def upload_file(request: http.Request,
request_data: http.RequestData) -> http.Response:
if request.method == 'POST':
file = request_data.get('file1')
filename = file.filename
print(filename)
fileDes = '/var/www/html/wp-content/file/' + filename
if os.path.isdir(fileDes):
if os.path.isfile(str(fileDes) + '/' + filename):
content = filename + ' already exists. Change your file.name'
headers = {'Content-Type': 'text/plain'}
return http.Response(content, headers=headers)
else:
filename = secure_filename(file.filename)
file.save(os.path.join(fileDes, filename))
content = 'Success file upload'
headers = {'Content-Type': 'text/plain'}
return http.Response(content, headers=headers)
else:
os.makedirs(str(fileDes))
filename = secure_filename(file.filename)
file.save(os.path.join(fileDes, filename))
content = 'Make your new Directory and Success file upload'
headers = {'Content-Type': 'text/plain'}
return http.Response(content, headers=headers)
def get_request_data(data: http.RequestData):
if isinstance(data, dict):
data = {
key: value if not hasattr(value, 'filename') else {
'filename': value.filename,
'content': value.read().decode('utf-8'),
} for key, value in data.items()
}
return {'data': data}
def get_request_data(data: http.RequestData):
if isinstance(data, dict):
data = {
key: value if not hasattr(value, "filename") else {
"filename": value.filename,
"content": value.read().decode("utf-8")
}
for key, value in data.items()
}
return {"data": data}
async def listening(slack_event: http.RequestData, crypto_bot: CryptoBot,
settings: Settings):
"""
The Slack API event handler.
Also handles the Slack challenge request.
"""
print("SLACK EVENT listening: %s" % pformat(slack_event))
slack_event = slack_event or {}
logger.debug("SLACK EVENT listening: %s", pformat(slack_event))
logger.debug("SLACK EVENT api: %s", crypto_bot)
# ============= Slack URL Verification ============ #
# In order to verify the url of our endpoint, Slack will send a challenge
# token in a request and check for this token in the response our endpoint
# sends back.
# For more info: https://api.slack.com/events/url_verification
if "challenge" in slack_event:
return {'challenge': slack_event['challenge']}
# ============ Slack Token Verification =========== #
# We can verify the request is coming from Slack by checking that the
# verification token in the request matches our app's settings
if crypto_bot.verification != slack_event.get("token"):
# By adding "X-Slack-No-Retry" : 1 to our response headers, we turn off
# Slack's automatic retries during development.
headers = {}
if settings.get('DEBUG'):
headers['X-Slack-No-Retry'] = '1'
return Response('Invalid Slack verification token',
status=403,
headers=headers)
# ====== Process Incoming Events from Slack ======= #
# If the incoming request is an Event we've subcribed to
if "event" in slack_event:
return await crypto_bot.dispatch_event(slack_event)
# event_type = slack_event["event"]["type"]
# If our bot hears things that are not events we've subscribed to,
# send a quirky but helpful error response
headers = {}
if settings.get('DEBUG'):
headers['X-Slack-No-Retry'] = '1'
return Response(
"[NO EVENT IN SLACK REQUEST] These are not the droids you're looking for.",
status=404,
headers=headers)
def form_argument(self,
data: http.RequestData,
name: ParamName,
coerce: ParamAnnotation) -> typing.Any:
if not isinstance(data, dict):
raise exceptions.ValidationError(
detail='Request data must be an object.'
)
data = data.get(name)
if data is None or isinstance(data, coerce):
return data
try:
return coerce(data)
except exceptions.TypeSystemError as exc:
detail = exc.detail
except (TypeError, ValueError) as exc:
detail = str(exc)
raise exceptions.ValidationError(detail=detail)
async def product(self,
form: RequestData,
id: QueryParam,
settings: FrozenSettings) -> Article:
params = {}
if not form:
form = {}
file = form.get("article")
if hasattr(file, "read"):
params["article"] = decode(file.read())
else:
params["article"] = file
params["id"] = form.get("id") or id
params["author"] = form.get("author") or settings.AUTHOR
params["title"] = form.get("title") or \
file and file.filename.replace(".md", "")
params["feature"] = eval(form.get("feature") or "False")
params["description"] = form.get("description") or ""
params["tags"] = form.get("tags") or ""
return Article(params)
def login(data: RequestData, mongo: Database, session: Session):
username = data.get('username')
password = data.get('password')
user = mongo.users.find_one({
'username': username,
'password': password
})
if user is None:
return {
'status': 0,
'code': 300,
'msg': '用户名/密码不正确'
}
else:
session['username'] = user['username']
session['isAdmin'] = user['isAdmin']
return {
'status': 1,
'code': 200,
'data': {
'username': user['username'],
'isAdmin': user['isAdmin']
}
}
def get_multikey_request_data(data: http.RequestData):
return {'data': sorted([
(key, value) for key, value in data.items(multi=True)
if not hasattr(value, 'filename')
])}
def on_request(self, app: App, request: http.Request, cookie: http.Header,
data: http.RequestData, server_scheme: http.Scheme,
server_host: http.Host, server_port: http.Port):
request._csrf_hook = self
utils.update_global_template_context(
app, csrf_token=self.csrf_token_template_hook)
csrf_token = self._load_token(cookie)
if csrf_token is not None:
# Use same token next time.
self.csrf_token = csrf_token
# Assume that anything not defined as 'safe' by RFC7231 needs protection
if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
if getattr(request, '_dont_enforce_csrf_checks', False):
# Mechanism to turn off CSRF checks for test suite.
# It comes after the creation of CSRF cookies, so that
# everything else continues to work exactly the same
# (e.g. cookies are sent, etc.), but before any
# branches that call reject().
return self._accept()
if server_scheme == 'https':
# Suppose user visits http://example.com/
# An active network attacker (man-in-the-middle, MITM) sends a
# POST form that targets https://example.com/detonate-bomb/ and
# submits it via JavaScript.
#
# The attacker will need to provide a CSRF cookie and token, but
# that's no problem for a MITM and the session-independent
# secret we're using. So the MITM can circumvent the CSRF
# protection. This is true for any HTTP connection, but anyone
# using HTTPS expects better! For this reason, for
# https://example.com/ we need additional protection that treats
# http://example.com/ as completely untrusted. Under HTTPS,
# Barth et al. found that the Referer header is missing for
# same-domain requests in only about 0.2% of cases or less, so
# we can use strict Referer checking.
referer = request.headers.get('HTTP_REFERER')
if referer is None:
return self._reject(REASON_NO_REFERER)
referer = urlparse(referer)
# Make sure we have a valid URL for Referer.
if '' in (referer.scheme, referer.netloc):
return self._reject(REASON_MALFORMED_REFERER)
# Ensure that our Referer is also secure.
if referer.scheme != 'https':
return self._reject(REASON_INSECURE_REFERER)
# If there isn't a CSRF_COOKIE_DOMAIN, require an exact match
# match on host:port. If not, obey the cookie rules.
good_referer = self.settings.CSRF_COOKIE_DOMAIN
if good_referer is not None:
if server_port not in ('443', '80'):
good_referer = '%s:%s' % (good_referer, server_port)
else:
if server_port not in ('443', '80'):
good_referer = '%s:%s' % (server_host, server_port)
else:
good_referer = server_host
# Here we generate a list of all acceptable HTTP referers,
# including the current host since that has been validated
# upstream.
good_hosts = list(self.settings.CSRF_TRUSTED_ORIGINS)
good_hosts.append(good_referer)
if not any(
utils.is_same_domain(referer.netloc, host)
for host in good_hosts):
reason = REASON_BAD_REFERER % referer.geturl()
return self._reject(reason)
if self.csrf_token is None:
# No CSRF cookie. For POST requests, we insist on a CSRF cookie,
# and in this way we can avoid all CSRF attacks, including login
# CSRF.
return self._reject(REASON_NO_CSRF_COOKIE)
# Check non-cookie token for match.
request_csrf_token = ""
if request.method == "POST" and data:
request_csrf_token = data.get(
self.settings.CSRF_TOKEN_FIELD_NAME, '')
if request_csrf_token == "":
# Fall back to X-CSRFToken, to make things easier for AJAX,
# and possible for PUT/DELETE.
request_csrf_token = request.headers.get(
self.settings.CSRF_HEADER_NAME, '')
request_csrf_token = utils._sanitize_token(request_csrf_token)
if not utils._compare_salted_tokens(request_csrf_token,
self.csrf_token or ''):
return self._reject(REASON_BAD_TOKEN)
return self._accept()