute(qstr)
con.commit()
def do_GET(self, serv):
qs = get_qs(serv.path)
if "refreshToken" not in qs:
serv.send_error(400)
return
token = qs["refreshToken"][0]
cur, con = mysql_connect()
cur.execute("SELECT * FROM authtokens WHERE tokenid=" + estr(token))
ret = cur.fetchone()
if ret == None:
serv.send_error(401)
return
exprtime1 = ensure_datetime(ret["expiration"])
if exprtime1 < datetime.datetime.now():
alog("Expired token %s" % (token))
serv.send_error(408)
return
userid = ret["userid"]
tok = gen_token("A", userid)
exprtime = datetime.datetime.now() + datetime.timedelta(hours=2)
alog("Generated session token %s for user %s" % (tok, str(userid)))
cols = ["tokenid", "userid", "type", "permissions", "expiration"]
values = [tok, userid, toktypes["A"], default_permission, exprtime]
types = [sq.token, sq.int, sq.int, sq.int, sq.datetime]
try:
qstr = sql_insertinto("authtokens", cols, values, types)
except SQLParamError:
do_param_error("cols: " + str(cols) + ", values:" + str(values))
serv.send_error(401)
return
cur.execute(qstr)
con.commit()
body = json.dumps({"access_token": str(tok)})
body = bstr(body)
serv.gen_headers("GET", len(body), json_mimetype)
serv.wfile.write(body)
def commit(self):
cur, con = mysql_connect()
dnow = datetime.datetime.now()
dend = datetime.datetime.now()+datetime.timedelta(days=1)
types = [sq.token, sq.path, sq.datetime, sq.int ]
cols = ["tokenid", "path", "time", "fileid" ]
values = [self.token, self.path, dnow, self.fileid]
types += [sq.str(100), sq.path, sq.int, sq.int ]
cols += ["name", "realpath", "userid", "permissions"]
values += [self.name, self.realpath, self.userid, 0 ]
types += [sq.datetime, sq.int, sq.int ]
cols += ["expiration", "size", "cur" ]
values += [dend, self.size, self.cur]
try:
qstr = sql_insertinto("uploadtokens", cols, values, types)
except SQLParamError:
do_param_error(json.dumps(self));
raise SQLParamError("upload token error; see error.log for details")
"""
qstr = "INSERT INTO uploadtokens (tokenid,path,time,fileid,"
qstr += "name,realpath,userid,permissions,expiration,size,cur) VALUES"
qstr += "(%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)" % (
estr(self.token),
estr(self.path),
estr(datetime.datetime.now()),
estr(self.fileid),
estr(self.name),
estr(self.realpath),
estr(self.userid),
estr(0),
estr(datetime.datetime.now()+datetime.timedelta(days=1)),
estr(self.size),
estr(self.cur),
)
#"""
cur.execute(qstr)
con.commit()
def fetch_file(fileid):
cur, con = mysql_connect()
try:
qstr = sql_selectall("filedata", ["fileid"], [fileid], [sq.int])
except SQLParamError:
do_param_error("fetch_file")
raise SQLParamError()
cur.execute(qstr)
ret = cur.fetchone()
if ret == None:
errlog("Warning: invalid fileid %s"%fileid)
return None
if ret["mimeType"] == FOLDER_MIME:
f = Folder(ret)
else:
f = File(ret)
return f
def do_GET(self, serv):
qs = get_qs(serv.path)
#print("userinfo!")
cur, con = mysql_connect()
if "accessToken" not in qs:
elog("access token wasn't provided")
serv.send_error(400)
return
token = qs["accessToken"][0]
userid = do_auth(token)
if (userid == None):
elog("invalid access")
serv.send_error(401)
return
cur.execute("SELECT * FROM users WHERE userid=" + estr(userid))
ret = cur.fetchone()
body = json.dumps({
"username": ret["username"],
"userid": rot_userid(ret["userid"]),
"name_last": ret["name_last"],
"name_first": ret["name_first"],
"email": ret["email"],
"permissions": ret["permissions"],
"last_login": str(ret["last_login"])
})
body = bstr(body)
serv.gen_headers("GET", len(body), json_mimetype)
serv.wfile.write(body)
def do_auth(tok):
cur, con = mysql_connect()
try:
cur.execute("SELECT * FROM authtokens WHERE tokenid=" + estr(tok))
except db_engine.DBError:
cur, con = mysql_reconnect()
cur.execute("SELECT * FROM authtokens WHERE tokenid=" + estr(tok))
ret = cur.fetchone()
if ret == None:
elog("nonexistent access token " + str(tok))
return None
if ret["type"] != toktypes["A"]:
elog("invalid access token " + str(tok))
return None
exprtime1 = ensure_datetime(ret["expiration"])
if exprtime1 < datetime.datetime.now():
elog("expired access token " + str(tok))
return None
return ret["userid"]
def do_GET(self, serv):
qs = get_qs(serv.path)
if not ("user" in qs and "password" in qs):
serv.send_error(400)
return
user = qs["user"][0]
password = qs["password"][0]
#HACK: wsgi is turning +'s into spaces? how odd
password = password.replace(" ", "+")
if not valid_pass(password):
alog("invalid pass format %s" % password)
serv.send_error(401)
return
cur, con = mysql_connect()
try:
qstr = sql_selectall("users", ["username"], [user], [sq.user])
except SQLParamError:
do_param_error(user)
serv.send_error(401)
return
cur.execute(qstr)
ret = cur.fetchone()
if ret == None:
alog("invalid user %s" % user)
serv.send_error(401)
return
alog("Fetching refresh token for user %s. . ." % user)
passwd = ret["password"]
userid = ret["userid"]
if passwd != password:
alog("Invalid password for %s, got: '%s', pass: '******'" %
(user, password, ret["password"]))
serv.send_error(401)
return
tok = gen_token("R", userid)
exprtime = datetime.datetime.now() + datetime.timedelta(days=12)
alog("Refresh token for %s: %s" % (user, tok))
cols = ["tokenid", "userid", "type", "permissions", "expiration"]
values = [tok, userid, toktypes["R"], default_permission, exprtime]
types = [sq.token, sq.int, sq.int, sq.int, sq.datetime]
try:
qstr = sql_insertinto("authtokens", cols, values, types)
except SQLParamError:
do_param_error("cols: " + str(cols) + ", values:" + str(values))
serv.send_error(401)
return
"""
qstr = "INSERT INTO authtokens (tokenid,userid,type,permissions,expiration) VALUES("
qstr += estr(tok)+","+estr(userid)+","
qstr += estr(toktypes["R"])+","+estr(default_permission)+","
qstr += estr(exprtime)+")"
"""
cur.execute(qstr)
con.commit()
body = json.dumps({"refresh_token": str(tok), "result": 1})
body = bstr(body)
serv.gen_headers("GET", len(body), json_mimetype)
serv.wfile.write(body)
def update_file(fileid, meta):
f = fetch_file(fileid)
if f == None:
errlog("Update for fileid %s failed; invalid id"%fileid)
return
cur, con = mysql_connect()
for k in f:
if k in meta and type(meta[k]) != type(f[k]):
valid = False
if type(f[k]) == int:
try:
meta[k] = int(meta[k])
valid = True
except:
valid = False;
if not valid:
errlog("Invalid metadata")
return
extra_meta = {}
for k in meta:
if k not in f:
extra_meta[k] = meta[k]
continue
elif k != "other_meta": f[k] = meta[k]
if f["other_meta"] != "":
other_meta = json.loads(f["other_meta"])
else:
other_meta = {}
for k in extra_meta:
other_meta[k] = extra_meta[k]
f["other_meta"] = json.dumps(other_meta)
types = []
cols = []
values = []
for i,k in enumerate(f):
types.append(filetypes[k])
cols.append(k)
values.append(f[k])
try:
qstr = sql_update("filedata", cols, values, types, ["fileid"], [fileid], [sq.int])
except SQLParamError:
do_param_error(str(f))
raise SQLParamError("file update error")
"""
qstr = "UPDATE filedata SET "
for i,k in enumerate(f):
val = estr(f[k])
if i > 0: qstr += ","
qstr += "%s=%s"%(k, val)
qstr += " WHERE fileid=%d"%fileid
"""
cur.execute(qstr)
con.commit()
def do_GET(self, serv):
elog("fileapi access" + serv.path)
qs = get_qs(serv.path)
if "accessToken" not in qs or ("path" not in qs and "id" not in qs):
serv.send_error(400)
return
tok = qs["accessToken"][0]
userid = do_auth(tok)
if userid == None:
elog("Need user id")
serv.send_error(401)
return
path = qs["path"][0]
if "id" in qs:
fileid = qs["id"][0]
else:
fileid = resolve_path(path)
if fileid == None:
elog("creating new file")
cs = os.path.split(path)
folderid = resolve_path(cs[0])
if folderid == None:
elog("invalid folder " + cs[0])
serv.send_error(401);
return
if len(cs) == 1 or cs[1] == "":
fname = cs[0]
else:
fname = cs[1]
mime = "application/octet-stream"
fileid = create_file(userid, fname, mime, folderid)
meta = fetch_file(fileid);
else:
meta = fetch_file(fileid);
if meta == None:
elog("Invalid file id")
serv.send_error(400)
return
print("\n\nFILE", meta, "\n\n")
if is_folder(meta):
elog("target file is a folder" + meta["name"])
serv.send_error(401)
return
utoken = gen_token("U", userid);
ustatus = UploadStatus()
ustatus.create(utoken, path, userid, fileid, meta["parentid"])
ustatus.commit()
f = open(ustatus.realpath, "w");
f.close();
realpath = ustatus.realpath
cur, con = mysql_connect()
try:
qstr = sql_update("filedata", ["diskpath"], [realpath], [sq.path], ["fileid"], [fileid], [sq.int])
except SQLParamError:
do_param_error("upload start")
serv.send_error(401)
"""
qstr = "UPDATE filedata SET "
qstr += "diskpath=%s"%estr(realpath)
qstr += " WHERE fileid=%d"%fileid
#"""
cur.execute(qstr)
con.commit()
body = json.dumps({"uploadToken" : utoken});
body = bstr(body)
print("\nupload start result:", body, "\n\n\n")
serv.gen_headers("GET", len(body), json_mimetype)
serv.wfile.write(body)
def do_GET(self, serv):
qs = get_qs(serv.path)
if "name" not in qs or "accessToken" not in qs or ("path" not in qs and "id" not in qs):
serv.send_error(400)
return
tok = qs["accessToken"][0]
userid = do_auth(tok)
if userid == None:
serv.send_error(401)
return
if "id" in qs:
folderid = publicid_to_fileid(qs["id"][0])
else:
folderid = [userid, resolve_path(qs["path"][0])]
path = None
if folderid == None:
serv.send_error(400)
return
if userid != folderid[0]:
self.send_error(401)
folderid = folderid[1];
if folderid != 1:
cols = ["fileid", "userid"]
values = [folderid, userid]
types = [sq.int , sq.int]
try:
qstr = sql_selectall("filedata", cols, values, types)
except SQLParamError:
do_param_error("dirnew")
serv.send_error(400)
return
cur, con = mysql_connect()
cur.execute(qstr)
ret = cur.fetchone()
if ret == None:
serv.send_error(400)
return
path = "/" + ret["name"]
while ret != None and ret["parentid"] != ROOT_PARENT_ID:
cols = ["id" ]
values = [ret["parentid"]]
types = [sq.int]
try:
qstr = sql_selectall("filedata", cols, values, types)
except SQLParamError:
do_param_error("dirnew")
serv.send_error(400)
return
cur, con = mysql_connect()
cur.execute(qstr)
ret = cur.fetchone()
if ret != None:
path = ret["name"] + "/" + path
path = path + "/" + qs["name"][0]
else:
path = "/" + qs["name"][0]
print("path", path)
print("folderid", folderid);
#see if folder (or a file) already exists
if resolve_path(path) != None:
serv.send_error(400)
return
id = create_file(userid, qs["name"][0], FOLDER_MIME, folderid);
print("FINAL FOLDER ID:", id, folderid);
body = json.dumps({"success": True})
body = bstr(body)
serv.gen_headers("GET", len(body), json_mimetype)
serv.wfile.write(body)
def do_GET(self, serv):
qs = get_qs(serv.path)
if "accessToken" not in qs or ("path" not in qs and "id" not in qs):
serv.send_error(400)
return
tok = qs["accessToken"][0]
userid = do_auth(tok)
if userid == None:
elog("Invalid access in file api")
serv.send_error(401)
return
if "id" in qs:
folderid = publicid_to_fileid(qs["id"][0])
else:
folderid = [userid, resolve_path(qs["path"][0])]
if folderid == None or folderid[0] != userid:
elog("Bad folder " + str(qs["id"][0]) if folderid == None else "Invalid user " + str(userid) + ", " + str(folderid))
serv.send_error(401)
return
folderid = folderid[1]
types = [sq.int , sq.int ]
cols = ["userid", "parentid"]
values = [userid , folderid ]
try:
qstr = sql_selectall("filedata", cols, values, types)
except SQLParamError:
do_param_error("dirlist")
serv.send_error(400)
return
"""
qstr = "SELECT name,fileid,mimeType FROM filedata "
qstr += "WHERE userid="+estr(userid) + " AND "
qstr += "parentid="+estr(folderid)
"""
cur, con = mysql_connect()
cur.execute(qstr)
ret = cur.fetchall()
files = []
if ret != None:
for row in ret:
f = {}
f["name"] = row["name"]
f["id"] = fileid_to_publicid(row["fileid"], userid)
f["mimeType"] = row["mimeType"]
f["is_dir"] = row["mimeType"] == FOLDER_MIME
files.append(f)
body = json.dumps({"items": files})
body = bstr(body)
serv.gen_headers("GET", len(body), json_mimetype)
serv.wfile.write(body)
