def GET(self, uid=None):
"""Returns object specified by uid, or if none is specified,
returns a list of all <uid>:<object url> pairs.
Returns: Specified object (JSON),
if no uid specified: List of all objects (JSON)
if object doesn't exist: Error message (JSON)
"""
if uid is None:
# return list of all objects (the uid is also the dict key
with sqlite3.connect(self.db) as conn:
r = conn.execute("SELECT uid FROM objects")
all_uids = [x[0] for x in r.fetchall()]
# get and fix url
url = cherrypy.url()
if url[len(url)-1] != '/':
url += '/'
all_uids = [{'uid': x, 'url': url+x} for x in all_uids]
return json.dumps(all_uids)
# return object as JSON. If it doesn't exists, error msg
with sqlite3.connect(self.db) as conn:
r = conn.execute("SELECT value FROM objects WHERE uid=?", [uid])
data = r.fetchone()
if data is None:
return json.dumps(get_error_msg("GET", cherrypy.url(), "Object does not exist"))
else:
return json.dumps(ast.literal_eval(data[0]))
def atom_feed(self, catslug, lang=None):
(posts, self_link, html_link, title) = self._posts_links_and_title(catslug, lang)
favicon_url = cp.url("/static/images/favicon.ico")
feed = atomize.Feed(
title=title,
updated=datetime.datetime.now(),
guid=self_link,
author=self._get_blog_owner().vname,
self_link=self_link,
icon=atomize.Icon(favicon_url),
links=[atomize.Link(html_link, rel="alternate", content_type="text/html")],
)
for post in posts:
url = cp.url("/posts/{}".format(post.slug))
entry = atomize.Entry(
title=post.title,
guid=url,
published=atomize.Published(post.created),
updated=post.modified,
author=post.author.vname,
links=[atomize.Link(url, rel="alternate", content_type="text/html", hreflang=post.lang.code)],
summary=atomize.Summary(post.abstract),
categories=[atomize.Category(post.category.name)],
)
feed.entries.append(entry)
return b"\n".join((b'<?xml version="1.0" encoding="utf-8"?>', feed.feed_string()))
def setup_server(cls):
@lg_authority.groups('auth')
@cherrypy.config(**{
'tools.lg_authority.on': True
,'tools.lg_authority.site_debug': True
,'tools.lg_authority.site_storage': 'ram'
,'tools.lg_authority.session_cookie': 'session'
})
class Root(object):
def __init__(self):
self.auth = lg_authority.AuthRoot()
@cherrypy.expose
def index(self):
return cherrypy.user.name
cls.root1 = Root()
cls.root2 = Root()
cherrypy.tree.mount(cls.root1, '/root1/', config={ '/': {
'tools.lg_authority.session_cookie': 'session1'
, 'tools.lg_authority.site_registration': 'open'
}})
cherrypy.tree.mount(cls.root2, '/root2/', config={ '/': {
'tools.lg_authority.session_cookie': 'session2'
, 'tools.lg_authority.site_registration': 'external'
, 'tools.lg_authority.site_registration_conf': {
'open_id': cherrypy.url('/root1/auth/openid/')
, 'logout': cherrypy.url('/root1/auth/logout')
}
}})
def url(*args, **kwargs):
"""Get the url for a given route.
"""
if len(args) == 0 and len(kwargs) == 0:
return cherrypy.url()
# First read the old args
newkwargs = dict(
(k, v[3:]) for (k, v) in kwargs.iteritems()
if v is not None and k.startswith('old')
)
# Apply neither new nor old args
for (k, v) in kwargs.iteritems():
if k.startswith('new') or k.startswith('old'):
continue
if v is None:
try:
del newkwargs[k]
except KeyError: pass
else:
newkwargs[k] = v
# Apply new args
for (k, v) in kwargs.iteritems():
if k[:3] != 'new':
continue
k = k[3:]
if v is None:
try:
del newkwargs[k]
except KeyError: pass
else:
newkwargs[k] = v
if len(args) > 0 and args[0] == 'static':
return config.STATIC_ASSETS_URL + '/'.join(args[1:])
return cherrypy.url(routes.url_for(*args, **newkwargs))
def search_festivals(self, query, longitude=None, latitude=None, limit=30, offset=0):
get_lang(self.lang)
cherrypy.response.headers['Cache-Control'] = 'max-age=0'
offset = int(offset)
limit = int(limit)
if not latitude:
location = geoip.record_by_addr(cherrypy.request.headers.get("X-Forwarded-For") or cherrypy.request.remote.ip)
if location:
latitude = location['latitude']
longitude = location['longitude']
next_page = {'query':query, 'offset':str(offset+limit)}
prev_page = {'query':query, 'offset':str(offset-limit)}
else:
longitude, latitude = float(longitude), float(latitude)
next_page = {'query':query, 'longitude':longitude, 'latitude':longitude, 'offset':str(offset+limit)}
prev_page = {'query':query, 'longitude':longitude, 'latitude':longitude, 'offset':str(offset-limit)}
if offset != 0:
prev_page = cherrypy.url(qs=urllib.urlencode(prev_page))
else:
prev_page = None
festivals = self.backend.search_festivals(query, latitude, longitude, limit, offset)
if len(festivals) < limit:
next_page = None
else:
next_page = cherrypy.url(qs=urllib.urlencode(next_page))
return self._render_template('search_festivals.html',
festivals = self.backend.search_festivals(query, latitude, longitude, limit, offset),
next_page = next_page,
prev_page = prev_page)
def index(self, **params):
if cherrypy.request.method != 'POST':
return view.render()
name = params['name'].strip()
if name == "":
return view.render(error='No map name given!') | HTMLFormFiller(data=params)
desc = JobDescription()
desc.name = name
desc.mail = params['mail']
desc.resolution = 3.0 if params.has_key('highres') else 9.0
desc.compressed = True if params.has_key('compressed') else False
selection = params['selection']
waypoint_file = params['waypoint_file']
if selection == 'waypoint' or selection == 'waypoint_bounds':
if not waypoint_file.file or not waypoint_file.filename:
return view.render(error='No waypoint file uploaded.') | HTMLFormFiller(data=params)
try:
if waypoint_file.filename.lower().endswith('.dat'):
desc.bounds = WaypointList().parse(waypoint_file.file, waypoint_file.filename).get_bounds()
desc.waypoint_file = 'waypoints.dat'
else:
raise RuntimeError('Waypoint file {} has an unsupported format.'.format(waypoint_file.filename))
except:
return view.render(error='Unsupported waypoint file ' + waypoint_file.filename) | HTMLFormFiller(data=params)
if selection == 'bounds' or selection == 'waypoint_bounds':
try:
desc.bounds = GeoRect(float(params['left']),
float(params['right']),
float(params['top']),
float(params['bottom']))
except:
return view.render(error='Map bounds not set.') | HTMLFormFiller(data=params)
if desc.bounds.height() <= 0 or desc.bounds.width() <= 0:
return view.render(error='Bounds are invalid.') | HTMLFormFiller(data=params)
if desc.bounds.height() * desc.bounds.width() > 1000:
return view.render(error='Selected area is too large.') | HTMLFormFiller(data=params)
if self.too_many_requests():
return view.render(error='You can generate only three maps per hour.') | HTMLFormFiller(data=params)
job = Job(self.__dir_jobs, desc)
if desc.waypoint_file:
waypoint_file.file.seek(0)
f = open(job.file_path(desc.waypoint_file), 'w')
try:
shutil.copyfileobj(fsrc=waypoint_file.file, fdst=f, length=1024 * 64)
finally:
f.close()
desc.download_url = cherrypy.url('/download?uuid=' + job.uuid)
job.enqueue()
raise cherrypy.HTTPRedirect(cherrypy.url('/status?uuid=' + job.uuid))
def url_for(self, action='show'):
if action in ('show', 'index', None):
return cherrypy.url('/%s' % self.id)
elif action:
return cherrypy.url('/%s/%s' % (self.id, action))
else:
return cherrypy.url('/notfound')
def layout(content, title=None):
"""Renders a Mustache layout with the given content."""
# We're about to display the flash message, so we should get rid of the
# cookie containing it.
cherrypy.response.cookie['flash'] = ''
cherrypy.response.cookie['flash']['expires'] = 0
cherrypy.response.cookie['flash']['path'] = '/'
flash = cherrypy.request.cookie.get('flash')
if title is not None:
title += ' | '
else:
title = ''
title = '%sPub Package Manager' % title
package = request().maybe_package
return _renderer.render(
_renderer.load_template("layout"),
content=content,
logged_in=users.get_current_user() is not None,
login_url=users.create_login_url(cherrypy.url()),
logout_url=users.create_logout_url(cherrypy.url()),
message=flash and flash.value,
title=title,
package=package)
def PUT(self, uid, data=None):
"""Updates the object specified by the given uid.
This is a COMPLETE REPLACEMENT; the entire object is
replaced by the new one. The creation works the same way
as in POST: adds the uid to the new object and json encodes it
Returns: The new version of the object (JSON)
Or, if error: An error message (JSON)
"""
# get dict from JSON
new_obj = get_json(data)
if new_obj is None:
return json.dumps(get_error_msg("PUT", cherrypy.url(), "Not a JSON object"))
# add uid and convert back to JSON
new_obj['uid'] = uid
j_obj = json.dumps(new_obj)
# update it the uid exists in the database, else error msg
with sqlite3.connect(self.db) as conn:
r = conn.execute("SELECT value FROM objects WHERE uid=?", [uid])
data = r.fetchone()
if data is None:
return json.dumps(get_error_msg("PUT", cherrypy.url(), "Object does not exist"))
else:
conn.execute("UPDATE objects SET value=? WHERE uid=?", [str(new_obj), uid])
return j_obj
def index(self):
return """<html>
<body>Try some <a href='%s?a=7'>other</a> path,
or a <a href='%s?n=14'>default</a> path.<br />
Or, just look at the pretty picture:<br />
<img src='%s' />
</body></html>""" % (url("other"), url("else"),
url("files/made_with_cherrypy_small.png"))
def for_floorers(self, arm, armRange):
return {
"Район 1" : cherrypy.url("/desk/details/"+armRange+"/"+arm+"/1"),
"Район 2" : cherrypy.url("/desk/details/"+armRange+"/"+arm+"/2"),
"Район 3" : cherrypy.url("/desk/details/"+armRange+"/"+arm+"/3"),
"Район 4" : cherrypy.url("/desk/details/"+armRange+"/"+arm+"/4"),
"Район 5" : cherrypy.url("/desk/details/"+armRange+"/"+arm+"/5")
}
def type_icon(self, size='16x16'):
if self.mime.major.icon:
if self.mime.icon:
return cherrypy.url('/images/mimes/%s/%s/%s' %\
(size, self.mime.major.major, self.mime.icon))
return cherrypy.url('/images/mimes/%s/%s' %\
(size, self.mime.major.icon))
return cherrypy.url('/images/content_types/%s/%s' %\
(size, self.type.icon))
def index(self):
"""Render HTML-template at the root path of the web-app."""
return """<html>
<body>Try some <a href='%s?a=7'>other</a> path,
or a <a href='%s?n=14'>default</a> path.<br />
Or, just look at the pretty picture:<br />
<img src='%s' />
</body></html>""" % (url('other'), url('else'),
url('files/made_with_cherrypy_small.png'))
def oauthtool(self):
if cherrypy.request.config.get('tools.sessions.on') == False: # to enable skipping /static etc
return
# the following are used to identify current state
auth_code = cherrypy.request.params.get('code')
target_url = cherrypy.request.params.get('state')
scope = cherrypy.request.params.get('scope')
error = cherrypy.request.params.get('error')
error_description = cherrypy.request.params.get('error_description')
# user has been redirected back by self.authorize_url
if auth_code and scope and target_url:
# get access token
data = {'grant_type': 'authorization_code', 'code': auth_code, 'redirect_uri': self.redirect_url}
for i in range(2): # 2 tries
try:
response = requests.post(self.access_token_url, data=data, auth=(self.client_id, self.client_secret))
except Exception as e:
print 'post to auth server failed', e
continue
if response.json().get('access_token'):
access_token = response.json()['access_token']
cherrypy.session[FLAG_access_token] = access_token
response.close()
# redirect to endpoint where user attempted to access
raise cherrypy.HTTPRedirect(target_url)
else:
print 'response from auth server', response.json()
response.close()
raise Exception('Failed to retrieved access-token from server!') # shouldn't reach here normally
elif error and error_description:
# this can occur when, for example, user denies access at self.authorize_url
# in case of error e.g. access-denied we keep the target_url state intact
print cherrypy.url(qs=cherrypy.request.query_string)
else:
# clean url; no special oauth parameters
# remember endpoint where user attempts to access; may be passed to self.authorize_url
target_url = cherrypy.url(base=self.redirect_url, path=cherrypy.request.path_info)
# main gate: user must have an access_token to proceed to application
if not cherrypy.session.get(FLAG_access_token):
if self.client_details_s3_refresh_url:
try:
self.client_id, self.client_secret = aws_s3_configreader.get_client_id_and_secret_from_s3_file(self.client_details_s3_refresh_url)
except:
raise Exception('Failed to read client_id and secret from S3')
params = {
'response_type': 'code',
'redirect_uri': self.redirect_url,
'client_id': self.client_id,
'state': target_url,
}
raise cherrypy.HTTPRedirect('%s&%s' % (self.authorize_url, urlencode(params)))
def getBaseUrl(self, redirect_unencrypted=False):
ipAndPort = parse.urlparse(cherrypy.url()).netloc
if cherry.config.server.ssl_enabled.bool and not self.issecure(cherrypy.url()):
log.d('Not secure, redirecting...')
ip = ipAndPort[:ipAndPort.rindex(':')]
url = 'https://' + ip + ':' + cherry.config.server.ssl_port.str
if redirect_unencrypted:
raise cherrypy.HTTPRedirect(url, 302)
else:
url = 'http://' + ipAndPort
return url
def whitelist_remove_ip(self, ip=None):
if not is_ip(ip):
self._error('Invalid IP')
entries = self._read_ip_whitelist()
if ('host', ip) not in entries:
self._error('IP %s was not found on the whitelist' % (ip, ))
raise cherrypy.HTTPRedirect(cherrypy.url('/blacklists'))
del entries[('host', ip)]
self._write_ip_whitelist(entries)
self._success('IP %s has been removed from the whitelist' % (ip, ))
raise cherrypy.HTTPRedirect(cherrypy.url('/blacklists'))
def object_hal_links(obj, dirrer=default_hal_dir):
links = {}
if is_exposed(obj):
links['self'] = {'href': cp.url(relative=False)}
for name, value in dirrer(obj):
if not is_exposed(value):
continue
link = {'href': cp.url(name, relative=False)}
links[name] = link
return links
def handleCheckIDRequest(self, openid_request):
if cherrypy.serving.user is None:
self.set_request(openid_request)
raise cherrypy.HTTPRedirect(
url_add_parms(
'../login'
, { 'redirect': cherrypy.url('resume'), 'error': 'Please log in to use your OpenID' }
)
)
if not openid_request.idSelect():
id_url = self.get_user_url()
#Confirm that this server can vouch for that ID
if id_url != openid_request.identity:
error = ProtocolError(
openid_request.message
,"This server cannot verify the URL {0}".format(openid_request.identity)
)
return self.displayResponse(error)
try:
trust_root = openid_request.trust_root
return_to = openid_request.return_to
trust_root_valid = verifyReturnTo(trust_root, return_to)
except DiscoveryFailure as err:
trust_root_valid = "DISCOVERY_FAILED"
except HTTPFetchingError as err:
trust_root_valid = "Unreachable"
if trust_root_valid != True:
return '<div class="lg_auth_form">The trust root / return is not valid. Denying authentication. Reason: {0}</div>'.format(trust_root_valid)
if openid_request.immediate:
#TODO - This is where we would do something for users that
#are already logged in
openid_response = openid_request.answer(False)
return self.displayResponse(openid_response)
# Beyond this point, we're definitely using our response.
# Store it.
self.set_request(openid_request)
if get_domain(trust_root).endswith(
get_domain(cherrypy.url().replace('/www.', '/'))
):
# e.g. if we get a request from test.lamegameproductions.com to
# www.lamegameproductions.com, implicitly trust this.
raise cherrypy.HTTPRedirect(url_add_parms(
'./trust_result'
, { 'allow': True }
))
else:
return self.showDecidePage(openid_request, trust_root)
def getBaseUrl(self, redirect_unencrypted=False):
ipAndPort = parse.urlparse(cherrypy.url()).netloc
is_secure_connection = self.issecure(cherrypy.url())
ssl_enabled = cherry.config["server.ssl_enabled"]
if ssl_enabled and not is_secure_connection:
log.d(_("Not secure, redirecting..."))
ip = ipAndPort[: ipAndPort.rindex(":")]
url = "https://" + ip + ":" + str(cherry.config["server.ssl_port"])
if redirect_unencrypted:
raise cherrypy.HTTPRedirect(url, 302)
else:
url = "http://" + ipAndPort
return url
def _list(self, real_path):
path_res = cherrypy.request.db\
.query(Path).filter(Path.path == real_path).limit(1).first()
if path_res:
data = json.loads(path_res.data)
data['children'] = []
data['href'] = cherrypy.url(real_path)
for child in path_res.children:
data['children'].append({'href': cherrypy.url(child.path)})
return data
raise cherrypy.NotFound(cherrypy.url(real_path))
def getBaseUrl(self, redirect_unencrypted=False):
ipAndPort = parse.urlparse(cherrypy.url()).netloc
is_secure_connection = self.issecure(cherrypy.url())
ssl_enabled = cherry.config['server.ssl_enabled']
if ssl_enabled and not is_secure_connection:
log.d('Not secure, redirecting...')
ip = ipAndPort[:ipAndPort.rindex(':')]
url = 'https://' + ip + ':' + str(cherry.config['server.ssl_port'])
if redirect_unencrypted:
raise cherrypy.HTTPRedirect(url, 302)
else:
url = 'http://' + ipAndPort
return url
def __call__(self, *args, **kwargs):
if len(self.chain) > 3:
raise Exception("Don't know what to do with over 3 chain elements")
if len(self.chain) > 2:
kwargs["action"] = self.chain[2]
if len(self.chain) > 1:
kwargs["controller"] = self.chain[1]
if (len(args) == 1 and len(kwargs) == 0 and
type(args[0]) in (str, unicode)):
return cherrypy.url(args[0])
else:
return cherrypy.url(routes.url_for(*args, **kwargs))
def oauthtool(self):
if cherrypy.request.config.get('tools.sessions.on') == False: # to enable skipping /static etc
return
# the following are used to identify current state
auth_code = cherrypy.request.params.get('code')
target_url = cherrypy.request.params.get('state')
scope = cherrypy.request.params.get('scope')
error = cherrypy.request.params.get('error')
error_description = cherrypy.request.params.get('error_description')
# user has been redirected back by self.authorize_url
if auth_code and scope and target_url:
# get access token
data = {'grant_type': 'authorization_code', 'code': auth_code, 'redirect_uri': self.redirect_url}
response = requests.post(self.access_token_url, data=data, auth=(self.client_id, self.client_secret))
if response.json().get('access_token'):
access_token = response.json()['access_token']
cherrypy.session[FLAG_access_token] = access_token
response.close()
# redirect to endpoint where user attempted to access
raise cherrypy.HTTPRedirect(target_url)
else:
print response.json()
response.close()
raise Exception('Failed to retrieved access-token from server!')
elif error and error_description:
# this can occur when, for example, user denies access at self.authorize_url
# in case of error e.g. access-denied we keep the target_url state intact
print cherrypy.url(qs=cherrypy.request.query_string)
else:
# clean url; no special oauth parameters
# remember endpoint where user attempts to access; may be passed to self.authorize_url
# main gate: user must have an access_token to proceed to application
if not cherrypy.session.get(FLAG_access_token):
params = {
'response_type': 'code',
'redirect_uri': self.redirect_url,
'client_id': self.client_id,
'state': target_url,
}
raise cherrypy.HTTPRedirect('%s&%s' % (self.authorize_url, urlencode(params)))
# If here, means user is logged in via oauth
# prevent session regeneration
# http://docs.cherrypy.org/en/latest/pkg/cherrypy.lib.html?#session-fixation-protection
cherrypy.session['flag'] = os.urandom(24)
def callable(self):
self.oauthtool()
def get_points(self, redirect=None, admin=False):
"""For any root-level openid consumer request, returns
the urls for trust_root and return_to endpoints.
"""
return_dict = {}
if redirect:
return_dict['redirect'] = redirect
if admin:
return_dict['admin'] = 'true'
return (
cherrypy.url('./') #MUST be static. If changed, some providers
#also change the identity URL.
, url_add_parms(cherrypy.url('./finish'), return_dict)
)
def set_title(depot, doc, feed, update_ts):
"""This function attaches the necessary RSS/Atom feed elements needed
to provide title, author and contact information to the provided
xmini document object using the provided feed object and update
time.
"""
t = doc.createElement("title")
ti = xmini.Text()
ti.replaceWholeText(depot.cfg.get_property("pkg_bui", "feed_name"))
t.appendChild(ti)
feed.appendChild(t)
l = doc.createElement("link")
l.setAttribute("href", cherrypy.url())
l.setAttribute("rel", "self")
feed.appendChild(l)
# Atom requires each feed to have a permanent, universally unique
# identifier.
i = doc.createElement("id")
it = xmini.Text()
netloc, path = urlparse.urlparse(cherrypy.url())[1:3]
netloc = netloc.split(":", 1)[0]
tag = "tag:%s,%s:%s" % (netloc, update_ts.strftime("%Y-%m-%d"), path)
it.replaceWholeText(tag)
i.appendChild(it)
feed.appendChild(i)
# Indicate when the feed was last updated.
u = doc.createElement("updated")
ut = xmini.Text()
ut.replaceWholeText(dt_to_rfc3339_str(update_ts))
u.appendChild(ut)
feed.appendChild(u)
# Add our icon.
i = doc.createElement("icon")
it = xmini.Text()
it.replaceWholeText(depot.cfg.get_property("pkg_bui", "feed_icon"))
i.appendChild(it)
feed.appendChild(i)
# Add our logo.
l = doc.createElement("logo")
lt = xmini.Text()
lt.replaceWholeText(depot.cfg.get_property("pkg_bui", "feed_logo"))
l.appendChild(lt)
feed.appendChild(l)
def __call__(self):
def dataUriFromStaticFile(filename, datatype):
"""Given a file relative to the static/ directory, return a data: URI containing a representation in base64
filename: A file, relative to the static/ directory
datatype: A data type for the URL, such as "image/png"
"""
filepath = os.path.join(scriptdir, 'static', filename)
with open(filepath, 'rb') as f:
encoded = base64.b64encode(f.read()).decode()
return "data:{};base64,{}".format(datatype, encoded)
env = globals().copy()
env.update(self.next_handler())
env.update({
# The base URL of the application, wherever it's mounted
'baseurl': cherrypy.url('/'),
# A simple way to get a data: URL for a given static file
'dataUriFromStaticFile': dataUriFromStaticFile,
# Allow us to add useful debugging behavior at runtime
'debug': self.debug})
return self.template.render(**env)
def trailing_slash(missing=True, extra=False):
"""Redirect if path_info has (missing|extra) trailing slash."""
request = cherrypy.request
pi = request.path_info
if request.is_index is True:
if missing:
if not pi.endswith('/'):
new_url = cherrypy.url(pi + '/', request.query_string)
raise cherrypy.HTTPRedirect(new_url)
elif request.is_index is False:
if extra:
# If pi == '/', don't redirect to ''!
if pi.endswith('/') and pi != '/':
new_url = cherrypy.url(pi[:-1], request.query_string)
raise cherrypy.HTTPRedirect(new_url)
def __init__(self, urls, status=None):
import cherrypy
request = cherrypy.serving.request
if isinstance(urls, basestring):
urls = [urls]
abs_urls = []
for url in urls:
# Note that urljoin will "do the right thing" whether url is:
# 1. a complete URL with host (e.g. "http://www.example.com/test")
# 2. a URL relative to root (e.g. "/dummy")
# 3. a URL relative to the current path
# Note that any query string in cherrypy.request is discarded.
url = _urljoin(cherrypy.url(), url)
abs_urls.append(url)
self.urls = abs_urls
# RFC 2616 indicates a 301 response code fits our goal; however,
# browser support for 301 is quite messy. Do 302/303 instead. See
# http://www.alanflavell.org.uk/www/post-redirect.html
if status is None:
if request.protocol >= (1, 1):
status = 303
else:
status = 302
else:
status = int(status)
if status < 300 or status > 399:
raise ValueError("status must be between 300 and 399.")
self.status = status
CherryPyException.__init__(self, abs_urls, status)
def page_template(template='base', **kwargs):
for k in ['sidebar_left', 'sidebar_right', 'main', 'js', 'onload', 'nav', 'css', 'title', 'basehref']:
if not k in kwargs:
kwargs[k] = ''
if kwargs['basehref'] == '':
kwargs['basehref'] = cfg.base_href
if template=='base' and kwargs['sidebar_right']=='':
template='two_col'
if isinstance(template, basestring):
exec ("from templates.%s import %s as template" % (template, template))
try:
submenu = cfg.main_menu.active_item().encode("sub_menu", render_subs=True)
except AttributeError:
submenu = ""
kwargs['template'] = template
kwargs['main_menu_js'] = cfg.main_menu.encode("main_menu")
kwargs['sub_menu_js'] = submenu
kwargs['current_url'] = cherrypy.url()
kwargs['username'] = cherrypy.session.get(cfg.session_key)
if not kwargs['nav']: kwargs['nav'] = """ <script type="text/javascript">
<!--
side_menu(sub_menu_items);
// -->
</script>"""
return str(template(searchList=[kwargs]))
def put(self, variant, size):
"""Store the current variant in the cache."""
request = cherrypy.serving.request
response = cherrypy.serving.response
uri = cherrypy.url(qs=request.query_string)
uricache = self.store.get(uri)
if uricache is None:
uricache = AntiStampedeCache()
uricache.selecting_headers = [
e.value for e in response.headers.elements('Vary')]
self.store[uri] = uricache
if len(self.store) < self.maxobjects:
total_size = self.cursize + size
# checks if there's space for the object
if (size < self.maxobj_size and total_size < self.maxsize):
# add to the expirations list
expiration_time = response.time + self.delay
bucket = self.expirations.setdefault(expiration_time, [])
bucket.append((size, uri, uricache.selecting_headers))
# add to the cache
header_values = [request.headers.get(h, '')
for h in uricache.selecting_headers]
uricache[tuple(sorted(header_values))] = variant
self.tot_puts += 1
self.cursize = total_size
def handle_post(self, headers):
requested_url = urlp.urlparse(cherrypy.url())
self.cache.clear()
rand = random.randint(0, len(self.list_of_addresses) - 1)
print("random: " + str(rand))
url = "http://" + self.list_of_addresses[rand] + requested_url.path
# url = "http://192.168.1.25:8080/api"
resp = requests.post(url,
cherrypy.request.body.read().decode(),
headers=headers)
for key, value in resp.headers.items():
cherrypy.response.headers[key] = value
return resp
def settings(self, method='GET', **kw):
if cherrypy.request.method == 'POST':
response = UsersController.put(kw)
return json.dumps(response)
else:
page_list = ['about', 'work', 'demo', 'contact']
urls = cherrypy.url()
msg = ''
kw = {'cookie':True}
user = UsersController.GET(kw)
template = env.get_template('settings.html')
return template.render(page_list=page_list, urls=urls, msg=msg, user=user)
def get(self):
"""Return the current variant if in the cache, else None."""
request = cherrypy.serving.request
self.tot_gets += 1
uri = cherrypy.url(qs=request.query_string)
uricache = self.store.get(uri)
if uricache is None:
return
header_values = [ request.headers.get(h, '') for h in uricache.selecting_headers ]
variant = uricache.wait(key=tuple(sorted(header_values)), timeout=self.antistampede_timeout, debug=self.debug)
if variant is not None:
self.tot_hist += 1
return variant
def url_for_class(handler, url_args=[], url_params={}):
app_name = __name__.split('.')[0].lower()
handler = handler.lower()
if handler.split('.')[0] != app_name:
handler = '.'.join([app_name, handler])
# TODO: handle `default` method somehow
url_route = url_resolve_map.get(handler)
logger.debug(url_route)
return cp.url(uri_builder(url_route, *url_args, **url_params),
script_name='',
base=base_url())
def to_mapper_request():
dic = {
"method": cherrypy.request.method,
"url": cherrypy.url(),
"headers": cherrypy.request.headers,
"query_string": cherrypy.request.query_string,
}
if cherrypy.request.process_request_body:
dic["body"] = cherrypy.request.body.read()
dic["form_fields"] = cherrypy.request.body.params
return MappingRequest(None, "default", dic)
def DELETE(self, uid):
"""Deletes object specified by the uid. Idempotent.
Returns: if object exists: Nothing
if object doesn't exist: Error message (JSON)
"""
with sqlite3.connect(self.db) as conn:
r = conn.execute("SELECT value FROM objects WHERE uid=?", [uid])
data = r.fetchone()
if data is None:
return json.dumps(get_error_msg("GET", cherrypy.url(), "Object does not exist"))
else:
conn.execute("DELETE FROM objects WHERE uid=?", [uid])
def PUT(self, **query_params):
request_url = cherrypy.url()
request_json = cherrypy.request.json
try:
response_json = to_json(
self.post(request_url=request_url,
query_params=query_params,
request_payload=request_json))
self._log_api_call("PUT", request_url, response_json, request_json)
return response_json
except Exception as e:
self.logger.exception(e)
raise cherrypy.HTTPError(500, e)
def _check_authentication(self):
JwtManager.reset_user()
token = JwtManager.get_token_from_header()
if token:
user = JwtManager.get_user(token)
if user:
self._check_authorization(user.username)
return
self.logger.debug('Unauthorized access to %s',
cherrypy.url(relative='server'))
raise cherrypy.HTTPError(
401, 'You are not authorized to access '
'that resource')
def POST(self):
"""
We're all out of parrots, but we do have a slug.
"""
slug = uuid.uuid4()
data = dict(
content=cherrypy.request.body.read(),
type=cherrypy.request.headers['Content-Type'],
)
self.data[str(slug)] = data
url = cherrypy.url(f'/{slug}')
cherrypy.response.headers['Access-Control-Allow-Origin'] = '*'
return json.dumps(dict(url=url))
def https_redirect(self=None):
''' Cherrypy tool to redirect http:// to https://
Use a before_handler when https is enabled for the server.
Enable in config as {'tools.https_redirect.on': True}
'''
print(cherrypy.request.scheme)
if cherrypy.request.scheme == 'http':
raise cherrypy.HTTPRedirect(cherrypy.url().replace(
'http:', 'https:'),
status=302)
def authenticate(allowed_groups=None, debug=False):
cherrypy.session["login_return_to"] = cherrypy.url()
userid = cherrypy.session.get("userid", None)
user_groups = cherrypy.session.get("groups", None)
if not userid:
raise cherrypy.HTTPRedirect("/login")
# if we have group-level access, make sure we have the midiclorians to enter
if allowed_groups:
foo = set(allowed_groups)
bar = set(user_groups)
if not foo.intersection(bar):
raise cherrypy.HTTPRedirect("/login")
def upload(self):
tmpfile = tempfile.NamedTemporaryFile(suffix=".png") #Make a temporary file
tmpname = tmpfile.name.split("/")[-1] #grab the generated name
filepath = os.getcwd() + "/" + tmpname #get the filepath
outfile = open(filepath, 'w') # create the filestream to write output to
outfile.write(cherrypy.serving.request.body.fp.read()) # read the raw data from the webserver and write to the temporary directory
outfile.close() # close the temporary file
self.process(filepath) #Use SimpleCV to process the image
print "url:" + cherrypy.url()
print "socket:" + socket.gethostbyname(socket.gethostname())
#~ return "http://localhost:8000/" + tmpname #return the image path via ajax request
return tmpname
def POST(self, **kwargs) -> str:
"""POST Function"""
if "filename" not in kwargs:
return self._return_data(
"Ripper",
"Upload ISO",
False,
error="Missing Filename",
errorNumber=0,
)
if "filesize" not in kwargs:
return self._return_data(
"Ripper",
"Upload ISO",
False,
error="Missing Filesize",
errorNumber=0,
)
existing = PostUpload.get_or_none(
PostUpload.filename == kwargs["filename"],
PostUpload.filesize == kwargs["filesize"])
url = cherrypy.url().split("/api/")[0]
if existing:
return self._return_data(
"Ripper",
"Upload ISO",
True,
key=existing.key,
url=f"{url}/upload/?key={existing.key}",
)
rnd = random.SystemRandom()
key = "".join(rnd.choices(string.ascii_lowercase + string.digits,
k=40))
upload = PostUpload()
upload.key = key
upload.filename = kwargs["filename"]
upload.filesize = kwargs["filesize"]
upload.system = "RIPPER_ISO"
upload.save()
return self._return_data(
"Ripper",
"Upload ISO",
True,
key=key,
url=f"upload/{key}",
)
def render_plugin(self, path):
content = self.plex_dispatch(path)
try:
has_content = int(content["size"]) > 0
except ValueError:
has_content = False
if not has_content:
redirect = content.get("title2", None)
# this is basically meant for SZ. title2 can contain a full URL to which we will redirect
if redirect and self.is_url(redirect):
if self.connections:
f = furl(redirect)
# try finding the current PMS in the link
is_current_pms = filter(
lambda c: c["address"] == f.host or f.host in c["url"],
self.connections)
if is_current_pms:
# use current PMS connection for the link
con = furl(self.server_addr)
f.host = con.host
f.port = con.port
redirect = f
r = requests.get(f)
# special handling for data
if r.headers['content-type'] != 'text/html':
data = io.BytesIO(r.content)
# set headers
for hdr in ("Content-Type", "Content-Disposition",
"Content-Length"):
cherrypy.response.headers[hdr] = r.headers[hdr]
# serve
return static.serve_fileobj(data)
raise cherrypy.HTTPRedirect(redirect)
message("No plugin data returned", "WARNING")
print("No plugin data returned, returning to plugin selection")
self.plugin = None
raise cherrypy.HTTPRedirect(cherrypy.url("/"))
items = self.merge_plugin_data(content)
content["Directory"] = None
content["Video"] = None
return template.render(data=content,
items=items,
**self.default_context)
def authorized(self, scope=None, state=None, code=None):
"""
Exchange code for a token and set token and athlete_id in the current session
:param scope: the scope variable passed to Strava authentification url and returned here.
We do not use it, so it is always None but we have to keep it in the argument list
as it is part of the url.
:param state: the state variable passed to Strava authentification url and returned here.
We do not use it, so it is always None but we have to keep it in the argument list
as it is part of the url.
:param code: the code returned by Strava authentification to be
further exchanged for a token.
"""
print(cherrypy.request.cookie['session_id'])
print("authorization - {}".format(cherrypy.session.id))
# Keep session alive
cherrypy.session[self.DUMMY] = 'MyStravaAuthorized'
client = stravalib.Client()
auth_response = client.exchange_code_for_token(
client_id=self.config['client_id'],
client_secret=self.config['client_secret'],
code=code)
token = auth_response['access_token']
refresh_token = auth_response['refresh_token']
expires_at = auth_response['expires_at']
cherrypy.session[self.ACCESS_TOKEN] = token
cherrypy.session[self.REFRESH_TOKEN] = refresh_token
cherrypy.session[self.EXPIRES_AT] = expires_at
client = stravalib.Client(access_token=token)
athlete = client.get_athlete()
cherrypy.session[self.ATHLETE_ID] = athlete.id
cherrypy.session[self.ATHLETE_IS_PREMIUM] = athlete.premium
print("-------")
print("athlete: {}".format(cherrypy.session.get(self.ATHLETE_ID)))
print("token: {}".format(cherrypy.session.get(self.ACCESS_TOKEN)))
print("refresh token: {}".format(
cherrypy.session.get(self.REFRESH_TOKEN)))
print("expires at: {}".format(
time.strftime(
'%Y-%m-%d %H:%M:%S',
time.localtime(cherrypy.session.get(self.EXPIRES_AT)))))
print("Session ID : {}".format(cherrypy.session.id))
print("Access code : {}".format(code))
print("-------")
raise cherrypy.HTTPRedirect(cherrypy.url(path='/', script_name=''))
def choose_plugin(self, key=None, identifier=None, default_identifier=None):
plugins = []
try:
plugins = self.plugins = self.server_plugins.get("Directory", [])
except HTTPError as e:
if e.response.status_code == 401:
print("Access denied when accessing plugins on {}, going to server selection".format(
mask_str(self.server_name)))
message("Access denied for plugins on {}".format(self.server_name), "ERROR")
raise cherrypy.HTTPRedirect(cherrypy.url("/servers"))
if (key and identifier) or default_identifier:
ident = identifier or default_identifier
for plugin in plugins:
if plugin["identifier"] == ident:
self.plugin = plugin
print("Plugin chosen: {}".format(plugin["title"]))
raise cherrypy.HTTPRedirect(cherrypy.url("/"))
template = env.get_template('plugins.jinja2')
return template.render(plex_headers_json=json.dumps(self.plex_headers), **self.default_context)
def get_dropbox_auth_flow(self):
if os.environ.get('PORT'):
# Use HTTPS redirect URL in production
base = 'https://kindleclips.herokuapp.com'
else:
# Standard HTTP for localhost
base = None
redirect_uri = cherrypy.url('/setup', base=base)
web_app_session = cherrypy.session
return DropboxOAuth2Flow(DROPBOX_KEY, DROPBOX_SECRET, redirect_uri,
web_app_session, 'dropbox-auth-csrf-token')
def store_req(self, req_id, jstest, method, qs, body):
cherrypy.log("Storing request req_id=%s" % (req_id))
ts = time.time()
request = {"method" : method,
"url" : cherrypy.url(),
"qs" : qs,
"body" : body,
"headers": cherrypy.request.headers}
cherrypy.log("cherrypy.request.headers=%s" % (cherrypy.request.headers))
entry = (str(ts), req_id, jstest, request)
JSTestsService.db.append(entry)
def update(self, id='', name='', **options):
"""Commit index changes and refresh index version.
**POST** /update
Commit write operations and return document count. See :meth:`WebSearcher.update` for caching options.
{"merge": true|\ *int*,... }
.. versionchanged:: 1.2 request body is an object instead of an array
:return: *int*
**GET, PUT, DELETE** /update/[snapshot|\ *int*]
Verify, create, or release unique snapshot of current index commit and return array of referenced filenames.
.. versionchanged:: 1.4 lucene identifies snapshots by commit generation; use location header
:return: [*string*,... ]
**GET** /update/*int*/*chars*
Download index file corresponding to snapshot id and filename.
"""
if not id:
self.indexer.commit(**options)
self.updated = time.time()
return len(self.indexer)
method = cherrypy.request.method
response = cherrypy.serving.response
if method == 'PUT':
if id != 'snapshot':
raise cherrypy.NotFound()
commit = self.indexer.policy.snapshot()
response.status = int(http.client.CREATED)
response.headers['location'] = cherrypy.url('/update/{0:d}'.format(
commit.generation),
relative='server')
else:
with HTTPError((ValueError, AssertionError),
http.client.NOT_FOUND):
commit = self.indexer.policy.getIndexCommit(int(id))
assert commit is not None, 'commit not snapshotted'
if method == 'DELETE':
self.indexer.policy.release(commit)
if not name:
return list(commit.fileNames)
with HTTPError((TypeError, AssertionError), http.client.NOT_FOUND):
directory = self.searcher.path
assert name in commit.fileNames, 'file not referenced in commit'
return cherrypy.lib.static.serve_download(os.path.join(
directory, name))
def index(self):
url = "https://www.amazon.com/ap/oa"
callback = cherrypy.url() + "authresponse"
payload = {
"client_id": self.setting.clientID,
"scope":
"alexa::ask:skills:readwrite alexa::ask:skills:test alexa::ask:models:readwrite",
"response_type": "code",
"redirect_uri": callback,
}
req = requests.Request('GET', url, params=payload)
p = req.prepare()
raise cherrypy.HTTPRedirect(p.url)
def dropbox_auth_finish( self, state=None, code=None ):
username = cherrypy.session.get('user')
if username is None:
raise cherrypy.HTTPError( 403 )
try:
access_token, user_id, url_state = self.get_auth_flow().finish( cherrypy.request.params )
except DropboxOAuth2Flow.BadRequestException:
raise cherrypy.HTTPError( 400 )
except DropboxOAuth2Flow.BadStateException:
raise cherrypy.HTTPError( 400 )
except DropboxOAuth2Flow.CsrfException:
raise cherrypy.HTTPError( 403 )
except DropboxOAuth2Flow.NotApprovedException:
cherrypy.log( "Not approved", traceback=True )
error = 'Not approved? Why not'
raise cherrypy.HTTPRedirect( cherrypy.url('home'), error=error )
except:
cherrypy.log( "Auth error", traceback=True )
raise cherrypy.HTTPError( 403 )
#data = [access_token, username]
# TODO: save token
confighandler.save_token( access_token )
raise cherrypy.HTTPRedirect( cherrypy.url('home') )
def get_plex_token(self, username=None, password=None, token=None):
if username and password:
r = self.session.post("https://plex.tv/users/sign_in.json", {
"user[login]": username,
"user[password]": password,
}, headers=self.plex_headers, **self.req_defaults)
try:
r.raise_for_status()
except HTTPError as e:
if e.response.status_code == 401:
message("Wrong username and/or password", "ERROR")
else:
self.plex_token = r.json()["user"]["authToken"]
print("Token received via credentials login")
raise cherrypy.HTTPRedirect(cherrypy.url("/"))
if token:
self.plex_token = token
print("Token received via plex.tv auth")
return json.dumps({"url": cherrypy.url(self.prefix)})
template = env.get_template('token.jinja2')
return template.render(plex_headers_json=json.dumps(self.plex_headers), **self.default_context)
def rescorePhase(self, phase, params):
submissionModel = self.model('submission', 'covalic')
submissions = submissionModel.list(phase,
limit=0,
sort=[('created', 1)],
fields={'score': False},
latest=True)
# Get API URL by removing this endpoint's parameters
apiUrl = '/'.join(cherrypy.url().split('/')[:-3])
for submission in submissions:
submissionModel.scoreSubmission(submission, apiUrl)
def _feed(self, *args, **kwargs):
host = cherrypy.request.base
atom = AtomFeed(title=self.blog_title,
url=host,
feed_url=cherrypy.url(),
author=self.author)
for post in self.listing():
atom.add(title=post["title"],
url=host + post["path"],
author=self.author,
content_type="html",
content=post["html"],
updated=post["date"])
return atom.to_string()
def store_req(self, req_id, method, qs, body):
cherrypy.log("Storing redirection request req_id=%s" % (req_id))
ts = datetime.now()
request = {"method" : method,
"url" : cherrypy.url(),
"qs" : qs,
"body" : body,
"headers": cherrypy.request.headers}
cherrypy.log("cherrypy.request.headers=%s" % (cherrypy.request.headers))
entry = (str(ts), req_id, request)
OpenRedirectorService.db.append(entry)
def default(self, *args, **kwargs):
self.ensure_pms_data()
query_params = "&".join("=".join([k, v]) for k, v in kwargs.items())
path = "/".join(args) + ("?" + query_params if query_params else "")
# print(args, path)
if not path:
path = self.plugin["key"][1:]
try:
return self.render_plugin(path)
except (HTTPError, Timeout) as e:
if isinstance(e, HTTPError):
if e.response.status_code == 401:
message("Access denied on {}".format(self.server_name),
"ERROR")
print("Access denied when accessing {},"
" going to server selection".format(
mask_str(self.server_name)))
self.server_name = None
self.connection = None
raise cherrypy.HTTPRedirect(cherrypy.url("/servers"))
elif e.response.status_code == 404:
raise cherrypy.HTTPRedirect(cherrypy.url("/plugins"))
else:
message("Timeout on {}".format(self.server_name), "WARNING")
print(
"Error when connecting to '{}', trying other connection to: {}"
.format(mask_url(self.server_addr),
mask_str(self.server_name)))
return self.discover_pms(self.server_name)
except HTTPRedirect:
raise
except:
print("Something went wrong. {}".format(traceback.format_exc()))
def get_target_ip_route(target_ip):
""" target_ip : str
return hosname how to route the websocket from HTTP web browser to docker container """
http_requested_host = cherrypy.url()
http_origin = cherrypy.request.headers.get('Origin', None)
http_host = cherrypy.request.headers.get('Host', None)
# logger.debug(locals())
route = None
# set default value as fallback
# to pass exception
url = urlparse(http_requested_host)
route = url.hostname
# Now do the route
if oc.od.settings.websocketrouting == 'default_host_url':
try:
myhosturl = oc.od.settings.default_host_url
if myhosturl is None:
myhosturl = http_origin
logger.debug('Use %s', myhosturl)
url = urlparse(myhosturl)
route = url.hostname
except Exception as e:
logger.error('failed: %s', e)
elif oc.od.settings.websocketrouting == 'bridge':
route = target_ip
elif oc.od.settings.websocketrouting == 'http_origin':
if http_origin is not None:
try:
# use the origin url to connect to
url = urlparse(http_origin)
route = url.hostname
except Exception as e:
logger.error('Errror: %s', e)
elif oc.od.settings.websocketrouting == 'http_host':
try:
# use the origin url to connect to
url = urlparse(http_host)
route = url.hostname
except Exception as e:
logger.error('Errror: %s', e)
logger.info('Route websocket to: %s', route)
return route
def index(self, **kwargs):
''' Extending the expose - index method
Returns html / json output
Args:
***kwargs:* dict(), arguments needed for SELECT / SCHEMA
schema=<db_name> or
db=<db_name> AND table=<table_name> OPTINALLY
values=<columns_to_select>, filter=<conditions>
Sets:
*N/A*
Returns:
*result:* str(), rhtml code to be rendered, or JSON
Raises:
*N/A*
'''
self.html = ''
self.json = {}
url = cherrypy.url()
try:
db = kwargs['db']
table = kwargs['table']
value = kwargs['value']
item = kwargs['item']
print(f"(delete from {db}/{table} where {item} = '{value}'")
result = self.sqlite_delete_values(db, table, item, value)
self.html = htmlize.read_html('delete', '/templates/')
self.html = self.html.format(_rows_affected=result,
_statement=self.statement)
self.json.update({
"result": {
"response": result
},
"status": self.error
})
except Exception as e:
print(str(e))
#e = "ERROR: check DB / TABLE / VALUES"
result = htmlize.read_html('error', '/templates/')
self.html = self.html.format(_error=self.error)
if 'json' in kwargs.keys():
return json.dumps(str(self.json))
else:
return self.html
def code(self, var=None, **params):
code = urllib.quote(cherrypy.request.params['code'])
callback = cherrypy.url()
payload = {
"client_id": Client_ID,
"client_secret": Client_Secret,
"code": code,
"grant_type": "authorization_code",
"redirect_uri": callback
}
url = "https://api.amazon.com/auth/o2/token"
r = requests.post(url, data=payload)
resp = r.json()
return "Done, add the following line to your creds file:<br><br>refresh_token ='%s'" % resp[
'refresh_token']
def do_check(self):
"""Assert username. Raise redirect, or return True if request handled."""
request = cherrypy.serving.request
response = cherrypy.serving.response
if not self.is_login():
url = cherrypy.url(qs=request.query_string)
logger.debug(
'no username, routing to login_screen with from_page %(url)r',
locals())
response.body = self.login_screen(url)
if "Content-Length" in response.headers:
# Delete Content-Length header so finalize() recalcs it.
del response.headers["Content-Length"]
return True