def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
items, _ = resource.db_query(partition, [{
'option': None,
'field': 'function_name',
'value': function_name,
'condition': 'eq'
}])
if len(items) == 0:
body['message'] = 'function_name: {} did not exist'.format(
function_name)
return Response(body)
else:
item = items[0]
zip_file_id = item['zip_file_id']
file_b64 = resource.file_download_bin(zip_file_id)
file_b64 = base64.b64encode(file_b64)
file_b64 = file_b64.decode('utf-8')
body['item'] = {
'base64': file_b64,
}
return Response(body)
def do(data, resource):
partition = 'log'
body = {}
params = data['params']
user = data.get('user', None)
event_source = params.get('event_source')
event_name = params.get('event_name')
event_param = params.get('event_param')
if user:
item = dict()
item['event_name'] = event_name
item['event_param'] = event_param
item['event_source'] = event_source
item['owner'] = user.get('id')
success = resource.db_put_item(partition, item)
body['success'] = success
if success:
return Response(body)
else:
body['error'] = error.LOG_CREATION_FAILED
return Response(body)
else:
body['error'] = error.INVALID_SESSION
return Response(body)
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
items, _ = resource.db_query(partition,
[{'option': None, 'field': 'function_name', 'value': function_name,
'condition': 'eq'}])
if len(items) == 0:
body['message'] = 'function_name: {} did not exist'.format(function_name)
return Response(body)
else:
item = items[0]
zip_file_id = item['zip_file_id']
zip_file_bin = resource.file_download_bin(zip_file_id)
zip_temp_dir = tempfile.mktemp()
with open(zip_temp_dir, 'wb') as zip_temp:
zip_temp.write(zip_file_bin)
with ZipFile(zip_temp_dir) as zip_file:
file_paths = zip_file.namelist()
file_paths = [file_path for file_path in file_paths if not os.path.isdir(file_path)]
body['file_paths'] = list(set(file_paths))
return Response(body)
def do(data, resource):
partition = 'logic-trigger'
body = {}
params = data['params']
trigger_name = params.get('trigger_name')
trigger_type = params.get('trigger_type')
function_name = params.get('function_name')
description = params.get('description', None)
option = params.get('option')
runnable = params.get('runnable', True)
item = dict()
item['trigger_name'] = trigger_name
item['trigger_type'] = trigger_type
item['function_name'] = function_name
item['description'] = description
item['option'] = option
item['runnable'] = runnable
item_ids, _ = resource.db_get_item_id_and_orders(partition, 'trigger_name',
trigger_name)
if item_ids:
body['error'] = error.EXISTING_TRIGGER
return Response(body)
else:
resource.db_put_item(partition, item)
body['trigger_name'] = trigger_name
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
file_id = params.get('file_id')
item = resource.db_get_item(file_id)
if item:
if match_policy_after_get_policy_code(resource, 'read', 'files', user,
item):
file_id = item['file_id']
parent_file_id = item.get('parent_file_id', None)
file_b64 = resource.file_download_bin(file_id)
file_b64 = base64.b64encode(file_b64)
file_b64 = file_b64.decode('utf-8')
body['file_b64'] = file_b64
body['parent_file_id'] = parent_file_id
body['file_name'] = item.get('file_name', None)
body['meta_info'] = item.get('meta_info', {})
return Response(body)
else:
body['error'] = error.PERMISSION_DENIED
return Response(body)
else:
body['error'] = error.INVALID_FILE_KEY
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
item_ids = params.get('item_ids', [])
if len(item_ids) > 128:
body['error'] = error.NUM_OF_BATCH_ITEMS_MUST_BE_LESS_THAN_128
return Response(body)
policy_codes_by_partition = {}
with ThreadPoolExecutor(max_workers=32) as executor:
for _item_id in item_ids:
def delete_item(item_id):
item = resource.db_get_item(item_id)
if item['partition'] in policy_codes_by_partition:
policy_code = policy_codes_by_partition[item['partition']]
else:
policy_code = get_policy_code(resource, item['partition'],
'delete')
policy_codes_by_partition[item['partition']] = policy_code
if item and match_policy(policy_code, user, item):
resource.db_delete_item(item_id)
executor.submit(delete_item, _item_id)
body['success'] = True
return Response(body)
def do(data, resource):
body = {}
params = data['params']
login_method = params.get('login_method')
enabled = params['enabled']
default_group_name = params['default_group_name']
register_policy_code = params.get('register_policy_code', None)
if login_method not in LOGIN_METHODS:
body['error'] = error.NO_SUCH_LOGIN_METHOD
return Response(body)
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
item = {
'enabled': enabled,
'default_group_name': default_group_name,
'register_policy_code': register_policy_code,
}
item_id = 'auth-login-method-{}'.format(login_method)
if not resource.db_put_item('meta-info', item, item_id):
resource.db_update_item(item_id, item)
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
partition = params.get('partition', None)
start_key = params.get('start_key', None)
limit = params.get('limit', 100)
reverse = params.get('reverse', False)
if not limit:
limit = 100
if type(start_key) is str:
start_key = json.loads(start_key)
if resource.db_has_partition(partition):
items, end_key = resource.db_get_items_in_partition(
partition, start_key=start_key, limit=limit, reverse=reverse)
policy_code = get_policy_code(resource, partition, 'read')
filtered = []
for item in items:
if match_policy(policy_code, user, item):
filtered.append(item)
body['items'] = filtered
body['end_key'] = end_key
return Response(body)
else:
body['items'] = None
body['end_key'] = None
body['error'] = error.PERMISSION_DENIED
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
user_id = user.get('id', None)
partition = params.get('partition', None)
item = params.get('item', {})
read_groups = params.get('read_groups', [])
write_groups = params.get('write_groups', [])
read_groups = list(set(read_groups))
write_groups = list(set(write_groups))
if 'read_groups' not in read_groups:
item['read_groups'] = read_groups
if 'write_groups' not in item:
item['write_groups'] = write_groups
if 'owner' not in item:
item['owner'] = user_id
# Check partition has been existed
if resource.db_get_item(partition):
if match_policy_after_get_policy_code(resource, 'create', partition,
user, item):
resource.db_put_item(partition, item)
body['item_id'] = item.get('id', None)
return Response(body)
else:
body['error'] = error.PERMISSION_DENIED
return Response(body)
body['error'] = error.NO_SUCH_PARTITION
return Response(body)
def do(data, resource):
body = {}
params = data['params']
email = params['email']
password = params['password']
extra = params.get('extra', {})
salt = Salt.get_salt(32)
password_hash = hash_password(password, salt)
partition = 'user'
default_group_name = 'admin'
instructions = [(None, ('email', 'eq', email))]
items, end_key = resource.db_query('user', instructions)
users = items
if len(users) > 0:
body['error'] = error.EXISTING_ACCOUNT
return Response(body)
else:
item = {
'email': email,
'password_hash': password_hash,
'salt': salt,
'groups': [default_group_name],
'extra': extra,
'login_method': 'email_login',
}
resource.db_put_item(partition, item)
return Response(body)
def do(data, resource):
body = {}
params = data['params']
group_name = params['group_name']
description = params.get('description', None)
permissions = params.get('permissions', [])
if not description:
description = None
if group_name in Permission.DEFAULT_USER_GROUPS:
body['error'] = error.DEFAULT_USER_GROUP_CANNOT_BE_MODIFIED
return Response(body)
group_id = 'user-group-{}'.format(group_name)
group_item = {
'name': group_name,
'description': description,
'permissions': permissions,
}
success = resource.db_put_item('user_group', group_item, group_id)
body['success'] = success
if success:
return Response(body)
else:
body['error'] = error.PUT_USER_GROUP_FAILED
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
partition = params.get('partition', None)
query_instructions = params.get('query', None)
start_key = params.get('start_key', None)
limit = params.get('limit', 100)
reverse = params.get('reverse', False)
if type(start_key) is str:
start_key = json.loads(start_key)
if resource.db_get_item(partition):
items, end_key = resource.db_query(partition, query_instructions, start_key, limit, reverse)
policy_code = get_policy_code(resource, partition, 'read')
filtered = []
for item in items:
if match_policy(policy_code, user, item):
filtered.append(item)
body['items'] = filtered
body['end_key'] = end_key
return Response(body)
else:
body['items'] = None
body['end_key'] = None
body['error'] = error.NO_SUCH_PARTITION
return Response(body)
def do(data, resource):
body = {}
params = data['params']
email = params['email']
password = params['password']
extra = params.get('extra', {})
salt = Salt.get_salt(32)
password_hash = hash_password(password, salt)
password_meta = {
'count': len(password),
'count_lowercase': len([c for c in password if c.islower()]),
'count_uppercase': len([c for c in password if c.isupper()]),
'count_special': len([c for c in password if c in string.punctuation]),
}
partition = 'user'
data['params']['login_method'] = 'email_login'
login_conf = get_login_method(data, resource)['body']['item']
register_policy_code = login_conf.get('register_policy_code', None)
if not data.get('admin', False):
if not match_policy(register_policy_code, extra, password_meta):
body['error'] = error.REGISTER_POLICY_VIOLATION
return Response(body)
default_group_name = login_conf['default_group_name']
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.EMAIL_LOGIN_INVALID
return Response(body)
instructions = [(None, ('email', 'eq', email))]
items, end_key = resource.db_query(partition, instructions)
users = list(items)
if len(users) > 0:
body['error'] = error.EXISTING_ACCOUNT
return Response(body)
else:
item = {
'email': email,
'password_hash': password_hash,
'salt': salt,
'groups': [default_group_name],
'login_method': 'email_login',
}
# Put extra value in the item
for key in extra:
if key not in item:
item[key] = extra[key]
resource.db_put_item(partition, item)
body['item'] = item
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
user_id = user.get('id', None)
parent_file_id = params.get('parent_file_id', None)
file_name = params.get('file_name', uuid())
file_b64 = params.get('file_b64')
read_groups = params.get('read_groups', [])
write_groups = params.get('write_groups', [])
meta_info = params.get('meta_info', {})
file_id = '{}'.format(uuid())
parent_file_info = None
file_size = sys.getsizeof(file_b64)
if parent_file_id:
parent_file_info = resource.db_get_item(parent_file_id)
if parent_file_info:
if match_policy_after_get_policy_code(resource, 'create', 'files',
user, parent_file_info):
file_name = parent_file_info.get('file_name', None)
parent_file_info['next_file_id'] = file_id
file_size += parent_file_info['file_size']
else:
body['error'] = error.PERMISSION_DENIED
return Response(body)
file_info = {
'file_id': file_id,
'parent_file_id': parent_file_id,
'file_name': file_name,
'owner': user_id,
'file_size': file_size,
'read_groups': read_groups,
'write_groups': write_groups,
'meta_info': meta_info,
}
if match_policy_after_get_policy_code(resource, 'create', 'files', user,
file_info):
resource.db_put_item('files', file_info, file_id)
if parent_file_id and parent_file_info:
resource.db_update_item(parent_file_id, parent_file_info)
file_b64 = file_b64.encode('utf-8')
file_b64 = base64.b64decode(file_b64)
resource.file_upload_bin(file_id, file_b64)
body['file_id'] = file_id
return Response(body)
else:
body['error'] = error.PERMISSION_DENIED
return Response(body)
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
file_path = params.get('file_path')
file_content = params.get('file_content')
file_type = params.get('file_type', 'text')
print(params)
if file_type not in SUPPORT_TYPES:
body['error'] = error.UNSUPPORTED_FILE_TYPE
return Response(body)
items, _ = resource.db_query(partition, [{
'option': None,
'field': 'function_name',
'value': function_name,
'condition': 'eq'
}])
if len(items) == 0:
body['message'] = 'function_name: {} did not exist'.format(
function_name)
return Response(body)
else:
item = items[0]
zip_file_id = item['zip_file_id']
zip_file_bin = resource.file_download_bin(zip_file_id)
zip_temp_dir = tempfile.mktemp()
extracted_dir = tempfile.mkdtemp()
with open(zip_temp_dir, 'wb') as zip_temp:
zip_temp.write(zip_file_bin)
with ZipFile(zip_temp_dir) as zip_file:
zip_file.extractall(extracted_dir)
with open(os.path.join(extracted_dir, file_path), 'w+') as fp:
fp.write(file_content)
with ZipFile(zip_temp_dir, 'a') as zip_file:
file_name = os.path.join(extracted_dir, file_path)
zip_file.write(file_name, file_path)
zip_file_id = uuid()
with open(zip_temp_dir, 'rb') as zip_file:
zip_file_bin = zip_file.read()
resource.file_upload_bin(zip_file_id, zip_file_bin)
resource.file_delete_bin(
item['zip_file_id']) # Remove previous zip file
item['zip_file_id'] = zip_file_id # Set new file's id
success = resource.db_update_item(item['id'], item)
body['success'] = success
return Response(body)
def do(data, resource):
body = {}
params = data['params']
group_name = params['group_name']
if group_name in Permission.DEFAULT_USER_GROUPS:
body['error'] = error.DEFAULT_USER_GROUP_CANNOT_BE_MODIFIED
return Response(body)
success = resource.db_delete_item('user-group-{}'.format(group_name))
body['success'] = success
return Response(body)
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
user = data.get('user', None)
function_name = params.get('function_name')
payload = params.get('payload')
items, _ = resource.db_query(partition, [{
'option': None,
'field': 'function_name',
'value': function_name,
'condition': 'eq'
}])
if len(items) == 0:
body['error'] = error.NO_SUCH_FUNCTION
return Response(body)
else:
item = items[0]
zip_file_id = item['zip_file_id']
function_handler = item['handler']
sdk_config = item.get('sdk_config', {})
function_package = '.'.join(function_handler.split('.')[:-1])
function_method = function_handler.split('.')[-1]
zip_file_bin = resource.file_download_bin(zip_file_id)
zip_temp_dir = tempfile.mktemp()
extracted_dir = tempfile.mkdtemp()
with open(zip_temp_dir, 'wb') as zip_temp:
zip_temp.write(zip_file_bin)
with ZipFile(zip_temp_dir) as zip_file:
zip_file.extractall(extracted_dir)
copy_configfile(extracted_dir, sdk_config)
try:
# Comment removing cache because of a performance issue
# invalidate_caches()
sys.path.insert(0, extracted_dir)
module = import_module(function_package)
std_str = io.StringIO()
with redirect_stdout(std_str):
handler = getattr(module, function_method)
body['response'] = handler(payload, user)
body['stdout'] = std_str.getvalue()
except Exception as ex:
body['error'] = error.FUNCTION_ERROR
body['error']['message'] = body['error']['message'].format(ex)
os.remove(zip_temp_dir)
return Response(body)
def do(data, resource):
body = {}
params = data['params']
session_id = params.get('session_id', None)
if resource.db_delete_item(Hash.sha3_512(session_id)):
body['success'] = True
return Response(body)
else:
body['success'] = False
body['error'] = error.LOGOUT_FAILED
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user = data['user']
access_token = params.get('access_token')
data['params']['login_method'] = 'facebook_login'
login_conf = get_login_method.do(data, resource)['body']['item']
default_group_name = login_conf['default_group_name']
register_policy_code = login_conf.get('register_policy_code', None)
enabled = login_conf['enabled']
if enabled == 'true':
enabled = True
elif enabled == 'false':
enabled = False
if not enabled:
body['error'] = error.EMAIL_LOGIN_INVALID
return Response(body)
extra_fb_response = get_facebook_response(access_token, ['id', 'email'])
fb_user_id = extra_fb_response['id']
fb_user_email = extra_fb_response['email']
if not data.get('admin', False):
if not match_policy(register_policy_code, extra_fb_response, None):
body['error'] = error.REGISTER_POLICY_VIOLATION
return Response(body)
instructions = [
(None, ('fb_user_id', 'eq', fb_user_id)),
('and', ('login_method', 'eq', 'facebook_login')),
]
items, end_key = resource.db_query('user', instructions)
if items:
session_id = create_session(resource, items[0])
body['session_id'] = session_id
return Response(body)
else: # Create new user and create session also.
item = {
'email': fb_user_email,
'groups': [default_group_name],
'login_method': 'facebook_login',
'fb_user_id': fb_user_id,
}
# Put extra value in the item
for key in extra_fb_response:
if key not in item:
item[key] = extra_fb_response[key]
resource.db_put_item('user', item)
session_id = create_session(resource, item)
body['session_id'] = session_id
return Response(body)
def do(data, resource):
partition = 'logic-function'
body = {}
params = data['params']
function_name = params.get('function_name')
description = params.get('description', None)
zip_file = params.get('zip_file', None)
runtime = params.get('runtime', None)
handler = params.get('handler', None)
runnable = params.get('runnable', None)
sdk_config = params.get('sdk_config', None)
items, _ = resource.db_query(partition, [{
'option': None,
'field': 'function_name',
'condition': 'eq',
'value': function_name
}])
if items:
item = items[0]
if description:
item['description'] = description
if handler:
item['handler'] = handler
if runtime:
item['runtime'] = runtime
if runnable is not None:
item['runnable'] = runnable
if sdk_config is not None:
item['sdk_config'] = sdk_config
if zip_file:
zip_file_id = uuid()
requirements_zip_file_id = uuid()
zip_file_b64 = zip_file.encode('utf-8')
zip_file_bin = base64.b64decode(zip_file_b64)
requirements_zip_file_bin = generate_requirements_zipfile(
zip_file_bin)
resource.file_upload_bin(zip_file_id, zip_file_bin)
resource.file_upload_bin(requirements_zip_file_id,
requirements_zip_file_bin)
item['zip_file_id'] = zip_file_id
item['requirements_zip_file_id'] = requirements_zip_file_id
resource.db_update_item(item['id'], item)
body['function_name'] = function_name
return Response(body)
else:
body['error'] = error.NO_SUCH_FUNCTION
return Response(body)
def do(data, resource):
partition = 'log'
body = {}
params = data['params']
event_source = params.get('event_source', None)
event_name = params.get('event_name', None)
user_id = params.get('user_id', None)
start_key = params.get('start_key', None)
reverse = params.get('reverse', False)
operation = None
instructions = []
for field_name, value in (('event_source', event_source),
('event_name', event_name), ('owner', user_id)):
if value:
instructions.append((operation, (field_name, 'eq', value)))
operation = 'and'
if len(instructions) > 0:
items, end_key = resource.db_query(partition,
instructions,
start_key=start_key,
reverse=reverse)
else:
items, end_key = resource.db_get_items_in_partition(
partition, start_key=start_key, reverse=reverse)
body['end_key'] = end_key
body['items'] = items
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user_id = params.get('user_id', None)
success = resource.db_delete_item(user_id)
body['success'] = success
return Response(body)
def do(data, resource):
body = {}
params = data['params']
session_id = params.get('session_id', None)
item = resource.db_get_item(Hash.sha3_512(session_id))
body['item'] = item
return Response(body)
def do(data, resource):
body = {}
params = data['params']
partition = params.get('partition', None)
resource.db_create_partition(partition)
body['partition'] = partition
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user_ids = params.get('user_ids', [])
success = resource.db_delete_item_batch(user_ids)
body['success'] = success
return Response(body)
def do(data, resource):
body = {}
params = data['params']
user_id = params.get('user_id', None)
item = resource.db_get_item(user_id)
body['item'] = item
return Response(body)
def do(data, resource):
body = {}
params = data['params']
session_ids = params.get('session_ids')
success = resource.db_delete_item_batch(session_ids)
body['success'] = success
return Response(body)
def do(data, resource):
body = {}
params = data['params']
partition = params.get('partition', None)
success = resource.db_delete_partition(partition)
body['success'] = success
return Response(body)
def do(data, resource):
body = {}
params = data['params']
email = params.get('email', None)
user = data.get('user', {})
if 'admin' in user.get('groups', []):
items, end_key = resource.db_query('user', [{
'option': None,
'field': 'email',
'value': email,
'condition': 'eq'
}])
body['item'] = items[0]
return Response(body)
elif user.get('id', None):
body['item'] = user
return Response(body)
def do(data, resource):
body = {}
params = data['params']
partitions = params.get('partitions', [])
for partition in partitions:
resource.db_delete_partition(partition)
body['success'] = True
return Response(body)