async def login():
session = get_session(request)
resp, code = {"response": "dummy"}, 200
if request.method == "GET":
return redirect("/?wmsg_rd=login")
reqform = await request.form
user, password, integrity = (
reqform.get("user"),
reqform.get("password"),
reqform.get("integrity"),
)
if user is None or password is None or integrity != session.get(
"u-id", ""):
resp = {"error": "fields_empty_or_session_error"}
code = 403
udata = userData.query.filter(
func.lower(userData.user) == func.lower(user)).first()
if udata is None:
resp = {"error": "no_such_user"}
code = 403
return resp, code
session["logged_in"] = False
if check_password_hash(udata.pw_hash, password):
session["logged_in"] = True
session["user"] = udata.user
resp = {"success": "authenticated", "user": udata.user}
else:
session["logged_in"] = False
resp = {"error": "incorrect_password"}
code = 403
return _response(resp, code=code, cookies=session)
def authenticate(cls, username, password):
"""Validate that admin exists & password is correct.
Return admin if valid; else return False.
"""
u = Admin.query.filter(Admin.username==username, Admin.is_active==True).first()
if u and check_password_hash(hashed_pwd=u.password, password=password):
# return admin instance
return u
else:
return False
def authenticate(cls, username, password):
"""Validate that admin exists & password is correct.
Return admin if valid; else return False.
"""
u = User.query.filter_by(username=username).first()
if u and u.is_active and check_password_hash(u.password, password):
# return admin instance
return u
else:
return False
def check_password(self, password):
return check_password_hash(self.pw_hash, password)
def login(cls, name, password):
user = cls.by_name(name)
if user and utils.check_password_hash(name, password,
user.password_hash):
return
def check_password(self, raw_password):
"Returns True if the given raw password is correct for this user."
return utils.check_password_hash(raw_password, self.password)
def check_password(self, raw_password):
"Returns True if the given raw password is correct for this user."
return utils.check_password_hash(raw_password, self.password)
def _manage_db_data(self):
"""Return Data based on request..reading the data will check for the site ID and return response
only if the password is provided. Writing the data will take the site_id
"""
data_action: int = self.js_data.get("db_action")
if data_action == READ_TYPE:
"""Read the data. Should only be uswed in the dashboard or data.pycode.tk"""
pw: str = self.js_data.get("password", "")
if not pw:
return self._err("No Password Provided")
meta_doc: DocumentReference = manager.get_document(
f"/{SITE_META}/{self.origin}")
if not manager.document_exists(meta_doc):
return self._err("Incorrect username or password")
doc_snap_shot: DocumentSnapshot = meta_doc.get()
site_id = doc_snap_shot.get("site_id")
if not check_password_hash(doc_snap_shot.get("hashedPassword"),
pw):
return self._err("Incorrect username or password")
doc: CollectionReference = manager.get_collection(
f"/{SITE_DATA}/{site_id}/{ANALYTICS}")
actions_doc_snap: DocumentSnapshot = doc.document("ACTIONS").get()
visiter_doc_snap: DocumentSnapshot = doc.document(
"VISITOR_DATA").get()
return {
"actions": actions_doc_snap.to_dict(),
"visitor_data": visiter_doc_snap.to_dict(),
}
if data_action == WRITE_TYPE:
"""js_data should be a dictionary with the keys:
INTERNAL_JSON_CONFIG_DATA,INDIVIDUAL_VISIT_DATA,SESSION_STORAGE_DATA
"""
exclude_updates_for: list = self.js_data.get("exclude", [])
_site_id: str = manager.get_document(
f"{SITE_META}/{self.origin}").get().get("site_id")
if _site_id != self.site_id:
return self._err("Invalid Site ID")
doc: DocumentReference = manager.get_document(
f"{SITE_DATA}/{self.site_id}")
col: CollectionReference = doc.collection(ANALYTICS)
analytics_arr: DocumentReference = col.document("VISITOR_DATA")
internal_arr: DocumentReference = col.document("INTERNAL_DATA")
actions_arr: DocumentReference = col.document("ACTIONS")
analytics_arr_exists = manager.document_exists(analytics_arr)
doc.set({"last_update_from_backend": now()})
visit_id = self.js_data.get("visit_id")
for field in ANALYTICS_FIELDS:
name: str = field.get("NAME")
if name in exclude_updates_for:
continue
set_by_server: bool = field.get("SET_BY_SERVER", False)
expected_type: Any = field.get(
"EXPECTED_TYPE"
) # Check for malformed input..like [object Object]
if name not in self.js_data and not set_by_server:
return self._err(f"Required Field Missing - {name}")
if set_by_server:
"""Values that will be set by the server..like VIEW_COUNT"""
data_fields: DocumentReference = col.document(name)
data_field_snapshot: DocumentSnapshot = data_fields.get()
if name == "VIEW_COUNT" and self.js_data.get(
"update_view_count"):
if manager.document_exists(data_fields):
data_fields.update({
"value":
data_field_snapshot.get("value") + 1
})
else:
data_fields.set({
"value":
data_field_snapshot.get("value") + 1
})
continue
if name == "INTERNAL_JSON_CONFIG_DATA":
"""internal json data including errors"""
config = self.js_data[name]
if not isinstance(config, expected_type):
return self.__err_msg(name)
internal_arr.set({name: {visit_id: config}}, merge=True)
continue
if name == "INDIVIDUAL_VISIT_DATA":
"""Indiviual user data including session tokens, user agent,
time spent on the site (sent during window.onunload or other event specified by the user
"""
visit_data = self.js_data[name]
visit_data["id"] = visit_id
visit_data["addr"] = self.headers.get("X-Forwarded-For")
if not isinstance(visit_data, expected_type):
return self.__err_msg(name)
if analytics_arr_exists:
analytics_arr.update({name: ArrayUnion([visit_data])})
else:
analytics_arr.set({name: [visit_data]}, merge=True)
analytics_arr_exists = True
continue
if name == "SESSION_STORAGE_DATA":
"""Session storage data.. useful for tracking session times and visit counters"""
sess_data = self.js_data[name]
sess_data["id"] = visit_id
if not isinstance(sess_data, expected_type):
return self.__err_msg(name)
if analytics_arr_exists:
analytics_arr.update({name: ArrayUnion([sess_data])})
else:
analytics_arr.set({name: [sess_data]}, merge=True)
analytics_arr_exists = True
continue
if name == "ACTIONS":
action_data = self.js_data.get(name)
if not action_data:
continue
if not isinstance(action_data, expected_type):
return self.__err_msg(name)
if manager.document_exists(actions_arr):
actions_arr.update({name: ArrayUnion([action_data])})
else:
actions_arr.set({name: [action_data]})
continue
return {"success": True}
else:
return self._err("bad data_action type")
