Example #1
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get('beaker.session')
    auth = parse_auth(request.get_header('Authorization', ''))
    # TODO: session as GET
    if 'session' in request.POST:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
        # if auth is correct create a pseudo session
        if user: s = {'uid': user.uid}

    api = get_user_api(s)
    if not api:
        return HTTPError(403, dumps("Forbidden"))

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(401, dumps("Unauthorized"))

    args = args.split("/")[1:]
    kwargs = {}

    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if x == "session": continue
        kwargs[x] = unquote(y)

    try:
        return callApi(api, func, *args, **kwargs)
    except ExceptionObject, e:
        return HTTPError(400, dumps(e))
Example #2
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get('beaker.session')
    if 'session' in request.POST:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.POST['session'], "'\""))

    api = get_user_api(s)
    if not api:
        return HTTPError(403, dumps("Forbidden"))

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(401, dumps("Unauthorized"))

    args = args.split("/")[1:]
    kwargs = {}

    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if x == "session": continue
        kwargs[x] = unquote(y)

    try:
        return callApi(func, *args, **kwargs)
    except Exception, e:
        print_exc()
        return HTTPError(500, dumps({"error": e.message, "traceback": format_exc()}))
Example #3
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get('beaker.session')
    if 'session' in request.POST:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.POST['session'], "'\""))

    api = get_user_api(s)
    if not api:
        return HTTPError(403, dumps("Forbidden"))

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(401, dumps("Unauthorized"))

    args = args.split("/")[1:]
    kwargs = {}

    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if x == "session": continue
        kwargs[x] = unquote(y)

    try:
        return callApi(func, *args, **kwargs)
    except Exception, e:
        print_exc()
        return HTTPError(
            500, dumps({
                "error": e.message,
                "traceback": format_exc()
            }))
Example #4
0
def callApi(func, *args, **kwargs):
    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"))

    # TODO: encoding
    result = getattr(PYLOAD, func)(*[loads(x) for x in args],
                                   **dict([(x, loads(y)) for x, y in kwargs.iteritems()]))

    # null is invalid json response
    if result is None: result = True

    return dumps(result)
Example #5
0
def callApi(func, *args, **kwargs):
    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"))

    # TODO: encoding
    result = getattr(PYLOAD, func)(*[loads(x) for x in args],
                                   **dict([(x, loads(y))
                                           for x, y in kwargs.iteritems()]))

    # null is invalid json response
    if result is None: result = True

    return dumps(result)
Example #6
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get('beaker.session')
    # Accepts standard http auth
    auth = parse_auth(request.get_header('Authorization', ''))
    if 'session' in request.POST or 'session' in request.GET:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1],
                                request.environ.get('REMOTE_ADDR', None))
        # if auth is correct create a pseudo session
        if user: s = {'uid': user.uid}

    api = get_user_api(s)
    if not api:
        return HTTPError(403, dumps("Forbidden"))

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(401, dumps("Unauthorized"))

    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"))

    # TODO: possible encoding
    # TODO Better error codes on invalid input

    args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
    kwargs = {}

    # accepts body as json dict
    if request.json:
        kwargs = request.json

    # convert arguments from json to obj separately
    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if not x or not y or x == "session": continue
        kwargs[x] = loads(unquote(y))

    try:
        result = getattr(api, func)(*args, **kwargs)
        # null is invalid json response
        if result is None: result = True
        return dumps(result)

    except ExceptionObject, e:
        return HTTPError(400, dumps(e))
Example #7
0
def callApi(api, func, *args, **kwargs):
    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"))

    # TODO: accept same payload as WS backends, combine into json_converter
    # TODO: arguments as json dictionaries
    # TODO: encoding
    result = getattr(api, func)(*[loads(x) for x in args],
                                   **dict([(x, loads(y)) for x, y in kwargs.iteritems()]))

    # null is invalid json response
    if result is None: result = True

    return dumps(result)
Example #8
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get('beaker.session')
    # Accepts standard http auth
    auth = parse_auth(request.get_header('Authorization', ''))
    if 'session' in request.POST or 'session' in request.GET:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
        # if auth is correct create a pseudo session
        if user: s = {'uid': user.uid}

    api = get_user_api(s)
    if not api:
        return HTTPError(403, dumps("Forbidden"))

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(401, dumps("Unauthorized"))

    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"))

    # TODO: possible encoding
    # TODO Better error codes on invalid input

    args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
    kwargs = {}

    # accepts body as json dict
    if request.json:
        kwargs = request.json

    # convert arguments from json to obj separately
    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if not x or not y or x == "session": continue
        kwargs[x] = loads(unquote(y))

    try:
        result = getattr(api, func)(*args, **kwargs)
        # null is invalid json response
        if result is None: result = True
        return dumps(result)

    except ExceptionObject, e:
        return HTTPError(400, dumps(e))
Example #9
0
def logout():
    add_header(response)

    s = request.environ.get('beaker.session')
    s.delete()

    return dumps(True)
Example #10
0
def login():
    add_header(response)

    username = request.forms.get("username")
    password = request.forms.get("password")

    user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None))

    if not user:
        return dumps(False)

    s = set_session(request, user)

    # get the session id by dirty way, documentations seems wrong
    try:
        sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
        return dumps(sid)
    except:
        print "Could not get session"
        return dumps(True)
Example #11
0
        return HTTPError(401, dumps("Unauthorized"))

    args = args.split("/")[1:]
    kwargs = {}

    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if x == "session": continue
        kwargs[x] = unquote(y)

    try:
        return callApi(api, func, *args, **kwargs)
    except ExceptionObject, e:
        return HTTPError(400, dumps(e))
    except Exception, e:
        print_exc()
        return HTTPError(500, dumps({"error": e.message, "traceback": format_exc()}))

# TODO Better error codes on invalid input

def callApi(api, func, *args, **kwargs):
    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"))

    # TODO: accept same payload as WS backends, combine into json_converter
    # TODO: arguments as json dictionaries
    # TODO: encoding
    result = getattr(api, func)(*[loads(x) for x in args],
                                   **dict([(x, loads(y)) for x, y in kwargs.iteritems()]))

    # null is invalid json response
Example #12
0
        if not x or not y or x == "session": continue
        kwargs[x] = loads(unquote(y))

    try:
        result = getattr(api, func)(*args, **kwargs)
        # null is invalid json response
        if result is None: result = True
        return dumps(result)

    except ExceptionObject, e:
        return HTTPError(400, dumps(e))
    except Exception, e:
        print_exc()
        return HTTPError(
            500, dumps({
                "error": e.message,
                "traceback": format_exc()
            }))


@route("/api/login")
@route("/api/login", method="POST")
def login():
    add_header(response)

    username = request.params.get("username")
    password = request.params.get("password")

    user = PYLOAD.checkAuth(username, password,
                            request.environ.get('REMOTE_ADDR', None))

    if not user:
Example #13
0
 def send_result(self, req, code, result):
     return send_message(req, dumps([code, result]))
Example #14
0
 def send(self, req, obj):
     return send_message(req, dumps(obj))
Example #15
0
 def send_result(self, req, code, result):
     return send_message(req, dumps([code, result]))
Example #16
0
 def send(self, req, obj):
     return send_message(req, dumps(obj))