def oauth_callback():
error = request.args.get('error')
if not error:
ip = get_ip()
csrf = request.args.get('state')
db = get_db()
cur = db.cursor()
cur.execute('SELECT ip from csrf WHERE csrf = %s', [csrf])
try:
row = cur.fetchone()
if row[0] != ip:
raise psycopg2.ProgrammingError()
else:
cur.execute('DELETE FROM csrf WHERE csrf = %s', [csrf])
db.commit()
except psycopg2.ProgrammingError:
flash('csrf failure')
return render_template("login.html", client_id=app.config['OAUTH_CLIENT_ID'], redirect_uri=app.config['OAUTH_REDIRECT_URI'], csrf='')
finally:
cur.close()
db.close()
code = request.args.get('code')
username = check_mb_account(code)
if username:
login_user(User(username), remember=True)
flash("Logged in!")
return redirect(request.args.get("next") or url_for("index"))
else:
flash('Could not find username, please try again.')
else:
flash('There was an error: ' + error)
return render_template("login.html", client_id=app.config['OAUTH_CLIENT_ID'], redirect_uri=app.config['OAUTH_REDIRECT_URI'], csrf='')
def new():
if request.method == 'POST':
name = request.form['name']
sql = request.form['sql']
template = request.form['template']
template_headers = request.form['template_headers']
defaults = request.form['defaults']
db = get_db()
cur = db.cursor()
cur.execute('INSERT INTO reports (editor, name, sql, template, template_headers, defaults) VALUES (%s, %s, %s, %s, %s, %s) RETURNING id', [current_user.id, name, sql, template, template_headers, defaults])
if cur.rowcount > 0:
flash('Successfully inserted!')
newid = cur.fetchone()[0]
else:
flash('Something went wrong.')
newid = None
db.commit()
cur.close()
db.close()
if newid:
return redirect(url_for("report", reportid=newid))
else:
return redirect(url_for('index'))
else:
return render_template("report/new.html")
def report_edit(reportid):
report = getreport(reportid)
if request.method == 'POST':
name = request.form['name']
sql = request.form['sql']
template = request.form['template']
template_headers = request.form['template_headers']
defaults = request.form['defaults']
if (name != report[1] or sql != report[2] or template != report[3] or template_headers != report[4] or defaults != report[5]):
db = get_db()
cur = db.cursor()
cur.execute('UPDATE reports SET name = %s, sql = %s, template = %s, template_headers = %s, defaults=%s, last_modified=now() WHERE id = %s', [name, sql, template, template_headers, defaults, reportid])
if cur.rowcount > 0:
flash('Successfully updated!')
else:
flash('Something went wrong.')
db.commit()
cur.close()
db.close()
else:
flash('No changes.')
return redirect(url_for("report_edit", reportid=reportid))
else:
mbdb = get_mbdb()
mbcur = mbdb.cursor()
try:
mbcur.execute('EXPLAIN ' + report[2], json.loads(report[5]))
vals = mbcur.fetchall()
error = None
except Exception, e:
vals = None
error = str(e).decode('utf-8')
finally:
def login():
ip = get_ip()
rand = base64.urlsafe_b64encode(os.urandom(30))
db = get_db()
cur = db.cursor()
cur.execute("INSERT INTO csrf (csrf, ip) VALUES (%(csrf)s, %(ip)s)", {'csrf': rand, 'ip': ip})
db.commit()
cur.close()
db.close()
return render_template("login.html", client_id=app.config['OAUTH_CLIENT_ID'], redirect_uri=app.config['OAUTH_REDIRECT_URI'], csrf=rand)
def index():
db = get_db()
cur = db.cursor()
query = "SELECT editor, id, name FROM reports"
if current_user.is_authenticated():
query = query + " ORDER BY editor = %s DESC, editor, name, id"
cur.execute(query, [current_user.id])
else:
query = query + " ORDER BY editor, id"
cur.execute(query)
if cur.rowcount > 0:
results = cur.fetchall()
reports = {}
for report in results:
if report[0] not in reports:
reports[report[0]] = []
reports[report[0]].append(report)
else:
reports = None
cur.close()
db.close()
if current_user.is_authenticated():
return render_template("index.html", reports=reports)
else:
ip = get_ip()
rand = base64.urlsafe_b64encode(os.urandom(30))
db = get_db()
cur = db.cursor()
cur.execute("INSERT INTO csrf (csrf, ip) VALUES (%(csrf)s, %(ip)s)", {'csrf': rand, 'ip': ip})
db.commit()
cur.close()
db.close()
return render_template("index.html", client_id=app.config['OAUTH_CLIENT_ID'], redirect_uri=app.config['OAUTH_REDIRECT_URI'], csrf=rand, reports=reports)
def report_delete(reportid):
report = getreport(reportid)
if request.method == 'POST' and request.form['confirm'] == 'on':
db = get_db()
cur = db.cursor()
cur.execute('DELETE FROM reports WHERE id = %s', [reportid])
if cur.rowcount > 0:
flash('Successfully deleted!')
else:
flash('Something went wrong.')
db.commit()
cur.close()
db.close()
return redirect(url_for("index"))
else:
return render_template("report/delete.html", report=report, reportid=reportid)
def getreport(reportid, requireuser=True):
db = get_db()
cur = db.cursor(cursor_factory=psycopg2.extras.DictCursor)
cur.execute("SELECT editor, name, sql, template, template_headers, defaults, last_modified FROM reports WHERE id = %s", [reportid])
if cur.rowcount > 0:
report = cur.fetchone()
else:
cur.close()
db.close()
abort(404)
if requireuser and report[0] != current_user.id and current_user.id != 'ianmcorvidae':
cur.close()
db.close()
abort(403)
cur.close()
db.close()
return report
