def new_token(self, user_id, username, domain=None, tenant_id=None, expire=None): """Create Token. This part of step 1 during the authentication after validation. Args: user_id (str): User ID username (str): Username. email (str): User email address. token (str): Unique token for specific user. domain_id (str): Current domain id. tenant_id (str): Current tenant id. """ self._token = {} if user_id is None: raise ValueError('Require user_id for new_token') if username is None: raise ValueError('Require username for new_token') # These are only set during valid login. # Unique user id. self._token['user_id'] = user_id # Unique username. self._token['username'] = username # Token creation datetime, format YYYY/MM/DD HH:MM:SS. self._token['creation'] = now() # Token expire datetime, format YYYY/MM/DD HH:MM:SS. if expire is None: expire = (now() + timedelta(seconds=self._token_expire)) self._token['expire'] = expire.strftime("%Y/%m/%d %H:%M:%S") else: self._token['expire'] = expire # Scope domain. self._token['domain'] = domain self._token['domain_id'] = domain_id(domain) # Scope tenant. self._token['tenant_id'] = tenant_id # Scope roles. self._token['roles'] = user_roles(user_id, domain, tenant_id) # Token Signature private_key = g.app.app_root.rstrip('/') + '/token.key' bytes_token = if_unicode_to_bytes(js.dumps(self._token)) self._token_sig = pki.sign(private_key, base64.b64encode(bytes_token)) return self._token_sig
def acct(msg): try: pkt = msg['attributes'] except KeyError: return try: pkt = decode_packet(pkt) except Exception: return try: nas_session_id = pkt.get('Acct-Session-Id', [None])[0] unique_session_id = pkt.get('Acct-Unique-Session-Id')[0] status = pkt.get('Acct-Status-Type', [''])[0].lower() username = pkt.get('User-Name', [None])[0] client = pkt.get('Client-IP-Address')[0] nas = pkt.get('NAS-IP-Address', ['0.0.0.0'])[0] except IndexError: return True dt = utc(parse_datetime(msg.get('datetime', None))) diff = (now()-dt).total_seconds() if diff > 60: log.error('Processing radius accounting message older' + ' than 60 seconds. Age(%s)' % diff) with db() as conn: with dbw() as connw: with conn.cursor() as crsr: user = get_user(crsr, client, nas, username) crsr.commit() if not user: log.debug("user '%s' not found" % username) return False input_octets, output_octets = do_acct(connw, pkt, client, nas, nas_session_id, unique_session_id, dt, user, status) usage(connw, pkt, client, nas, nas_session_id, unique_session_id, user, input_octets, output_octets, status) return True
def acct(msg): fr = parse_fr(msg.get('fr', ())) status = fr.get('Acct-Status-Type', 'start').lower() dt = utc(parse_datetime(msg.get('datetime', None))) diff = (now() - dt).total_seconds() if diff > 60: log.error('Processing radius accounting message older' + ' than 60 seconds. Age(%s)' % diff) if not require_attributes('accounting', fr, [ 'User-Name', 'NAS-IP-Address', 'Acct-Status-Type', 'Acct-Session-Id', 'Acct-Unique-Session-Id', 'Acct-Input-Octets64', 'Acct-Output-Octets64' ]): return False with db() as conn: with dbw() as connw: user = get_user(conn, fr['NAS-IP-Address'], fr['User-Name']) if not user: log.debug("user '%s' not found" % (fr['User-Name'], )) return False input_octets, output_octets = do_acct(connw, fr, dt, user, status) usage(connw, fr, user, input_octets, output_octets, status) if not user['static_ip4'] and user['pool_id']: update_ip(connw, user, fr) return True
def validate(self): if not self.authenticated: raise AccessDeniedError("Credentials token missing") from None elif 'expire' in self._credentials: utc_expire = utc(self._credentials['expire']) if now() > utc_expire: self.clear() raise AccessDeniedError('Credentials token expired') from None
def parse_token(self, token): self._initial() token = if_unicode_to_bytes(token) signature, token = token.split(b'!!!!') self._token_sig = self._check_token(signature, token) self._token = js.loads(base64.b64decode(token)) self._token_sig = signature utc_now = now() utc_expire = utc(self._token['expire']) if utc_now > utc_expire: raise AccessDenied('Token Expired')
def json(self): # Return json token. if not self.authenticated: raise AccessDeniedError("Credentials token missing") utc_expire = utc(self._credentials['expire']) if now() > utc_expire: raise AccessDeniedError('Auth Token Expired') credentials = {} credentials['token'] = self.token credentials.update(self._credentials) return js.dumps(credentials)
def add_user_role(self, req, resp, id, role, domain=None, tenant_id=None): """ Associate role to a user. Args: id (str): UUID of user. role (str): UUID of role. domain (str): Name of domain (defaults to None). Use the text "none" to indicate global domain when tenant_id is supplied. tenant_id (str): UUID of tenant (defaults to None). Example return data: .. code-block:: json { "id": "e729af96-5672-4669-b4a1-6251493a67fa", "user_id": "e95ec7b1-4f0f-4c70-991f-4bb1bec6a524", "role_id": "08034650-1438-4e56-b5a8-674ede74fe83", "domain": "default", "tenant_id": null } """ if domain is not None and domain.lower() == "none": domain = None with db() as conn: check_context_auth(conn, id, domain, tenant_id) # Even though we have unique constraint, sqlite # does not consider null as unique. ref: # https://goo.gl/JmjT5G # So need to manually check that. check_unique(conn, id, role, domain, tenant_id) sql = "INSERT INTO luxon_user_role " \ "(`id`,`role_id`,`tenant_id`,`user_id`," \ "`domain`,`creation_time`) " \ "VALUES (?,?,?,?,?,?)" user_role_id = str(uuid4()) conn.execute(sql, (user_role_id, role, tenant_id, id, domain, now())) conn.commit() user_role = { "id": user_role_id, "user_id": id, "role_id": role, "domain": domain, "tenant_id": tenant_id } return json.dumps(user_role, indent=4)
def clean_sessions(args): """Removes all expired session files""" path = args.path.rstrip('/') tmp_path = os.path.join(path, 'tmp') config = Config() config.load(path + '/settings.ini') expire = config.getint('sessions', 'expire', fallback=86400) if exists(tmp_path): files = ls(tmp_path) for file in files: if file[2].startswith('session_'): modified = file[8] expired = now() - timedelta(seconds=expire) if modified <= expired: rm(file[1])
def load(self, key): """Loads cached data from key Args: key (str): key for required data """ try: value, expire = self._cache.pop(key) if expire > now(): self._cache[key] = ( value, expire, ) return pickle.loads(value) except KeyError: return None
def token(self, token): # Load exisiting token token = if_unicode_to_bytes(token) signature, b64_token = token.split(b'!!!!') try: self._rsakey.verify(signature, b64_token) except ValueError as e: raise AccessDeniedError('Invalid Auth Token. %s' % e) decoded = js.loads(base64.b64decode(b64_token)) utc_expire = utc(decoded['expire']) if now() > utc_expire: raise AccessDeniedError('Auth Token Expired') self._credentials = decoded
def store(self, key, value, expire): """Stores data Args: key (str): key associated with cached data value (obj): data to be cached expire (int): time to expire (s) """ if sys.getsizeof(value, 0) <= self._max_obj_size: try: self._cache.pop(key) except KeyError: if len(self._cache) >= self._max_objs: self._cache.popitem(last=False) self._cache[key] = ( pickle.dumps(value), now() + timedelta(seconds=expire), )
def calc_next_expire(metric, span, expired=None): if expired is None: expired = now() if metric == 'days': new_expire = add_date(expired, days=span) return new_expire elif metric == 'weeks': new_expire = add_date(expired, weeks=span) return new_expire elif metric == 'months': new_expire = add_date(expired, months=span) return new_expire else: return expired
def token(self): # Return serialized token. if not self.authenticated: raise AccessDeniedError("Credentials token missing") utc_expire = utc(self._credentials['expire']) if now() > utc_expire: raise AccessDeniedError('Auth Token Expired') bytes_token = if_unicode_to_bytes( js.dumps(self._credentials, indent=None)) b64_token = base64.b64encode(bytes_token) token_sig = if_unicode_to_bytes(self._rsakey.sign(b64_token)) token = if_bytes_to_unicode(token_sig + b'!!!!' + b64_token) if len(token) > 1280: raise ValueError("Auth Token exceeded 10KB" + " - Revise Assignments for credentials") return token
def new(self, user_id, username=None, domain=None, roles=None): self.clear() if 'expire' not in self._credentials: # Create New Token expire = (now() + timedelta(seconds=self._token_expire)) self._credentials['expire'] = expire.strftime("%Y/%m/%d %H:%M:%S") self._credentials['user_id'] = user_id if username is not None: self._credentials['username'] = username if domain is not None: self._credentials['user_domain'] = domain if roles is not None: self.roles = roles
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. from uuid import uuid4 from luxon import register from luxon import SQLModel from luxon.utils.timezone import now from infinitystone.models.domains import luxon_domain from infinitystone.models.tenants import luxon_tenant USERS = [ ('00000000-0000-0000-0000-000000000000', 'tachyonic', None, None, 'root', '$2b$12$QaWa.Q3gZuafYXkPo3EJRuSJ1wGuutShb73RuH1gdUVri82CU6V5q', None, 'Default Root User', None, None, None, None, 1, now()), ] @register.model() class luxon_user(SQLModel): id = SQLModel.Uuid(default=uuid4, internal=True) tag = SQLModel.String(hidden=True, max_length=30, null=False) domain = SQLModel.Fqdn(internal=True) tenant_id = SQLModel.Uuid(internal=True) username = SQLModel.Username(max_length=100, null=False) password = SQLModel.String(max_length=100, null=True) email = SQLModel.Email(max_length=255) name = SQLModel.String(max_length=100) phone_mobile = SQLModel.Phone() phone_office = SQLModel.Phone()
def request(client, method, url, params={}, data=None, headers={}, stream=False, **kwargs): with Timer() as elapsed: method = method.upper() headers = headers.copy() params = params.copy() try: _cache_engine = Cache() except NoContextError: _cache_engine = None try: if g.current_request.user_token: headers['X-Auth-Token'] = g.current_request.user_token if g.current_request.context_domain: headers['X-Domain'] = g.current_request.context_domain if g.current_request.context_tenant_id: headers['X-Tenant-Id'] = g.current_request.context_tenant_id except NoContextError: pass for kwarg in kwargs: headers[kwarg] = kwargs if data is not None: if hasattr(data, 'json'): data = data.json elif isinstance(data, (dict, list, OrderedDict)): data = js.dumps(data) data = if_unicode_to_bytes(data) if isinstance(data, bytes): headers['Content-Length'] = str(len(data)) cached = None if (_cache_engine and stream is False and method == 'GET' and data is None): if isinstance(params, dict): cache_params = list(orderdict(params).values()) if isinstance(headers, dict): cache_headers = list(orderdict(headers).values()) cache_key = (method, url, cache_params, cache_headers) cache_key = str(md5sum(pickle.dumps(cache_key))) cached = _cache_engine.load(cache_key) if cached is not None: cache_control = parse_cache_control_header( cached.headers.get('Cache-Control')) max_age = cache_control.max_age date = cached.headers.get('Date') etag = cached.headers.get('Etag') date = utc(date) current = now() diff = (current - date).total_seconds() if cache_control.no_cache: # If no-cache revalidate. headers['If-None-Match'] = etag elif max_age and diff < int(max_age): # If not expired, use cache. _debug(method, url, params, data, headers, cached.headers, cached.content, cached.status_code, elapsed(), 'Memory') return cached else: # If expired, revalidate.. headers['If-None-Match'] = etag try: response = Response( client._s.request(method.upper(), url, params=params, data=data, headers=headers, stream=stream)) if (_cache_engine and cached is not None and response.status_code == 304): _debug(method, url, params, data, headers, cached.headers, cached.content, cached.status_code, elapsed(), 'Validated (304)') return cached if response.status_code >= 400: try: title = None description = None if 'error' in response.json: error = response.json['error'] try: title = error.get('title') description = error.get('description') except AttributeError: pass raise HTTPError(response.status_code, description, title) except HTTPClientContentDecodingError: raise HTTPError(response.status_code) if _cache_engine and stream is False and method == 'GET': if response.status_code == 200: cache_control = parse_cache_control_header( response.headers.get('Cache-Control')) if (not cache_control.no_store and cache_control.max_age and response.headers.get('Etag') and response.headers.get('Date') and data is None): _cache_engine.store(cache_key, response, 604800) except requests.exceptions.InvalidHeader as e: raise HTTPClientInvalidHeader(e) except requests.exceptions.InvalidURL as e: raise HTTPClientInvalidURL(e) except requests.exceptions.InvalidSchema as e: raise HTTPClientInvalidSchema(e) except requests.exceptions.MissingSchema as e: raise HTTPClientMissingSchema(e) except requests.exceptions.ConnectionError as e: raise HTTPClientConnectionError(e) except requests.exceptions.ProxyError as e: raise HTTPClientProxyError(e) except requests.exceptions.SSLError as e: raise HTTPClientSSLError(e) except requests.exceptions.Timeout as e: raise HTTPClientTimeoutError(e) except requests.exceptions.ConnectTimeout as e: raise HTTPClientConnectTimeoutError(e) except requests.exceptions.ReadTimeout as e: raise HTTPClientReadTimeoutError(e) except requests.exceptions.HTTPError as e: raise HTTPError(e.response.status_code, e) _debug(method, url, params, data, headers, response.headers, response.content, response.status_code, elapsed()) return response
def github(req, resp): root_path = g.app.path mkdir(joinpath(root_path, 'github')) mkdir(joinpath(root_path, 'docs')) try: projects = load(root_path + '/projects.pickle') except FileNotFoundError: projects = {} username = g.app.config.get('github', 'username') password = g.app.config.get('github', 'password') tachyonic = GitHub(auth=(username, password)) while True: try: teams = {} github_teams = tachyonic.teams('TachyonicProject') for github_team in github_teams: team = github_team['name'] if team == "Author": continue teams[team] = {} github_members = tachyonic.team_members(github_team['id']) for github_member in github_members: login = github_member['login'] teams[team][login] = {} teams[team][login]['github'] = github_member['html_url'] teams[team][login]['avatar'] = github_member['avatar_url'] save(teams, root_path + '/team.pickle', perms=664) save(tachyonic.projects('TachyonicProject'), root_path + '/planning.pickle', perms=664) found = [] log.info("Getting Repos") repos = tachyonic.repos('TachyonicProject') for repo in repos: name = repo['name'] found.append(name) description = repo['description'] if name not in projects: projects[name] = {} log.info("Scanning Repo " + name) updated_at = utc(repo['updated_at']) created_at = utc(repo['created_at']) pushed_at = utc(repo['pushed_at']) if (('updated_at' not in projects[name]) or ('updated_at' in projects[name] and updated_at != projects[name]['updated_at']) or ('pushed_at' not in projects[name]) or ('pushed_at' in projects[name] and pushed_at != projects[name]['pushed_at'])): projects[name]['created_at'] = created_at projects[name]['description'] = description projects[name]['clone_url'] = repo['clone_url'] log.info("Getting Branches for %s" % name) branches = tachyonic.branches('TachyonicProject', name) branches = [branch['name'] for branch in branches] projects[name]['branches'] = branches log.info("Getting Tags for %s" % name) tags = tachyonic.tags('TachyonicProject', name) tags = [tag['name'] for tag in tags] projects[name]['tags'] = tags projects[name]['refs'] = version_order(branches + tags) projects[name]['doc_refs'] = {} else: log.info("Project %s Already up-to-date (%s)" % ( name, updated_at, )) projects[name]['updated_at'] = updated_at projects[name]['pushed_at'] = pushed_at if 'updated_doc' not in projects[name]: projects[name]['updated_doc'] = {} for ref in projects[name]['refs']: current_datetime = now() if ref in projects[name]['updated_doc']: commits = tachyonic.commits( 'TachyonicProject', name, sha=ref, since=format_iso8601( projects[name]['updated_doc'][ref])) if len(commits) == 0: log.info("Documentation" + " '%s/%s'" % ( name, ref, ) + " Already up-to-date (%s)" % updated_at) continue venv_dir = "%s/github/%s_%s" % ( root_path, name, ref, ) doc_dir = "%s/docs/%s_%s" % ( root_path, name, ref, ) src_path = venv_dir + '/' + name log.info("Creating Virtual Environment '%s'" % venv_dir) create_env(str(venv_dir), wipe=True, site_packages=False) clone(projects[name]['clone_url'], src_path) if (exists(src_path + '/docs/source/conf.py') and exists(src_path + '/docs/Makefile')): log.info("Bulding '%s/%s'" % ( name, ref, )) projects[name]['doc_refs'][ref] = True info = build_doc(root_path, venv_dir, src_path, ref, doc_dir, name) updated(name, ref, info) else: projects[name]['doc_refs'][ref] = False log.warning("No Sphinx docs found '%s/%s'" % ( name, ref, )) projects[name]['updated_doc'][ref] = current_datetime save(projects, root_path + '/projects.pickle', perms=664) events = [] events_ordered = [] git_events = tachyonic.events('TachyonicProject') for pj in projects.copy(): if pj not in found: del projects[pj] else: for event in git_events: type = event['type'] payload = event['payload'] if type == 'PullRequestEvent': pr = payload['pull_request'] merged = pr['merged'] base = pr['base'] ref = base['ref'] if merged is True: merged_at = utc(pr['merged_at']) events.append((merged_at, "Code Updated", "Repo " + pj + "/" + ref + "")) for item in sorted(events, key=operator.itemgetter(0)): events_ordered.append(item) events_ordered = list(reversed(events_ordered)) save(events_ordered[0:10], root_path + '/events.pickle', perms=664) save(projects, root_path + '/projects.pickle', perms=664) log.info('Infinite loop sleeping 5 Minutes') sleep(300) except KeyboardInterrupt: print("Control-C closed / Killed") break except ExecuteError as e: handle_error(e.title, e.description) except Exception as e: trace = str(traceback.format_exc()) error = '%s: %s' % (object_name(e), e) handle_error(error, trace)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. from uuid import uuid4 from luxon import register from luxon import SQLModel from luxon.utils.timezone import now from infinitystone.models.domains import luxon_domain from infinitystone.models.tenants import luxon_tenant from infinitystone.models.roles import luxon_role USER_ROLES = [ ('00000000-0000-0000-0000-000000000000', '00000000-0000-0000-0000-000000000000', None, None, '00000000-0000-0000-0000-000000000000', now()), ] @register.model() class luxon_user_role(SQLModel): id = SQLModel.Uuid(default=uuid4, internal=True) role_id = SQLModel.Uuid() domain = SQLModel.Fqdn(internal=True) tenant_id = SQLModel.String() user_id = SQLModel.Uuid() creation_time = SQLModel.DateTime(readonly=True, default=now) unique_user_role = SQLModel.UniqueIndex(role_id, tenant_id, user_id) user_role_id_ref = SQLModel.ForeignKey(role_id, luxon_role.id) user_role_domain_ref = SQLModel.ForeignKey(domain, luxon_domain.name) user_role_tenant_ref = SQLModel.ForeignKey(tenant_id, luxon_tenant.id)
def usage(db, fr, user, input_octets=0, output_octets=0, status="start"): # Return Values # 0 All good. # 1 Deactivate Subscriber unique_session_id = fr['Acct-Unique-Session-Id'] user_id = user['id'] nas_secret = user['nas_secret'] # Combined input/output usage for session combined = input_octets + output_octets utc_datetime = now() with db.cursor() as crsr: #################### # GET USER SESSION # #################### crsr.execute( "SELECT" + " id," + " ctx" + " FROM calabiyau_session" + ' WHERE acctuniqueid = %s' + ' LIMIT 1' + ' FOR UPDATE', (unique_session_id, )) session = crsr.fetchone() session_ctx = session['ctx'] if user['package_span'] and user['package_span'] > 0: if (utc(user['package_expire']) and utc_datetime > utc(user['package_expire'])): if session_ctx != 1: applyctx(crsr, user, 1, fr, nas_secret, status) crsr.commit() return 1 crsr.execute( 'SELECT * FROM calabiyau_subscriber' + ' WHERE id = %s' + ' FOR UPDATE', (user_id, )) locked_user = crsr.fetchone() if user and locked_user: # IF DATA PLAN NOT UNCAPPED if user['plan'] == 'data': ###################### # CHECK PACKAGE DATA # ###################### volume_used_bytes = locked_user['volume_used_bytes'] + combined pkg_volume_used = locked_user['volume_used'] if user['volume_gb']: package_volume_bytes = (user['volume_gb'] * 1024 * 1024 * 1024) else: package_volume_bytes = 0 if utc(locked_user['volume_expire']) < utc_datetime: if user['volume_repeat']: log.info('Package data reloaded (%s)' % user['username']) new_expire = calc_next_expire(user['volume_metric'], user['volume_span'], utc_datetime) crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_expire = %s," + " volume_used_bytes = 0," + " volume_used = 0," + " ctx = 0" + " WHERE id = %s", ( new_expire, user['id'], )) pkg_volume_used = 0 if session_ctx != 0: applyctx(crsr, user, 0, fr, nas_secret, status) crsr.commit() return 0 else: crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_expire = %s," + " volume_used_bytes = 0," + " volume_used = 1," + " ctx = 1" + " WHERE id = %s", ( new_expire, user['id'], )) pkg_volume_used = 1 log.info('Package data expired (%s)' % user['username']) if (not pkg_volume_used and volume_used_bytes > package_volume_bytes): crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_used_bytes = 0," + " volume_used = 1," + " ctx = 1" + " WHERE id = %s", (user_id, )) log.info('Package data depleted (%s)' % user['username']) elif (not pkg_volume_used and volume_used_bytes <= package_volume_bytes): crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_used_bytes = " + " volume_used_bytes + %s," + " ctx = 0" + " WHERE id = %s", ( combined, user_id, )) if session_ctx != 0: applyctx(crsr, user, 0, fr, nas_secret, status) crsr.commit() return 0 #################### # CHECK TOPUP DATA # #################### crsr.execute( 'SELECT * FROM calabiyau_topup' + ' WHERE user_id = %s' + ' ORDER BY creation_time asc' + ' FOR UPDATE', (user_id, )) topups = crsr.fetchall() for topup in topups: if topup['volume_gb']: topup_volume_bytes = (topup['volume_gb'] * 1024 * 1024 * 1024) else: topup_volume_bytes = 0 if utc(topup['volume_expire']) < utc_datetime: if topup['volume_repeat']: log.auth('Topup renew (%s, %s Gb, %s)' % ( user['username'], topup['volume_gb'], topup['creation_time'], )) new_expire = calc_next_expire( topup['volume_metric'], topup['volume_span'], utc_datetime) crsr.execute( "UPDATE calabiyau_topup" + " SET volume_expire = %s" + " WHERE id = %s", ( new_expire, topup['id'], )) crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_used_bytes = 0," + " ctx = 0" + " WHERE id = %s", (user_id, )) if session_ctx != 0: applyctx(crsr, user, 0, fr, nas_secret, status) crsr.commit() return 0 else: log.auth('Topup expired (%s, %s Gb, %s)' % ( user['username'], topup['volume_gb'], topup['creation_time'], )) crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_used_bytes = 0," + " ctx = 0" + " WHERE id = %s", (user_id, )) crsr.execute( 'DELETE FROM' + ' calabiyau_topup' + ' WHERE id = %s', (topup['id'], )) else: if volume_used_bytes < topup_volume_bytes: crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_used_bytes = " + " volume_used_bytes + %s," + " ctx = 0" + " WHERE id = %s", ( combined, user_id, )) if session_ctx != 0: applyctx(crsr, user, 0, fr, nas_secret, status) crsr.commit() return 0 else: log.auth('Topup depleted (%s, %s Gb, %s)' % ( user['username'], topup['volume_gb'], topup['creation_time'], )) crsr.execute( "UPDATE calabiyau_subscriber" + " SET volume_used_bytes = 0," + " ctx = 0" + " WHERE id = %s", (user_id, )) crsr.execute( 'DELETE FROM' + ' calabiyau_topup' + ' WHERE id = %s', (topup['id'], )) if session_ctx != 1: applyctx(crsr, user, 1, fr, nas_secret, status) crsr.commit() return 1 else: if session_ctx != 0: applyctx(crsr, user, 0, fr, nas_secret, status) crsr.commit() return 0 if session_ctx != 1: applyctx(crsr, user, 1, fr, nas_secret, status) crsr.commit() return 1
def request(client, method, url, params={}, data=None, headers={}, stream=False, endpoint=None, **kwargs): if endpoint is None: endpoint = url with Timer() as elapsed: method = method.upper() headers = headers.copy() params = params.copy() try: _cache_engine = Cache() except NoContextError: _cache_engine = None for kwarg in kwargs: # NOTE(cfrademan): # Generally headers have '-' not '_'. Also kwargs # cannot contain '-'. if kwargs[kwarg] is not None: header = kwarg.replace('_', '-') headers[header] = str(kwargs[kwarg]) if data is not None: if hasattr(data, 'json'): data = data.json elif isinstance(data, (dict, list, OrderedDict)): data = js.dumps(data) data = if_unicode_to_bytes(data) if isinstance(data, bytes): headers['Content-Length'] = str(len(data)) cached = None if (_cache_engine and stream is False and method == 'GET' and data is None): if isinstance(params, dict): cache_params = list(orderdict(params).values()) if isinstance(headers, dict): cache_headers = list(orderdict(headers).values()) cache_key = (method, url, cache_params, cache_headers) cache_key = str(md5sum(pickle.dumps(cache_key))) cached = _cache_engine.load(cache_key) if cached is not None: cache_control = parse_cache_control_header( cached.headers.get('Cache-Control')) max_age = cache_control.max_age date = cached.headers.get('Date') etag = cached.headers.get('Etag') date = utc(date) current = now() diff = (current - date).total_seconds() if cache_control.no_cache: # If no-cache revalidate. headers['If-None-Match'] = etag elif max_age and diff < int(max_age): # If not expired, use cache. _debug(method, url, params, data, headers, cached.headers, cached.content, cached.status_code, elapsed(), 'Memory') return cached else: # If expired, revalidate.. headers['If-None-Match'] = etag try: # response = Response(client._s.request(method.upper(), # url, # params=params, # data=data, # headers=headers, # stream=stream)) # NOTE(cfrademan): Using prepared requests, because we need to # no Transfer Encoding chunked, and expect Content-Length... # Chunked encoding is not well supported uploading to WSGI app. prepped = client._s.prepare_request( requests.Request(method.upper(), url, params=params, data=data, headers=headers)) if 'Content-Length' in prepped.headers: if 'Transfer-Encoding' in prepped.headers: del prepped.headers['Transfer-Encoding'] response = Response(client._s.send(prepped, stream=stream)) if (_cache_engine and cached is not None and response.status_code == 304): _debug(method, url, params, data, headers, cached.headers, cached.content, cached.status_code, elapsed(), 'Validated (304)') return cached if response.status_code >= 400: if 'X-Expired-Token' in response.headers: raise TokenExpiredError() try: title = None description = None if ('json' in response.content_type.lower() and 'error' in response.json): error = response.json['error'] try: title = error.get('title') description = error.get('description') if endpoint is not None: title += " (%s)" % endpoint except AttributeError: if endpoint is not None: description = " Endpoint: %s" % endpoint else: if endpoint is not None: description = " Endpoint: %s" % endpoint if stream is True: _debug(method, url, params, data, headers, response.headers, None, response.status_code, elapsed()) else: _debug(method, url, params, data, headers, response.headers, response.content, response.status_code, elapsed()) raise HTTPError(response.status_code, description, title) except HTTPClientContentDecodingError: if endpoint is not None: description = 'Endpoint: %s' raise HTTPError(response.status_code, description=description) from None else: raise HTTPError(response.status_code) from None if _cache_engine and stream is False and method == 'GET': if response.status_code == 200: cache_control = parse_cache_control_header( response.headers.get('Cache-Control')) if (not cache_control.no_store and cache_control.max_age and response.headers.get('Etag') and response.headers.get('Date') and data is None): _cache_engine.store(cache_key, response, 604800) except requests.exceptions.InvalidHeader as e: e = append_to_error(e, endpoint) raise HTTPClientInvalidHeader(e) except requests.exceptions.InvalidURL as e: e = append_to_error(e, endpoint) raise HTTPClientInvalidURL(e) except requests.exceptions.InvalidSchema as e: e = append_to_error(e, endpoint) raise HTTPClientInvalidSchema(e) except requests.exceptions.MissingSchema as e: e = append_to_error(e, endpoint) raise HTTPClientMissingSchema(e) except requests.exceptions.ConnectionError as e: e = append_to_error(e, endpoint) log.critical(e) raise HTTPClientConnectionError( "API Connection error to '%s' (%s)" % ( url, endpoint, )) except requests.exceptions.ProxyError as e: e = append_to_error(e, endpoint) log.critical(e) raise HTTPClientProxyError("API proxy error to '%s' (%s)" % ( url, endpoint, )) except requests.exceptions.SSLError as e: e = append_to_error(e, endpoint) log.critical(e) raise HTTPClientSSLError("API SSL error to '%s' (%s)" % ( url, endpoint, )) except requests.exceptions.Timeout as e: e = append_to_error(e, endpoint) log.critical(e) raise HTTPClientTimeoutError( "API connection timeout to '%s' (%s)" % ( url, endpoint, )) except requests.exceptions.ConnectTimeout as e: e = append_to_error(e, endpoint) log.critical(e) raise HTTPClientConnectTimeoutError( "API connect timeout to '%s' (%s)" % ( url, endpoint, )) except requests.exceptions.ReadTimeout as e: e = append_to_error(e, endpoint) log.critical(e) raise HTTPClientReadTimeoutError("API read timeout to '%s' (%s)" % ( url, endpoint, )) except requests.exceptions.HTTPError as e: e = append_to_error(e, endpoint) raise HTTPError(e.response.status_code, e) if stream is True: _debug(method, url, params, data, headers, response.headers, None, response.status_code, elapsed()) else: _debug(method, url, params, data, headers, response.headers, response.content, response.status_code, elapsed()) return response
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. from uuid import uuid4 from luxon import register from luxon import SQLModel from luxon.utils.timezone import now ROLES = [ ('00000000-0000-0000-0000-000000000000', 'Root', None, now()), (str(uuid4()), 'Operations', None, now()), (str(uuid4()), 'Administrator', None, now()), (str(uuid4()), 'Account Manager', None, now()), (str(uuid4()), 'Billing', None, now()), (str(uuid4()), 'Support', None, now()), (str(uuid4()), 'Customer', None, now()), (str(uuid4()), 'Wholesale', None, now()), (str(uuid4()), 'Minion', None, now()), ] @register.model() class luxon_role(SQLModel): id = SQLModel.Uuid(default=uuid4, internal=True) name = SQLModel.String(max_length=64, null=False)
from luxon import String from luxon import Text from luxon import DateTime from luxon import Boolean from luxon import Email from luxon import Phone from luxon import Enum from luxon import Index from luxon import ForeignKey from luxon import UniqueIndex from luxon import Username from luxon import Fqdn from luxon.utils.timezone import now ROLES = [ ('00000000-0000-0000-0000-000000000000', 'Root', None, now()), (str(uuid4()), 'Operations', None, '0000-00-00 00:00:00'), (str(uuid4()), 'Administrator', None, '0000-00-00 00:00:00'), (str(uuid4()), 'Account Manager', None, '0000-00-00 00:00:00'), (str(uuid4()), 'Billing', None, '0000-00-00 00:00:00'), (str(uuid4()), 'Customer', None, '0000-00-00 00:00:00'), (str(uuid4()), 'Support', None, '0000-00-00 00:00:00'), ] @database_model() class luxon_role(SQLModel): id = Uuid(default=uuid4, internal=True) name = String(max_length=64, null=False) description = Text() creation_time = DateTime(default=now, internal=True)
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. from uuid import uuid4 from luxon import register from luxon import SQLModel from luxon.utils.timezone import now DOMAINS = [ ('00000000-0000-0000-0000-000000000000', 'default', None, 1, now()), ] @register.model() class luxon_domain(SQLModel): id = SQLModel.Uuid(default=uuid4, internal=True) name = SQLModel.Fqdn(null=False) description = SQLModel.Text() enabled = SQLModel.Boolean(default=True) creation_time = SQLModel.DateTime(default=now, readonly=True) primary_key = id unique_domain = SQLModel.UniqueIndex(name) db_default_rows = DOMAINS domains = SQLModel.Index(name)