def validate_get_request(request, request_from): """This function validates all get requests to the server. It makes sure that each request comes with a valid Wix instance. It also makes sure that, depending on the datatype being requested, all the needed information to perform the get request has been provided by the client. It returns the provided data from the client if successful. Otherwise, it replies to the client with an appropiate error status code and corresponding message. """ try: instance = request.headers["X-Wix-Instance"] instance_json = instance_parser(instance) if not instance_json: abort(STATUS["Forbidden"], message="Invalid Instance") else: try: instance = instance_json["instanceId"] except KeyError: abort(STATUS["Forbidden"], message="Invalid Instance") if request_from == "settings": try: if (instance_json["permissions"] != "OWNER"): abort(STATUS["Forbidden"], message="Invalid Instance") except KeyError: abort(STATUS["Forbidden"], message="Invalid Instance") if request_from == "modal" or request_from == "modalNeedingMoreFeed": event_id = request.headers["event_id"] desired_data = request.headers["desired_data"] if request_from == "modalNeedingMoreFeed": object_id = request.headers["object_id"] if "until" in request.headers: until = request.headers["until"] after = None else: after = request.headers["after"] until = None except AttributeError: abort(STATUS["Unauthorized"], message="Request Incomplete") except KeyError: abort(STATUS["Unauthorized"], message="Missing Value") if request_from == "modal" or request_from == "modalNeedingMoreFeed": info = {"instance" : instance, "event_id" : event_id, \ "desired_data" : desired_data} if not (request_from == "modalNeedingMoreFeed"): return info else: info["object_id"] = object_id info["until"] = until info["after"] = after return info else: return instance
def validate_put_request(request, datatype): """This function validates all put requests to the server. It makes sure that each request comes with a valid Wix instance and the instance is coming from the owner of the app. It also makes sure that, depending on the datatype being stored, all the needed information to perform the put request has been provided by the client. It returns the data from the client if successful. Otherwise, it replies to the client with an appropiate error status code and corresponding message. """ try: instance = request.headers["X-Wix-Instance"] content_type = request.headers["Content-Type"] except AttributeError: abort(STATUS["Unauthorized"], message="Request Incomplete") except KeyError: abort(STATUS["Unauthorized"], message="Missing Value") if content_type != "application/json;charset=UTF-8": abort(STATUS["Bad_Request"], message="Badly Formed Request") instance_json = instance_parser(instance) if not instance_json: abort(STATUS["Forbidden"], message="Invalid Instance") else: try: if (instance_json["permissions"] != "OWNER"): abort(STATUS["Forbidden"], message="Invalid Instance") else: instance = instance_json["instanceId"] except KeyError: abort(STATUS["Forbidden"], message="Invalid Instance") if datatype == "access_token": try: data = json.loads(request.data) access_token = data["access_token"] except Exception: abort(STATUS["Bad_Request"], message="Badly Formed Request") info = {"instance": instance, "access_token": access_token} elif datatype == "settings": try: data_dict = json.loads(request.data) settings = json.dumps(data_dict["settings"]) events = json.dumps(data_dict["events"]) except Exception: abort(STATUS["Bad_Request"], message="Badly Formed Request") if not (settings and events): abort(STATUS["Bad_Request"], message="Missing Settings or Events") info = {"instance" : instance, "settings" : settings, \ "events" : events} else: info = {"instance": instance} return info
def validate_put_request(request, datatype): """This function validates all put requests to the server. It makes sure that each request comes with a valid Wix instance and the instance is coming from the owner of the app. It also makes sure that, depending on the datatype being stored, all the needed information to perform the put request has been provided by the client. It returns the data from the client if successful. Otherwise, it replies to the client with an appropiate error status code and corresponding message. """ try: instance = request.headers["X-Wix-Instance"] content_type = request.headers["Content-Type"] except AttributeError: abort(STATUS["Unauthorized"], message="Request Incomplete") except KeyError: abort(STATUS["Unauthorized"], message="Missing Value") if content_type != "application/json;charset=UTF-8": abort(STATUS["Bad_Request"], message="Badly Formed Request") instance_json = instance_parser(instance) if not instance_json: abort(STATUS["Forbidden"], message="Invalid Instance") else: try: if (instance_json["permissions"] != "OWNER"): abort(STATUS["Forbidden"], message="Invalid Instance") else: instance = instance_json["instanceId"] except KeyError: abort(STATUS["Forbidden"], message="Invalid Instance") if datatype == "access_token": try: data = json.loads(request.data) access_token = data["access_token"] except Exception: abort(STATUS["Bad_Request"], message="Badly Formed Request") info = {"instance" : instance, "access_token" : access_token} elif datatype == "settings": try: data_dict = json.loads(request.data) settings = json.dumps(data_dict["settings"]) events = json.dumps(data_dict["events"]) except Exception: abort(STATUS["Bad_Request"], message="Badly Formed Request") if not (settings and events): abort(STATUS["Bad_Request"], message="Missing Settings or Events") info = {"instance" : instance, "settings" : settings, \ "events" : events} else: info = {"instance" : instance} return info