def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
auth = parse_auth(request.get_header('Authorization', ''))
# TODO: session as GET
if 'session' in request.POST:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(api, func, *args, **kwargs)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
if 'session' in request.POST:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(func, *args, **kwargs)
except Exception, e:
print_exc()
return HTTPError(500, dumps({"error": e.message, "traceback": format_exc()}))
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
if 'session' in request.POST:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(func, *args, **kwargs)
except Exception, e:
print_exc()
return HTTPError(
500, dumps({
"error": e.message,
"traceback": format_exc()
}))
def callApi(func, *args, **kwargs):
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"))
# TODO: encoding
result = getattr(PYLOAD, func)(*[loads(x) for x in args],
**dict([(x, loads(y)) for x, y in kwargs.iteritems()]))
# null is invalid json response
if result is None: result = True
return dumps(result)
def callApi(func, *args, **kwargs):
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"))
# TODO: encoding
result = getattr(PYLOAD, func)(*[loads(x) for x in args],
**dict([(x, loads(y))
for x, y in kwargs.iteritems()]))
# null is invalid json response
if result is None: result = True
return dumps(result)
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
# Accepts standard http auth
auth = parse_auth(request.get_header('Authorization', ''))
if 'session' in request.POST or 'session' in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1],
request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"))
# TODO: possible encoding
# TODO Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# convert arguments from json to obj separately
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if not x or not y or x == "session": continue
kwargs[x] = loads(unquote(y))
try:
result = getattr(api, func)(*args, **kwargs)
# null is invalid json response
if result is None: result = True
return dumps(result)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
def callApi(api, func, *args, **kwargs):
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"))
# TODO: accept same payload as WS backends, combine into json_converter
# TODO: arguments as json dictionaries
# TODO: encoding
result = getattr(api, func)(*[loads(x) for x in args],
**dict([(x, loads(y)) for x, y in kwargs.iteritems()]))
# null is invalid json response
if result is None: result = True
return dumps(result)
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
# Accepts standard http auth
auth = parse_auth(request.get_header('Authorization', ''))
if 'session' in request.POST or 'session' in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"))
# TODO: possible encoding
# TODO Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# convert arguments from json to obj separately
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if not x or not y or x == "session": continue
kwargs[x] = loads(unquote(y))
try:
result = getattr(api, func)(*args, **kwargs)
# null is invalid json response
if result is None: result = True
return dumps(result)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
def logout():
add_header(response)
s = request.environ.get('beaker.session')
s.delete()
return dumps(True)
def login():
add_header(response)
username = request.forms.get("username")
password = request.forms.get("password")
user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None))
if not user:
return dumps(False)
s = set_session(request, user)
# get the session id by dirty way, documentations seems wrong
try:
sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
return dumps(sid)
except:
print "Could not get session"
return dumps(True)
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(api, func, *args, **kwargs)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
except Exception, e:
print_exc()
return HTTPError(500, dumps({"error": e.message, "traceback": format_exc()}))
# TODO Better error codes on invalid input
def callApi(api, func, *args, **kwargs):
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"))
# TODO: accept same payload as WS backends, combine into json_converter
# TODO: arguments as json dictionaries
# TODO: encoding
result = getattr(api, func)(*[loads(x) for x in args],
**dict([(x, loads(y)) for x, y in kwargs.iteritems()]))
# null is invalid json response
if not x or not y or x == "session": continue
kwargs[x] = loads(unquote(y))
try:
result = getattr(api, func)(*args, **kwargs)
# null is invalid json response
if result is None: result = True
return dumps(result)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
except Exception, e:
print_exc()
return HTTPError(
500, dumps({
"error": e.message,
"traceback": format_exc()
}))
@route("/api/login")
@route("/api/login", method="POST")
def login():
add_header(response)
username = request.params.get("username")
password = request.params.get("password")
user = PYLOAD.checkAuth(username, password,
request.environ.get('REMOTE_ADDR', None))
if not user:
def send_result(self, req, code, result):
return send_message(req, dumps([code, result]))
def send(self, req, obj):
return send_message(req, dumps(obj))
def send_result(self, req, code, result):
return send_message(req, dumps([code, result]))
def send(self, req, obj):
return send_message(req, dumps(obj))