include_dirs = ['lib', 'pages'] for dirname in include_dirs: sys.path.append(os.path.dirname(__file__) + '/' + dirname) # Change to the directory this file is located in os.chdir(os.path.dirname(__file__)) # Turn on/off debugging web.config.debug = False # Import our libraries import sessiondb import wputil import wpauth log = wputil.Log('index') # Import our html pages import account import login urls = ('', wputil.slashy, '/account', account.app_account, '/login', login.app_login, '/logout', 'logout', '/', 'index') # Create application app = web.application(urls, locals()) # Start the session and stick it in a database sdb = sessiondb.SessionDB(app)
#!/usr/bin/python import os import sys import web import json import mimerender import wputil log = wputil.Log('account_rest') import wpauth import accountdb mimerender = mimerender.WebPyMimeRender() # These are the URLs we watch for. We don't see the prepended /account portion # in this module because the index.py runs us as a subapplication. urls = ('(.*)', 'default') render_json = lambda **kwargs: json.dumps(kwargs, cls=wputil.CustomEncoder) class default: """ The REST functions for managing accounts """ @wpauth.oauth_protect @mimerender(default='json', override_input_key='format', json=render_json) def GET(self, get_string=''): log.loggit('default.GET()')
#!/usr/bin/python import os import sys import web from credentials import Credentials import wputil log = wputil.Log('sessiondb') SESSION_DB = 'sessions' class SessionDB(object): """ SessionDB() - abstracts the database access away for accounts """ def __init__(self, app): """ The database credentials are stored in the Credentials class which is generated by the dbconfig-common package via debconf. """ log.loggit('SessionDB()') self.app = app self.db = web.database(dbn='postgres', db=Credentials.dbdefault, user=Credentials.dbuser, pw=Credentials.dbpassword) self.store = web.session.DBStore(self.db, SESSION_DB) self.session = web.session.Session(self.app, self.store)
#!/usr/bin/python import os import sys import web from mimerender import mimerender import wputil log = wputil.Log('account') import wpauth import accountdb import account_rest import account_create import account_review import account_update import account_delete # These are the URLs we watch for. We don't see the prepended /account portion # in this module because the index.py runs us as a subapplication. urls = ('', wputil.slashy, '/rest', account_rest.app_account_rest, '/create', account_create.app_account_create, '/review', account_review.app_account_review, '/update', account_update.app_account_update, '/delete', account_delete.app_account_delete, '/', 'default') htmlout = web.template.render('templates/', base='layout') render_html = lambda **kwargs: htmlout.account(kwargs)
#!/usr/bin/python import os import sys import web import json from mimerender import mimerender import wputil import wpauth import accountdb log = wputil.Log('login') login_form = web.form.Form( web.form.Hidden("backto", description="URL to return to"), web.form.Textbox("username", web.form.notnull, description="Username"), web.form.Password("password", web.form.notnull, description="Password"), web.form.Button("submit", type="submit", html="Login"), web.form.Button("cancel", type="cancel", html="Cancel"), ) # Instantiate HTML templates htmlout = web.template.render('templates/', base='layout') render_html = lambda **kwargs: htmlout.login(kwargs) render_json = lambda **kwargs: json.dumps(kwargs, cls=wputil.CustomEncoder) # These are the URLs we watch for. We don't see the prepended /login portion # in this module because the index.py runs us as a subapplication.
#!/usr/bin/python import os import sys import web import json import string import random from mimerender import mimerender import wputil log = wputil.Log('account_create') import wpauth import accountdb # # HTML Form definitions start here # vpass = web.form.regexp(r".{4,64}$", 'must be between 4 and 64 characters') account_form = web.form.Form( web.form.Textbox('username', web.form.notnull, description='Username'), web.form.Password('password', web.form.notnull, vpass, description='Password'), web.form.Password('password2', web.form.notnull, description='Repeat password'), web.form.Dropdown('role',
#!/usr/bin/python import os import sys import web import json import mimerender import wputil log = wputil.Log('account_delete') import wpauth import accountdb mimerender = mimerender.WebPyMimeRender() # # HTML Form definitions start here # delete_confirmation_form = web.form.Form( web.form.Hidden("username", description="Username"), web.form.Button("submit", type="submit", html="Confirm Deletion"), web.form.Button("cancel", type="cancel", html="Cancel"), ) # These are the URLs we watch for. We don't see the prepended /account portion # in this module because the index.py runs us as a subapplication. urls = ('', wputil.slashy, '/(.*)', 'delete') htmlout = web.template.render('templates/', base='layout')
#!/usr/bin/python import os import sys import web import time from credentials import Credentials from passlib.apps import custom_app_context as pwd_context import wputil log = wputil.Log('accountdb') INFO_BLACKLIST = [ 'username', 'password', 'password2', 'submit', 'cancel', 'oauth_body_hash', 'oauth_nonce', 'oauth_timestamp', 'oauth_consumer_key', 'oauth_signature_method', 'oauth_version', 'oauth_signature' ] class AccountDB(object): """ AccountDB() - abstracts the database access away for accounts """ def __init__( self ): """ The database credentials are stored in the Credentials class which is generated by the dbconfig-common package via debconf. """ log.loggit( 'AccountDB()' )
#!/usr/bin/python import os import sys import web import json import mimerender import wputil log = wputil.Log('account_update') import wpauth import accountdb mimerender = mimerender.WebPyMimeRender() # # HTML Form definitions start here # vpass = web.form.regexp(r".{4,64}$", 'must be between 4 and 64 characters') account_form = web.form.Form(web.form.Hidden('id', description='Id'), web.form.Textbox('username', web.form.notnull, description='Username'), web.form.Password('password', web.form.notnull, vpass, description='Password'), web.form.Password('password2', web.form.notnull,
#!/usr/bin/python import re import web import base64 import oauth2 import urllib import passlib import accountdb import wputil log = wputil.Log('wpauth') UNAUTHORIZED_MESSAGE = 'You are not authorized to access this content' UNAUTHORIZED_HEADERS = {'WWW-Authenticate': 'Basic realm="Webpy Example"'} """ This module provides four different function dectorators to control access. o User must be logged in via application using web.py sessions o User must be logged and an administrator role in via application using web.py sessions o HTTP Basic authentication, which pops up a user login box in the browser o OAuth authentication (two leg option) using key/secret pairs The Session logins are mostly for the web-based interface. The OAuth is mostly for the REST API. HTTP Basic was implemented to restrict access during development. The decorators are applied to each GET/POST/PUT/DELETE function requiring protection. Here is an example:
#!/usr/bin/python import os import sys import web import json import mimerender import wputil log = wputil.Log('account_review') import accountdb adb = accountdb.AccountDB() mimerender = mimerender.WebPyMimeRender() # These are the URLs we watch for. We don't see the prepended /account portion # in this module because the index.py runs us as a subapplication. urls = ('', wputil.slashy, '/(.*)', 'review') htmlout = web.template.render('templates/', base='layout') render_html = lambda **kwargs: htmlout.account_review(kwargs) class review: """ This class handles the GET method for the /account/review URL. This class displays the individual record based upon the URL. For example: http://xx.xx.xx.xx/account/review/tom <-- look at record with username of tom