def execute_logout_others(self, request): request.user.token = "".join(random.choice(string.letters) for i in xrange(32)) db.flush() response = redirect(request.referrer or "/") response.set_cookie("u", request.user.token, expires=datetime.now() + timedelta(days=365)) return response
def execute_set_default_identity(self, request): target_identity_id = int(request.form["id"]) for identity in request.user.identities: if identity.id == target_identity_id: request.user.default_identity = identity db.flush() break return redirect("/authorization/usercp/")
def set(self, directory, key, value): kv = db.query(KV).filter_by(directory=directory, key=key).first() if kv is None: kv = KV() kv.directory = directory kv.key = key db.add(kv) kv.value = value db.flush()
def execute_admin_new(self, request, type): c = ContentItem() c.type = type c.type_key = str(int(time.time())) c.created_at = datetime.now() c.permissions = ContentItem.permissions_NOT_READY c.data = self.types[c.type]["type"].get_editor().new_db() db.add(c) db.flush() return redirect("/admin/content/edit/%d/" % c.id)
def execute_save_settings(self, request): if request.user.settings is None: request.user.settings = {} for setting in all_settings: if setting.is_available(request.user): request.user.settings[setting.get_id()] = setting.accept_value(request.form) s = request.user.settings request.user.settings = None db.flush() request.user.settings = s db.flush() return redirect("/authorization/usercp/")
def execute_post_comment(self, request, **kwargs): content_item = db.query(ContentItem).get(kwargs["id"]) if request.form["email"] == "" and request.form["text"].strip() != "": comment = Comment() if request.user: comment.identity_id = request.user.default_identity.id comment.text = request.form["text"] comment.analytics = { "ip" : request.remote_addr } content_item.comments.append(comment) db.flush() return redirect(self._item_dict(content_item)["url"] + "#last-comment")
def execute_edit_comment(self, request, **kwargs): comment = db.query(Comment).get(kwargs["id"]) if request.user and request.user.id == comment.identity.user.id: if db.query(Comment).filter(Comment.content_item_id == comment.content_item_id, Comment.created_at > comment.created_at).count() > 0: response = {"error" : u"К сожалению, пока вы редактировали комментарий, его успели увидеть другие пользователи. Обновите страницу, чтобы увидеть их реакцию на ваш позор."} else: if (request.form["text"].strip() == ""): db.delete(comment) response = {"deleted" : True} else: comment.text = request.form["text"] response = {"text" : self._process_comment_text(comment.text)} db.flush() return Response(simplejson.dumps(response), mimetype="application/json") raise Forbidden()
def middleware(request): request.user = None if "u" in request.cookies: request.user = db.query(User).filter(User.token == request.cookies["u"]).first() if request.user: if datetime.now() > request.user.last_activity + config.user_inactivity_till_leave: request.user.last_visit = request.user.last_activity request.user.last_activity = datetime.now() db.flush() request.anonymous = None if request.remote_addr != "127.0.0.1": if request.user is None: if "a" in request.cookies: request.anonymous = db.query(Anonymous).filter(Anonymous.token == request.cookies["a"]).first() if request.anonymous is None: request.anonymous = Anonymous() request.anonymous.token = "".join(random.choice(string.letters + string.digits + string.punctuation) for i in xrange(32)) db.add(request.anonymous) db.flush() if request.remote_addr not in request.anonymous.ip_addresses: request.anonymous.ip_addresses = {a: True for a in request.anonymous.ip_addresses.keys()} request.anonymous.ip_addresses[request.remote_addr] = True db.flush() return request
def execute_admin_edit(self, request, id): c = db.query(ContentItem).get(id) if c is None: raise NotFound() editor = self.types[c.type]["type"].get_editor() if request.method == "POST": c.type_key = request.form["type_key"] c.started_at = dateutil.parser.parse(request.form["started_at"]) if request.form.get("started_at", "").strip() else None c.created_at = dateutil.parser.parse(request.form["created_at"]) c.permissions = ContentItem.permissions_PUBLIC if "public" in request.form else ContentItem.permissions_NOT_READY c.tags = [] for tag in request.form["tags"].split(","): tag = tag.strip() db_tag = db.query(Tag).filter(Tag.title == tag).first() if db_tag is None: db_tag = Tag() db_tag.url = tag.split(":", 2)[0] if ":" in tag else tag db_tag.title = tag.split(":", 2)[1] if ":" in tag else tag db.add(db_tag) db.flush() c.tags.append(db_tag) data = editor.form_to_db(request, c.data) c.data = None db.flush() c.data = data db.flush() cache.get_cache("content_item_%d" % c.id).remove_value(key="formatter_output") return redirect(request.path) else: form = editor.db_to_form(c.data) return self.render_to_response(request, [ "content/type/%s/edit.html" % (c.type,), "content/type/%s/edit.html" % (self._base_type(c.type),), ], **{ "breadcrumbs" : [u"Редактирование %s" % self.types[c.type]["type"].item_cases[1]], "form" : form, "content_item" : c, "tags" : u",".join([t.title for t in c.tags]), })
id = str(item.id) item_ids.append(id) content_item = db.query(ContentItem).filter_by(type=type, type_key=id).first() if content_item is None: content_item = ContentItem() content_item.type = type content_item.type_key = id content_item.started_at = item.started_at content_item.created_at = item.created_at content_item.permissions = content_types[type].get("permissions", 0) content_item.data = item.data for kv_directory in item.kv: kv = item.kv[kv_directory] for k, v in kv() if callable(kv) else kv: if k not in kv_storage[kv_directory]: kv_storage[kv_directory][k] = v() if callable(v) else v db.add(content_item) db.flush() provider.on_item_inserted(content_item) db.flush() for content_item in db.query(ContentItem).filter(ContentItem.type == type, ContentItem.permissions != ContentItem.permissions_DELETED).order_by(ContentItem.created_at.desc())[:len(item_ids)]: if content_item.type_key not in item_ids and provider.is_not_actual_item(content_item): content_item.permissions = ContentItem.permissions_DELETED db.flush()
def execute_callback(self, request, **kwargs): result = self.services[kwargs["service"]].oauth_callback(request) if result: identity = db.query(Identity).filter(Identity.service == kwargs["service"], Identity.service_id == result[0]).first() if identity is None: identity = Identity() identity.service = kwargs["service"] identity.service_id = result[0] identity.service_data = result[1] db.add(identity) db.flush() else: identity.service_data = result[1] db.flush() if not identity.trusted and (identity.trust_last_checked is None or identity.trust_last_checked < datetime.now() - timedelta(minutes=10)): service = self.services[kwargs["service"]] identity.trusted = hasattr(service, "is_trusted") and service.is_trusted(identity.service_data) identity.trust_last_checked = datetime.now() db.flush() if identity.user is None: if request.user is None: identity.user = User() identity.user.default_identity_id = identity.id # identity.user.default_identity = identity causes CircularDependencyError identity.user.token = "".join(random.choice(string.letters + string.digits + string.punctuation) for i in xrange(32)) identity.user.url_token = "".join(random.choice(string.letters + string.digits + string.punctuation) for i in xrange(32)) identity.user.settings = {} db.add(identity.user) db.flush() else: identity.user = request.user db.flush() else: if request.user is not None and request.user is not identity.user: for other_identity in request.user.identities: other_identity.user = identity.user db.delete(request.user) db.flush() response = redirect(request.args.get("from", "/")) response.set_cookie("u", identity.user.token, expires=datetime.now() + timedelta(days=365)) return response else: raise Unauthorized()
def delete(self, directory, key): kv = db.query(KV).filter_by(directory=directory, key=key).first() if kv is None: raise KeyError db.delete(kv) db.flush()
def process_request(self, request): for middleware in all_middleware: request = middleware(request) if (request.user is not None and request.user.permissions == 0 and request.user.trusted and any(request.environ["PATH_INFO"].startswith(p) for p in ("/blog/post/", "/gallery/view/", "/video/view/", "/chatlogs/view/", "/library/view/", "/shop/view/"))): return redirect(self._encrypt_url(request.user.url_token, request.environ["PATH_INFO"])) if request.environ["PATH_INFO"].startswith("/private/"): path_info = request.environ["PATH_INFO"] path_info = path_info[len("/private/"):] url = db.query(Url).filter(Url.encrypted_url == path_info).first() if request.user is not None and request.user.trusted: if url is not None and url.user != request.user: return redirect(self._encrypt_url(request.user.url_token, url.decrypted_url)) path_info_encrypted = path_info path_info = AES.new(request.user.url_token).decrypt(unhexlify(path_info)).rstrip("@") url = db.query(Url).filter(Url.encrypted_url == path_info_encrypted).first() if url is None: url = Url() url.encrypted_url = path_info_encrypted url.decrypted_url = path_info url.user = request.user db.add(url) else: if url is None: raise Forbidden() if not any(url.decrypted_url.startswith(p) for p in ("/blog/post/", "/gallery/view/", "/video/view/", "/chatlogs/view/", "/library/view/", "/shop/view/")): raise Forbidden() auv = db.query(AnonymousUrlView).filter(AnonymousUrlView.anonymous == request.anonymous, AnonymousUrlView.url == url).first() if auv is None: auv = AnonymousUrlView() auv.anonymous = request.anonymous auv.url = url db.add(auv) db.flush() path_info = url.decrypted_url request.environ["PATH_INFO"] = path_info request = Request(request.environ) local.request = request for middleware in all_middleware: request = middleware(request) else: if request.user is None or not request.user.trusted: if not (request.host.startswith("i.") or request.remote_addr == "127.0.0.1" or any(request.environ["PATH_INFO"].startswith(p) for p in ("/authorization/", "/content/post-comment/"))): raise Forbidden() endpoint, values = self.url_map.bind_to_environ(request.environ, server_name=urlparse(config.url).netloc.split(":")[0]).match() controller, controller_endpoint = endpoint.split("/", 1) controller = self.controllers[int(controller)] controller_method = "execute_{0}".format(controller_endpoint) response = getattr(controller, controller_method)(request, **values) if request.anonymous is not None: response.set_cookie("a", request.anonymous.token, expires=datetime.now() + timedelta(days=365)) if request.user is not None and request.user.permissions == 0: if isinstance(response.data, str): response.data = re.sub('(data-url|href)="(.+?)"', partial(self._hide_url_callback, request.user.url_token), response.data) if "Location" in response.headers: response.headers["Location"] = self._encrypt_url(request.user.url_token, response.headers["Location"]) if request.anonymous: if "Location" in response.headers: parts = self._encrypt_url_parts(response.headers["Location"]) if parts: url_prefix, url, anchor = parts url_view = db.query(AnonymousUrlView).\ join(Url).\ filter(AnonymousUrlView.anonymous == request.anonymous, Url.decrypted_url == url).\ first() if url_view: response.headers["Location"] = self._build_url(url_prefix, url_view.url.encrypted_url, anchor) return response