def approve(key_id):
user = session['user']
if user['id'] not in config['admins']:
return render_template('gitout.html')
key = r.table('applications').get(key_id).run(get_db())
m = hashlib.sha256()
m.update(key['id'].encode())
m.update(str(randint(10000, 99999)).encode())
token = m.hexdigest()
r.table('keys').insert({
"id": token,
"name": key['name'],
"owner": key['owner'],
"owner_name": key['owner_name'],
"email": key['email'],
"email_consent": key.get('email_consent', 'Not Available'),
"description": key.get('description', 'Not Available'),
"reason": key['reason'],
"link": key.get('link', 'Not Available'),
"type": key.get('type', 'Unknown'),
"creation_time": key.get('time', 0),
"acceptance_time": r.now(),
"total_usage": 0,
"usages": {},
"unlimited": False,
"ratelimit_reached": 0
}).run(get_db())
r.table('applications').get(key_id).delete().run(get_db())
return redirect(url_for('.admin'))
def images_delete(event_id, image_id):
auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS)
group_memberships = list()
try:
_, group_memberships = get_group_memberships()
except Exception as ex:
__logger.exception(ex)
abort(500)
db = None
event = None
try:
db = get_db()
event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0})
except Exception as ex:
__logger.exception(ex)
abort(500)
if not check_group_event_admin_access(event, group_memberships):
abort(401)
msg = "[delete image]: event id %s, image id: %s" % (str(event_id),
str(image_id))
try:
S3EventsImages().delete(event_id, image_id)
db = get_db()
db[cfg.IMAGE_COLLECTION].delete_one({'_id': ObjectId(image_id)})
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(202, msg, str(event_id))
def admin():
user = session['user']
if user['id'] not in config['admins']:
return render_template('gitout.html')
apps = r.table('applications').run(get_db())
keys = r.table('keys').run(get_db())
return render_template('admin.html', name=user['username'], apps=apps, keys=keys)
def unlimited(key_id):
user = session['user']
if user['id'] not in config['admins']:
return render_template('gitout.html')
key = r.table('keys').get(key_id).run(get_db())
unlimited = not key['unlimited']
r.table('keys').get(key_id).update({'unlimited': unlimited}).run(get_db())
return redirect(url_for('.admin'))
def delete(key_id):
user = session['user']
k = r.table('keys').get(key_id).run(get_db())
if user['id'] in config['admins']:
r.table('keys').get(key_id).delete().run(get_db())
return redirect(url_for('.admin'))
elif user['id'] == k['owner']:
r.table('keys').get(key_id).delete().run(get_db())
return redirect(url_for('.dashboard'))
else:
return render_template('gitout.html')
def patch(event_id):
auth_middleware.authorize(auth_middleware.rokwire_event_manager_group)
if not ObjectId.is_valid(event_id):
abort(400)
req_data = request.get_json(force=True)
try:
req_data = query_params.formate_datetime(req_data)
if req_data.get('category') or req_data.get('subcategory'):
db = get_db()
for data_tuple in db['events'].find({'_id': ObjectId(event_id)}, {
'_id': 0,
'categorymainsub': 1
}):
req_data = query_params.update_category(req_data, data_tuple)
break
coordinates = []
try:
if req_data.get('location.latitude') or req_data.get(
'location.latitude'):
db = get_db()
for data_tuple in db['events'].find(
{'_id': ObjectId(event_id)}, {
'_id': 0,
'coordinates': 1
}):
coordinates = data_tuple.get('coordinates')
if not coordinates:
abort(500)
break
req_data = query_params.update_coordinates(
req_data, coordinates)
except Exception as ex:
__logger.exception(ex)
abort(500)
except Exception as ex:
__logger.exception(ex)
abort(405)
try:
db = get_db()
status = db['events'].update_one({'_id': ObjectId(event_id)},
{"$set": req_data})
msg = "[PATCH]: event id %s, nUpdate = %d " % (str(event_id),
status.modified_count)
__logger.debug(msg)
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(200, msg, str(event_id))
def run(self, key, **kwargs):
get_redis().incr(self.name + ':hits')
start = perf_counter()
res = self.generate(**kwargs)
t = round((perf_counter() - start) * 1000,
2) # Time in ms, formatted to 2dp
self.avg_generation_times.append(t)
k = r.table('keys').get(key).run(get_db())
usage = k['usages'].get(self.name, 0) + 1
r.table('keys').get(key) \
.update({"total_usage": k['total_usage'] + 1,
"usages": {self.name: usage}}) \
.run(get_db())
return res
def admin():
user = session['user']
if user['id'] not in config['admins']:
return render_template('gitout.html')
sort = request.args.get('sort', 'age')
if sort == 'age_asc':
keys = r.table('keys').order_by(r.asc('creation_time')).run(get_db())
elif sort == 'age_desc':
keys = r.table('keys').order_by(r.desc('creation_time')).run(get_db())
elif sort == 'usage_asc':
keys = r.table('keys').order_by(r.asc('total_usage')).run(get_db())
elif sort == 'usage_desc':
keys = r.table('keys').order_by(r.desc('total_usage')).run(get_db())
elif sort == 'accept_asc':
keys = r.table('keys').order_by(r.asc('acceptance_time')).run(get_db())
elif sort == 'accept_desc':
keys = r.table('keys').order_by(r.desc('acceptance_time')).run(
get_db())
else:
keys = r.table('keys').order_by(r.asc('creation_time')).run(get_db())
apps = r.table('applications').order_by('time').run(get_db())
return render_template('admin.html',
name=user['username'],
apps=apps,
keys=keys,
sort=sort)
def images_put(event_id, image_id):
auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS)
group_memberships = list()
try:
_, group_memberships = get_group_memberships()
except Exception as ex:
__logger.exception(ex)
abort(500)
db = None
event = None
try:
db = get_db()
event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0})
except Exception as ex:
__logger.exception(ex)
abort(500)
# If this is a group event, apply group authorization. Regular events can proceed like before.
if not check_group_event_admin_access(event, group_memberships):
abort(401)
tmpfile = None
try:
db = get_db()
# check if image exists
if db[cfg.IMAGE_COLLECTION].find_one({'_id': ObjectId(image_id)}):
file = request.files.get('file')
if file:
if file.filename == '':
raise
if localfile.allowed_file(file.filename):
filename = secure_filename(file.filename)
tmpfile = localfile.savefile(file, filename)
S3EventsImages().upload(tmpfile, event_id, image_id)
msg = "[put image]: image id %s" % (str(image_id))
else:
raise
else:
raise
else:
raise
except Exception as ex:
__logger.exception(ex)
abort(500)
finally:
localfile.deletefile(tmpfile)
return success_response(200, msg, str(image_id))
def endpoint_ratelimit(auth, cache=globalcache, max_usage=5):
key = r.table('keys').get(auth).run(get_db())
if key['unlimited']:
return {
'X-RateLimit-Limit': 'Unlimited',
'X-RateLimit-Remaining': 'Unlimited',
'X-RateLimit-Reset': 2147483647
}
if key['id'] in cache:
usage = cache.get(key['id'])
if usage < max_usage:
cache.set(key['id'], usage + 1)
return {
'X-RateLimit-Limit': max_usage,
'X-RateLimit-Remaining': max_usage - usage - 1,
'X-RateLimit-Reset': cache.expires_at(key['id'])
}
else:
ratelimit_reached = key.get('ratelimit_reached', 0) + 1
r.table('keys').get(auth).update({
"ratelimit_reached":
ratelimit_reached
}).run(get_db())
if ratelimit_reached % 5 == 0 and 'webhook_url' in config:
requests.post(
config['webhook_url'],
json={
"embeds": [{
"title":
f"Application '{key['name']}' ratelimited 5 times!",
"description":
f"Owner: {key['owner']}\n"
f"Total: {ratelimit_reached}"
}]
})
return {
'X-RateLimit-Limit': max_usage,
'X-RateLimit-Remaining': -1,
'X-RateLimit-Reset': cache.expires_at(key['id'], ),
'Retry-After': cache.expires_in(key['id'])
}
else:
cache.set(key['id'], 1)
return {
'X-RateLimit-Limit': max_usage,
'X-RateLimit-Remaining': max_usage - 1,
'X-RateLimit-Reset': cache.expires_at(key['id'])
}
def delete(key_id):
user = session['user']
if user['id'] not in config['admins']:
return render_template('gitout.html')
r.table('keys').get(key_id).delete().run(get_db())
return redirect(url_for('.admin'))
def images_put(event_id, image_id):
auth_middleware.authorize(auth_middleware.rokwire_event_manager_group)
tmpfile = None
try:
db = get_db()
# check if image exists
if db[cfg.IMAGE_COLLECTION].find_one({'_id': ObjectId(image_id)}):
file = request.files.get('file')
if file:
if file.filename == '':
raise
if localfile.allowed_file(file.filename):
filename = secure_filename(file.filename)
tmpfile = localfile.savefile(file, filename)
S3EventsImages().upload(tmpfile, event_id, image_id)
msg = "[put image]: image id %s" % (str(image_id))
else:
raise
else:
raise
else:
raise
except Exception as ex:
__logger.exception(ex)
abort(500)
finally:
localfile.deletefile(tmpfile)
return success_response(200, msg, str(image_id))
def configs_put(id):
auth_middleware.authorize(auth_middleware.rokwire_app_config_manager_group)
req_data = request.get_json(force=True)
if not check_format(req_data):
abort(405)
if not ObjectId.is_valid(id):
abort(405)
try:
db = conn.get_db()
add_version_numbers(req_data)
status = db[cfg.APP_CONFIGS_COLLECTION].update_one(
{'_id': ObjectId(id)}, {"$set": req_data})
msg = "[PUT]: api config id %s, nUpdate = %d " % (
str(id), status.modified_count)
__logger.info(msg)
except DuplicateKeyError as err:
__logger.error(err)
abort(405)
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(200, msg, str(id))
def images_post(event_id):
auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS)
tmpfile = None
try:
file = request.files.get('file')
if file:
if file.filename == '':
raise
if localfile.allowed_file(file.filename):
filename = secure_filename(file.filename)
tmpfile = localfile.savefile(file, filename)
db = get_db()
result = db[cfg.IMAGE_COLLECTION].insert_one(
{'eventId': event_id})
image_id = str(result.inserted_id)
S3EventsImages().upload(tmpfile, event_id, image_id)
msg = "[post image]: image id %s" % (str(image_id))
else:
raise
else:
raise
except Exception as ex:
__logger.exception(ex)
abort(500)
finally:
localfile.deletefile(tmpfile)
return success_response(201, msg, str(image_id))
def post():
auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS)
req_data = request.get_json(force=True)
if not query_params.required_check(req_data):
abort(400)
try:
req_data = query_params.formate_datetime(req_data)
req_data = query_params.formate_location(req_data)
req_data = query_params.formate_category(req_data)
except Exception as ex:
__logger.exception(ex)
abort(400)
try:
db = get_db()
event_id = db['events'].insert(req_data)
msg = "[POST]: event record created: id = %s" % str(event_id)
if req_data is not None:
msg_json = jsonutils.create_log_json("Events", "POST", req_data)
else:
msg_json = jsonutils.create_log_json("Events", "POST", {})
__logger.info("POST " + json.dumps(msg_json))
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(201, msg, str(event_id))
def put(event_id):
auth_middleware.authorize(auth_middleware.rokwire_event_manager_group)
if not ObjectId.is_valid(event_id):
abort(400)
req_data = request.get_json(force=True)
if not query_params.required_check(req_data):
abort(400)
try:
req_data = query_params.formate_datetime(req_data)
req_data = query_params.formate_location(req_data)
req_data = query_params.formate_category(req_data)
except Exception as ex:
__logger.exception(ex)
abort(400)
try:
db = get_db()
status = db['events'].replace_one({'_id': ObjectId(event_id)},
req_data)
msg = "[PUT]: event id %s, nUpdate = %d " % (str(event_id),
status.modified_count)
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(200, msg, str(event_id))
def create_key():
user = session['user']
if user['id'] not in config['admins']:
return render_template('gitout.html')
if request.method == 'GET':
return render_template('create.html')
elif request.method == 'POST':
name = request.form.get('name', None)
token = request.form.get('token', None)
owner = request.form.get('owner', None)
owner_name = request.form.get('owner_name', None)
email = request.form.get('email', None)
if not token or not name or not owner or not owner_name or not email:
result = 'Please fill in all required inputs'
return render_template('result.html', result=result, success=False)
r.table('keys').insert({
"id": token,
"name": name,
"owner": owner,
"owner_name": owner_name,
"email": email,
"total_usage": 0,
"usages": {},
"unlimited": False,
"ratelimit_reached": 0
}).run(get_db())
result = 'Key Created 👌'
return render_template('result.html', result=result, success=True)
def configs_post():
auth_middleware.authorize(auth_middleware.rokwire_app_config_manager_group)
req_data = request.get_json(force=True)
if not check_format(req_data):
abort(400)
try:
db = conn.get_db()
add_version_numbers(req_data)
app_config_id = db[cfg.APP_CONFIGS_COLLECTION].insert_one(
req_data).inserted_id
msg = "[POST]: api config document created: id = %s" % str(
app_config_id)
__logger.info(msg)
except DuplicateKeyError as err:
__logger.error(err)
abort(400)
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(201, msg, str(app_config_id))
def view(key_id):
user = session['user']
if user['id'] in config['admins']:
admin = True
else:
admin = False
key = r.table('applications').get(key_id).run(get_db())
key_type = 'app'
if not key:
key = r.table('keys').get(key_id).run(get_db())
key_type = 'key'
if key['owner'] == user['id'] or admin:
return render_template('app.html', key=key, key_type=key_type, admin=admin)
else:
return render_template('gitout.html')
def dashboard():
user = session['user']
is_admin = user['id'] in config['admins']
keys = r.table('keys').filter(r.row['owner'] == user['id']).run(get_db())
return render_template('dashboard.html',
name=user['username'],
keys=keys,
admin=is_admin)
def _get_imagefiles_result(query):
"""
Perform the get_imagefiles query and return the results. This is
its own function to enable caching to work.
Returns: result
"""
db = get_db()
cursor = db[cfg.IMAGE_COLLECTION].find(query, {'_id': 1})
return [str(i['_id']) for i in cursor]
def delete(event_id):
auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS)
if not ObjectId.is_valid(event_id):
abort(400)
group_memberships = list()
try:
_, group_memberships = get_group_memberships()
except Exception as ex:
__logger.exception(ex)
abort(500)
db = None
event = None
try:
db = get_db()
event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0})
except Exception as ex:
__logger.exception(ex)
abort(500)
if not check_group_event_admin_access(event, group_memberships):
abort(401)
try:
db = get_db()
req_data = db['events'].find_one({'_id': ObjectId(event_id)},
{'_id': 0})
status = db['events'].delete_one({'_id': ObjectId(event_id)})
msg = "[DELETE]: event id %s, nDelete = %d " % (str(event_id),
status.deleted_count)
if req_data is not None:
msg_json = jsonutils.create_log_json("Events", "DELETE", req_data)
else:
msg_json = jsonutils.create_log_json("Events", "DELETE", {})
__logger.info("DELETE " + json.dumps(msg_json))
except Exception as ex:
__logger.exception(ex)
abort(500)
if status.deleted_count == 0:
abort(404)
return success_response(202, msg, str(event_id))
def _get_app_config_by_id_result(query):
"""
Perform the get_app_config_by_id query and returns a list of results. This is
its function to enable caching to work.
Returns: a list of results
"""
db = conn.get_db()
cursor = db[cfg.APP_CONFIGS_COLLECTION].find(query, {"version_numbers": 0})
return [decode(c) for c in cursor]
def _get_events_result(query, limit, skip):
"""
Perform the get_events query and return the serialized results. This is
its own function to enable caching to work.
Returns: (string, count)
"""
if not query:
return []
is_super_event = False
for cond in query.get('$and'):
if cond.get('isSuperEvent'):
is_super_event = True
db = get_db()
cursor = db['events'].find(query, {
'coordinates': 0,
'categorymainsub': 0
}).sort([
('startDate', pymongo.ASCENDING),
('endDate', pymongo.ASCENDING),
])
if limit > 0:
cursor = cursor.limit(limit)
if skip > 0:
cursor = cursor.skip(skip)
events = []
for event in cursor:
# use the db `_id` as id in the returning event.
event['id'] = str(event.pop('_id'))
if is_super_event:
subevents_ids = list()
for subevent in event.get('subEvents'):
subevents_ids.append(ObjectId(subevent.get("id")))
subevents_cursor = db['events'].find(
{
'_id': {
'$in': subevents_ids
}
}, {
'coordinates': 0,
'categorymainsub': 0
}).sort([
('startDate', pymongo.ASCENDING),
('endDate', pymongo.ASCENDING),
])
for subevent_detail in subevents_cursor:
subevent_detail['id'] = str(subevent_detail.pop('_id'))
events.append(subevent_detail)
else:
events.append(event)
return flask.json.dumps(
events, default=query_params.format_datetime_response), len(events)
def execute(self, context):
year, quarter = datetime_to_year_quarter(context['execution_date'])
quarter_string = datetime_to_quarter(context['execution_date'])
engine = get_db()
load_title_counts(
filename=full_path(
table_files['title_count']).format(quarter_string),
year=year,
quarter=quarter,
db_engine=engine,
)
def wrapper(*args, **kwargs):
if r.table('keys').get(request.headers.get(
'authorization',
'')).coerce_to('bool').default(False).run(get_db()):
return func(*args, **kwargs)
return jsonify({
'status':
401,
'error':
'You are not authorized to access this endpoint'
}), 401
def _get_categories_result():
"""
Perform the get_categories query and return the serialized results. This is
its own function to enable caching to work.
Returns: (string, count)
"""
db = get_db()
cursor = db['categories'].find({}, {
'_id': 0
}).sort('category', pymongo.ASCENDING)
categories = list(cursor)
return flask.json.dumps(categories), len(categories)
def images_delete(event_id, image_id):
auth_middleware.authorize(auth_middleware.rokwire_event_manager_group)
msg = "[delete image]: event id %s, image id: %s" % (str(event_id),
str(image_id))
try:
S3EventsImages().delete(event_id, image_id)
db = get_db()
db[cfg.IMAGE_COLLECTION].delete_one({'_id': ObjectId(image_id)})
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(202, msg, str(event_id))
def put(event_id):
auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS)
if not ObjectId.is_valid(event_id):
abort(400)
req_data = request.get_json(force=True)
if not query_params.required_check(req_data):
abort(400)
try:
req_data = query_params.formate_datetime(req_data)
req_data = query_params.formate_location(req_data)
req_data = query_params.formate_category(req_data)
except Exception as ex:
__logger.exception(ex)
abort(400)
group_memberships = list()
try:
_, group_memberships = get_group_memberships()
except Exception as ex:
__logger.exception(ex)
abort(500)
db = None
event = None
try:
db = get_db()
event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0})
except Exception as ex:
__logger.exception(ex)
abort(500)
# If this is a group event, apply group authorization. Regular events can proceed like before.
if not check_group_event_admin_access(event, group_memberships):
abort(401)
try:
status = db['events'].replace_one({'_id': ObjectId(event_id)},
req_data)
msg = "[PUT]: event id %s, nUpdate = %d " % (str(event_id),
status.modified_count)
if req_data is not None:
msg_json = jsonutils.create_log_json("Events", "PUT", req_data)
else:
msg_json = jsonutils.create_log_json("Events", "PUT", {})
__logger.info("PUT " + json.dumps(msg_json))
except Exception as ex:
__logger.exception(ex)
abort(500)
return success_response(200, msg, str(event_id))
def _get_event_result(query):
"""
Perform the get_event query and return the serialized results. This is
its own function to enable caching to work.
Returns: (string, found)
"""
db = get_db()
event = db['events'].find_one(query, {
'_id': 0,
'coordinates': 0,
'categorymainsub': 0
})
return flask.json.dumps(event), (not event is None)
