def setapk(args):
if len(args) > 0:
apk_path = args[0]
if os.path.isfile(apk_path):
sys.stdout.write("Setting path to %s\n" % apk_path)
sys.stdout.flush()
session.get_session().set_apk_path(apk_path)
apkutils.disassemble_apk(apk_path, session.get_session())
else:
sys.stderr.write("%s is not a valid APK file\n" % apk_path)
sys.stderr.flush()
return utils.SHELL_STATUS_RUN
def model_query(model, *args, **kwargs):
"""Query helper that accounts for context's `read_deleted` field.
:param context: context to query under
:param session: if present, the session to use
:param read_deleted: if present, overrides context's read_deleted field.
:param project_only: if present and context is user-type, then restrict
query to match the context's project_id. If set to 'allow_none',
restriction includes project_id = None.
"""
session = kwargs.get('session') or get_session()
read_deleted = kwargs.get('read_deleted') or 'no'
query = session.query(model, *args)
if read_deleted == 'no':
query = query.filter_by(deleted=False)
elif read_deleted == 'yes':
pass # omit the filter to include deleted and active
elif read_deleted == 'only':
query = query.filter_by(deleted=True)
else:
raise Exception(
_("Unrecognized read_deleted value '%s'") % read_deleted)
return query
def get_by_all(cls,
key,
value,
session=None,
columns=None,
lock_mode=None):
if not session:
session = Session.get_session()
if hasattr(cls, key):
scalar = False
if columns:
if isinstance(columns, (tuple, list)):
query = session.query(*columns)
else:
scalar = True
query = session.query(columns)
else:
query = session.query(cls)
if lock_mode:
query = query.with_lockmode(lock_mode)
query = query.filter(getattr(cls, key) == value)
if scalar:
return query.scalar()
return query.all()
return None
def set_attr(cls, id, attr, value, session=None):
if not session:
session = Session.get_session()
if hasattr(cls, 'id'):
session.query(cls).filter(cls.id == id).update({attr: value})
session.commit()
def get_by_all(cls,
key,
value,
session=None,
columns=None,
lock_mode=None):
if not session:
session = Session.get_session()
if hasattr(cls, key):
scalar = False
if columns:
if isinstance(columns, (tuple, list)):
query = session.query(*columns)
else:
scalar = True
query = session.query(columns)
else:
query = session.query(cls)
if lock_mode:
query = query.with_lockmode(lock_mode)
query = query.filter(getattr(cls, key) == value)
if scalar:
return query.scalar()
return query.all()
return None
def authorized(cls, identity): with get_session() as session: user = session.query( cls ).filter(cls.name == identity).first() if not user: return False else: return True
def model_query(model, **kwargs):
model = model
session = get_session()
with session.begin():
query = session.query(model).filter_by(**kwargs)
return query
def log_annotation(collection, document, status, action, args):
"""
Logs an annotation operation of type action in the given document
of the given collection. Status is an arbitrary string marking the
status of processing the request and args a dictionary giving
the arguments of the action.
"""
l = ann_logger()
if not l:
return False
try:
user = get_session()['user']
except KeyError:
user = '******'
# avoid redundant logging (assuming first two args are
# collection and document)
# TODO: get rid of the assumption, parse the actual args
other_args = args[2:]
# special case for "log only" action: don't redundantly
# record the uninformative action name, but treat the
# first argument as the 'action'.
if action == 'logAnnotatorAction':
action = other_args[0]
other_args = other_args[1:]
l.info('%s\t%s\t%s\t%s\t%s\t%s' %
(_detab(user), _detab(collection), _detab(document), _detab(status),
_detab(action), '\t'.join([_detab(unicode(a))
for a in other_args])))
def get_all(cls,
session=None,
columns=None,
offset=None,
limit=None,
order_by=None,
lock_mode=None):
if not session:
session = Session.get_session()
if columns:
if isinstance(columns, (tuple, list)):
query = session.query(*columns)
else:
query = session.query(columns)
if isinstance(columns, str):
query = query.select_from(cls)
else:
query = session.query(cls)
if order_by is not None:
if isinstance(order_by, (tuple, list)):
query = query.order_by(*order_by)
else:
query = query.order_by(order_by)
if offset:
query = query.offset(offset)
if limit:
query = query.limit(limit)
if lock_mode:
query = query.with_lockmode(lock_mode)
return query.all()
def get_all(cls,
session=None,
columns=None,
offset=None,
limit=None,
order_by=None,
lock_mode=None):
if not session:
session = Session.get_session()
if columns:
if isinstance(columns, (tuple, list)):
query = session.query(*columns)
else:
query = session.query(columns)
if isinstance(columns, str):
query = query.select_from(cls)
else:
query = session.query(cls)
if order_by is not None:
if isinstance(order_by, (tuple, list)):
query = query.order_by(*order_by)
else:
query = query.order_by(order_by)
if offset:
query = query.offset(offset)
if limit:
query = query.limit(limit)
if lock_mode:
query = query.with_lockmode(lock_mode)
return query.all()
def allowed_to_read(real_path):
data_path = path_join('/', relpath(real_path, DATA_DIR))
# add trailing slash to directories, required to comply to robots.txt
if isdir(real_path):
data_path = '%s/' % (data_path)
real_dir = dirname(real_path)
robotparser = ProjectConfiguration(real_dir).get_access_control()
if robotparser is None:
return True # default allow
# 目录读取权限
try:
user = get_session().get('user')
if user is None:
Messager.error('没有登录!', duration=3)
user = '******'
except KeyError:
Messager.error('没有登录!', duration=3)
return False
# print(user, file=sys.stderr)
# display_message('Path: %s, dir: %s, user: %s, ' % (data_path, real_dir, user), type='error', duration=-1)
# / tutorials /
# / tutorials /
# / tutorials / bio /
# / tutorials / news /
# / tutorials /
# / tutorials / bio /
# / tutorials / news /
# print(data_path, file=sys.stderr)
return robotparser.can_fetch(user, data_path)
def tenant_group_update(id, tenant_id, values, session=None):
if not session:
session = get_session()
with session.begin():
tenant_ref = tenant_group_get(id, tenant_id, session)
tenant_ref.update(values)
tenant_ref.save(session=session)
def db_check_handler(event, context):
session = get_session()
query = session.query(User).all()
return response(200, f'{query}')
def handler(event, context):
# endpoint_url = os.environ.get('SECRETSMANAGER_ENDPOINT_URL')
session = get_session()
json_data = json.loads(event['body'])
new_cv = User()
try:
new_cv.username = json_data.get('username', '')
new_cv.password = json_data.get('password', '')
new_cv.firstname = json_data['firstname']
new_cv.lastname = json_data['lastname']
replace_skills_with_json(session, new_cv, json_data)
replace_experience_with_json(new_cv, json_data)
except (KeyError, TypeError, AttributeError) as ex:
return response(400, f"bad input in event body: {event['body']}")
except OperationalError as ex:
logging.exception(ex)
return response(500, f"db error")
session.add(new_cv)
try:
session.commit()
except DataError as ex:
return response(400, f"bad input caused DataError")
return response(200, new_cv.object_as_dict())
def onp_check_session(request):
if not _check_args(request, "session_id"):
return not_enough_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
return {"error_code": 0, "id": request["id"], "admin_priv": sess["admin_priv"], "roles": sess["roles"]}
def log_annotation(collection, document, status, action, args):
"""
Logs an annotation operation of type action in the given document
of the given collection. Status is an arbitrary string marking the
status of processing the request and args a dictionary giving
the arguments of the action.
"""
l = ann_logger()
if not l:
return False
try:
user = get_session()['user']
except KeyError:
user = '******'
# avoid redundant logging (assuming first two args are
# collection and document)
# TODO: get rid of the assumption, parse the actual args
other_args = args[2:]
# special case for "log only" action: don't redundantly
# record the uninformative action name, but treat the
# first argument as the 'action'.
if action == 'logAnnotatorAction':
action = other_args[0]
other_args = other_args[1:]
l.info('%s\t%s\t%s\t%s\t%s\t%s' % (_detab(user), _detab(collection),
_detab(document), _detab(status),
_detab(action),
'\t'.join([_detab(unicode(a)) for a in other_args])))
def post(self, key):
""" Add a tag by the current user on a given photo """
current_session = session.get_session()
if not current_session or not current_session.is_active():
self.error(403)
return
try:
user = current_session['me']
except KeyError:
self.error(403)
return
try:
photo = models.Photo.get(controllers.unquote(key))
except db.BadKeyError:
self.error(400)
return
tag = self.request.get('tag')
logging.error(self.request.body)
if not comment:
logging.error('no tag')
self.error(400)
return
# Prevent double tag
tag = photo.tag_set.filter('tag = ', tag).filter('user = '******'/photos/%s' % key)
def add_network(values):
session = get_session()
with session.begin():
network_ref = models.Network()
network_ref.update(values)
network_ref.save(session=session)
return network_ref.id
def post(self, key, up):
""" Change the user's vote on a given photo """
current_session = session.get_session()
if not current_session or not current_session.is_active():
self.error(403)
return
try:
user = current_session['me']
except KeyError:
self.error(403)
return
try:
photo = models.Photo.get(controllers.unquote(key))
except db.BadKeyError:
self.error(400)
return
thumb = photo.thumb_set.filter('user = '******'thumb %s' % up)
thumb.up = (up == 'up')
thumb.put()
self.response.headers["Content-Type"] = controllers.MIMETYPE_JSON
self.redirect('/photos/%s' % key)
def post(self, key):
""" Add a comment by the current user on a given photo """
current_session = session.get_session()
if not current_session or not current_session.is_active():
self.error(403)
return
try:
user = current_session['me']
except KeyError:
self.error(403)
return
try:
photo = models.Photo.get(controllers.unquote(key))
except db.BadKeyError:
self.error(400)
return
comment = self.request.get('comment')
logging.error(self.request.body)
if not comment:
logging.error('no comment')
self.error(400)
return
c = models.Comment(comment=comment, photo=photo, user=user)
c.put()
self.redirect('/photos/%s' % key)
def count_all(cls, session=None, lock_mode=None):
if not session:
session = Session.get_session()
query = session.query(func.count('*')).select_from(cls)
if lock_mode:
query = query.with_lockmode(lock_mode)
return query.scalar()
def put(self, path, data, metadata={}, reduced_redundancy=False, encrypt_key=False, callback=None):
"""
Stores data at given path
:param string path: Path or 'key' for created/updated object
:param bytes data: Data to write
:param dict metadata: Metadata to store with this data
:param bool reduced_redundancy: Whether to reduce storage redundancy or not?
:param bool encrypt_key: Encrypt data?
:param callable callback: Called function once done
"""
storage_class = 'REDUCED_REDUNDANCY' if reduced_redundancy else 'STANDARD'
args = dict(
callback=callback,
Bucket=self._bucket,
Key=self._clean_key(path),
Body=data,
Metadata=metadata,
StorageClass=storage_class,
)
if encrypt_key:
args['ServerSideEncryption'] = 'AES256'
my_session = session_handler.get_session(self._endpoint is not None)
session = Botocore(service='s3', region_name=self._region,
operation='PutObject', session=my_session,
endpoint_url=self._endpoint)
session.call(**args)
def count_all(cls, session=None, lock_mode=None):
if not session:
session = Session.get_session()
query = session.query(func.count('*')).select_from(cls)
if lock_mode:
query = query.with_lockmode(lock_mode)
return query.scalar()
def login(user, password):
if not _is_authenticated(user, password):
raise InvalidAuthError
get_session()['user'] = user
Messager.info('Hello!')
return {}
def user_update(id, values, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = user_get(id, session)
user_ref.update(values)
user_ref.save(session=session)
def login(user, password):
if not _is_authenticated(user, password):
raise InvalidAuthError
get_session()['user'] = user
Messager.info('Hello!')
return {}
def get_buyhistory(itemid):
""" get buy history, first page only
:param itemid: itemid for item
:returns: list of (price/sold, sold/price, date) tuple
"""
s = get_session()
content = s.get('http://item.taobao.com/item.htm?id={}'.format(itemid)).content
url = re.compile(r'detail:params="(.*?),showBuyerList').search(content).group(1)
url += '&callback=jsonp'
patjsonp = re.compile(r'jsonp\((.*?)\);?', re.DOTALL)
s = get_blank_session()
s.headers['Referer'] = 'http://detail.tmall.com/item.htm'
try:
content = s.get(url+'&callback=jsonp', timeout=30).content
content = content.replace('\\"', '"')
if content == 'jsonp({"status":1111,"wait":5})':
print 'baned, sleeping for 5 mins'
time.sleep(5*60)
return get_buyhistory(itemid)
ret1 = re.compile('<em class="tb-rmb-num">([^<]+)</em>.*?<td class="tb-amount">(\d+)</td>.*?<td class="tb-time">([^>]+)</td>', re.DOTALL).findall(content)
ret2 = re.compile('<em>(\d+)</em>.*?<td>(\d+)</td>.*?<td>([^<]+)</td>', re.DOTALL).findall(content)
ret1.extend(ret2)
return ret1
except:
print '!!!', itemid
traceback.print_exc()
def put(self, path, data, metadata={}, reduced_redundancy=False, encrypt_key=False, callback=None):
"""
Stores data at given path
:param string path: Path or 'key' for created/updated object
:param bytes data: Data to write
:param dict metadata: Metadata to store with this data
:param bool reduced_redundancy: Whether to reduce storage redundancy or not?
:param bool encrypt_key: Encrypt data?
:param callable callback: Called function once done
"""
storage_class = 'REDUCED_REDUNDANCY' if reduced_redundancy else 'STANDARD'
args = dict(
callback=callback,
Bucket=self._bucket,
Key=self._clean_key(path),
Body=data,
Metadata=metadata,
StorageClass=storage_class,
)
if encrypt_key:
args['ServerSideEncryption'] = 'AES256'
my_session = session_handler.get_session(self._endpoint is not None)
session = Botocore(service='s3', region_name=self._region,
operation='PutObject', session=my_session,
endpoint_url=self._endpoint)
session.call(**args)
def model_query(model, *args, **kwargs):
"""Query helper that accounts for context's `read_deleted` field.
:param context: context to query under
:param session: if present, the session to use
:param read_deleted: if present, overrides context's read_deleted field.
:param project_only: if present and context is user-type, then restrict
query to match the context's project_id. If set to 'allow_none',
restriction includes project_id = None.
"""
session = kwargs.get('session') or get_session()
read_deleted = kwargs.get('read_deleted') or 'no'
query = session.query(model, *args)
if read_deleted == 'no':
query = query.filter_by(deleted=False)
elif read_deleted == 'yes':
pass # omit the filter to include deleted and active
elif read_deleted == 'only':
query = query.filter_by(deleted=True)
else:
raise Exception(
_("Unrecognized read_deleted value '%s'") % read_deleted)
return query
def get_buyhistory(itemid):
""" get buy history, first page only
:param itemid: itemid for item
:returns: list of (price/sold, sold/price, date) tuple
"""
s = get_session()
content = s.get(
'http://item.taobao.com/item.htm?id={}'.format(itemid)).content
url = re.compile(r'detail:params="(.*?),showBuyerList').search(
content).group(1)
url += '&callback=jsonp'
patjsonp = re.compile(r'jsonp\((.*?)\);?', re.DOTALL)
s = get_blank_session()
s.headers['Referer'] = 'http://detail.tmall.com/item.htm'
try:
content = s.get(url + '&callback=jsonp', timeout=30).content
content = content.replace('\\"', '"')
if content == 'jsonp({"status":1111,"wait":5})':
print 'baned, sleeping for 5 mins'
time.sleep(5 * 60)
return get_buyhistory(itemid)
ret1 = re.compile(
'<em class="tb-rmb-num">([^<]+)</em>.*?<td class="tb-amount">(\d+)</td>.*?<td class="tb-time">([^>]+)</td>',
re.DOTALL).findall(content)
ret2 = re.compile('<em>(\d+)</em>.*?<td>(\d+)</td>.*?<td>([^<]+)</td>',
re.DOTALL).findall(content)
ret1.extend(ret2)
return ret1
except:
print '!!!', itemid
traceback.print_exc()
def tenant_group_get(id, tenant, session=None):
if not session:
session = get_session()
result = session.query(models.Group).filter_by(id=id, \
tenant_id=tenant).first()
return result
def whoami():
json_dic = {}
try:
json_dic["user"] = get_session().get("user")
except KeyError:
# TODO: Really send this message?
Messager.error("Not logged in!", duration=3)
return json_dic
def login(user, password):
if not _is_authenticated(user, password):
raise InvalidAuthError
get_session()['user'] = user
# Messager.info('Hello!')
Messager.info('Hello, your ID is ' + user) ##JESSY
return {}
def whoami():
json_dic = {}
try:
json_dic['user'] = get_session().get('user')
except KeyError:
# TODO: Really send this message?
Messager.error('Not logged in!', duration=3)
return json_dic
def whoami():
json_dic = {}
try:
json_dic['user'] = get_session().get('user')
except KeyError:
# TODO: Really send this message?
Messager.error('Not logged in!', duration=3)
return json_dic
def tenant_group_is_empty(id, session=None):
if not session:
session = get_session()
a_user = session.query(models.UserGroupAssociation).filter_by(
group_id=id).first()
if a_user != None:
return False
return True
def save(self, session=None):
"""Save this object."""
if not session:
session = get_session()
session.add(self)
try:
session.flush()
except IntegrityError:
raise
def get(self, path, callback=None):
"""
Returns object at given path
:param string path: Path or 'key' to retrieve AWS object
:param callable callback: Callback function for once the retrieval is done
"""
my_session = session_handler.get_session()
session = Botocore(service="s3", region_name=self._region, operation="GetObject", session=my_session)
session.call(callback=callback, Bucket=self._bucket, Key=self._clean_key(path))
def delete(self, path, callback=None):
"""
Deletes key at given path
:param string path: Path or 'key' to delete
:param callable callback: Called function once done
"""
my_session = session_handler.get_session()
session = Botocore(service="s3", region_name=self._region, operation="DeleteObject", session=my_session)
session.call(callback=callback, Bucket=self._bucket, Key=self._clean_key(path))
def user_groups_get_all(user_id, session=None):
if not session:
session = get_session()
uga = aliased(models.UserGroupAssociation)
group = aliased(models.Group)
return session.query(group, uga).\
join((uga, uga.group_id == group.id)).\
filter(uga.user_id == user_id).order_by(
group.id).all()
def onp_get_schools(request):
if not _check_args(request, "from", "count", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT id, title, number, address, city_id, type_id from school order by id limit %(from)s, %(count)s"
result = _exec_sql_get_func(request, sql)
return result
def onp_get_competitions(request):
if not _check_args(request, "from", "count", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT id, year from competition order by id limit %(from)s, %(count)s"
result = _exec_sql_get_func(request, sql)
return result
def onp_get_city_types(request):
if not _check_args(request, "from", "count", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT id, short_title, full_title from city_type order by id limit %(from)s, %(count)s"
result = _exec_sql_get_func(request, sql)
return result
def logout():
try:
del get_session()['user']
except KeyError:
# Already deleted, let it slide
pass
# TODO: Really send this message?
Messager.info('Bye!')
return {}
def logout():
try:
del get_session()['user']
except KeyError:
# Already deleted, let it slide
pass
# TODO: Really send this message?
Messager.info('Bye!')
return {}
def set_attr(cls, id, attr, value, session=None):
if not session:
session = Session.get_session()
if hasattr(cls, 'id'):
session.query(cls).filter(cls.id == id).update({
attr: value
})
session.commit()
def post(self):
""" Store photo
Since this is a blobstore handler and does not respond RESTfully
the only HTTP status codes allowed are 301, 302, and 303. Any
errors are represented by 303 and an ASCII description of the
error in the Location header.
Proper requests will redirect with 302 Found.
Errors:
Need one file
Unauthorized
Postprocessing took too long
Postprocessing failed
"""
# THE ONLY RIGHT WAY TO EXIT THIS HANDLER IS WITH 302 OR CALLING THIS
# METHOD AND RETURNING.
def failed(message, error_code=303):
""" Encapsulate failure logic. Yay closures. """
image.delete()
logging.error('Upload failed with error: %s' % message)
self.response.set_status(error_code, message)
self.response.headers.add_header('Location', message)
uploads = self.get_uploads()
if len(uploads) is not 1:
failed('Need one file')
return
image = uploads[0]
current_session = session.get_session()
if not current_session or not current_session.is_active():
failed('Unauthorized')
return
try:
user = current_session['me']
except KeyError:
failed('Unauthorized')
return
caption = controllers.unquote(self.request.get('caption'))
photo = models.Photo(
user=user,
img_orig=image.key(),
caption=caption)
try:
photo.put()
except DeadlineExceededError:
failed('Postprocessing took too long.')
return
except Exception, e:
logging.error(repr(e))
failed('Postprocessing failed')
return
def ajax_get_interests():
cookie_secret = request.cookies.get('user_secret')
user_id = session.get_session(cookie_secret, db)
if user_id is not None:
email = user.get_email(user_id, db).strip()
results = interest.get_interest(email, db)
totalInterests = len(results)
return json.dumps({'success': True, 'outcome': results}), 200, {
'ContentType': 'application/json'}
def user_create(values):
user_ref = models.User()
user_ref.update(values)
session = get_session()
try:
with session.begin():
user_ref.save(session=session)
except IntegrityError, e:
raise e
def test(text, docid, collection=None):
try:
user = get_session().get('user')
except KeyError:
user = None
if user is None:
user = '******'
json_dic = {"message": "hello world", "user": user, "rontom": text}
return json_dic
def user_create(values):
user_ref = models.User()
user_ref.update(values)
session = get_session()
try:
with session.begin():
user_ref.save(session=session)
except IntegrityError, e:
raise e
def ajax_delete_interest(interestID):
cookie_secret = request.cookies.get('user_secret')
user_id = session.get_session(cookie_secret, db)
if user_id is not None:
email = user.get_email(user_id, db).strip()
if interest.delete_interest(email, interestID, db):
return json.dumps({'success': True}), 200, {
'ContentType': 'application/json'}
else:
return json.dumps({'success': False}), 200, {
'ContentType': 'application/json'}
def onp_get_roles(request):
if not _check_args(request, "person_id", "competition_id", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT id, role FROM role WHERE person_id = %(person_id)s and competition_id = %(competition_id)s"
result = _exec_sql_get_func(request, sql)
return result
def onp_get_competition_participants(request):
if not _check_args(request, "competition_id", "from", "count", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT role.id, person.first_name, person.second_name, person.surname FROM person JOIN role ON (role.person_id = person.id) WHERE role.role = 'participant' and role.competition_id = %(competition_id)s"
result = _exec_sql_get_func(request, sql)
return result
def onp_get_mean_score(request):
if not _check_args(request, "criteria_title_id", "participant_id", "from", "count", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT avg(value) as mean_scriteria_score FROM criteria_score WHERE criteria_title_id = %(criteria_title_id)s and score_id in (select id from score where work_id in (select id from work where participant_id = %(participant_id)s))"
result = _exec_sql_get_func(request, sql)
return result
def onp_get_competition_curators(request):
if not _check_args(request, "competition_id", "from", "count", "session_id"):
return not_enougth_args(request)
sess = session.get_session(request["session_id"])
if not _session_checker(request, sess):
return not_enough_rights(request)
sql = "SELECT id, first_name, second_name, surname FROM person WHERE id IN (SELECT person_id from role where role = 'curator' and competition_id = %(competition_id)s) limit %(from)s, %(count)s"
result = _exec_sql_get_func(request, sql)
return result
