def do(data, resource): body = {} params = data['params'] user = data['user'] user_id = user.get('id', None) parent_file_id = params.get('parent_file_id', None) file_name = params.get('file_name', uuid()) file_b64 = params.get('file_b64') read_groups = params.get('read_groups', []) write_groups = params.get('write_groups', []) meta_info = params.get('meta_info', {}) file_id = '{}'.format(uuid()) parent_file_info = None file_size = sys.getsizeof(file_b64) if parent_file_id: parent_file_info = resource.db_get_item(parent_file_id) if parent_file_info: if match_policy_after_get_policy_code(resource, 'create', 'files', user, parent_file_info): file_name = parent_file_info.get('file_name', None) parent_file_info['next_file_id'] = file_id file_size += parent_file_info['file_size'] else: body['error'] = error.PERMISSION_DENIED return Response(body) file_info = { 'file_id': file_id, 'parent_file_id': parent_file_id, 'file_name': file_name, 'owner': user_id, 'file_size': file_size, 'read_groups': read_groups, 'write_groups': write_groups, 'meta_info': meta_info, } if match_policy_after_get_policy_code(resource, 'create', 'files', user, file_info): resource.db_put_item('files', file_info, file_id) if parent_file_id and parent_file_info: resource.db_update_item(parent_file_id, parent_file_info) file_b64 = file_b64.encode('utf-8') file_b64 = base64.b64decode(file_b64) resource.file_upload_bin(file_id, file_b64) body['file_id'] = file_id return Response(body) else: body['error'] = error.PERMISSION_DENIED return Response(body)
def do(data, resource): partition = 'logic-function' body = {} params = data['params'] function_name = params.get('function_name') description = params.get('description', None) zip_file = params.get('zip_file', None) runtime = params.get('runtime', None) handler = params.get('handler', None) runnable = params.get('runnable', None) sdk_config = params.get('sdk_config', None) items, _ = resource.db_query(partition, [{ 'option': None, 'field': 'function_name', 'condition': 'eq', 'value': function_name }]) if items: item = items[0] if description: item['description'] = description if handler: item['handler'] = handler if runtime: item['runtime'] = runtime if runnable is not None: item['runnable'] = runnable if sdk_config is not None: item['sdk_config'] = sdk_config if zip_file: zip_file_id = uuid() requirements_zip_file_id = uuid() zip_file_b64 = zip_file.encode('utf-8') zip_file_bin = base64.b64decode(zip_file_b64) requirements_zip_file_bin = generate_requirements_zipfile( zip_file_bin) resource.file_upload_bin(zip_file_id, zip_file_bin) resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin) item['zip_file_id'] = zip_file_id item['requirements_zip_file_id'] = requirements_zip_file_id resource.db_update_item(item['id'], item) body['function_name'] = function_name return Response(body) else: body['error'] = error.NO_SUCH_FUNCTION return Response(body)
def put_item(self, table_name, partition, item, item_id=None, creation_date=None, indexing=True): if item_id: response = self.get_item(table_name, item_id=item_id) if 'Item' in response: need_counting = False else: need_counting = True else: item_id = str(shortuuid.uuid()) need_counting = True if not creation_date: creation_date = self.time() table = self.resource.Table(table_name) item['id'] = item_id item['creation_date'] = creation_date item['partition'] = partition response = table.put_item( Item=item, ) if need_counting: """ Counting if the item is a new one """ self._add_item_count(table_name, '{}-count'.format(partition)) for field, value in item.items(): self._add_item_count(table_name, '{}-{}-{}-count'.format(partition, field, value)) if indexing: self._delete_inverted_query(table_name, item_id) self._put_inverted_query(table_name, partition, item) return response
def do(data, resource): body = {} params = data['params'] guest_id = params.get('guest_id', None) data['params']['login_method'] = 'guest_login' login_conf = get_login_method(data, resource)['body']['item'] default_group_name = login_conf['default_group_name'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.GUEST_LOGIN_INVALID return Response(body) if guest_id: item = resource.db_get_item(guest_id) if item: session_id = put_guest_session(resource, guest_id) body['session_id'] = session_id body['guest_id'] = guest_id return Response(body) else: body['error'] = error.NO_SUCH_GUEST return Response(body) else: guest_id = shortuuid.uuid() email = '{}@guest.com'.format(shortuuid.uuid()) item = { 'email': email, 'groups': [default_group_name], 'login_method': 'guest_login', } resource.db_put_item('user', item, item_id=guest_id) session_id = put_guest_session(resource, guest_id) body['session_id'] = session_id body['guest_id'] = guest_id return Response(body)
def do(data, resource): partition = 'logic-function' body = {} params = data['params'] function_name = params.get('function_name') description = params.get('description', None) zip_file = params.get('zip_file', None) runtime = params.get('runtime') handler = params.get('handler') runnable = params.get('runnable', True) sdk_config = params.get('sdk_config', {}) zip_file_id = uuid() requirements_zip_file_id = uuid() item = dict() item['function_name'] = function_name item['description'] = description item['handler'] = handler item['runtime'] = runtime item['runnable'] = runnable item['zip_file_id'] = zip_file_id item['requirements_zip_file_id'] = requirements_zip_file_id item['sdk_config'] = sdk_config item_ids, _ = resource.db_get_item_id_and_orders(partition, 'function_name', function_name) if len(item_ids) == 0: zip_file_b64 = zip_file.encode('utf-8') zip_file_bin = base64.b64decode(zip_file_b64) requirements_zip_file_bin = generate_requirements_zipfile(zip_file_bin) resource.file_upload_bin(zip_file_id, zip_file_bin) resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin) resource.db_put_item(partition, item) body['function_name'] = function_name return body else: body['error'] = error.EXISTING_FUNCTION return body
def do(data, resource): body = {} params = data['params'] user = data.get('user', None) session_id = params.get('session_id', None) data['params']['login_method'] = 'guest_login' login_conf = get_login_method(data, resource)['item'] default_group_name = login_conf['default_group_name'] enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.GUEST_LOGIN_INVALID return body if user: body['session_id'] = session_id body['guest_id'] = user['id'] return body else: guest_id = shortuuid.uuid() email = '{}@guest.com'.format(shortuuid.uuid()) item = { 'email': email, 'groups': [default_group_name], 'login_method': 'guest_login', 'name': 'Guest' } resource.db_put_item('user', item, item_id=guest_id) session_id = put_guest_session(resource, guest_id) body['session_id'] = session_id body['guest_id'] = guest_id return body
def _put_inverted_query_field(self, table, partition, field, operand, operation, item_id, creation_date): if len(str(operand)) > 1024: return False _inverted_query = '{}-{}-{}-{}'.format(partition, field, operand, operation) query = { 'id': 'query-{}'.format(shortuuid.uuid()), 'partition': 'index-{}'.format(item_id), 'inverted_query': _inverted_query, 'creation_date': creation_date, 'item_id': item_id, } response = table.put_item( Item=query, ) return response
def try_put_item(idx, item): item['id'] = uuid() if 'owner' not in item: item['owner'] = user_id item = { key: value for key, value in item.items() if value != '' and value != {} and value != [] } if match_policy(policy_code, user, item): resource.db_put_item(partition, item, item_id=item['id'], index_keys=index_keys, sort_keys=sort_keys) item_ids[idx] = item.get('id', None) else: error_list[idx] = error.PERMISSION_DENIED
def do(data, resource): body = {} params = data['params'] user = data.get('user', None) if user: user_id = user.get('id', None) else: user_id = None partition = params.get('partition', None) item = params.get('item', {}) item['id'] = uuid() if 'owner' not in item: item['owner'] = user_id item = {key: value for key, value in item.items() if value != '' and value != {} and value != []} # 시스템 파티션 접근 제한 if database_can_not_access_to_item(partition): body['error'] = error.PERMISSION_DENIED return body # Check partition has been existed if resource.db_has_partition(partition): if match_policy_after_get_policy_code(resource, 'create', partition, user, item): index_keys = util.get_index_keys_to_index(resource, user, partition, 'w') sort_keys = util.get_sort_keys(resource) resource.db_put_item(partition, item, item_id=item['id'], index_keys=index_keys, sort_keys=sort_keys) body['item_id'] = item.get('id', None) return body else: body['error'] = error.PERMISSION_DENIED return body body['error'] = error.NO_SUCH_PARTITION return body
def do(data, resource): if not env.safe_to_run_code(): return { 'success': False, 'error': error.CANNOT_RUN_ON_NON_SERVERLESS } body = {} params = data['params'] package_text = params.get('package_text') if not package_text: return { 'success': False, 'error': error.REQUIRED_PARAMS_NOT_EXIST } requirements_zip_file_id = uuid() requirements_zip_file_bin, response_stdout = generate_requirements_zipfile(package_text) resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin) body['zip_file_id'] = requirements_zip_file_id body['response_stdout'] = response_stdout return body
def do(data, resource): body = {} params = data['params'] user = data['user'] id_token = params.get('id_token') data['params']['login_method'] = 'google_login' login_conf = get_login_method.do(data, resource)['item'] default_group_name = login_conf['default_group_name'] register_policy_code = login_conf.get('register_policy_code', None) enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False if not enabled: body['error'] = error.GOOGLE_LOGIN_INVALID return body extra_response = get_google_profile_response(id_token) google_user_id = extra_response['sub'] google_user_email = extra_response['email'] if not data.get('admin', False): if not match_policy(register_policy_code, extra_response, None): body['error'] = error.REGISTER_POLICY_VIOLATION return body instructions = [ (None, ('google_user_id', 'eq', google_user_id)), ('and', ('login_method', 'eq', 'google_login')), ] items, end_key = resource.db_query('user', instructions) if items: session_id = create_session(resource, items[0], data) body['session_id'] = session_id body['user_id'] = items[0]['id'] body['is_first_login'] = False return body elif not already_has_account_email( google_user_email, resource): # Create new user and create session also. item = { 'id': uuid(), 'email': google_user_email, 'groups': [default_group_name], 'login_method': 'google_login', 'google_user_id': google_user_id, } # Put extra value in the item key_map = {'name': 'name', 'picture': 'profile_image'} for key in extra_response: if key not in item: if key in key_map: item[key_map[key]] = extra_response[key] else: item[key] = extra_response[key] resource.db_put_item('user', item, item.get('id')) session_id = create_session(resource, item, data) body['session_id'] = session_id body['is_first_login'] = True body['user_id'] = item['id'] return body else: body['error'] = error.EXISTING_ACCOUNT_VIA_OTHER_LOGIN_METHOD return body
def do(data, resource): partition = 'logic-function' body = {} params = data['params'] function_name = params.get('function_name') description = params.get('description', None) zip_file = params.get('zip_file', None) runtime = params.get('runtime') handler = params.get('handler') runnable = params.get('runnable', True) sdk_config = params.get('sdk_config', {}) use_logging = params.get('use_logging', False) use_traceback = params.get('use_traceback', False) requirements_zip_file_id = params.get('requirements_zip_file_id', None) use_standalone = params.get('use_standalone', False) # zip_file_id = uuid() item = dict() item['function_name'] = function_name item['description'] = description item['handler'] = handler item['runtime'] = runtime item['runnable'] = runnable item['zip_file_id'] = zip_file_id item['requirements_zip_file_id'] = requirements_zip_file_id item['sdk_config'] = sdk_config item['use_logging'] = use_logging item['use_traceback'] = use_traceback item['use_standalone'] = use_standalone functions, _ = resource.db_query(partition, [{ 'condition': 'eq', 'field': 'function_name', 'value': function_name }], None, 1000, False) # item_ids, _ = resource.db_get_item_id_and_orders(partition, 'function_name', function_name) function_version = 0 if functions: function_version = int(functions[-1].get('function_version', 0)) + 1 item['function_version'] = function_version zip_file_b64 = zip_file.encode('utf-8') zip_file_bin = base64.b64decode(zip_file_b64) resource.file_upload_bin(zip_file_id, zip_file_bin) if use_standalone: standalone_function_name = f'{function_name}_{function_version}' item['standalone_function_name'] = standalone_function_name if requirements_zip_file_id: zip_file_bin = get_add_requirements_zip_file( resource, zip_file_bin, requirements_zip_file_id) resource.function_create_stand_alone_function(standalone_function_name, zip_file_bin) resource.db_put_item(partition, item) body['function_name'] = function_name body['function_version'] = function_version return body
def do(data, resource): partition = 'logic-function' body = {} params = data['params'] function_name = params.get('function_name') function_version = params.get('function_version', 0) description = params.get('description', None) zip_file = params.get('zip_file', None) runtime = params.get('runtime', None) handler = params.get('handler', None) runnable = params.get('runnable', None) sdk_config = params.get('sdk_config', None) use_logging = params.get('use_logging', None) use_traceback = params.get('use_traceback', None) items, _ = resource.db_query(partition, [{ 'option': None, 'field': 'function_name', 'condition': 'eq', 'value': function_name }]) if function_version is None: function_version = 0 items = list( filter( lambda x: int(x.get('function_version', 0)) == int(function_version ), items)) if items: item = items[0] if description: item['description'] = description if handler: item['handler'] = handler if runtime: item['runtime'] = runtime if runnable is not None: item['runnable'] = runnable if sdk_config is not None: item['sdk_config'] = sdk_config if use_traceback is not None: item['use_traceback'] = use_traceback if use_logging is not None: item['use_logging'] = use_logging if zip_file: zip_file_id = uuid() # requirements_zip_file_id = uuid() zip_file_b64 = zip_file.encode('utf-8') zip_file_bin = base64.b64decode(zip_file_b64) # requirements_zip_file_bin = generate_requirements_zipfile(zip_file_bin) resource.file_upload_bin(zip_file_id, zip_file_bin) # resource.file_upload_bin(requirements_zip_file_id, requirements_zip_file_bin) item['zip_file_id'] = zip_file_id # item['requirements_zip_file_id'] = requirements_zip_file_id resource.db_update_item(item['id'], item) body['function_name'] = function_name return body else: body['error'] = error.NO_SUCH_FUNCTION return body
def do(data, resource): body = {} params = data['params'] email = params['email'] password = params['password'] # 추가적으로 삽입할 데이터들을 가져옵니다. extra = params.get('extra', {}) # 빈 값들은 세팅에서 제외합니다. extra = { key: value for key, value in extra.items() if value != '' and value != {} and value != [] } # 높은 암호화 수준을 위해 Salt 를 랜덤 생성합니다. salt = Salt.get_salt(32) # 사용자가 입력한 password 를 salt 와 함께 sha3_512 으로 해싱합니다. password_hash = hash_password(password, salt) # 비밀번호 정책 기준을 충족하는지 체크하기 위해 delegate 함수로 비밀번호의 메타 정보를 체크합니다. password_meta = { 'count': len(password), 'count_lowercase': len([c for c in password if c.islower()]), 'count_uppercase': len([c for c in password if c.isupper()]), 'count_special': len([c for c in password if c in string.punctuation]), } partition = 'user' data['params']['login_method'] = 'email_login' login_conf = get_login_method(data, resource)['item'] # 사용자의 가입 정책기준을 가져옵니다. register_policy_code = login_conf.get('register_policy_code', None) if not data.get('admin', False): # 사용자 가입 정책에 부합하는지 확인합니다. 부합하지 않으면 정책 위반 에러를 리턴합니다. if not match_policy(register_policy_code, extra, password_meta): body['error'] = error.REGISTER_POLICY_VIOLATION return body # 시스템의 Login config 에 저장된대 기본 가입 그룹 이름을 가져옵니다. default_group_name = login_conf['default_group_name'] # 시스템에서 로그인이 허용되는지 체크합니다. enabled = login_conf['enabled'] if enabled == 'true': enabled = True elif enabled == 'false': enabled = False # 로그인 허용이 되지 않는 경우입니다. if not enabled: body['error'] = error.EMAIL_LOGIN_INVALID return body # email 로 사용자가 있는지 확인합니다. instructions = [[None, 'email', 'eq', email]] items, end_key = resource.db_query(partition, instructions) users = list(items) # 이미 해당 이메일로 가입된 멤버가 있는 경우 if len(users) > 0: body['error'] = error.EXISTING_ACCOUNT return body else: # 해싱된 비밀번호로 회원 가입을 진행합니다. item = { 'id': str(uuid()), 'email': email, 'password_hash': password_hash, 'salt': salt, 'groups': [default_group_name], 'login_method': 'email_login', } # Put extra value in the item for key in extra: if key not in item: item[key] = extra[key] resource.db_put_item(partition, item, item_id=item['id']) body['item'] = item return body