def api_vnf_init_config(vnf_id): if auth_method == 'gatekeeper': if not gatekeeper_authentication(request.get_header('X-Auth-Token')): abort(401) elif auth_method == 'basic': user, passwd = parse_auth(request.get_header('Authorization')) if not check_credentials(user, passwd): abort(401) print "\n######## VNF INITIAL CONFIGURATION ########\n" print "VNF Validation: " if validate_VNF(vnf_id): print "Ok" print "\nRetrieving VNF Configuration: \n" try: vnfm_request = loads(request.body.getvalue()) print vnfm_request except: print "Fail: Unable to retrieve VNF Configuration" print "\n############## END ##############\n" abort(400) finally: print "\nStarting VNF initial configuration workflow\n" response = initial_configuration(vnf_id, vnfm_request) if not response: print "Fail: Unable to configure VNF" print "\n############## END ##############\n" abort(500) else: print "Fail: VNF not found" print "\n############## END ##############\n" abort(404)
def api_get_vnf_config(vnf_id): if auth_method == 'gatekeeper': if not gatekeeper_authentication(request.get_header('X-Auth-Token')): abort(401) elif auth_method == 'basic': user, passwd = parse_auth(request.get_header('Authorization')) if not check_credentials(user, passwd): abort(401) print "\n######## RETRIEVE VNF CURRENT CONFIGURATION ########\n" print "VNF Validation: " if validate_VNF(vnf_id): print "Ok" print "\nRetrieve Configuration workflow \n" conf_obj = get_current_configuration(vnf_id) if not conf_obj: print "\nThe VNF has not been configured\n" print "\n############## END ##############\n" abort(404) else: print "\n############## END ##############\n" return conf_obj else: print "Fail: VNF not found" print "\n############## END ##############\n" abort(404)
def api_delete_vnf(vnf_id): if auth_method == 'gatekeeper': if not gatekeeper_authentication(request.get_header('X-Auth-Token')): abort(401) if auth_method == 'basic': print "basic authentication" user, passwd = parse_auth(request.get_header('Authorization')) if not check_credentials(user, passwd): abort(401) print "\n######## DELETE VNF CONFIGURATION API ########\n" print "VNF Validation: " if validate_VNF(vnf_id): print "Ok\n" try: vnfm_request = loads(request.body.getvalue()) except: vnfm_request = None finally: print "\nStarting VNF removal workflow\n" response = delete_vnf(vnf_id, vnfm_request) if not response: print "Fail: the VNF could not be removed\n" print "\n############## END ##############\n" abort(500) print "\n############## END ##############\n" else: print "Fail: VNF not found" print "\n############## END ##############\n" abort(404)
def get_language(self): lang = [None] if len(request.script_name) > 3: tmp_lang = request.script_name[-3:-1] if tmp_lang in self.allowed_languages: return ([tmp_lang, self.allowed_languages[0]], False) # Handle longer languages like zh_TW if len(request.script_name) > 6 and request.script_name[-4] == "_": tmp_lang = request.script_name[-6:-1] if tmp_lang in self.allowed_languages: return ([tmp_lang, self.allowed_languages[0]], False) lang = [None] if not lang[0] and request.get_header('Accept-Language'): lang = request.get_header('Accept-Language') lang = lang.split(',') lang = [x.split(";")[0] for x in lang] lang = [x.split("-")[0] for x in lang] lang = [x for x in lang if x in self.allowed_languages] if len(lang) > 0 and lang[0]: lang.append(self.allowed_languages[0]) res = [] for l in lang: if not l in res: res.append(l) return (res, True) else: return (self.allowed_languages, True)
def request_reset(): """ Password reset form POST endpoint. """ email = request.forms.get('email') user = local.model.get_user(username=email) if user is None: # Redirect back to form page return redirect_with_query('/account/reset', { 'error': "User with email %s not found." % email }) # Generate reset code reset_code = local.model.new_user_reset_code(user.user_id) # Send code hostname = request.get_header('X-Forwarded-Host') or request.get_header('Host') user_name = user.first_name or user.user_name local.emailer.send_email( subject="CodaLab password reset link", body=template('password_reset_body', user=user_name, current_site=hostname, code=reset_code), recipient=email, ) # Redirect to success page return redirect('/account/reset/sent')
def get_language(self): lang = [None] # Remove old no longer used cookie 'lang' if request.get_cookie('lang'): response.delete_cookie('lang', path="/") if len(request.script_name) > 3: lang = [request.script_name[-3:-1], self.allowed_languages[0]] if lang[0] not in self.allowed_languages: lang = [None] else: return (lang, False) if not lang[0] and request.get_cookie('lang'): lang = [request.get_cookie('lang')] if lang[0] not in self.allowed_languages: lang = [None] if not lang[0] and request.get_header('Accept-Language'): lang = request.get_header('Accept-Language') lang = lang.split(',') lang = [x.split(";")[0] for x in lang] lang = [x.split("-")[0] for x in lang] lang = [x for x in lang if x in self.allowed_languages] if len(lang) > 0 and lang[0]: lang.append(self.allowed_languages[0]) res = [] for l in lang: if not l in res: res.append(l) return (res, True) else: return (self.allowed_languages, True)
def fn_error(error): try: error.content_type = CONTENT_TYPE if request.get_header("Origin"): error.set_header( "Access-Control-Allow-Origin", "*" ) if request.get_header("Access-Control-Request-Headers"): error.set_header( "Access-Control-Allow-Headers", request.get_header("Access-Control-Request-Headers") ) if request.get_header("Access-Control-Request-Method"): error.set_header( "Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS" ) doc = JsonAPIResponse(request.url) err = JsonAPIError(code=error.status, title=error.body) doc.errors.append(err) return json.dumps(dict(doc), sort_keys=True) except: logging.error("".join(traceback.format_exception(*sys.exc_info())))
def post_message(): from_member_id = request.get_header('userToken') subject = request.json['subject'] message_contents = request.json['messageContents'] messageType = request.json['messageType'] retObj = {} if messageType == 'single': to_member_id = request.json['toMemberId'] message_id = messages.send_message(from_member_id, to_member_id, subject, message_contents) retObj = {"messageId": message_id} elif messageType == 'broadcast': start_time = time.time() if request.get_header('DD-Process-Type') == 'simple': message_id = messages.send_broadcast_thinDatabase(from_member_id, subject, message_contents) else: message_id = messages.send_broadcast_thickDatabase(from_member_id, subject, message_contents) retObj = {"messageCount": message_id, "executionTime":(time.time() - start_time)} response.status = 201 return retObj
def format_NCSA_log(request, response, bodylen): """ Apache log format 'NCSA extended/combined log': "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" see http://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat """ # Let's collect log values val = dict() val['host'] = request.remote_addr or request.remote_route[0] val['logname'] = '-' val['user'] = '******' val['time'] = dt.now(tz=Local).strftime("%d/%b/%Y:%H:%M:%S %z") val['request'] = "{} {} {}".format( request.method, request.path, request.environ.get('SERVER_PROTOCOL', '') ) val['status'] = response.status_code val['size'] = bodylen val['referer'] = request.get_header('Referer','') val['agent'] = request.get_header('User-agent','') # see http://docs.python.org/3/library/string.html#format-string-syntax FORMAT = '{host} {logname} {user} [{time}] "{request}" ' FORMAT += '{status} {size} "{referer}" "{agent}"' return FORMAT.format(**val)
def get_members(): member_id = request.get_header('userToken') search_string = request.query['searchString'] if 'maxDistance' in request.query: max_distance = request.query['maxDistance'] else: max_distance = None if 'limit' in request.query: limit = request.query['limit'] else: limit = None start_time = time.time() if request.get_header('DD-Process-Type') == 'simple': members_list = members.do_search_thinDatabase(member_id, search_string, limit) elif request.get_header('DD-Process-Type') == 'spatial': members_list = members.do_search_spatial(member_id, search_string, max_distance, limit) else: members_list = members.do_search_text(member_id, search_string, limit) members_return = [] for member in members_list: members_return.append({"memberId": member[0], "name": member[1]}) return {"items": members_return, "executionTime":(time.time() - start_time)}
def wrapped(*args, **kwargs): print request.get_header('Authorization') if (self.is_logged_in_by_beaker() or self.is_auth_by_header()): return func(*args, **kwargs) else: response.status = 401 response.set_header('www-authenticate', 'Basic realm="Henry"')
def send_verification_key(username, email, key): # Send verification key to given email address hostname = request.get_header('X-Forwarded-Host') or request.get_header('Host') local.emailer.send_email( subject="Verify your new CodaLab account", body=template('email_verification_body', user=username, current_site=hostname, key=key), recipient=email, )
def outer(*args, **kwargs): response.content_type = CONTENT_TYPE if request.get_header("Origin"): response.set_header( "Access-Control-Allow-Origin", "*" ) if request.get_header("Access-Control-Request-Headers"): response.set_header( "Access-Control-Allow-Headers", request.get_header("Access-Control-Request-Headers") ) if request.get_header("Access-Control-Request-Method"): response.set_header( "Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS" ) try: return fn(*args, **kwargs) except ValueError: logging.error("".join(traceback.format_exception(*sys.exc_info()))) abort(400, "Could not parse request. Be sure to use valid JSON.") except IntegrityError as e: if str(e).startswith("NOT NULL constraint"): field = e.message.split(": ")[1] if field.endswith("_id"): field = field[:-3] abort(400, field + " cannot be null") if "UNIQUE constraint" in str(e): abort(409, "This id is already taken.") abort(400, e) except AssertionError as e: abort(400, e) except JsonAPIException as e: abort(e.status, e) except Exception as e: if e.__class__.__name__.endswith("DoesNotExist"): abort(404, "The requested resource does not exist.") if str(e).startswith("Instance matching query"): abort(400, "Trying to set relationship with invalid resource.") # log this unknown error logging.error("".join(traceback.format_exception(*sys.exc_info()))) abort(500, e)
def _get_session_from_header(self): request_id = request.environ.get('REQUEST_ID', None) self.log.debug('{0} trying to get session from header'.format(request_id)) result = {} _id = request.get_header('X-SID', False) token = request.get_header('X-TOKEN', False) if _id and token: result['_id'] = _id result['token'] = token self.log.debug('{0} success trying to get session from header'.format(request_id)) return result self.log.debug('{0} failed trying to get session from header'.format(request_id))
def service_desc(): ''' route for DIAL service discovery ''' response.set_header('Access-Control-Allow-Method', 'GET, POST, DELETE, OPTIONS') response.set_header('Access-Control-Expose-Headers', 'Location') response.set_header('Application-URL', 'http://{}/apps'.format(request.get_header('host'))) response.set_header('Content-Type', 'application/xml') return build_template(__device__).render( friendlyName=Kodicast.friendlyName, uuid=Kodicast.uuid, path="http://%s" % request.get_header('host'))
def post_message(): count = dao.incr_count() body = request.json messages = { 'sender': request.get_header('uniqys-sender'), 'timestamp': request.get_header('uniqys-timestamp'), 'blockhash': request.get_header('uniqys-blockhash'), 'contents': body['message'] } dao.set_message(count, messages)
def sapi(path): path = path.split("/") path = list(filter(None, path)) headers = request.headers if request.get_header( "Content-Type" ) is not None and "application/json" in request.get_header("Content-Type"): keys = request.json else: keys = FormsDict.decode(request.params) auth = request.auth return compliant_api.handle(path, keys, headers, auth)
def send_verification_key(username, email, key): # Send verification key to given email address hostname = request.get_header('X-Forwarded-Host') or request.get_header( 'Host') local.emailer.send_email( subject="Verify your CodaLab account", body=template('email_verification_body', user=username, current_site=hostname, key=key), recipient=email, )
def _process_result(the_obj): response.set_header('Accept', '*') response.set_header(name="Access-Control-Allow-Origin", value=request.get_header("Origin","*")) if request.get_header("Origin",""): response.set_header(name="Access-Control-Allow-Credentials", value="true") response.set_header('Access-Control-Allow-Headers', 'Content-Type, Accept') response.set_header('Access-Control-Allow-Methods', '*') response.content_type = 'application/json' result = util.json_dumps(the_obj) cfg.logger.warning('result: %s', result) return result
def authUser(usr,pw): if appconfig.config['api_users']['username'] == usr and appconfig.config['api_users']['password'] == pw : if request.get_header("x-api-key",None) != None: apikey = request.get_header("x-api-key",None) query = ("Select * From staff ") cursor = conn.cursor(buffered = True) try: cursor.execute(query) return True except mysql.connector.Error as error: print("failed executing query",error) return False
def outer(*args, **kwargs): response.content_type = CONTENT_TYPE if request.get_header("Origin"): response.set_header("Access-Control-Allow-Origin", "*") if request.get_header("Access-Control-Request-Headers"): response.set_header( "Access-Control-Allow-Headers", request.get_header("Access-Control-Request-Headers")) if request.get_header("Access-Control-Request-Method"): response.set_header("Access-Control-Allow-Methods", "GET, POST, PATCH, DELETE, OPTIONS") try: return fn(*args, **kwargs) except ValueError: logging.error("".join(traceback.format_exception(*sys.exc_info()))) abort(400, "Could not parse request. Be sure to use valid JSON.") except IntegrityError as e: if str(e).startswith("NOT NULL constraint"): field = e.message.split(": ")[1] if field.endswith("_id"): field = field[:-3] abort(400, field + " cannot be null") if "UNIQUE constraint" in str(e): abort(409, "This id is already taken.") abort(400, e) except AssertionError as e: abort(400, e) except JsonAPIException as e: abort(e.status, e) except Exception as e: if e.__class__.__name__.endswith("DoesNotExist"): abort(404, "The requested resource does not exist.") if str(e).startswith("Instance matching query"): abort(400, "Trying to set relationship with invalid resource.") # log this unknown error logging.error("".join(traceback.format_exception(*sys.exc_info()))) abort(500, e)
def post_members(): email = request.json['email'] name = request.json['name'] password = request.json['password'] dinosaur_id = request.json['dinosaurId'] location_id = request.json['locationId'] about_yourself = request.json['aboutYourself'] trilobitcoin_number = request.json['trilobitcoinNumber'] amount = request.json['amount'] response.content_type = 'application/json' start_time = time.time() try: if name is None or password is None: member_id = None elif request.get_header('DD-Process-Type') == 'simple': member = members.process_registration_thinDatabase(email, name, password, dinosaur_id, location_id, about_yourself, trilobitcoin_number, amount) elif request.get_header('DD-Process-Type') == 'plsql': member = members.process_registration_thickDatabase(email, name, password, dinosaur_id, location_id, about_yourself, trilobitcoin_number, amount) else: member = members.process_registration_aq(email, name, password, dinosaur_id, location_id, about_yourself, trilobitcoin_number, amount) except cx_Oracle.DatabaseError as exc: error, = exc.args if error.code == 1: response.status = 409 return {"error": "name must be unique"} else: response.status = 500 return {"error": error.message} response.status = 201 return { 'member': {"id": member[0], "name": member[1], "locationName": member[2], "city": member[3], "state": member[4], "postalCode": member[5], "country": member[6], "speciesName": member[7], "aboutYourself": str(member[8]), "email": member[9] }, 'token': 'afdja;dgag', 'executionTime':(time.time() - start_time) }
def index(): req = prepare_bottle_request(request) auth = init_saml_auth(req) errors = [] not_auth_warn = False success_slo = False attributes = False paint_logout = False session = request.environ['beaker.session'] if 'sso' in request.query: return_to = '{0}://{1}/'.format(request.urlparts.scheme, request.get_header('host')) return redirect(auth.login(return_to)) elif 'sso2' in request.query: return_to = '{0}://{1}/attrs/'.format(request.urlparts.scheme, request.get_header('host')) return redirect(auth.login(return_to)) elif 'slo' in request.query: name_id = None session_index = None if 'samlNameId' in session: name_id = session['samlNameId'] if 'samlSessionIndex' in session: session_index = session['samlSessionIndex'] return redirect( auth.logout(name_id=name_id, session_index=session_index)) elif 'sls' in request.query: dscb = lambda: session.clear() url = auth.process_slo(delete_session_cb=dscb) errors = auth.get_errors() if len(errors) == 0: if url is not None: return redirect(url) else: success_slo = True if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() return { 'errors': errors, 'not_auth_warn': not_auth_warn, 'success_slo': success_slo, 'attributes': attributes, 'paint_logout': paint_logout }
def wrapper(*a, **ka): if required or terrariumUtils.is_true(self.__terrariumEngine.config.get_system()['always_authenticate']): user, password = request.auth or (None, None) ip = request.remote_addr if request.get_header('X-Real-Ip') is None else request.get_header('X-Real-Ip') if user is None or not check(user, password): err = HTTPError(401, text) err.add_header('WWW-Authenticate', 'Basic realm="%s"' % realm) if user is not None or password is not None: self.__terrariumEngine.notification.message('authentication_warning',{'ip' : ip, 'username' : user, 'password' : password},[]) logger.warning('Incorrect login detected using username \'{}\' and password \'{}\' from ip {}'.format(user,password,ip)) return err return func(*a, **ka)
def wrapped(*args, **kwargs): print request.get_header('Authorization') if (self.is_logged_in_by_beaker() or self.is_auth_by_header()): user = get_user(request)['username'] db_user = get_user_info(self.db.session, user) if db_user.level >= level: return func(*args, **kwargs) else: response.status = 401 response.set_header('www-authenticate', 'Basic realm="Henry"') else: response.status = 401 response.set_header('www-authenticate', 'Basic realm="Henry"')
def wrapper(*args, **kwargs): print "Request:" + str(request.get_header("X-Auth-Token")) print role token = request.get_header("X-Auth-Token") if not token: raise HTTPError(401) token = str(request.get_header("X-Auth-Token")) user = getUserFromToken(token) if not user: raise HTTPError(401) if role: if not user.hasRole(role): raise HTTPError(403) return f(*args, **kwargs)
def report_put(): ''' HTTP PUT to upload a data file ''' contentType = request.get_header('Content-Type') if contentType == None: abort(500, 'missing Content-Type') dataTypes = contentType.split(';') recordId = request.get_header('record-id') reporter = Reporter() result = reporter.report_put(dataTypes, recordId, request.body) if 'error' in result: abort(500, result['error']) else: return result
def report_put(): ''' HTTP PUT to upload a data file ''' contentType=request.get_header('Content-Type') if contentType==None: abort(500,'missing Content-Type') dataTypes = contentType.split(';') recordId=request.get_header('record-id') reporter=Reporter() result=reporter.report_put(dataTypes,recordId,request.body) if 'error' in result: abort(500,result['error']) else: return result
def post_broadcast(): from_member_id = request.get_header('userToken') subject = request.json['subject'] message_contents = request.json['messageContents'] start_time = time.time() if request.get_header('DD-Process-Type') == 'simple': message_id = messages.send_broadcast_thinDatabase(from_member_id, subject, message_contents) else: message_id = messages.send_broadcast_thickDatabase(from_member_id, subject, message_contents) response.status = 201 return {"messageCount": message_id, "executionTime":(time.time() - start_time)}
def index(): req = prepare_bottle_request(request) auth = init_saml_auth(req) errors = [] not_auth_warn = False success_slo = False attributes = False paint_logout = False session = request.environ['beaker.session'] if 'sso' in request.query: return_to = '{0}://{1}/'.format(request.urlparts.scheme, request.get_header('host')) return redirect(auth.login(return_to)) elif 'sso2' in request.query: return_to = '{0}://{1}/attrs/'.format(request.urlparts.scheme, request.get_header('host')) return redirect(auth.login(return_to)) elif 'slo' in request.query: name_id = None session_index = None if 'samlNameId' in session: name_id = session['samlNameId'] if 'samlSessionIndex' in session: session_index = session['samlSessionIndex'] return redirect(auth.logout(name_id=name_id, session_index=session_index)) elif 'sls' in request.query: dscb = lambda: session.clear() url = auth.process_slo(delete_session_cb=dscb) errors = auth.get_errors() if len(errors) == 0: if url is not None: return redirect(url) else: success_slo = True if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() return { 'errors':errors, 'not_auth_warn':not_auth_warn, 'success_slo':success_slo, 'attributes':attributes, 'paint_logout':paint_logout }
def get_recipes(): response.content_type = 'application/json' search_criteria = request.get_header('filter') if search_criteria is None: return dumps([p.__dict__ for p in db_utils.get_all_recipes()]) else: return dumps([p.__dict__ for p in db_utils.find_recipes(loads(search_criteria))])
def filter(): time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') if request.json == None: print('hackey外からのアクセスが確認されました') descp = request.query.get('descp') event = request.query.get('event') device_id = confs.entries[descp].hackey_id else: print('hackeyからのアクセスが確認されました') content_type = request.get_header('Content-Type') if content_type != 'application/json': # JSON 以外なら処理終了 print('不正な Content_Type です:' + content_type) return False device_id = request.json['hackey']['device_id'] descp = confs.hackeys[device_id].description event = request.json['hackey']['event'] try: if event == 'turn_on': event_mes = 'ネットワーク遮断' result = confs.entries[descp].turn_on() else: event_mes = 'ネットワーク開放' result = confs.entries[descp].turn_off() except Exception: result = False if result: mes = '成功' else: mes = '失敗' make_mail_content(descp, event_mes, mes, time, device_id) return str(confs.entries[descp].update_stat())
def call_api(func, args=""): add_header(response) s = request.environ.get('beaker.session') auth = parse_auth(request.get_header('Authorization', '')) # TODO: session as GET if 'session' in request.POST: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.POST['session'], "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return HTTPError(403, dumps("Forbidden")) if not PYLOAD.isAuthorized(func, api.user): return HTTPError(401, dumps("Unauthorized")) args = args.split("/")[1:] kwargs = {} for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): if x == "session": continue kwargs[x] = unquote(y) try: return callApi(api, func, *args, **kwargs) except ExceptionObject, e: return HTTPError(400, dumps(e))
def login(): add_json_header(response) username = request.params.get("username") password = request.params.get("password") user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return json_response(False) s = set_session(request, user) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] # reuse old session id except: sid = request.get_header(session.options['key']) result = BaseEncoder().default(user) result["session"] = sid # Return full user information if needed if request.params.get('user', None): return dumps(result) return json_response(sid)
def serve_static(path): # save if this resource is available as gz if path not in GZIPPED: GZIPPED[path] = exists(join(APP_ROOT, path + ".gz")) # gzipped and clients accepts it # TODO: index.html is not gzipped, because of template processing gzipped = False if GZIPPED[path] and "gzip" in request.get_header("Accept-Encoding", "") and path != "index.html": gzipped = True path += ".gz" resp = static_file(path, root=APP_ROOT) # Also serve from .tmp folder in dev mode if resp.status_code == 404 and APP_PATH == "app": resp = static_file(path, root=join(PROJECT_DIR, '.tmp')) if path.endswith(".html") or path.endswith(".html.gz"): # tell the browser all html files must be revalidated resp.headers["Cache-Control"] = "must-revalidate" elif resp.status_code == 200: # expires after 7 days resp.headers['Expires'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime(time.time() + 60 * 60 * 24 * 7)) resp.headers['Cache-control'] = "public" if gzipped: resp.headers['Vary'] = 'Accept-Encoding' resp.headers['Content-Encoding'] = 'gzip' return resp
def create_route(): global seq_num ct = request.get_header('content-type') if ct != 'application/json': return abort(response, 400, [ "request content-type unacceptable: body must be " "'application/json' (was '{0}')".format(ct) ]) msg = request.json clientRequest = { 'urlparts': { "netloc": request.urlparts.netloc, "scheme": request.urlparts.scheme } } seq_num += 1 v_global = seq_num.value print "Printing Seq Number" print v_global msg.update({'METHOD': 'POST'}) msg.update({'ROUTE': 'users'}) msg.update({'clientRequest': clientRequest}) msg.update({'opnum': v_global}) json_body_A = json.dumps(msg) print json_body_A msg_a.set_body(json_body_A) result = send_msg_ob.send_msg(msg_a, msg_a) response.status = result['response'] return result['result']
def test(): #print request.headers msg = '{"abc89": 191}' token = msgMgr.send(msg) adid = request.get_header("adid", None) print adid return token
def check(**kwargs): cookie = request.get_cookie('XSRF-TOKEN') if cookie == None: abort(401, "Authentication error") header = request.get_header('X-XSRF-TOKEN', None) if header == None: abort(401, "Authentication error") header = header[1:-1] # seems like the header is between quotes if header != cookie: print "HEADER %s CO %s" % (header, cookie) # CSRF protection abort(401, "Authentication error") token_data = token_dict.get(cookie, None) if token_data == None: abort(401, "Authentication error") # if token is older than four hours, invalidate it if token_data["creation_date"] - datetime.datetime.now( ) > datetime.timedelta(0, 4 * 60 * 60): response.status = 401 del token_dict[cookie] return return fn(**kwargs)
def webhooks_callback(): # Get the JSON body and HMAC-SHA1 signature of the POST request callback_body = request.body.getvalue() callback_signature = request.get_header('X-Square-Signature', default='') # Validate the signature if not is_valid_callback(callback_body, callback_signature): # Fail if the signature is invalid print 'Webhook event with invalid signature detected!' return # Load the JSON body into a Python dict callback_body_dict = json.loads(callback_body) # If the notification indicates a PAYMENT_UPDATED event... if 'event_type' in callback_body_dict and callback_body_dict[ 'event_type'] == 'PAYMENT_UPDATED': # Get the ID of the updated payment payment_id = callback_body_dict['entity_id'] # Send a request to the Retrieve Payment endpoint to get the updated payment's full details connection = httplib.HTTPSConnection('connect.squareup.com') connection.request('GET', '/v1/me/payments/' + payment_id, '', request_headers) connect_response_body = json.loads(connection.getresponse().read()) # Perform an action based on the returned payment (in this case, simply print the payment) print connect_response_body # The HMAC-SHA1 signature was valid, but the request wasn't for a PAYMENT_UPDATED event. else: print 'Unknown webhook event type detected!'
def send_help_message(): message = request.json['message'] if 'server' in local.config and 'support_email' not in local.config[ 'server']: print('Warning: No support_email configured, so no email sent.', file=sys.stderr) print('User\'s message: %s' % message, file=sys.stderr) return support_email = local.config['server']['support_email'] username = request.user.user_name user_email = request.user.email originUrl = request.get_header('Referer') first_name = request.user.first_name if request.user.first_name else '' last_name = request.user.last_name if request.user.last_name else '' real_name = "%s %s" % (first_name, last_name) message = message.encode('utf-8') local.emailer.send_email( subject="Message from %s" % user_email, body=template( 'help_message_to_codalab_body', real_name=real_name, username=username, email=user_email, message=message, originUrl=originUrl, ), recipient=support_email, sender=user_email, charset='utf-8', )
def get_hits(): print(request) count = 50 auth = request.get_header('Authorization') if not authenticate(auth): return # update data try: status = str(request.query.status) except ValueError: status = HIT_STATUS_REVIEW try: cutoff = int(request.query.cutoff) except ValueError: cutoff = hitmanager.HitDBManager.MAX_HIT_ID if (request.query.count): count = int(request.query.count) print('client requested %i hits with %s status, from %i' % (count, status, cutoff)) hits = get_manager().all_hits(status, cutoff) total_hits = len(hits) print('hitmanager returned %i hits' % total_hits) hits = sorted(hits, key=lambda k: k['id'], reverse=True) hits = hits[:count] print("returned %i hits" % len(hits)) return {'hits': hits, 'total_count': total_hits}
def events(): log = get_logger() if not compare_event_signature(): log.warning('Recevied an event with a bad signature') response.status = '403 Unauthorized' return {"error": "Bad event signature"} event = request.get_header('X-GitHub-Event') json = request.json repository = json['repository']['full_name'] log.debug('Received an event %s', event) if repository != REPO: response.status = '403 Unauthorized' return {"error": "Unhandled repo %s" % repository} if event == 'ping': log.info('Success: got a ping from github!') return {'response': 'pong'} elif event == 'push': p = Process(target=handle_push, args=(json, )) p.daemon = True p.start() return {'status': 'Started handling push'} response.status = '500 Internal Error' return {"error": "Unhandled event %s" % event}
def doc_csv(k, doc_id, threshold=0.2): etag = _generate_etag(self.v[k]) if request.get_header('If-None-Match', '') == etag: response.status = 304 return "Not Modified" if k not in self.topic_range: response.status = 400 # Not Found return "No model for k = {}".format(k) response.set_header('Etag', etag) response.content_type = 'text/csv; charset=UTF8' try: data = self.v[k].dist_doc_doc(doc_id) except KeyError: data = self.v[k].dist_doc_doc(doc_id.decode('utf-8')) if sys.version_info[0] == 3: output = StringIO() else: output = BytesIO() writer = csv.writer(output) writer.writerow(['doc', 'prob']) writer.writerows([(d, "%6f" % p) for d, p in data if p > threshold]) return output.getvalue()
def doc_topic_csv(k, doc_id): etag = _generate_etag(self.v[k]) # Check for an "If-None-Match" tag in the header if request.get_header('If-None-Match', '') == etag: response.status = 304 return "Not Modified" response.set_header("Etag", etag) #response.set_header('Cache-Control', 'max-age=120') if k not in self.topic_range: response.status = 400 # Not Found return "No model for k = {}".format(k) response.content_type = 'text/csv; charset=UTF8' try: data = self.v[k].doc_topics(doc_id) except KeyErrror: data = self.v[k].doc_topics(doc_id.decode('utf-8')) if sys.version_info[0] == 3: output = StringIO() else: output = BytesIO() writer = csv.writer(output) writer.writerow(['topic', 'prob']) writer.writerows([(t, "%6f" % p) for t, p in data]) return output.getvalue()
def login(): add_header(response) username = request.params.get("username") password = request.params.get("password") user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return dumps(False) s = set_session(request, user) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] # reuse old session id except: sid = request.get_header(session.options['key']) result = BaseEncoder().default(user) result["session"] = sid # Return full user information if needed if request.params.get('user', None): return dumps(result) return dumps(sid)
def getRooms(): pg = request.params[support.FieldDict['PAGE']] sortOrder = request.params[support.FieldDict['SORTORDER']] sortOn = request.params[support.FieldDict['SORTON']] sortData = None if support.FieldDict['SORTDATA'] in request.params: sortData = request.params[support.FieldDict['SORTDATA']] reqObj = { support.FieldDict['PAGE']: int(pg), support.FieldDict['SORTORDER']: int(sortOrder), support.FieldDict['SORTON']: int(sortOn) } if sortData is not None: reqObj[support.FieldDict['SORTDATA']] = sortData adid = request.get_header(support.FieldHeaderDict['ADID'], None) if adid is None: return None #userId = request.get_header(support.FieldDict['MODELID'], None) #if userId is None: # return None data = JSONEncoder().encode(reqObj) print data msg = JSONEncoder().encode({ support.FieldDict['APIMETHOD']: support.ApiMethods1.Api_ListRoom.value - 1, support.FieldDict['ADID']: adid, support.FieldDict['DATA']: data }) token = msgMgr.send(msg) print token return token
def verify_auth(): token = request.get_header('X-Auth-Token') or request.get_cookie('session_id') session_user = sessions.verify_session(token) if session_user: access = users.get_access_level(session_user) return (session_user, access) return False
def serve_static(filename): # save if this resource is available as gz if filename not in GZIPPED: GZIPPED[filename] = os.path.isfile( os.path.join(APPDIR, filename + ".gz")) # gzipped and clients accepts it # TODO: index.html is not gzipped, because of template processing gzipped = False if GZIPPED[filename] and "gzip" in request.get_header( "Accept-Encoding", "") and filename != "index.html": gzipped = True filename += ".gz" resp = static_file(filename, root=APPDIR) if filename.endswith(".html") or filename.endswith(".html.gz"): # tell the browser all html files must be revalidated resp.headers['Cache-Control'] = "must-revalidate" elif resp.status_code == 200: # expires after 7 days resp.headers['Expires'] = time.strftime( "%a, %d %b %Y %H:%M:%S GMT", time.gmtime(time.time() + 60 * 60 * 24 * 7)) resp.headers['Cache-control'] = "public" if gzipped: resp.headers['Vary'] = 'Accept-Encoding' resp.headers['Content-Encoding'] = 'gzip' return resp
def userprofile(): #print len(base64.b64decode(request.forms.get("file"))) ''' #print request.forms.keys() data = JSONEncoder().encode(request.forms.items()[0]) print data #print request.forms.items()[0] return "" print str(request.content_length) #print len(request.files.get("file")) file1 = request.files.get("file") print file1.filename adid = request.get_header("adid", None) print adid return "" data = request.forms.items()[0] print request.forms.items()[0] ''' print request.forms.items()[0] data = request.forms.items()[0] adid = request.get_header(support.FieldHeaderDict['ADID'], None) if adid is None: return None msg = JSONEncoder().encode({ support.FieldDict['APIMETHOD']: support.ApiMethods1.Api_UserProfile.value - 1, support.FieldDict['ADID']: adid, support.FieldDict['DATA']: data }) print msg token = msgMgr.send(msg) return token
def uploadBase64(): user = get_jwt_payload() data = json.load(request.body) log_id = str( mdb.add_log({ "userId": user['_id'], "action": "inpaint", "usage ": sys.getsizeof(data) }).inserted_id) image_path = 'original/' + log_id + '.jpg' mask_path = 'mask/' + log_id + '_mask.jpg' save_base64(data['image'].split(',')[1], image_path) save_base64(data['mask'].split(',')[1], mask_path) img = cv2.imread(image_path) mask = cv2.imread(mask_path, 0) dst = cv2.inpaint(img, mask, 3, cv2.INPAINT_TELEA) cv2.imwrite('result/' + log_id + '.jpg', dst) host = request.get_header('host') return {'url': ('http://{}/result/{}.jpg').format(host, log_id)}
def removeroom(): data = request.forms.items()[0] print data adid = request.get_header(support.FieldHeaderDict['ADID'], None) if adid is None: return None msg = JSONEncoder().encode({ support.FieldDict['APIMETHOD']: support.ApiMethods1.Api_RemoveRoom.value - 1, support.FieldDict['ADID']: adid, support.FieldDict['DATA']: data }) #msg = '{"apiMethod": ApiMethods1.Api_OpenRoom1.value - 1, "adid":%s, "data": %s}' % (adid, data) token = msgMgr.send(msg) t1 = json.loads(token) t2 = t1[support.FieldResponseDict['RESULT']] if t2 != support.FieldResponseValuesDict['OK']: return token svfile = os.path.join( "/cygdrive/c/projects/revideo/software/server/frontend/data/rooms", adid) shutil.rmtree(svfile, ignore_errors=True) ''' t1 = json.loads(token) t2 = t1[support.FieldResponseDict['MESSAGE']] t3 = json.loads(t2) t4 = t3['images'] for f in t4: os.remove(f) t1[support.FieldResponseDict['MESSAGE']] = support.FieldResponseDict['OK'] ''' return token
def pinArticle(): ''' /pin?subscriberId=1&articleId=2&status=0 ''' subscriberId = request.query.subscriberId articleId = request.query.articleId status = request.query.status 'parse request header info' header = "" headerFields = request.headers.keys() for field in headerFields: header += str(field) + " | " + str(request.get_header(field)) + " || " debug(header) extraInfo = header '1) update pin status' category = Subscriber_ArticleEventCategory.pinned recordSubscriberArticle(phDbInfo, subscriberId, articleId, extraInfo, category, status) '2) display articleMore page' output = getArticleMorePage(phDbInfo, subscriberId, articleId) return output
def creditsadd(): if request.method is 'POST': data = request.forms.items()[0] adid = request.get_header(support.FieldHeaderDict['ADID'], None) if adid is None: return None if request.method is 'POST': msg = JSONEncoder().encode({ support.FieldDict['APIMETHOD']: support.ApiMethods1.Api_Credits.value - 1, support.FieldDict['ADID']: adid, support.FieldDict['DATA']: data }) else: msg = JSONEncoder().encode({ support.FieldDict['APIMETHOD']: support.ApiMethods1.Api_Credits.value - 1, support.FieldDict['ADID']: adid }) print msg token = msgMgr.send(msg) print token return token
def setup(): # app.yaml should already have ensured that the user is logged in as admin. if not users.is_current_user_admin(): abort(401, "Sorry, only administrators can access this page.") is_dev = os.environ.get('SERVER_SOFTWARE', '').startswith('Development') setup_scheme = 'http' if is_dev else 'https' setup_url = '%s://%s/setup' % (setup_scheme, app_identity.get_default_version_hostname()) if request.url != setup_url: redirect(setup_url) result = "" settings = GcmSettings.singleton() if (request.forms.sender_id and request.forms.api_key and request.forms.endpoint): # Basic CSRF protection (will block some valid requests, like # https://1-dot-johnme-gcm.appspot.com/setup but ohwell). if request.get_header('Referer') != setup_url: abort(403, "Invalid Referer.") settings.endpoint = request.forms.endpoint settings.sender_id = request.forms.sender_id settings.api_key = request.forms.api_key settings.put() result = 'Updated successfully' return template('setup', result=result, endpoint=settings.endpoint, sender_id=settings.sender_id, api_key=settings.api_key)
def set_header(*args, **kwargs): host = request.get_header('Origin') if host and 'cogs.indiana.edu' in host: response.headers['Access-Control-Allow-Origin'] = host elif host and 'codepen.io' in host: response.headers['Access-Control-Allow-Origin'] = host return f(*args, **kwargs)
def recordSubscriberArticleAndRedirect(): ''' /redirect?subscriberId=1&articleId=2&redirectUrl=http://www.google.com ''' subscriberId = request.query.subscriberId articleId = request.query.articleId redirectUrl = request.query.redirectUrl 'parse request header info' header = "" headerFields = request.headers.keys() for field in headerFields: header += str(field) + " | " + str(request.get_header(field)) + " || " debug(header) extraInfo = header extraInfo += 'redirectUrl' + " | " + redirectUrl + " || " 'record event' category = Subscriber_ArticleEventCategory.extlinkClicked status = dbBoolean.yes recordSubscriberArticle(phDbInfo, subscriberId, articleId, extraInfo, category, status) 'redirect' redirect(redirectUrl)