def validate_url(url): regex = re.compile( r'^(?:http|ftp)s?://' r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' r'localhost|' r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' r'(?::\d+)?' r'(?:/?|[/?]\S+)$', re.IGNORECASE) if not url: raise InvalidUsage('Empty url', status_code=409) if not re.match(regex, url): raise InvalidUsage('Wrong url format', status_code=409) return True
def oauth2_tokens(): code = request.args.get('code') url = "https://api.hubapi.com/oauth/v1/token" data = { "grant_type": "authorization_code", "client_id": CLIENT_ID, "client_secret": CLIENT_SECRET, "redirect_uri": "{}/oauth2/tokens&code={}".format(REDIRECT_URI, code) } data = "grant_type={}&client_id={}&client_secret={}&redirect_uri={}".format( data["grant_type"], data["client_id"], data["client_secret"], data["redirect_uri"]) tokens = requests.post(url, data=data).json() if 'access_token' in tokens: token = HubspotToken(access_token=tokens['access_token'], refresh_token=tokens['refresh_token']) token.save() user_data = requests.get( 'https://api.hubapi.com/oauth/v1/access-tokens/{}'.format( tokens['access_token'])).json() print(user_data) user = User(email=user_data['user'], hub_domain=user_data['hub_domain'], token=token) user.save() session['token'] = token['access_token'] return redirect('/obtain_data') else: raise InvalidUsage("Can't get access token!", status_code=400)
def calculate_rollup(rollup, item): rollup_function = identifier_to_rollup_map[rollup.get('aggregation')] if not rollup_function: raise InvalidUsage("this type of rollup is not supported" ) # we'll want to throw an exception in this case relation_data = item.get_property(rollup.get('relation_property')) target_property = rollup.get('target_property') relation_data_processed = [] if relation_data and len(relation_data) > 0: if not is_rollup_or_formula(relation_data[0].collection. get_schema_property(target_property)): relation_data_processed = [ relation_item.get_property(target_property) for relation_item in relation_data ] else: relation_calculated_field = relation_data[ 0].collection.get_schema_property(target_property) relation_data_processed = [ calculate_rollup_or_formula(relation_calculated_field, relation_item) for relation_item in relation_data ] return rollup_function(relation_data_processed)
def hubspot_deal_data(): token = session['token'] headers = {'authorization': 'Bearer ' + token} hubspot_deal_response = requests.get( 'https://api.hubapi.com/deals/v1/deal/paged?includeAssociations=true&&properties=dealname', headers=headers).json() token = HubspotToken.objects.get(access_token=token) for deal in hubspot_deal_response['deals']: if not Deal.objects(deal_id=deal['dealId']): try: obj = Deal( deal_id=deal['dealId'], name=deal['properties']['dealname']['value'], source=deal['properties']['num_associated_contacts'] ['source'], close_date=datetime.datetime.fromtimestamp( int(deal['properties']['dealname']['timestamp']) / 1000), user=User.objects.get(token=token.id)) obj.save() except Exception as e: raise InvalidUsage(str(e), 401) flash('Saved to DB!') return jsonify(hubspot_deal_response)
def add_file_to_project(self, file, projectID): if isinstance(file, str): fileName = file else: fileName = file.filename ext = fileName[fileName.find("."):] print(fileName, "with ext", ext) if ext.lower() in (".jpg", ".png"): file_type = "image" elif ext.lower() in (".mp4", ".webm", ".avi", ".wmv", ".mov"): file_type = "video" else: file_type = "unknown" raise InvalidUsage("File specified is not a video/image") fileID = str(uuid.uuid4()) new_file_name = fileID + ext new_file_path = os.path.join(DATA_FOLDER, new_file_name) print("saving", fileName, "to", new_file_path) if isinstance(file, str): os.rename(os.path.join(DATA_FOLDER, file), new_file_path) else: file.save(new_file_path) self.dbExec("INSERT INTO FILES VALUES (?,?,?,?,?)", (new_file_name, projectID, file_type, fileName, "{}")) return {"original": fileName, "id": new_file_name, "type": file_type}
def add(): """Add new faces to database.""" if request.method == 'POST': file = request.files.get('image') text = request.form.get('id') if not file or not text: raise InvalidUsage('Invalid data', status_code=400) file.save("plugins/faces/"+str(text)+".jpg") return json.dumps({"response": "done"})
def get(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] result = model.User.load_user_by_token(token) if isinstance(result, model.User): return jsonify({'user': result.username}) raise InvalidUsage('unable to obtain user') except InvalidUsage as e: return {'error': e.args[0]}
def provider_picker(self): log = logging.getLogger('provider') for provider in provider_mapper.keys(): try: return self.form_response( provider_mapper.get(provider)(self.url).shorten()) except: log.warning('{0} is unavailable'.format(provider)) raise InvalidUsage('All url shortening providers seem unavailable', status_code=409)
def post(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] user = model.User.load_user_by_token(token) if not isinstance(user, model.User): raise InvalidUsage('unable to obtain user') timeline = model.Timeline.load_timeline( entity_key=args.timeline_hash) if not isinstance(timeline, model.Timeline): raise InvalidUsage('unable to obtain timeline') if timeline.key.parent( ) == user.key: # check if the auth user is also admin for this timeline timeline.active = False timeline.put() return {'message': 'timeline deleted successfully'}, else: raise InvalidUsage('permission denied') except InvalidUsage as e: return {'error': e.args[0]}
def request_mq_message(): # https://www.digitalocean.com/community/tutorials/how-to-install-and-manage-apache-qpid try: # app.logger.debug("Get MQ request") mq_parser = reqparse.RequestParser() mq_parser.add_argument('msg_num', help="Num de telefone") mq_parser.add_argument('msg_texto', help="Texto da mensagem") return mq_parser except MQError as err: app.logger.error("MQError - %s" % str(err)) raise InvalidUsage(str(err), status_code=500)
def post(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] if args.password != args.confirm_password: raise InvalidUsage('passwords dont match!') user = model.User.load_user_by_token(token) user.change_password(args.password) return {'message': 'password updated.'} except InvalidUsage as e: return {'error': e.args[0]}
def recognize_data(): ct = time.time() f = request.files.get('the_file') if not f: raise InvalidUsage('Please attach file and send it!', status_code=400) file_path = get_file_path(f) validate_image(file_path) file_dict = process_image(f, file_path) duration = round(time.time() - ct, 2) logging.info('Total duration time %s', duration) return json.dumps(file_dict)
def post(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] result = model.User.load_user_by_token( token) # just checking there's a token to invalidate if isinstance(result, model.User): model.Blacklist(token=token).put() return {'message': 'user logged out successfully'} raise InvalidUsage('unable to logout user.') except InvalidUsage as e: return {'error': e.args[0]}
def login(): username = request.json.get('username', None) password = request.json.get('password', None) user = User.query.filter_by(username=username).first() if not user and not check_password_hash(user.password, password): raise InvalidUsage('Invalid login credentials.', status_code=401) access_token = create_access_token(identity=user) return jsonify(access_token=access_token), 200
def get_mq(): mq_sender = g.get('mq_sender', None) if not mq_sender: # https://www.digitalocean.com/community/tutorials/how-to-install-and-manage-apache-qpid try: app.logger.debug("Starting MQ connection") g.mq_sender = SubmitSMS(app.config["MQ_ADDR"]) mq_sender = g.mq_sender except MQError as err: app.logger.error("MQError - %s" % str(err)) raise InvalidUsage(str(err), status_code=500) return mq_sender
def get(self, action): try: if action == 'create': return { 'url': blobstore.create_upload_url('/API/timeline/create') } if action == 'update': return { 'url': blobstore.create_upload_url('/API/timeline/update') } raise InvalidUsage('invalid request') except InvalidUsage as e: return {'error': e.args[0]}
def check_job(job_id=None): if job_id is None: if JOB_ID in request.args: job = db.find_by_id(db.JOB, request.args[JOB_ID]) elif JOB_ID in request.form: job = db.find_by_id(db.JOB, request.form[JOB_ID]) else: raise InvalidUsage("Must Supply a job ID") else: job = db.find_by_id(db.JOB, job_id) if job is None: abort(404) return json.dumps(job[-1]) # last column is status
def sign_up(): user_info = flask.request.json found_user = user.User.find_by_email(user_info['email']) if found_user: raise InvalidUsage('Account already exists with that email.', status_code=410) new_user = user.User() new_user.email = user_info['email'] hashed_pw = '' hashed_pw = user.User.generate_hashed_pw(user_info['password']) new_user.password = hashed_pw new_user.generate_session_token() db.session.commit() return new_user.serialize()
def view_status(job_id=None): if job_id is None: job_id = request.args['job_id'] if 'job_id' in request.args else (request.form['job_id'] if 'job_id' in request.form else None) if job_id is None: return InvalidUsage("Must specify a job ID") job_entry = db.find_by_id(db.JOB, job_id) job_type = job_entry[2] target = job_entry[3] success_url = '' if job_type == 'calculate_probanno': success_url = PROBANNO_COMPLETE_URL + '?fasta_id=' + target else: success_url = GAPFILL_COMPLETE_URL + '?model_id=' + target return job_status_page(job_id, success_url)
def delete_group(): """" Delete the group and images """ try: validate_authorization_header(request.headers) is_authorized_user(request.headers['Authorization']) content = request.get_json() validate_group_delete_request(content=content) group_id = content['group_id'] user_id = content['user_id'] groups.delete(group_id=group_id, user_id=user_id) return jsonify({'status': http.HTTPStatus.OK, 'message': "success"}) except Exception as ex: logging.exception(ex) raise InvalidUsage('bad request', status_code=400)
def calculate_formula(formula, item): formula = formula.get("formula") if formula is None: raise InvalidUsage( "you are using a notion type that is not yet supported") function_type = formula.get("type") function_name = formula.get("name") if function_name is None: if function_type == "constant": value = formula.get("value") if formula.get("value_type") == "number": value = float(value) return value else: print("failed formula: ", formula) raise InvalidUsage( "you are using a formula which is not yet supported") function_to_call = identifier_to_function_map.get(function_name) if function_to_call is None: print("failed formula: ", formula) raise InvalidUsage( "you are using a formula which is not yet supported") # process args if formula.get("args"): # if function_name == "<function name here>": # print([fetch_data_for_arg(arg, item) for arg in formula.get("args")]) # print(function_to_call([fetch_data_for_arg(arg, item) for arg in formula.get("args")])) return function_to_call( [fetch_data_for_arg(arg, item) for arg in formula.get("args")]) params = identifier_to_function_params_map.get(function_type) return function_to_call( [fetch_data_for_arg(formula.get(param), item) for param in params])
def register(): data = map_json_to_user(request.json) user = User.query.filter_by(username=data.username).first() if user: raise InvalidUsage('This user is already registered.', status_code=409) db.session.add(data) role = Role.query.filter_by(name='USER').first() data.roles.append(role) db.session.commit() access_token = create_access_token(data) return jsonify(access_token=access_token), 200
def join_group(): """ Allow members to join a group """ try: validate_authorization_header(request.headers) is_authorized_user(request.headers['Authorization']) content = request.get_json() validate_group_join_request(content=content) group_id = content['group_id'] user_id = content['user_id'] token = content['token'] token = groups.update(group_id=group_id, user_id=user_id, user_token=token) return jsonify({'status': http.HTTPStatus.OK, 'refreshedtoken': token}) except Exception as ex: logging.exception(ex) raise InvalidUsage('bad request', status_code=400)
def post(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] user = model.User.load_user_by_token(token) if not isinstance(user, model.User): raise InvalidUsage('unable to obtain user') # escape of xss inputs title = str(utils.escape(args.title.strip())) timeline = model.Timeline( parent=user.key, title=title, ) timeline.put() return { 'message': 'timeline created', 'hash': timeline.key.urlsafe() } except InvalidUsage as e: return {'error': e.args[0]}
def get(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] # checking if the user is authenticated user = model.User.load_user_by_token(token) if isinstance(user, model.User): response = [] followed = model.Followers.query(ancestor=user.key) feed = [] for fol in followed: for fol_tl in model.Timeline.query( model.Timeline.is_public == True, model.Timeline.active == True, ancestor=ndb.Key(model.User, fol.followed), ).order(-model.Timeline.creation_date).fetch(3): gps = [] for fol_tl_media in model.Media.query( ancestor=fol_tl.key, projection=["lat", "lon", "sequence"], ).order(model.Media.sequence).filter( model.Media.active == True): if fol_tl_media.lat and fol_tl_media.lon: gps.append({ 'lat': fol_tl_media.lat, 'lng': fol_tl_media.lon, }) feed.append({ 'creator': fol.followed, 'creation_date': fol_tl.creation_date, 'title': fol_tl.title, 'hash': fol_tl.key.urlsafe(), 'isPublic': fol_tl.is_public, 'positions': gps }) return jsonify(feed) raise InvalidUsage('unable to obtain user') # error message here except InvalidUsage as e: return {'error': e.args[0]}
def create_group(): """Create a photo sharing group""" try: validate_authorization_header(request.headers) is_authorized_user(request.headers['Authorization']) content = request.get_json() validate_group_create_request(content=content) author = content['author'] group_name = content['group_name'] valid_hours = content['validity'] group_id, token = groups.create(group_name=group_name, validity=valid_hours, author=author) return jsonify({ 'status': http.HTTPStatus.CREATED, 'group_id': str(group_id), 'token': token }) except Exception as ex: logging.exception(ex) raise InvalidUsage('bad request', status_code=400)
def post(self): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] user = model.User.load_user_by_token( token) # just checking there's a token to invalidate if args.action == 'UNFOLLOW': # toggle -> delete this follow relationships = model.Followers.query( ancestor=user.key).filter( model.Followers.followed == args.target).fetch() for rel in relationships: rel.key.delete() elif args.action == 'FOLLOW': # toggle -> create a new relathionship model.Followers( parent=user.key, followed=args.target, ).put() else: raise InvalidUsage('no valid action provided') return {'message': 'relationship updated'} except InvalidUsage as e: return {'error': e.args[0]}
def validate_image(file_path): filename, file_extension = os.path.splitext(file_path) if file_extension.lower() not in EXTENSIONS: raise InvalidUsage( 'Not proper file format. Please use: PDF, JPEG, JPG, PNG', status_code=400)
def get(self, username=None): try: args = self.parser.parse_args() token = args.Authorization.split(" ")[1] # checking if the user is authenticated user = model.User.load_user_by_token(token) # switch: if username is specified we load this username's timelines # otherwise we keep loading the authenticated user's timelines. if username: myuser = user user = model.User.load_user_by_username(username) is_following = model.Followers.isFollowing(myuser, user) is_admin = False else: is_admin = True is_following = True # always follow yourself if isinstance(user, model.User): response = [] query = model.Timeline.query(ancestor=user.key).filter( model.Timeline.active == True) # if it is not our personal page let's hide private timelines if not is_admin: query = query.filter(model.Timeline.is_public == True) results = query.fetch() for timeline in results: # loading GPS locations gps = [] medias = model.Media.query( ancestor=timeline.key, projection=["lat", "lon", "sequence"], ).order(model.Media.sequence).filter( model.Media.active == True) for media in medias: if media.lat and media.lon: gps.append({ 'lat': media.lat, 'lng': media.lon, }) response.append({ 'creation_date': datetime.datetime.strftime(timeline.creation_date, '%d/%m/%y'), 'title': timeline.title, 'hash': timeline.key.urlsafe(), 'isPublic': timeline.is_public, 'positions': gps, 'is_admin': is_admin }) return jsonify({ 'timelines': response, 'is_admin': is_admin, 'is_following': is_following }) raise InvalidUsage('unable to obtain user') # error message here except InvalidUsage as e: return {'error': e.args[0]}
def validate_provider(provider_name, provider_list): if provider_name not in provider_list: raise InvalidUsage('Wrong provider input', status_code=409) return True