def _get_article(article_id):
article = db.select_one('select * from articles where id=?', article_id)
if article.website_id != ctx.website.id:
raise APIPermissionError('cannot get article that does not belong to current website.')
if article.draft and (ctx.user is None or ctx.user.role_id==ROLE_GUESTS):
raise APIPermissionError('cannot get draft article.')
return article
def extract_session_cookie():
'''
Decode a secure client session cookie and return user object, or None if invalid cookie.
Returns:
user as object, or None if cookie is invalid.
'''
try:
s = str(ctx.request.cookie(_SESSION_COOKIE_NAME, ''))
logging.debug('read cookie: %s' % s)
if not s:
return None
ss = base64.urlsafe_b64decode(s.replace('_', '=')).split(':')
if len(ss)!=3:
raise ValueError('bad cookie: %s' % s)
uid, exp, md5 = ss
if float(exp) < time.time():
raise ValueError('expired cookie: %s' % s)
user = db.select_one('select * from users where id=?', uid)
expected_pwd = str(user.passwd)
expected = ':'.join([uid, exp, expected_pwd, _SESSION_COOKIE_SALT])
if hashlib.md5(expected).hexdigest()!=md5:
raise ValueError('bad cookie: unexpected md5.')
# clear password in memory:
user.passwd = '******'
return user
except BaseException, e:
logging.debug('something wrong when extract cookie: %s' % e.message)
delete_session_cookie()
return None
def find_first(cls, where, *args):
'''
Find by where clause and return one result. If multiple results found,
only the first one returned. If no result found, return None.
'''
d = db.select_one('select * from %s %s' % (cls.__table__, where), *args)
return cls(**d) if d else None
def _get_page(page_id):
page = db.select_one('select * from pages where id=?', page_id)
if page.website_id != ctx.website.id:
raise APIPermissionError('cannot get page that does not belong to current website.')
if page.draft and (ctx.user is None or ctx.user.role_id==ROLE_GUESTS):
raise APIPermissionError('cannot get draft page.')
return page
def delete_attachment(attr_id):
att = db.select_one('select * from attachments where id=?', attr_id)
if att.website_id != ctx.website.id:
raise APIPermissionError('Cannot delete resource that not belong to current website.')
# FIXME: check user_id:
store.delete_resources(attr_id)
db.update('delete from attachments where id=?', attr_id)
def api_create_navigation():
i = ctx.request.input(name='', url='')
name = assert_not_empty(i.name, 'name')
url = assert_not_empty(i.url, 'url')
max_display = db.select_one('select max(display_order) as max from navigations').max
nav = Navigations(_id=db.next_id(), name=name, url=url, display_order=max_display+1).insert()
_clear_navigations_cache()
return nav
def _get_resource(rid, url=None):
logging.info('Get resource: %s, %s' % (rid, url))
r = db.select_one('select url, mime, size, data from resources where _id=?', rid)
if url and r.url!=url:
raise notfound()
resp = ctx.response
resp.content_type = r.mime
resp.content_length = r.size
return r.data
def _get_resource(rid, url=None):
logging.info('Get resource: %s, %s' % (rid, url))
r = db.select_one(
'select url, mime, size, data from resources where _id=?', rid)
if url and r.url != url:
raise notfound()
resp = ctx.response
resp.content_type = r.mime
resp.content_length = r.size
return r.data
def _get_wikipage(wp_id, wiki_id=None):
"""
get a wiki page by id. raise APIPermissionError if wiki is not belong to current website.
if the wiki_id is not None, it also check if the page belongs to wiki.
"""
wp = db.select_one("select * from wiki_pages where id=?", wp_id)
if wp.website_id != ctx.website.id:
raise APIPermissionError("cannot get wiki page that is not belong to current website.")
if wiki_id and wp.wiki_id != wiki_id:
raise APIValueError("wiki_id", "bad wiki id.")
return wp
def api_delete_category():
i = ctx.request.input(id='')
if not i.id:
raise APIValueError('id', 'id cannot be empty')
cat = _get_category(i.id)
if cat.locked:
raise APIError('operation:failed', 'category', 'cannot delete category that is locked.')
uncategorized = db.select_one('select id from categories where website_id=? and locked=?', ctx.website.id, True)
db.update('delete from categories where id=?', i.id)
db.update('update articles set category_id=?, version=version + 1 where category_id=?', uncategorized.id, i.id)
return True
def api_create_navigation():
i = ctx.request.input(name='', url='')
name = assert_not_empty(i.name, 'name')
url = assert_not_empty(i.url, 'url')
max_display = db.select_one(
'select max(display_order) as max from navigations').max
nav = Navigations(_id=db.next_id(),
name=name,
url=url,
display_order=max_display + 1).insert()
_clear_navigations_cache()
return nav
def _get_wikipage(wp_id, wiki_id=None):
'''
get a wiki page by id. raise APIPermissionError if wiki is not belong to current website.
if the wiki_id is not None, it also check if the page belongs to wiki.
'''
wp = db.select_one('select * from wiki_pages where id=?', wp_id)
if wp.website_id != ctx.website.id:
raise APIPermissionError(
'cannot get wiki page that is not belong to current website.')
if wiki_id and wp.wiki_id != wiki_id:
raise APIValueError('wiki_id', 'bad wiki id.')
return wp
def http_basic_auth(auth):
try:
s = base64.b64decode(auth)
logging.warn(s)
u, p = s.split(':', 1)
user = db.select_one('select * from users where email=?', u)
if user.passwd==hashlib.md5(p).hexdigest():
logging.info('Basic auth ok: %s' % u)
return user
return None
except BaseException, e:
logging.exception('auth failed.')
return None
def update_section():
_check_user()
i = ctx.request.input(id='', title='', description='')
if not i.id:
raise APIError('value', 'id', 'id is empty.')
title = i.title.strip()
description = i.description.strip()
if not title:
raise APIError('value', 'title', 'title is empty')
section = db.select_one('select * from sections where id=?', i.id)
_check_user_id(section.user_id)
db.update('update sections set title=?, description=?, version=version+1 where id=?', title, description, section.id)
db.update('update resumes set version=version+1 where id=?', section.resume_id)
return dict(result=True)
def delete_entry():
_check_user()
i = ctx.request.input(id='')
if not i.id:
raise APIError('value', 'id', 'id is empty.')
entry = db.select_one('select * from entries where id=?', i.id)
_check_user_id(entry.user_id)
entries = db.select('select * from entries where section_id=? order by display_order', entry.section_id)
display_ids = [en.id for en in entries if en.id != i.id]
db.update('delete from entries where id=?', i.id)
n = 0
for i in display_ids:
db.update('update entries set display_order=? where id=?', n, i)
db.update('update sections set version=version+1 where id=?', entry.section_id)
return dict(result=True)
def api_delete_category():
i = ctx.request.input(id='')
if not i.id:
raise APIValueError('id', 'id cannot be empty')
cat = _get_category(i.id)
if cat.locked:
raise APIError('operation:failed', 'category',
'cannot delete category that is locked.')
uncategorized = db.select_one(
'select id from categories where website_id=? and locked=?',
ctx.website.id, True)
db.update('delete from categories where id=?', i.id)
db.update(
'update articles set category_id=?, version=version + 1 where category_id=?',
uncategorized.id, i.id)
return True
def update_section():
_check_user()
i = ctx.request.input(id='', title='', description='')
if not i.id:
raise APIError('value', 'id', 'id is empty.')
title = i.title.strip()
description = i.description.strip()
if not title:
raise APIError('value', 'title', 'title is empty')
section = db.select_one('select * from sections where id=?', i.id)
_check_user_id(section.user_id)
db.update(
'update sections set title=?, description=?, version=version+1 where id=?',
title, description, section.id)
db.update('update resumes set version=version+1 where id=?',
section.resume_id)
return dict(result=True)
def delete_section():
_check_user()
i = ctx.request.input(id='')
if not i.id:
raise APIError('value', 'id', 'id is empty.')
section = db.select_one('select * from sections where id=?', i.id)
_check_user_id(section.user_id)
cv = get_default_cv(ctx.user.id)
sections = db.select('select * from sections where resume_id=? order by display_order', cv.id)
display_ids = [s.id for s in sections if s.id != i.id]
db.update('delete from entries where section_id=?', i.id)
db.update('delete from sections where id=?', i.id)
n = 0
for i in display_ids:
db.update('update sections set display_order=? where id=?', n, i)
db.update('update resumes set version=version+1 where id=?', cv.id)
return dict(result=True)
def delete_entry():
_check_user()
i = ctx.request.input(id='')
if not i.id:
raise APIError('value', 'id', 'id is empty.')
entry = db.select_one('select * from entries where id=?', i.id)
_check_user_id(entry.user_id)
entries = db.select(
'select * from entries where section_id=? order by display_order',
entry.section_id)
display_ids = [en.id for en in entries if en.id != i.id]
db.update('delete from entries where id=?', i.id)
n = 0
for i in display_ids:
db.update('update entries set display_order=? where id=?', n, i)
db.update('update sections set version=version+1 where id=?',
entry.section_id)
return dict(result=True)
def delete_section():
_check_user()
i = ctx.request.input(id='')
if not i.id:
raise APIError('value', 'id', 'id is empty.')
section = db.select_one('select * from sections where id=?', i.id)
_check_user_id(section.user_id)
cv = get_default_cv(ctx.user.id)
sections = db.select(
'select * from sections where resume_id=? order by display_order',
cv.id)
display_ids = [s.id for s in sections if s.id != i.id]
db.update('delete from entries where section_id=?', i.id)
db.update('delete from sections where id=?', i.id)
n = 0
for i in display_ids:
db.update('update sections set display_order=? where id=?', n, i)
db.update('update resumes set version=version+1 where id=?', cv.id)
return dict(result=True)
def _get_wiki(wid):
" get wiki by id. raise APIPermissionError if wiki is not belong to current website. "
wiki = db.select_one("select * from wikis where id=?", wid)
if wiki.website_id != ctx.website.id:
raise APIPermissionError("cannot get wiki that does not belong to current website.")
return wiki
def _get_category(category_id):
cat = db.select_one('select * from categories where id=?', category_id)
if cat.website_id != ctx.website.id:
raise APIPermissionError('cannot get category that does not belong to current website.')
return cat
def cv_by_user(uid):
target_user = db.select_one('select * from users where id=?', uid)
cv = get_default_cv(uid)
return dict(cv=cv, user=ctx.user, target=target_user, editable=ctx.user and ctx.user.id==uid)
def _get_passwd_by_uid(provider, userid):
if provider==const.LOCAL_SIGNIN_PROVIDER:
return db.select_one('select passwd from users where id=?', userid).passwd
return db.select_one('select auth_token from auth_users where user_id=? and provider=?', userid, provider).auth_token
def find_first(cls,where,*args):
d=db.select_one('select * from %s %'%(cls.__table__,where),*args)
return cls(**d) if d else None
def get_poet(poet_id):
return db.select_one('select * from poet where id=?', poet_id)
def _get_category(category_id):
cat = db.select_one('select * from categories where id=?', category_id)
if cat.website_id != ctx.website.id:
raise APIPermissionError(
'cannot get category that does not belong to current website.')
return cat
def get(cls, pk):
'''
获得数据通过主键 get by primary key
'''
d = db.select_one('select * from %s where %s=?' % (cls.__table__, cls.__primary_key__.name), pk)
return cls(**d) if d else None
def find_first(cls, where, *args):
'''
通过where语句查询,返回一个查询结果,如果有多个结果,仅取第一个,如果没有结果则返回第一个
'''
d = db.select_one('select * from %s %s' % (cls.__table__, where), *args)
return cls(**d) if d else None
def shortcut(path):
s = db.select_one('select * from shortcuts where path=?', path)
return cv_by_user(s.user_id)
def get_poem(poem_id):
return db.select_one('select * from poem where id=?', poem_id)
def shortcut(path):
s = db.select_one('select * from shortcuts where path=?', path)
return cv_by_user(s.user_id)
