Esempio n. 1
0
def export_single(request):
    key = request.META.get('HTTP_AUTHORIZATION', None)
    id = request.GET.get('id', None)
    if key is None:
        raise AuthenticationError('No API key specified!')
    try:
        api_key = ApiKey.objects.get(key=key)
    except ApiKey.DoesNotExist:
        raise AuthenticationError('Invalid API key specified!')
    try:
        api_key.scopes.get(id=SCOPE_EXPORT)
    except Scope.DoesNotExist:
        raise AuthenticationError('Invalid API key scope!')
    if id is None:
        raise ApiException('Missing id!', status=400)
    try:
        badge = Badge.objects.get(id=id)
    except Badge.DoesNotExist:
        raise ApiException('Invalid id!', status=400)
    return ApiResponse(dict(
        id=badge.id,
        name=badge.name,
        mac=badge.mac,
        image=badge.render().decode('ascii'),
    ))
Esempio n. 2
0
def post_get(request):
    key = request.META.get('HTTP_AUTHORIZATION', None)
    try:
        limit = int(request.GET.get('limit', None))
    except ValueError:
        limit = 10
    if key is None:
        raise AuthenticationError('No API key specified!')
    try:
        api_key = ApiKey.objects.get(key=key)
    except ApiKey.DoesNotExist:
        raise AuthenticationError('Invalid API key specified!')
    try:
        api_key.scopes.get(id=SCOPE_POSTS)
    except Scope.DoesNotExist:
        raise AuthenticationError('Invalid API key scope!')
    return ApiResponse(dict(
        posts=[
            dict(
                sender=dict(
                    id=post.sender.id,
                    name=post.sender.name,
                ),
                content=post.content,
            )
            for post in Post.objects.all().order_by('-created_at')[:limit]
        ],
    ))
Esempio n. 3
0
def vote_get(request):
    key = request.META.get('HTTP_AUTHORIZATION', None)
    if key is None:
        raise AuthenticationError('No API key specified!')
    try:
        api_key = ApiKey.objects.get(key=key)
    except ApiKey.DoesNotExist:
        raise AuthenticationError('Invalid API key specified!')
    try:
        api_key.scopes.get(id=SCOPE_VOTES)
    except Scope.DoesNotExist:
        raise AuthenticationError('Invalid API key scope!')
    return ApiResponse(dict(
        votes=[
            dict(
                talk=dict(
                    id=talk.agenda_id,
                    slug=talk.slug,
                ),
                **(
                    lambda votes: dict(
                        rating=statistics.mean(votes) if len(votes) > 0 else 0,
                        ratings=len(votes),
                    )
                )([vote.rating for vote in Vote.objects.filter(talk=talk)])
            )
            for talk in Talk.objects.all()
        ],
    ))
Esempio n. 4
0
def get_badge(request, raise_exception=True):
    badge_id = request.META.get('HTTP_X_ID', None)
    session_id = request.META.get('HTTP_AUTHORIZATION', None)
    if badge_id is not None:
        signature = request.META.get('HTTP_X_SIGNATURE', None)
        try:
            badge = Badge.objects.get(id=badge_id)
        except Badge.DoesNotExist:
            if raise_exception:
                raise AuthenticationError('Badge does not exist!')
            return None
        if not signature or bytes.fromhex(
                signature) != badge.calculate_signature(request):
            if raise_exception:
                raise AuthenticationError('Invalid signature!')
            return None
        return badge
    if session_id is not None:
        try:
            session = AuthCode.objects.get(id=session_id, long_lived=True)
        except AuthCode.DoesNotExist:
            if raise_exception:
                raise AuthenticationError('Invalid session!')
            return None
        return session.badge
    if raise_exception:
        raise AuthenticationError('Invalid request!')
    return None
Esempio n. 5
0
 def create_auth_code(self,
                      badge: Badge,
                      long_lived=False,
                      after_delete=False):
     self.delete_expired()
     if AuthCode.objects.filter(
             long_lived=False,
             badge__id=badge.id).count() > settings.AUTHCODE_LIMIT:
         raise AuthenticationError(
             'Badge has reached its limit for auth codes for the moment! Try again later.'
         )
     try:
         auth_code = AuthCode.objects.create(
             id=uuid.uuid4() if long_lived else hex(
                 random.getrandbits(4 * settings.AUTHCODE_LENGTH))[2:],
             badge=badge,
             long_lived=long_lived,
         )
         auth_code.save()
         return auth_code
     except IntegrityError as ie:
         pass
     if after_delete:
         raise AuthenticationError('Could not create a AuthCode!')
     self.delete_expired()
     return self.create_authcode(badge, long_lived, True)
Esempio n. 6
0
def auth(request):
    badge = utils.get_badge(request, False)
    token = request.JSON.get('auth', None)
    if badge is None and auth is None:
        raise AuthenticationError('Invalid request!', 404)
    if badge is not None:
        auth_code = AuthCode.objects.create_auth_code(badge)
        return ApiResponse(dict(token=auth_code.id))
    if token is not None:
        session = AuthCode.objects.authenticate_auth_code(token)
        return ApiResponse(dict(token=session.id))
    raise AuthenticationError('Invalid request!', 400)
Esempio n. 7
0
    def authenticate_auth_code(self, token):
        try:
            auth_code = super().get_queryset().get(id=token)
        except self.model.DoesNotExist:
            raise AuthenticationError("Invalid token.", 401)

        if auth_code.expired:
            raise AuthenticationError("Session expired.", 401)

        session = AuthCode.objects.create_auth_code(auth_code.badge, True)
        session.save()
        auth_code.delete()
        return session
Esempio n. 8
0
def ota_update(request):
    badge = utils.get_badge(request, False)
    if not badge:
        raise AuthenticationError('Unknown badge!', 404)
    installed = request.JSON.get('versions', {})
    logger.debug(','.join(['{}:{}'.format(key, installed[key]) for key in installed.keys()]))
    available = App.objects.values_list('name', flat=True).distinct()
    to_install = []
    for app_name in available:
        app = App.objects.filter(name=app_name).order_by('-version')[0]
        try:
            version = int(installed.get(app.name, -1))
        except TypeError:
            version = -1
        if version < app.version:
            to_install.append(app)
    logger.debug(','.join(available))
    if len(to_install) == 0:
        return ApiResponse('No updates available', 204)
    try:
        buffer = FileStream()
        result = tarfile.open(mode='w', fileobj=buffer)
        for app in to_install:
            SafeTar.add(result, path.join(settings.MEDIA_ROOT, app.extract_path(), app.name), app.name)
        response = HttpResponse(buffer.pop(), status=200, content_type='application/force-download')
        response['Content-Disposition'] = 'attachment; filename=update.tar'
        return response
    except Exception as e:
        pass
    return HttpResponse('Something went wrong!', status=500)
Esempio n. 9
0
def export_all(request):
    key = request.META.get('HTTP_AUTHORIZATION', None)
    images = request.GET.get('images', None) is not None
    if key is None:
        raise AuthenticationError('No API key specified!')
    try:
        api_key = ApiKey.objects.get(key=key)
    except ApiKey.DoesNotExist:
        raise AuthenticationError('Invalid API key specified!')
    try:
        api_key.scopes.get(id=SCOPE_EXPORT)
    except Scope.DoesNotExist:
        raise AuthenticationError('Invalid API key scope!')
    return ApiResponse(dict(
        badges=[
            dict(
                id=badge.id,
                name=badge.name,
                image=badge.render().decode('ascii') if images else None,
            )
            for badge in Badge.objects.all()
        ],
    ))