def do(data, resource):
body = {}
params = data['params']
runner_user = data.get('user', None) # 작업을 시행하는 유저
user_id = params.get('user_id', None)
new_user_fields = params.get('user')
user_to_update = resource.db_get_item(user_id)
if user_to_update['partition'] != 'user':
body['error'] = error.NOT_USER_PARTITION
body['success'] = False
return body
if not get_policy_code.match_policy_after_get_policy_code(
resource, 'update', 'user', runner_user, new_user_fields):
body['error'] = error.UPDATE_POLICY_VIOLATION
return body
# 생성날짜 유지를 위해 기록
creation_date = user_to_update.get('creation_date', float(time.time()))
# For security
new_item = {}
for field in new_user_fields:
if field in [
'id', 'email', 'password_hash', 'salt', 'groups',
'login_method'
]:
body['error'] = error.FORBIDDEN_MODIFICATION
body.setdefault('forbidden_fields', [])
body['forbidden_fields'].append(field)
else:
new_item[field] = new_user_fields[field]
new_item = util.simplify_item(user_to_update, new_item)
new_item['partition'] = 'user'
new_item['updated_date'] = float(time.time())
new_item['creation_date'] = creation_date
# 소트키 존재시 무조건 포함
sort_keys = database_util.get_sort_keys(resource)
for sort_key_item in sort_keys:
s_key = sort_key_item.get('sort_key', None)
if s_key and s_key not in new_item and user_to_update.get(
s_key, None) is not None:
new_item[s_key] = user_to_update.get(s_key, None)
resource.db_update_item_v2(user_id, new_item)
body['user_id'] = user_id
body['success'] = True
return body
def do(data, resource):
body = {}
params = data['params']
user = data.get('user', None)
user_id = params.get('user_id', None)
item = resource.db_get_item(user_id)
if not get_policy_code.match_policy_after_get_policy_code(
resource, 'read', 'user', user, item):
body['item'] = None
body['error'] = error.READ_POLICY_VIOLATION
return body
body['item'] = item
return body
def do(data, resource):
body = {}
params = data['params']
user = data['user']
if not user:
body['error'] = error.LOGIN_IS_REQUIRED
return body
user_id = user['id']
field = params.get('field')
value = params.get('value', None)
user_to_update = {
field: value
}
# user = resource.db_get_item(user_id)
# For security
if field in ['id', 'email', 'password_hash', 'salt', 'groups', 'login_method']:
body['error'] = error.FORBIDDEN_MODIFICATION
return body
elif not get_policy_code.match_policy_after_get_policy_code(resource, 'update', 'user', user, user_to_update):
body['error'] = error.UPDATE_POLICY_VIOLATION
return body
else:
creation_date = user.get('creation_date', time.time())
user_to_update = {
'partition': 'user',
'updated_date': float(time.time()),
field: value,
'creation_date': creation_date,
}
# 소트키 존재시 무조건 포함
sort_keys = util.get_sort_keys(resource)
for sort_key_item in sort_keys:
s_key = sort_key_item.get('sort_key', None)
if s_key and s_key not in user_to_update and user.get(s_key, None) is not None:
user_to_update[s_key] = user.get(s_key, None)
resource.db_update_item_v2(user_id, user_to_update)
body['user_id'] = user_id
return body
def do(data, resource):
body = {}
params = data['params']
user = data.get('user', None)
user_id = params.get('user_id', None)
field = params.get('field')
value = params.get('value', None)
user_to_update = {field: value, 'updated_date': float(time.time())}
item = resource.db_get_item(user_id)
if item.get('partition', None) != 'user':
body['error'] = error.NOT_USER_PARTITION
body['success'] = False
return body
# For security
if field in ['id', 'password_hash', 'salt', 'groups', 'login_method']:
body['error'] = error.FORBIDDEN_MODIFICATION
return body
elif not get_policy_code.match_policy_after_get_policy_code(
resource, 'update', 'user', user, user_to_update):
body['error'] = error.UPDATE_POLICY_VIOLATION
return body
else:
# for field, value in user_to_update.items():
# item[field] = value
creation_date = item.get('creation_date', time.time())
user_to_update['partition'] = 'user'
user_to_update['creation_date'] = creation_date
# 소트키 존재시 무조건 포함
sort_keys = util.get_sort_keys(resource)
for sort_key_item in sort_keys:
s_key = sort_key_item.get('sort_key', None)
if s_key and s_key not in user_to_update and item.get(
s_key, None) is not None:
user_to_update[s_key] = item.get(s_key, None)
resource.db_update_item_v2(user_id, user_to_update)
body['user_id'] = user_id
return body
def do(data, resource):
body = {}
params = data['params']
user = data['user']
user_id = user['id']
ignore_error = params.get('ignore_error', False)
user_item = params.get('item', {})
user_to_update = {}
# user = resource.db_get_item(user_id)
# For security
for field, value in user_item.items():
if field in ['id', 'email', 'password_hash', 'salt', 'groups', 'login_method']:
body['error'] = error.FORBIDDEN_MODIFICATION
if not ignore_error: # 에러 무시하는 경우
return body
else:
user_to_update[field] = value
if not get_policy_code.match_policy_after_get_policy_code(resource, 'update', 'user', user, user_to_update):
body['error'] = error.UPDATE_POLICY_VIOLATION
return body
else:
creation_date = user.get('creation_date', time.time())
user_to_update['partition'] = 'user'
user_to_update['updated_date'] = float(time.time())
user_to_update['creation_date'] = creation_date
# 소트키 존재시 무조건 포함
sort_keys = util.get_sort_keys(resource)
for sort_key_item in sort_keys:
s_key = sort_key_item.get('sort_key', None)
if s_key and s_key not in user_to_update and user.get(s_key, None) is not None:
user_to_update[s_key] = user.get(s_key, None)
resource.db_update_item_v2(user_id, user_to_update)
body['user_id'] = user_id
return body
def do(data, resource):
body = {}
params = data['params']
user = data.get('user', None)
email = params.get('email', None)
items, end_key = resource.db_query('user', [{
'option': None,
'field': 'email',
'value': email,
'condition': 'eq'
}])
if items:
if not get_policy_code.match_policy_after_get_policy_code(
resource, 'read', 'user', user, items[0]):
body['item'] = None
body['error'] = error.READ_POLICY_VIOLATION
return body
body['item'] = items[0]
else:
body['item'] = None
return body
def do(data, resource):
body = {}
params = data['params']
user = data['user']
user_id = user['id']
creation_date = user.get('creation_date', time.time())
email = params.get('email')
instructions = [[None, 'email', 'eq', email]]
items, end_key = resource.db_query('user', instructions)
users = list(items)
if len(users) > 0:
body['error'] = error.EXISTING_ACCOUNT
return body
# user = resource.db_get_item(user_id)
if not get_policy_code.match_policy_after_get_policy_code(
resource, 'update', 'user', user, {'email': email}):
body['error'] = error.UPDATE_POLICY_VIOLATION
return body
user_to_update = {
'partition': 'user',
'updated_date': float(time.time()),
'email': email,
'creation_date': creation_date,
}
# 소트키 존재시 무조건 포함
sort_keys = util.get_sort_keys(resource)
for sort_key_item in sort_keys:
s_key = sort_key_item.get('sort_key', None)
if s_key and s_key not in user_to_update and user.get(
s_key, None) is not None:
user_to_update[s_key] = user.get(s_key, None)
resource.db_update_item_v2(user_id, user_to_update)
body['user_id'] = user_id
return body
def do(data, resource, system_call=False): # Do not check policy when system_call is true
body = {}
params = data['params']
client_ip = data.get('client_ip', None)
session_id = params.get('session_id', None)
try:
if session_id:
session = resource.db_get_item(Hash.sha3_512(session_id))
update_last_access_date(resource, session)
else:
session = None
except BaseException as ex:
body['exception'] = str(ex)
body['error'] = error.INVALID_SESSION
return body
if session:
user_id = session.get('user_id', None)
else:
user_id = None
# 세션 timestamp 보안, 일단 끔.
# if session and session.get('use_secure', False):
# if not verify_session_time(session, params):
# return error.SESSION_NOT_VERIFICATION
if user_id:
# 데이터 전송량 및 읽기용량, 시간을 줄이기 위해 프로젝션된 내용만 끌어서 사용
# user_cache = util.get_cache(user_id)
# if user_cache:
# projection_only_user = resource.db_get_item(user_id, ['id', 'updated_date'])
# if projection_only_user:
# real_updated_date = projection_only_user.get('updated_date', 0)
# cache_updated_date = user_cache.get('updated_date', 0)
# if real_updated_date <= cache_updated_date:
# user = user_cache.copy()
# else:
# user = resource.db_get_item(user_id)
# else:
# user = None
# else:
# user = resource.db_get_item(user_id)
# # 캐시에 유저 저장
# if user:
# util.set_cache(user_id, user.copy())
user = resource.db_get_item(user_id)
if not system_call:
if not get_policy_code.match_policy_after_get_policy_code(resource, 'read', 'user', user, user):
body['item'] = None
body['error'] = error.READ_POLICY_VIOLATION
return body
if session.get('client_ip', None) == client_ip:
body['item'] = user
else:
if should_session_security_enhancement(data, resource, user):
body['item'] = None
body['error'] = error.SESSION_SECURITY_VIOLATION
resource.db_delete_item(session['id']) # Logout
return body
else:
body['item'] = user
return body
else:
body['item'] = None
return body