def api_vnf_init_config(vnf_id):
if auth_method == 'gatekeeper':
if not gatekeeper_authentication(request.get_header('X-Auth-Token')):
abort(401)
elif auth_method == 'basic':
user, passwd = parse_auth(request.get_header('Authorization'))
if not check_credentials(user, passwd):
abort(401)
print "\n######## VNF INITIAL CONFIGURATION ########\n"
print "VNF Validation: "
if validate_VNF(vnf_id):
print "Ok"
print "\nRetrieving VNF Configuration: \n"
try:
vnfm_request = loads(request.body.getvalue())
print vnfm_request
except:
print "Fail: Unable to retrieve VNF Configuration"
print "\n############## END ##############\n"
abort(400)
finally:
print "\nStarting VNF initial configuration workflow\n"
response = initial_configuration(vnf_id, vnfm_request)
if not response:
print "Fail: Unable to configure VNF"
print "\n############## END ##############\n"
abort(500)
else:
print "Fail: VNF not found"
print "\n############## END ##############\n"
abort(404)
def api_get_vnf_config(vnf_id):
if auth_method == 'gatekeeper':
if not gatekeeper_authentication(request.get_header('X-Auth-Token')):
abort(401)
elif auth_method == 'basic':
user, passwd = parse_auth(request.get_header('Authorization'))
if not check_credentials(user, passwd):
abort(401)
print "\n######## RETRIEVE VNF CURRENT CONFIGURATION ########\n"
print "VNF Validation: "
if validate_VNF(vnf_id):
print "Ok"
print "\nRetrieve Configuration workflow \n"
conf_obj = get_current_configuration(vnf_id)
if not conf_obj:
print "\nThe VNF has not been configured\n"
print "\n############## END ##############\n"
abort(404)
else:
print "\n############## END ##############\n"
return conf_obj
else:
print "Fail: VNF not found"
print "\n############## END ##############\n"
abort(404)
def api_delete_vnf(vnf_id):
if auth_method == 'gatekeeper':
if not gatekeeper_authentication(request.get_header('X-Auth-Token')):
abort(401)
if auth_method == 'basic':
print "basic authentication"
user, passwd = parse_auth(request.get_header('Authorization'))
if not check_credentials(user, passwd):
abort(401)
print "\n######## DELETE VNF CONFIGURATION API ########\n"
print "VNF Validation: "
if validate_VNF(vnf_id):
print "Ok\n"
try:
vnfm_request = loads(request.body.getvalue())
except:
vnfm_request = None
finally:
print "\nStarting VNF removal workflow\n"
response = delete_vnf(vnf_id, vnfm_request)
if not response:
print "Fail: the VNF could not be removed\n"
print "\n############## END ##############\n"
abort(500)
print "\n############## END ##############\n"
else:
print "Fail: VNF not found"
print "\n############## END ##############\n"
abort(404)
def get_language(self):
lang = [None]
if len(request.script_name) > 3:
tmp_lang = request.script_name[-3:-1]
if tmp_lang in self.allowed_languages:
return ([tmp_lang, self.allowed_languages[0]], False)
# Handle longer languages like zh_TW
if len(request.script_name) > 6 and request.script_name[-4] == "_":
tmp_lang = request.script_name[-6:-1]
if tmp_lang in self.allowed_languages:
return ([tmp_lang, self.allowed_languages[0]], False)
lang = [None]
if not lang[0] and request.get_header('Accept-Language'):
lang = request.get_header('Accept-Language')
lang = lang.split(',')
lang = [x.split(";")[0] for x in lang]
lang = [x.split("-")[0] for x in lang]
lang = [x for x in lang if x in self.allowed_languages]
if len(lang) > 0 and lang[0]:
lang.append(self.allowed_languages[0])
res = []
for l in lang:
if not l in res:
res.append(l)
return (res, True)
else:
return (self.allowed_languages, True)
def request_reset():
"""
Password reset form POST endpoint.
"""
email = request.forms.get('email')
user = local.model.get_user(username=email)
if user is None:
# Redirect back to form page
return redirect_with_query('/account/reset', {
'error': "User with email %s not found." % email
})
# Generate reset code
reset_code = local.model.new_user_reset_code(user.user_id)
# Send code
hostname = request.get_header('X-Forwarded-Host') or request.get_header('Host')
user_name = user.first_name or user.user_name
local.emailer.send_email(
subject="CodaLab password reset link",
body=template('password_reset_body', user=user_name, current_site=hostname, code=reset_code),
recipient=email,
)
# Redirect to success page
return redirect('/account/reset/sent')
def get_language(self):
lang = [None]
# Remove old no longer used cookie 'lang'
if request.get_cookie('lang'):
response.delete_cookie('lang', path="/")
if len(request.script_name) > 3:
lang = [request.script_name[-3:-1], self.allowed_languages[0]]
if lang[0] not in self.allowed_languages:
lang = [None]
else:
return (lang, False)
if not lang[0] and request.get_cookie('lang'):
lang = [request.get_cookie('lang')]
if lang[0] not in self.allowed_languages:
lang = [None]
if not lang[0] and request.get_header('Accept-Language'):
lang = request.get_header('Accept-Language')
lang = lang.split(',')
lang = [x.split(";")[0] for x in lang]
lang = [x.split("-")[0] for x in lang]
lang = [x for x in lang if x in self.allowed_languages]
if len(lang) > 0 and lang[0]:
lang.append(self.allowed_languages[0])
res = []
for l in lang:
if not l in res:
res.append(l)
return (res, True)
else:
return (self.allowed_languages, True)
def fn_error(error):
try:
error.content_type = CONTENT_TYPE
if request.get_header("Origin"):
error.set_header(
"Access-Control-Allow-Origin",
"*"
)
if request.get_header("Access-Control-Request-Headers"):
error.set_header(
"Access-Control-Allow-Headers",
request.get_header("Access-Control-Request-Headers")
)
if request.get_header("Access-Control-Request-Method"):
error.set_header(
"Access-Control-Allow-Methods",
"GET, POST, PATCH, DELETE, OPTIONS"
)
doc = JsonAPIResponse(request.url)
err = JsonAPIError(code=error.status, title=error.body)
doc.errors.append(err)
return json.dumps(dict(doc), sort_keys=True)
except:
logging.error("".join(traceback.format_exception(*sys.exc_info())))
def post_message():
from_member_id = request.get_header('userToken')
subject = request.json['subject']
message_contents = request.json['messageContents']
messageType = request.json['messageType']
retObj = {}
if messageType == 'single':
to_member_id = request.json['toMemberId']
message_id = messages.send_message(from_member_id, to_member_id, subject, message_contents)
retObj = {"messageId": message_id}
elif messageType == 'broadcast':
start_time = time.time()
if request.get_header('DD-Process-Type') == 'simple':
message_id = messages.send_broadcast_thinDatabase(from_member_id, subject, message_contents)
else:
message_id = messages.send_broadcast_thickDatabase(from_member_id, subject, message_contents)
retObj = {"messageCount": message_id,
"executionTime":(time.time() - start_time)}
response.status = 201
return retObj
def format_NCSA_log(request, response, bodylen):
"""
Apache log format 'NCSA extended/combined log':
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
see http://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat
"""
# Let's collect log values
val = dict()
val['host'] = request.remote_addr or request.remote_route[0]
val['logname'] = '-'
val['user'] = '******'
val['time'] = dt.now(tz=Local).strftime("%d/%b/%Y:%H:%M:%S %z")
val['request'] = "{} {} {}".format(
request.method,
request.path,
request.environ.get('SERVER_PROTOCOL', '')
)
val['status'] = response.status_code
val['size'] = bodylen
val['referer'] = request.get_header('Referer','')
val['agent'] = request.get_header('User-agent','')
# see http://docs.python.org/3/library/string.html#format-string-syntax
FORMAT = '{host} {logname} {user} [{time}] "{request}" '
FORMAT += '{status} {size} "{referer}" "{agent}"'
return FORMAT.format(**val)
def get_members():
member_id = request.get_header('userToken')
search_string = request.query['searchString']
if 'maxDistance' in request.query:
max_distance = request.query['maxDistance']
else:
max_distance = None
if 'limit' in request.query:
limit = request.query['limit']
else:
limit = None
start_time = time.time()
if request.get_header('DD-Process-Type') == 'simple':
members_list = members.do_search_thinDatabase(member_id, search_string, limit)
elif request.get_header('DD-Process-Type') == 'spatial':
members_list = members.do_search_spatial(member_id, search_string, max_distance, limit)
else:
members_list = members.do_search_text(member_id, search_string, limit)
members_return = []
for member in members_list:
members_return.append({"memberId": member[0],
"name": member[1]})
return {"items": members_return,
"executionTime":(time.time() - start_time)}
def wrapped(*args, **kwargs):
print request.get_header('Authorization')
if (self.is_logged_in_by_beaker()
or self.is_auth_by_header()):
return func(*args, **kwargs)
else:
response.status = 401
response.set_header('www-authenticate', 'Basic realm="Henry"')
def send_verification_key(username, email, key):
# Send verification key to given email address
hostname = request.get_header('X-Forwarded-Host') or request.get_header('Host')
local.emailer.send_email(
subject="Verify your new CodaLab account",
body=template('email_verification_body', user=username, current_site=hostname, key=key),
recipient=email,
)
def outer(*args, **kwargs):
response.content_type = CONTENT_TYPE
if request.get_header("Origin"):
response.set_header(
"Access-Control-Allow-Origin",
"*"
)
if request.get_header("Access-Control-Request-Headers"):
response.set_header(
"Access-Control-Allow-Headers",
request.get_header("Access-Control-Request-Headers")
)
if request.get_header("Access-Control-Request-Method"):
response.set_header(
"Access-Control-Allow-Methods",
"GET, POST, PATCH, DELETE, OPTIONS"
)
try:
return fn(*args, **kwargs)
except ValueError:
logging.error("".join(traceback.format_exception(*sys.exc_info())))
abort(400, "Could not parse request. Be sure to use valid JSON.")
except IntegrityError as e:
if str(e).startswith("NOT NULL constraint"):
field = e.message.split(": ")[1]
if field.endswith("_id"):
field = field[:-3]
abort(400, field + " cannot be null")
if "UNIQUE constraint" in str(e):
abort(409, "This id is already taken.")
abort(400, e)
except AssertionError as e:
abort(400, e)
except JsonAPIException as e:
abort(e.status, e)
except Exception as e:
if e.__class__.__name__.endswith("DoesNotExist"):
abort(404, "The requested resource does not exist.")
if str(e).startswith("Instance matching query"):
abort(400, "Trying to set relationship with invalid resource.")
# log this unknown error
logging.error("".join(traceback.format_exception(*sys.exc_info())))
abort(500, e)
def _get_session_from_header(self):
request_id = request.environ.get('REQUEST_ID', None)
self.log.debug('{0} trying to get session from header'.format(request_id))
result = {}
_id = request.get_header('X-SID', False)
token = request.get_header('X-TOKEN', False)
if _id and token:
result['_id'] = _id
result['token'] = token
self.log.debug('{0} success trying to get session from header'.format(request_id))
return result
self.log.debug('{0} failed trying to get session from header'.format(request_id))
def service_desc():
''' route for DIAL service discovery '''
response.set_header('Access-Control-Allow-Method',
'GET, POST, DELETE, OPTIONS')
response.set_header('Access-Control-Expose-Headers', 'Location')
response.set_header('Application-URL',
'http://{}/apps'.format(request.get_header('host')))
response.set_header('Content-Type', 'application/xml')
return build_template(__device__).render(
friendlyName=Kodicast.friendlyName,
uuid=Kodicast.uuid,
path="http://%s" % request.get_header('host'))
def post_message():
count = dao.incr_count()
body = request.json
messages = {
'sender': request.get_header('uniqys-sender'),
'timestamp': request.get_header('uniqys-timestamp'),
'blockhash': request.get_header('uniqys-blockhash'),
'contents': body['message']
}
dao.set_message(count, messages)
def sapi(path):
path = path.split("/")
path = list(filter(None, path))
headers = request.headers
if request.get_header(
"Content-Type"
) is not None and "application/json" in request.get_header("Content-Type"):
keys = request.json
else:
keys = FormsDict.decode(request.params)
auth = request.auth
return compliant_api.handle(path, keys, headers, auth)
def send_verification_key(username, email, key):
# Send verification key to given email address
hostname = request.get_header('X-Forwarded-Host') or request.get_header(
'Host')
local.emailer.send_email(
subject="Verify your CodaLab account",
body=template('email_verification_body',
user=username,
current_site=hostname,
key=key),
recipient=email,
)
def _process_result(the_obj):
response.set_header('Accept', '*')
response.set_header(name="Access-Control-Allow-Origin", value=request.get_header("Origin","*"))
if request.get_header("Origin",""):
response.set_header(name="Access-Control-Allow-Credentials", value="true")
response.set_header('Access-Control-Allow-Headers', 'Content-Type, Accept')
response.set_header('Access-Control-Allow-Methods', '*')
response.content_type = 'application/json'
result = util.json_dumps(the_obj)
cfg.logger.warning('result: %s', result)
return result
def authUser(usr,pw):
if appconfig.config['api_users']['username'] == usr and appconfig.config['api_users']['password'] == pw :
if request.get_header("x-api-key",None) != None:
apikey = request.get_header("x-api-key",None)
query = ("Select * From staff ")
cursor = conn.cursor(buffered = True)
try:
cursor.execute(query)
return True
except mysql.connector.Error as error:
print("failed executing query",error)
return False
def outer(*args, **kwargs):
response.content_type = CONTENT_TYPE
if request.get_header("Origin"):
response.set_header("Access-Control-Allow-Origin", "*")
if request.get_header("Access-Control-Request-Headers"):
response.set_header(
"Access-Control-Allow-Headers",
request.get_header("Access-Control-Request-Headers"))
if request.get_header("Access-Control-Request-Method"):
response.set_header("Access-Control-Allow-Methods",
"GET, POST, PATCH, DELETE, OPTIONS")
try:
return fn(*args, **kwargs)
except ValueError:
logging.error("".join(traceback.format_exception(*sys.exc_info())))
abort(400, "Could not parse request. Be sure to use valid JSON.")
except IntegrityError as e:
if str(e).startswith("NOT NULL constraint"):
field = e.message.split(": ")[1]
if field.endswith("_id"):
field = field[:-3]
abort(400, field + " cannot be null")
if "UNIQUE constraint" in str(e):
abort(409, "This id is already taken.")
abort(400, e)
except AssertionError as e:
abort(400, e)
except JsonAPIException as e:
abort(e.status, e)
except Exception as e:
if e.__class__.__name__.endswith("DoesNotExist"):
abort(404, "The requested resource does not exist.")
if str(e).startswith("Instance matching query"):
abort(400, "Trying to set relationship with invalid resource.")
# log this unknown error
logging.error("".join(traceback.format_exception(*sys.exc_info())))
abort(500, e)
def post_members():
email = request.json['email']
name = request.json['name']
password = request.json['password']
dinosaur_id = request.json['dinosaurId']
location_id = request.json['locationId']
about_yourself = request.json['aboutYourself']
trilobitcoin_number = request.json['trilobitcoinNumber']
amount = request.json['amount']
response.content_type = 'application/json'
start_time = time.time()
try:
if name is None or password is None:
member_id = None
elif request.get_header('DD-Process-Type') == 'simple':
member = members.process_registration_thinDatabase(email, name, password, dinosaur_id, location_id,
about_yourself, trilobitcoin_number, amount)
elif request.get_header('DD-Process-Type') == 'plsql':
member = members.process_registration_thickDatabase(email, name, password, dinosaur_id, location_id,
about_yourself, trilobitcoin_number, amount)
else:
member = members.process_registration_aq(email, name, password, dinosaur_id, location_id,
about_yourself, trilobitcoin_number, amount)
except cx_Oracle.DatabaseError as exc:
error, = exc.args
if error.code == 1:
response.status = 409
return {"error": "name must be unique"}
else:
response.status = 500
return {"error": error.message}
response.status = 201
return {
'member': {"id": member[0],
"name": member[1],
"locationName": member[2],
"city": member[3],
"state": member[4],
"postalCode": member[5],
"country": member[6],
"speciesName": member[7],
"aboutYourself": str(member[8]),
"email": member[9]
},
'token': 'afdja;dgag',
'executionTime':(time.time() - start_time)
}
def index():
req = prepare_bottle_request(request)
auth = init_saml_auth(req)
errors = []
not_auth_warn = False
success_slo = False
attributes = False
paint_logout = False
session = request.environ['beaker.session']
if 'sso' in request.query:
return_to = '{0}://{1}/'.format(request.urlparts.scheme,
request.get_header('host'))
return redirect(auth.login(return_to))
elif 'sso2' in request.query:
return_to = '{0}://{1}/attrs/'.format(request.urlparts.scheme,
request.get_header('host'))
return redirect(auth.login(return_to))
elif 'slo' in request.query:
name_id = None
session_index = None
if 'samlNameId' in session:
name_id = session['samlNameId']
if 'samlSessionIndex' in session:
session_index = session['samlSessionIndex']
return redirect(
auth.logout(name_id=name_id, session_index=session_index))
elif 'sls' in request.query:
dscb = lambda: session.clear()
url = auth.process_slo(delete_session_cb=dscb)
errors = auth.get_errors()
if len(errors) == 0:
if url is not None:
return redirect(url)
else:
success_slo = True
if 'samlUserdata' in session:
paint_logout = True
if len(session['samlUserdata']) > 0:
attributes = session['samlUserdata'].items()
return {
'errors': errors,
'not_auth_warn': not_auth_warn,
'success_slo': success_slo,
'attributes': attributes,
'paint_logout': paint_logout
}
def wrapper(*a, **ka):
if required or terrariumUtils.is_true(self.__terrariumEngine.config.get_system()['always_authenticate']):
user, password = request.auth or (None, None)
ip = request.remote_addr if request.get_header('X-Real-Ip') is None else request.get_header('X-Real-Ip')
if user is None or not check(user, password):
err = HTTPError(401, text)
err.add_header('WWW-Authenticate', 'Basic realm="%s"' % realm)
if user is not None or password is not None:
self.__terrariumEngine.notification.message('authentication_warning',{'ip' : ip, 'username' : user, 'password' : password},[])
logger.warning('Incorrect login detected using username \'{}\' and password \'{}\' from ip {}'.format(user,password,ip))
return err
return func(*a, **ka)
def wrapped(*args, **kwargs):
print request.get_header('Authorization')
if (self.is_logged_in_by_beaker()
or self.is_auth_by_header()):
user = get_user(request)['username']
db_user = get_user_info(self.db.session, user)
if db_user.level >= level:
return func(*args, **kwargs)
else:
response.status = 401
response.set_header('www-authenticate', 'Basic realm="Henry"')
else:
response.status = 401
response.set_header('www-authenticate', 'Basic realm="Henry"')
def wrapper(*args, **kwargs):
print "Request:" + str(request.get_header("X-Auth-Token"))
print role
token = request.get_header("X-Auth-Token")
if not token:
raise HTTPError(401)
token = str(request.get_header("X-Auth-Token"))
user = getUserFromToken(token)
if not user:
raise HTTPError(401)
if role:
if not user.hasRole(role):
raise HTTPError(403)
return f(*args, **kwargs)
def report_put():
'''
HTTP PUT to upload a data file
'''
contentType = request.get_header('Content-Type')
if contentType == None:
abort(500, 'missing Content-Type')
dataTypes = contentType.split(';')
recordId = request.get_header('record-id')
reporter = Reporter()
result = reporter.report_put(dataTypes, recordId, request.body)
if 'error' in result:
abort(500, result['error'])
else:
return result
def report_put():
'''
HTTP PUT to upload a data file
'''
contentType=request.get_header('Content-Type')
if contentType==None:
abort(500,'missing Content-Type')
dataTypes = contentType.split(';')
recordId=request.get_header('record-id')
reporter=Reporter()
result=reporter.report_put(dataTypes,recordId,request.body)
if 'error' in result:
abort(500,result['error'])
else:
return result
def post_broadcast():
from_member_id = request.get_header('userToken')
subject = request.json['subject']
message_contents = request.json['messageContents']
start_time = time.time()
if request.get_header('DD-Process-Type') == 'simple':
message_id = messages.send_broadcast_thinDatabase(from_member_id, subject, message_contents)
else:
message_id = messages.send_broadcast_thickDatabase(from_member_id, subject, message_contents)
response.status = 201
return {"messageCount": message_id,
"executionTime":(time.time() - start_time)}
def index():
req = prepare_bottle_request(request)
auth = init_saml_auth(req)
errors = []
not_auth_warn = False
success_slo = False
attributes = False
paint_logout = False
session = request.environ['beaker.session']
if 'sso' in request.query:
return_to = '{0}://{1}/'.format(request.urlparts.scheme, request.get_header('host'))
return redirect(auth.login(return_to))
elif 'sso2' in request.query:
return_to = '{0}://{1}/attrs/'.format(request.urlparts.scheme, request.get_header('host'))
return redirect(auth.login(return_to))
elif 'slo' in request.query:
name_id = None
session_index = None
if 'samlNameId' in session:
name_id = session['samlNameId']
if 'samlSessionIndex' in session:
session_index = session['samlSessionIndex']
return redirect(auth.logout(name_id=name_id, session_index=session_index))
elif 'sls' in request.query:
dscb = lambda: session.clear()
url = auth.process_slo(delete_session_cb=dscb)
errors = auth.get_errors()
if len(errors) == 0:
if url is not None:
return redirect(url)
else:
success_slo = True
if 'samlUserdata' in session:
paint_logout = True
if len(session['samlUserdata']) > 0:
attributes = session['samlUserdata'].items()
return {
'errors':errors,
'not_auth_warn':not_auth_warn,
'success_slo':success_slo,
'attributes':attributes,
'paint_logout':paint_logout
}
def get_recipes():
response.content_type = 'application/json'
search_criteria = request.get_header('filter')
if search_criteria is None:
return dumps([p.__dict__ for p in db_utils.get_all_recipes()])
else:
return dumps([p.__dict__ for p in db_utils.find_recipes(loads(search_criteria))])
def filter():
time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
if request.json == None:
print('hackey外からのアクセスが確認されました')
descp = request.query.get('descp')
event = request.query.get('event')
device_id = confs.entries[descp].hackey_id
else:
print('hackeyからのアクセスが確認されました')
content_type = request.get_header('Content-Type')
if content_type != 'application/json': # JSON 以外なら処理終了
print('不正な Content_Type です:' + content_type)
return False
device_id = request.json['hackey']['device_id']
descp = confs.hackeys[device_id].description
event = request.json['hackey']['event']
try:
if event == 'turn_on':
event_mes = 'ネットワーク遮断'
result = confs.entries[descp].turn_on()
else:
event_mes = 'ネットワーク開放'
result = confs.entries[descp].turn_off()
except Exception:
result = False
if result:
mes = '成功'
else:
mes = '失敗'
make_mail_content(descp, event_mes, mes, time, device_id)
return str(confs.entries[descp].update_stat())
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
auth = parse_auth(request.get_header('Authorization', ''))
# TODO: session as GET
if 'session' in request.POST:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(api, func, *args, **kwargs)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
def login():
add_json_header(response)
username = request.params.get("username")
password = request.params.get("password")
user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None))
if not user:
return json_response(False)
s = set_session(request, user)
# get the session id by dirty way, documentations seems wrong
try:
sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
# reuse old session id
except:
sid = request.get_header(session.options['key'])
result = BaseEncoder().default(user)
result["session"] = sid
# Return full user information if needed
if request.params.get('user', None):
return dumps(result)
return json_response(sid)
def serve_static(path):
# save if this resource is available as gz
if path not in GZIPPED:
GZIPPED[path] = exists(join(APP_ROOT, path + ".gz"))
# gzipped and clients accepts it
# TODO: index.html is not gzipped, because of template processing
gzipped = False
if GZIPPED[path] and "gzip" in request.get_header("Accept-Encoding", "") and path != "index.html":
gzipped = True
path += ".gz"
resp = static_file(path, root=APP_ROOT)
# Also serve from .tmp folder in dev mode
if resp.status_code == 404 and APP_PATH == "app":
resp = static_file(path, root=join(PROJECT_DIR, '.tmp'))
if path.endswith(".html") or path.endswith(".html.gz"):
# tell the browser all html files must be revalidated
resp.headers["Cache-Control"] = "must-revalidate"
elif resp.status_code == 200:
# expires after 7 days
resp.headers['Expires'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT",
time.gmtime(time.time() + 60 * 60 * 24 * 7))
resp.headers['Cache-control'] = "public"
if gzipped:
resp.headers['Vary'] = 'Accept-Encoding'
resp.headers['Content-Encoding'] = 'gzip'
return resp
def create_route():
global seq_num
ct = request.get_header('content-type')
if ct != 'application/json':
return abort(response, 400, [
"request content-type unacceptable: body must be "
"'application/json' (was '{0}')".format(ct)
])
msg = request.json
clientRequest = {
'urlparts': {
"netloc": request.urlparts.netloc,
"scheme": request.urlparts.scheme
}
}
seq_num += 1
v_global = seq_num.value
print "Printing Seq Number"
print v_global
msg.update({'METHOD': 'POST'})
msg.update({'ROUTE': 'users'})
msg.update({'clientRequest': clientRequest})
msg.update({'opnum': v_global})
json_body_A = json.dumps(msg)
print json_body_A
msg_a.set_body(json_body_A)
result = send_msg_ob.send_msg(msg_a, msg_a)
response.status = result['response']
return result['result']
def test():
#print request.headers
msg = '{"abc89": 191}'
token = msgMgr.send(msg)
adid = request.get_header("adid", None)
print adid
return token
def check(**kwargs):
cookie = request.get_cookie('XSRF-TOKEN')
if cookie == None:
abort(401, "Authentication error")
header = request.get_header('X-XSRF-TOKEN', None)
if header == None:
abort(401, "Authentication error")
header = header[1:-1] # seems like the header is between quotes
if header != cookie:
print "HEADER %s CO %s" % (header, cookie)
# CSRF protection
abort(401, "Authentication error")
token_data = token_dict.get(cookie, None)
if token_data == None:
abort(401, "Authentication error")
# if token is older than four hours, invalidate it
if token_data["creation_date"] - datetime.datetime.now(
) > datetime.timedelta(0, 4 * 60 * 60):
response.status = 401
del token_dict[cookie]
return
return fn(**kwargs)
def webhooks_callback():
# Get the JSON body and HMAC-SHA1 signature of the POST request
callback_body = request.body.getvalue()
callback_signature = request.get_header('X-Square-Signature', default='')
# Validate the signature
if not is_valid_callback(callback_body, callback_signature):
# Fail if the signature is invalid
print 'Webhook event with invalid signature detected!'
return
# Load the JSON body into a Python dict
callback_body_dict = json.loads(callback_body)
# If the notification indicates a PAYMENT_UPDATED event...
if 'event_type' in callback_body_dict and callback_body_dict[
'event_type'] == 'PAYMENT_UPDATED':
# Get the ID of the updated payment
payment_id = callback_body_dict['entity_id']
# Send a request to the Retrieve Payment endpoint to get the updated payment's full details
connection = httplib.HTTPSConnection('connect.squareup.com')
connection.request('GET', '/v1/me/payments/' + payment_id, '',
request_headers)
connect_response_body = json.loads(connection.getresponse().read())
# Perform an action based on the returned payment (in this case, simply print the payment)
print connect_response_body
# The HMAC-SHA1 signature was valid, but the request wasn't for a PAYMENT_UPDATED event.
else:
print 'Unknown webhook event type detected!'
def send_help_message():
message = request.json['message']
if 'server' in local.config and 'support_email' not in local.config[
'server']:
print('Warning: No support_email configured, so no email sent.',
file=sys.stderr)
print('User\'s message: %s' % message, file=sys.stderr)
return
support_email = local.config['server']['support_email']
username = request.user.user_name
user_email = request.user.email
originUrl = request.get_header('Referer')
first_name = request.user.first_name if request.user.first_name else ''
last_name = request.user.last_name if request.user.last_name else ''
real_name = "%s %s" % (first_name, last_name)
message = message.encode('utf-8')
local.emailer.send_email(
subject="Message from %s" % user_email,
body=template(
'help_message_to_codalab_body',
real_name=real_name,
username=username,
email=user_email,
message=message,
originUrl=originUrl,
),
recipient=support_email,
sender=user_email,
charset='utf-8',
)
def get_hits():
print(request)
count = 50
auth = request.get_header('Authorization')
if not authenticate(auth):
return
# update data
try:
status = str(request.query.status)
except ValueError:
status = HIT_STATUS_REVIEW
try:
cutoff = int(request.query.cutoff)
except ValueError:
cutoff = hitmanager.HitDBManager.MAX_HIT_ID
if (request.query.count):
count = int(request.query.count)
print('client requested %i hits with %s status, from %i' %
(count, status, cutoff))
hits = get_manager().all_hits(status, cutoff)
total_hits = len(hits)
print('hitmanager returned %i hits' % total_hits)
hits = sorted(hits, key=lambda k: k['id'], reverse=True)
hits = hits[:count]
print("returned %i hits" % len(hits))
return {'hits': hits, 'total_count': total_hits}
def events():
log = get_logger()
if not compare_event_signature():
log.warning('Recevied an event with a bad signature')
response.status = '403 Unauthorized'
return {"error": "Bad event signature"}
event = request.get_header('X-GitHub-Event')
json = request.json
repository = json['repository']['full_name']
log.debug('Received an event %s', event)
if repository != REPO:
response.status = '403 Unauthorized'
return {"error": "Unhandled repo %s" % repository}
if event == 'ping':
log.info('Success: got a ping from github!')
return {'response': 'pong'}
elif event == 'push':
p = Process(target=handle_push, args=(json, ))
p.daemon = True
p.start()
return {'status': 'Started handling push'}
response.status = '500 Internal Error'
return {"error": "Unhandled event %s" % event}
def doc_csv(k, doc_id, threshold=0.2):
etag = _generate_etag(self.v[k])
if request.get_header('If-None-Match', '') == etag:
response.status = 304
return "Not Modified"
if k not in self.topic_range:
response.status = 400 # Not Found
return "No model for k = {}".format(k)
response.set_header('Etag', etag)
response.content_type = 'text/csv; charset=UTF8'
try:
data = self.v[k].dist_doc_doc(doc_id)
except KeyError:
data = self.v[k].dist_doc_doc(doc_id.decode('utf-8'))
if sys.version_info[0] == 3:
output = StringIO()
else:
output = BytesIO()
writer = csv.writer(output)
writer.writerow(['doc', 'prob'])
writer.writerows([(d, "%6f" % p) for d, p in data
if p > threshold])
return output.getvalue()
def doc_topic_csv(k, doc_id):
etag = _generate_etag(self.v[k])
# Check for an "If-None-Match" tag in the header
if request.get_header('If-None-Match', '') == etag:
response.status = 304
return "Not Modified"
response.set_header("Etag", etag)
#response.set_header('Cache-Control', 'max-age=120')
if k not in self.topic_range:
response.status = 400 # Not Found
return "No model for k = {}".format(k)
response.content_type = 'text/csv; charset=UTF8'
try:
data = self.v[k].doc_topics(doc_id)
except KeyErrror:
data = self.v[k].doc_topics(doc_id.decode('utf-8'))
if sys.version_info[0] == 3:
output = StringIO()
else:
output = BytesIO()
writer = csv.writer(output)
writer.writerow(['topic', 'prob'])
writer.writerows([(t, "%6f" % p) for t, p in data])
return output.getvalue()
def login():
add_header(response)
username = request.params.get("username")
password = request.params.get("password")
user = PYLOAD.checkAuth(username, password,
request.environ.get('REMOTE_ADDR', None))
if not user:
return dumps(False)
s = set_session(request, user)
# get the session id by dirty way, documentations seems wrong
try:
sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
# reuse old session id
except:
sid = request.get_header(session.options['key'])
result = BaseEncoder().default(user)
result["session"] = sid
# Return full user information if needed
if request.params.get('user', None):
return dumps(result)
return dumps(sid)
def getRooms():
pg = request.params[support.FieldDict['PAGE']]
sortOrder = request.params[support.FieldDict['SORTORDER']]
sortOn = request.params[support.FieldDict['SORTON']]
sortData = None
if support.FieldDict['SORTDATA'] in request.params:
sortData = request.params[support.FieldDict['SORTDATA']]
reqObj = {
support.FieldDict['PAGE']: int(pg),
support.FieldDict['SORTORDER']: int(sortOrder),
support.FieldDict['SORTON']: int(sortOn)
}
if sortData is not None:
reqObj[support.FieldDict['SORTDATA']] = sortData
adid = request.get_header(support.FieldHeaderDict['ADID'], None)
if adid is None:
return None
#userId = request.get_header(support.FieldDict['MODELID'], None)
#if userId is None:
# return None
data = JSONEncoder().encode(reqObj)
print data
msg = JSONEncoder().encode({
support.FieldDict['APIMETHOD']:
support.ApiMethods1.Api_ListRoom.value - 1,
support.FieldDict['ADID']:
adid,
support.FieldDict['DATA']:
data
})
token = msgMgr.send(msg)
print token
return token
def verify_auth():
token = request.get_header('X-Auth-Token') or request.get_cookie('session_id')
session_user = sessions.verify_session(token)
if session_user:
access = users.get_access_level(session_user)
return (session_user, access)
return False
def serve_static(filename):
# save if this resource is available as gz
if filename not in GZIPPED:
GZIPPED[filename] = os.path.isfile(
os.path.join(APPDIR, filename + ".gz"))
# gzipped and clients accepts it
# TODO: index.html is not gzipped, because of template processing
gzipped = False
if GZIPPED[filename] and "gzip" in request.get_header(
"Accept-Encoding", "") and filename != "index.html":
gzipped = True
filename += ".gz"
resp = static_file(filename, root=APPDIR)
if filename.endswith(".html") or filename.endswith(".html.gz"):
# tell the browser all html files must be revalidated
resp.headers['Cache-Control'] = "must-revalidate"
elif resp.status_code == 200:
# expires after 7 days
resp.headers['Expires'] = time.strftime(
"%a, %d %b %Y %H:%M:%S GMT",
time.gmtime(time.time() + 60 * 60 * 24 * 7))
resp.headers['Cache-control'] = "public"
if gzipped:
resp.headers['Vary'] = 'Accept-Encoding'
resp.headers['Content-Encoding'] = 'gzip'
return resp
def userprofile():
#print len(base64.b64decode(request.forms.get("file")))
'''
#print request.forms.keys()
data = JSONEncoder().encode(request.forms.items()[0])
print data
#print request.forms.items()[0]
return ""
print str(request.content_length)
#print len(request.files.get("file"))
file1 = request.files.get("file")
print file1.filename
adid = request.get_header("adid", None)
print adid
return ""
data = request.forms.items()[0]
print request.forms.items()[0]
'''
print request.forms.items()[0]
data = request.forms.items()[0]
adid = request.get_header(support.FieldHeaderDict['ADID'], None)
if adid is None:
return None
msg = JSONEncoder().encode({
support.FieldDict['APIMETHOD']:
support.ApiMethods1.Api_UserProfile.value - 1,
support.FieldDict['ADID']:
adid,
support.FieldDict['DATA']:
data
})
print msg
token = msgMgr.send(msg)
return token
def uploadBase64():
user = get_jwt_payload()
data = json.load(request.body)
log_id = str(
mdb.add_log({
"userId": user['_id'],
"action": "inpaint",
"usage ": sys.getsizeof(data)
}).inserted_id)
image_path = 'original/' + log_id + '.jpg'
mask_path = 'mask/' + log_id + '_mask.jpg'
save_base64(data['image'].split(',')[1], image_path)
save_base64(data['mask'].split(',')[1], mask_path)
img = cv2.imread(image_path)
mask = cv2.imread(mask_path, 0)
dst = cv2.inpaint(img, mask, 3, cv2.INPAINT_TELEA)
cv2.imwrite('result/' + log_id + '.jpg', dst)
host = request.get_header('host')
return {'url': ('http://{}/result/{}.jpg').format(host, log_id)}
def removeroom():
data = request.forms.items()[0]
print data
adid = request.get_header(support.FieldHeaderDict['ADID'], None)
if adid is None:
return None
msg = JSONEncoder().encode({
support.FieldDict['APIMETHOD']:
support.ApiMethods1.Api_RemoveRoom.value - 1,
support.FieldDict['ADID']:
adid,
support.FieldDict['DATA']:
data
})
#msg = '{"apiMethod": ApiMethods1.Api_OpenRoom1.value - 1, "adid":%s, "data": %s}' % (adid, data)
token = msgMgr.send(msg)
t1 = json.loads(token)
t2 = t1[support.FieldResponseDict['RESULT']]
if t2 != support.FieldResponseValuesDict['OK']:
return token
svfile = os.path.join(
"/cygdrive/c/projects/revideo/software/server/frontend/data/rooms",
adid)
shutil.rmtree(svfile, ignore_errors=True)
'''
t1 = json.loads(token)
t2 = t1[support.FieldResponseDict['MESSAGE']]
t3 = json.loads(t2)
t4 = t3['images']
for f in t4:
os.remove(f)
t1[support.FieldResponseDict['MESSAGE']] = support.FieldResponseDict['OK']
'''
return token
def pinArticle():
'''
/pin?subscriberId=1&articleId=2&status=0
'''
subscriberId = request.query.subscriberId
articleId = request.query.articleId
status = request.query.status
'parse request header info'
header = ""
headerFields = request.headers.keys()
for field in headerFields:
header += str(field) + " | " + str(request.get_header(field)) + " || "
debug(header)
extraInfo = header
'1) update pin status'
category = Subscriber_ArticleEventCategory.pinned
recordSubscriberArticle(phDbInfo, subscriberId, articleId, extraInfo,
category, status)
'2) display articleMore page'
output = getArticleMorePage(phDbInfo, subscriberId, articleId)
return output
def creditsadd():
if request.method is 'POST':
data = request.forms.items()[0]
adid = request.get_header(support.FieldHeaderDict['ADID'], None)
if adid is None:
return None
if request.method is 'POST':
msg = JSONEncoder().encode({
support.FieldDict['APIMETHOD']:
support.ApiMethods1.Api_Credits.value - 1,
support.FieldDict['ADID']:
adid,
support.FieldDict['DATA']:
data
})
else:
msg = JSONEncoder().encode({
support.FieldDict['APIMETHOD']:
support.ApiMethods1.Api_Credits.value - 1,
support.FieldDict['ADID']:
adid
})
print msg
token = msgMgr.send(msg)
print token
return token
def setup():
# app.yaml should already have ensured that the user is logged in as admin.
if not users.is_current_user_admin():
abort(401, "Sorry, only administrators can access this page.")
is_dev = os.environ.get('SERVER_SOFTWARE', '').startswith('Development')
setup_scheme = 'http' if is_dev else 'https'
setup_url = '%s://%s/setup' % (setup_scheme,
app_identity.get_default_version_hostname())
if request.url != setup_url:
redirect(setup_url)
result = ""
settings = GcmSettings.singleton()
if (request.forms.sender_id and request.forms.api_key and
request.forms.endpoint):
# Basic CSRF protection (will block some valid requests, like
# https://1-dot-johnme-gcm.appspot.com/setup but ohwell).
if request.get_header('Referer') != setup_url:
abort(403, "Invalid Referer.")
settings.endpoint = request.forms.endpoint
settings.sender_id = request.forms.sender_id
settings.api_key = request.forms.api_key
settings.put()
result = 'Updated successfully'
return template('setup', result=result,
endpoint=settings.endpoint,
sender_id=settings.sender_id,
api_key=settings.api_key)
def set_header(*args, **kwargs):
host = request.get_header('Origin')
if host and 'cogs.indiana.edu' in host:
response.headers['Access-Control-Allow-Origin'] = host
elif host and 'codepen.io' in host:
response.headers['Access-Control-Allow-Origin'] = host
return f(*args, **kwargs)
def recordSubscriberArticleAndRedirect():
'''
/redirect?subscriberId=1&articleId=2&redirectUrl=http://www.google.com
'''
subscriberId = request.query.subscriberId
articleId = request.query.articleId
redirectUrl = request.query.redirectUrl
'parse request header info'
header = ""
headerFields = request.headers.keys()
for field in headerFields:
header += str(field) + " | " + str(request.get_header(field)) + " || "
debug(header)
extraInfo = header
extraInfo += 'redirectUrl' + " | " + redirectUrl + " || "
'record event'
category = Subscriber_ArticleEventCategory.extlinkClicked
status = dbBoolean.yes
recordSubscriberArticle(phDbInfo, subscriberId, articleId,
extraInfo, category, status)
'redirect'
redirect(redirectUrl)