def users_update_address(): if g.get('current_player'): address_relation = database.execute("SELECT * FROM PlayerAddress WHERE PlayerID = %s AND EndDate IS NULL;", (g.current_player['PlayerID'],)).fetchone() elif g.get('current_viewer'): address_relation = database.execute("SELECT * FROM ViewerAddress WHERE ViewerID = %s AND EndDate IS NULL;", (g.current_viewer['ViewerID'],)).fetchone() else: flash("You must be logged in as either Player or Viewer to access this page.", 'error') return redirect(url_for('users_login')) if address_relation: address = database.execute("SELECT * FROM Address WHERE AddressID = %s;", (address_relation['AddressID'],)).fetchone() form = forms.AddressForm(request.form, street_number=address['StreetNumber'], street_number_suffix=address['StreetNumberSuffix'], street_name=address['StreetName'], street_type=address['StreetType'], major_municipality=address['MajorMunicipality'], governing_district=address['GoverningDistrict'], postal_area=address['PostalArea'], country=address['Country']) else: form = forms.AddressForm(request.form) if request.method == "POST" and form.validate(): lastrowid = database.execute("INSERT INTO Address (StreetNumber, StreetNumberSuffix, StreetName, StreetType, MajorMunicipality, GoverningDistrict, PostalArea, Country) VALUES (%s, %s, %s, %s, %s, %s, %s, %s);", (form.street_number.data, form.street_number_suffix.data, form.street_name.data, form.street_type.data, form.major_municipality.data, form.governing_district.data, form.postal_area.data, form.country.data)).lastrowid if g.get('current_player'): database.execute("UPDATE PlayerAddress SET EndDate = %s WHERE PlayerID = %s AND EndDate IS NULL;", (datetime.today().date(), g.current_player['PlayerID'])) database.execute("INSERT INTO PlayerAddress (AddressID, PlayerID, StartDate, EndDate) VALUES (%s, %s, %s, NULL);", (lastrowid, g.current_player['PlayerID'], datetime.today().date())) elif g.get('current_viewer'): database.execute("UPDATE ViewerAddress SET EndDate = %s WHERE ViewerID = %s AND EndDate IS NULL;", (datetime.today().date(), g.current_viewer['ViewerID'])) database.execute("INSERT INTO ViewerAddress (AddressID, ViewerID, StartDate, EndDate) VALUES (%s, %s, %s, NULL);", (lastrowid, g.current_viewer['ViewerID'], datetime.today().date())) database.commit() flash("You have updated your address successfully!", 'notice') return redirect(url_for('index')) else: return render_template('users/update_address.html', form=form)
def authorize_apikeys(resource): """Check if user is an apikey, and if it is, do authorization. Also update 'updated' timestamp everytime a key is accessed """ apikeys = current_app.data.driver.db['apikeys'] apikey = apikeys.find_one({'token': g.get('current_token')}, {'permissions': 1}) if apikey: # Get permission for resource if they exist permission = apikey['permissions'].get(resource) # Update timestamp (remove microseconds to match mongo precision) new_time = dt.utcnow().replace(microsecond=0) apikeys.update_one({'_id': apikey['_id']}, {'$set': {'_updated': new_time}}) if permission == 'read': g.resource_admin_readonly = True elif permission == 'readwrite': g.resource_admin = True elif g.get('auth_required'): abort(403, "The API key exists but does not grant the required " "permissions.")
def ajax_category_select(name = 'catid', title = '', catid = 0, moduleid = 1, extend = '', deep = 0): if g.get('cat_id'): cat_id = g.get('cat_id') cat_id += 1 g.cat_id = cat_id else: cat_id = 1 g.cat_id = cat_id catid = MyInt(catid) deep = MyInt(deep) select = '' select += '<input name="'+name+'" id="catid_'+str(cat_id)+'" type="hidden" value="'+str(catid)+'"/>' select += '<span id="load_category_'+str(cat_id)+'">'+get_category_select(title, catid, moduleid, extend, deep, cat_id)+'</span>' select += '<script type="text/javascript">' if cat_id == 1: select += 'var category_moduleid = new Array;' select += 'category_moduleid['+str(cat_id)+']="'+str(moduleid)+'";' if cat_id == 1: select += 'var category_title = new Array;' select += 'category_title['+str(cat_id)+']=\''+title+'\';' if cat_id == 1: select += 'var category_extend = new Array;' select += 'category_extend['+str(cat_id)+']=\''+extend+'\';' if cat_id == 1: select += 'var category_catid = new Array;' select += 'category_catid['+str(cat_id)+']=\''+str(catid)+'\';' if cat_id == 1: select += 'var category_deep = new Array;' select += 'category_deep['+str(cat_id)+']=\''+str(deep)+'\';' select += '</script>' if cat_id == 1: select += '<script type="text/javascript" src="/static/js/category.js"></script>' return select
def prometheus(): alerts = [] if request.json and 'alerts' in request.json: external_url = request.json.get('externalURL', None) for alert in request.json['alerts']: try: incomingAlert = parse_prometheus(alert, external_url) except ValueError as e: raise ApiError(str(e), 400) if g.get('customer', None): incomingAlert.customer = g.get('customer') add_remote_ip(request, incomingAlert) try: alert = process_alert(incomingAlert) except RejectException as e: raise ApiError(str(e), 403) except Exception as e: raise ApiError(str(e), 500) alerts.append(alert) else: raise ApiError("no alerts in Prometheus notification payload", 400) if len(alerts) == 1: return jsonify(status="ok", id=alerts[0].id, alert=alerts[0].serialize), 201 else: return jsonify(status="ok", ids=[alert.id for alert in alerts]), 201
def custom(webhook): try: incomingAlert = custom_webhooks.webhooks[webhook].incoming( query_string=request.args, payload=request.get_json() or request.get_data(as_text=True) ) except ValueError as e: raise ApiError(str(e), 400) if g.get('customer', None): incomingAlert.customer = g.get('customer') add_remote_ip(request, incomingAlert) try: alert = process_alert(incomingAlert) except RejectException as e: raise ApiError(str(e), 403) except Exception as e: raise ApiError(str(e), 500) if alert: return jsonify(status="ok", id=alert.id, alert=alert.serialize), 201 else: raise ApiError("insert or update via %s webhook failed" % webhook, 500)
def on_inserted_userservice_session(items): """ A new session has been created in the database: - Add a sessionOpened event - Create a user service CDR :param items: :return: None """ for index, item in enumerate(items): print "Created a new session for service: %s" % item['service_name'] # Add an event data = { 'userservice_session': item['_id'], 'user': g.get('users_id', None), 'date': datetime.utcnow(), 'type': 'session.opened', 'message': 'Session opening' } post_internal("event", data) # Create a service CDR data = { 'userservice_session': item['_id'], 'userservice': item['userservice'], 'user_creator': g.get('users_id', None), 'opening_date': datetime.utcnow(), 'status': 'open' } post_internal("userservice_cdr", data)
def get_heartbeats(tenant): tenant = generateDBName(tenant) try: heartbeats = db.get_heartbeats(tenant) except Exception as e: return jsonify(status="error", message=str(e)), 500 hb_list = list() for hb in heartbeats: body = hb.get_body() if g.get('role', None) != 'admin' and not body['customer'] == g.get('customer', None): continue body['href'] = "%s/%s" % (request.base_url.replace('heartbeats', 'heartbeat'), hb.id) hb_list.append(body) if hb_list: return jsonify( status="ok", total=len(heartbeats), heartbeats=hb_list, time=datetime.datetime.utcnow() ) else: return jsonify( status="ok", message="not found", total=0, heartbeats=hb_list, time=datetime.datetime.utcnow() )
def orders_show(order_id): order = database.execute("SELECT * FROM ViewerOrder WHERE ViewerOrderID = %s;", (order_id,)).fetchone() if not g.get('current_staff') and not (g.get('current_viewer') and g.current_viewer['ViewerID'] == order['ViewerID']): return redirect(url_for('users_login', error="You need to be a staff member or you can only view your own orders.")) order_lines = database.execute("SELECT * FROM ViewerOrderLine NATURAL JOIN Video WHERE ViewerOrderID = %s;", (order['ViewerOrderID'],)).fetchall() order_total = database.execute("SELECT SUM(Price) AS Total FROM ViewerOrderLine NATURAL JOIN Video WHERE ViewerOrderID = %s AND FlagPerk = '0'", (order['ViewerOrderID'],)).fetchone()["Total"] return render_template('orders/show.html', order=order, order_lines=order_lines, order_total=order_total)
def get_keys(): if g.get('role', None) == 'admin': try: keys = db.get_keys() except Exception as e: return jsonify(status="error", message=str(e)), 500 else: user = g.get('user') try: keys = db.get_user_keys(user) except Exception as e: return jsonify(status="error", message=str(e)), 500 if keys: return jsonify( status="ok", total=len(keys), keys=keys, time=datetime.datetime.utcnow() ) else: return jsonify( status="ok", message="not found", total=0, keys=[], time=datetime.datetime.utcnow() )
def put(self, user_id): #if not request.authorization: # return jsonify(status=401, message="unauthorized") try: conn = g.get('db_connection', None) cur = conn.cursor() data = request.get_json() # This variable allows to know if I have to add comma add_comma = False user = self.get_role(conn, user_id) if user == "admin" and not g.get('isadmin', False): return jsonify(status=401, message="unauthorized") if "role" in data and data["role"] == "admin" and not g.get('isadmin', False): return jsonify(status=401, message="unauthorized") # Build query query = "UPDATE user SET " if "lastname" in data: add_comma = True query += "lastname = \"" + data["lastname"] + "\"" if "firstname" in data: if add_comma: query += ", " else: add_comma = True query += "firstname = \"" + data["firstname"] + "\"" if "email" in data: if add_comma: query += ", " else: add_comma = True query += "email = \"" + data["email"] + "\"" if "password" in data: if add_comma: query += ", " else: add_comma = True query += "password = \"" + data["password"] + "\"" if "role" in data: if add_comma: query += ", " query += "role = \"" + data["role"] + "\"" query += " WHERE id = " + str(user_id) # Execute query affected_count = cur.execute(query) # End query conn.commit() # Close MySQL connection conn.close() return jsonify(status=200, affected_row=str(affected_count)) except mdb.Error as e: print "Error: %s" % str(e) abort(500)
def create_key(): try: key = ApiKey.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) if 'admin' in g.scopes or 'admin:keys' in g.scopes: key.user = key.user or g.user key.customer = key.customer or g.get('customer', None) else: key.user = g.user key.customer = g.get('customer', None) if not key.user: raise ApiError("Must set 'user' to create API key", 400) for want_scope in key.scopes: if not Permission.is_in_scope(want_scope, g.scopes): raise ApiError("Requested scope '%s' not in existing scopes: %s" % (want_scope, ','.join(g.scopes)), 403) try: key = key.create() except Exception as e: raise ApiError(str(e), 500) if key: return jsonify(status="ok", key=key.key, data=key.serialize), 201 else: raise ApiError("create API key failed", 500)
def assertBase(self, admin, admin_readonly): """Assert baseline""" with self.app.app_context(): self.api.get('/groups', status_code=200, token=self.get_user_token(self.UID)) self.assertEqual(g.get('resource_admin'), admin) self.assertEqual(g.get('resource_admin_readonly'), admin_readonly)
def show(page): try: username = request.form.get('username', '').strip() or g.get('username') password = request.form.get('password', '').strip() or g.get('username') # with app.app_context() as ctx: # # ctx.pop() # g.username = username # g.password = password # ctx.push() board_name = request.form.get('board_name', '').strip() sprint_name = request.form.get('sprint_name', '').strip() boards = jira.get_boards() board = jira.get_board(board_name, boards) sprints = jira.get_sprints(board) sprint = jira.get_sprint(sprint_name, sprints) issues = jira.get_issues(sprint) data = { 'username': username, 'password': password, 'boards': boards, 'sprints': sprints, 'issues': issues, 'types': jira.get_types(issues), 'board_name': board_name, 'sprint_name': sprint_name, } return render_template('pages/%s.html' % page, **data) except TemplateNotFound: abort(404)
def get_heartbeats(): try: heartbeats = db.get_heartbeats() except Exception as e: return jsonify(status="error", message=str(e)), 500 hb_list = list() for hb in heartbeats: body = hb.get_body() if g.get('role', None) != 'admin' and not body['customer'] == g.get('customer', None): continue body['href'] = absolute_url('/heartbeat/' + hb.id) hb_list.append(body) if hb_list: return jsonify( status="ok", total=len(heartbeats), heartbeats=hb_list, time=datetime.datetime.utcnow() ) else: return jsonify( status="ok", message="not found", total=0, heartbeats=hb_list, time=datetime.datetime.utcnow() )
def get_user_keys(user): query = {"user": user} if g.get('role', None) != 'admin': query['customer'] = g.get('customer') try: keys = db.get_keys(query) except Exception as e: return jsonify(status="error", message=str(e)), 500 if len(keys): return jsonify( status="ok", total=len(keys), keys=keys, time=datetime.datetime.utcnow() ) else: return jsonify( status="ok", message="not found", total=0, keys=[], time=datetime.datetime.utcnow() )
def index(): form = CreateUserInfoForm(); print g.get('_gspread') if form.validate_on_submit(): email = form.email.data techtalks = form.mc_tech_talks.data core = form.mc_core.data # check if we 'know' this user # user = User.query.filter_by(email=email).first() # if user is None: # uniqname = email.split("@")[0] # create new user with this uniqname and add them to our database # user = User(email=uniqname + "@umich.edu", # username=uniqname, # uniqname=uniqname, # attend_talks=techtalks, # join_core=core, # password="******") # db.session.add(user) # db.session.commit() gc = gspread.Client(auth=(os.environ.get('GMAIL'), os.environ.get('GMAIL_PWD'))) gc.login() sheet = gc.open_by_key(os.environ.get('SPREADSHEET_KEY')).sheet1 num_rows = len(sheet.col_values(1)) sheet.append_row([email, techtalks, core]) # sheet.update_acell('A' + str(num_rows + 1), email) # print "Added user %s to the database." % email # Add the email to google spreadsheet (and uniqname to Twilio backend?) flash("You've been subscribed to the Michigan Hackers E-mail list. We send out E-mails every Wednesday so be on the lookout!", 'success') return redirect(url_for('main.index')) return render_template('index.html', form=form)
def create_key(): if g.get('role', None) == 'admin': try: user = request.json.get('user', g.user) customer = request.json.get('customer', None) except AttributeError: return jsonify(status="error", message="Must supply 'user' as parameter"), 400 else: try: user = g.user customer = g.get('customer', None) except AttributeError: return jsonify(status="error", message="Must supply API Key or Bearer Token when creating new API key"), 400 type = request.json.get("type", "read-only") if type not in ['read-only', 'read-write']: return jsonify(status="error", message="API key 'type' must be 'read-only' or 'read-write'"), 400 text = request.json.get("text", "API Key for %s" % user) try: key = db.create_key(user, type, customer, text) except Exception as e: return jsonify(status="error", message=str(e)), 500 return jsonify(status="ok", key=key), 201, {'Location': absolute_url('/key/' + key)}
def newrelic(): hook_started = webhook_timer.start_timer() try: incomingAlert = parse_newrelic(request.json) except ValueError as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 400 if g.get("customer", None): incomingAlert.customer = g.get("customer") try: alert = process_alert(incomingAlert) except RejectException as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 403 except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 webhook_timer.stop_timer(hook_started) if alert: body = alert.get_body() body["href"] = absolute_url("/alert/" + alert.id) return jsonify(status="ok", id=alert.id, alert=body), 201, {"Location": body["href"]} else: return jsonify(status="error", message="insert or update of New Relic alert failed"), 500
def prometheus(): if request.json and 'alerts' in request.json: hook_started = webhook_timer.start_timer() status = request.json['status'] for alert in request.json['alerts']: try: incomingAlert = parse_prometheus(status, alert) except ValueError as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 400 if g.get('customer', None): incomingAlert.customer = g.get('customer') try: process_alert(incomingAlert) except RejectException as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 403 except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 webhook_timer.stop_timer(hook_started) else: return jsonify(status="error", message="no alerts in Prometheus notification payload"), 400 return jsonify(status="ok"), 200
def get_category_select(title = '', catid = 0, moduleid = 1, extend = '', deep = 0, cat_id = 1): if g.get('pchild'): pchild = g.get('pchild') else: pchild = [] g.pchild = pchild if catid: r = MallCategory.query.filter_by(id=catid).first() parents = r.arrparentid.split(',') if r.child: parents.append(catid) else: parents = ['0'] select = '' k = 0 for v in parents: if deep and deep <= k: break select += '<select onchange="load_category(this.value, '+str(cat_id)+');" '+extend+'>' if title: select += '<option value="0">'+title+'</option>' parentid = v if v else "0" result = MallCategory.query.filter_by(parentid=parentid).all() for c in result: selectid = parents[k+1] if k+1 < len(parents) else str(catid) selected = 'selected' if str(c.id) == selectid else '' if pchild and c.id in pchild : continue select += '<option value="'+str(c.id)+'"'+selected+'>'+c.catname+'</option>' select += '</select>' k +=1 return select
def delete(self, user_id): #if not request.authorization: # return jsonify(status=401, message="unauthorized") try: conn = g.get('db_connection', None) cur = conn.cursor() user = self.get_role(conn, user_id) if user == "admin" and not g.get('isadmin', False): return jsonify(status=401, message="unauthorized") # Execute query affected_count = cur.execute("DELETE FROM user WHERE id=%s", (user_id,)) # End query conn.commit() # Close MySQL connection conn.close() return jsonify(status=200, affected_row=str(affected_count)), 200 except mdb.Error as e: print "Error: %s" % str(e) abort(500)
def stackdriver(): hook_started = webhook_timer.start_timer() try: incomingAlert = parse_stackdriver(request.json) except ValueError as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 400 if g.get('customer', None): incomingAlert.customer = g.get('customer') add_remote_ip(request, incomingAlert) try: alert = process_alert(incomingAlert) except RejectException as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 403 except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 webhook_timer.stop_timer(hook_started) if alert: body = alert.get_body() body['href'] = absolute_url('/alert/' + alert.id) return jsonify(status="ok", id=alert.id, alert=body), 201, {'Location': body['href']} else: return jsonify(status="error", message="notification from stackdriver failed"), 500
def receive(): try: incomingAlert = Alert.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) if g.get('customer', None): incomingAlert.customer = g.get('customer') add_remote_ip(request, incomingAlert) try: alert = process_alert(incomingAlert) except RejectException as e: raise ApiError(str(e), 403) except RateLimit as e: return jsonify(status="error", message=str(e), id=incomingAlert.id), 429 except BlackoutPeriod as e: return jsonify(status="ok", message=str(e), id=incomingAlert.id), 202 except Exception as e: raise ApiError(str(e), 500) if alert: return jsonify(status="ok", id=alert.id, alert=alert.serialize), 201 else: raise ApiError("insert or update of received alert failed", 500)
def cloudwatch(): hook_started = webhook_timer.start_timer() try: incomingAlert = parse_notification(request.data) except ValueError as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 400 if g.get('customer', None): incomingAlert.customer = g.get('customer') try: alert = process_alert(incomingAlert) except RejectException as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 403 except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 webhook_timer.stop_timer(hook_started) if alert: body = alert.get_body() body['href'] = absolute_url('/alert/' + alert.id) return jsonify(status="ok", id=alert.id, alert=body), 201, {'Location': body['href']} else: return jsonify(status="error", message="insert or update of cloudwatch alarm failed"), 500
def orders(): if not g.get('current_staff') and not g.get('current_viewer'): return redirect(url_for('users_login', error="You need to be a staff member or viewer to list orders")) if g.get('current_staff'): orders = database.execute("SELECT ViewerOrder.ViewerOrderID, OrderDate, ViewedStatus, SUM(CASE WHEN FlagPerk = 1 THEN 0 ELSE Price END) AS OrderTotal FROM ViewerOrder LEFT JOIN ViewerOrderLine ON ViewerOrder.ViewerOrderID = ViewerOrderLine.ViewerOrderID LEFT JOIN Video ON ViewerOrderLine.VideoID = Video.VideoID WHERE ViewedStatus IN ('Pending', 'Viewed', 'Fraud') GROUP BY ViewerOrderID ORDER BY ViewerOrderID DESC;").fetchall() else: orders = database.execute("SELECT ViewerOrder.ViewerOrderID, OrderDate, ViewedStatus, SUM(CASE WHEN FlagPerk = 1 THEN 0 ELSE Price END) AS OrderTotal FROM ViewerOrder LEFT JOIN ViewerOrderLine ON ViewerOrder.ViewerOrderID = ViewerOrderLine.ViewerOrderID LEFT JOIN Video ON ViewerOrderLine.VideoID = Video.VideoID WHERE ViewerID = %s AND ViewedStatus IN ('Pending', 'Viewed') GROUP BY ViewerOrderID ORDER BY ViewerOrderID DESC;", (g.current_viewer['ViewerID'],)).fetchall() return render_template('orders/index.html', orders=orders)
def test_debug_mixin(): with app.test_request_context('/'): assert_is_none(g.get('debug')) mixin = Debug() mixin.before() assert_true(g.get('debug')) mixin.after({})
def _projects(): print g.get('user',nme).name user = get_user() print user.projects.all() if user is not None else '' if user is not None: #print [dir(p) for p in user.projects] projects = [p.to_json() for p in user.projects.all()]# else Project.objects.get(id=p.id).to_json()] else: projects = [] return jsonify(projects=projects)
def get(self): try: print(g.get('auth_token')) if g.get('auth_token', None) is not None and g.get('auth_user', None) is not None: cache_token = app_cache.get(g.get('auth_token')) if cache_token is not None: return {'status': True}, 200 return {'status': False}, 401 except Exception as e: app.logger.exception(msg="Exception occured") return {'status': False}, 404
def wrapper(*args,**kwargs): headers = request.headers auth = headers.get('Authorization',None) if auth is not None: print auth token = auth.split(' ')[-1] if not token == 'null': user_data = jwt.decode(token,str(session.get('user_id',None))) if int(user_data.get('id')) == session.get('user_id'): g.user = User.get(user_data.get('id')) print g.get('user',nme).name return f(*args,**kwargs)
def after_cursor_execute(conn, cursor, statement, parameters, context, executemany): total = time.time() - context._query_start_time source_line = _get_sql_line() source = source_line['items'] if source_line else None logger.debug('Query complete; total time: %s', total, extra={'sql_log_type': 'end', 'req_path': (request.path if has_request_context() else None), 'sql_source': source, 'sql_duration': total, 'sql_verb': statement.split()[0]}) g.sql_query_count = g.get('sql_query_count', 0) + 1 g.req_query_duration = g.get('req_query_duration', 0) + total
def getScriptBaseURL(self): if g.get('static_site'): return 'static/js' else: return url_parse('%s/js' % self.getBaseURL()).path
def get_auth_token(): if "auth_token" in g: return g.get("auth_token") else: return None
def get_db(): if not g.get('gb'): # when ther is no global connection, should create it con = sqlite3.connect(app.config['DATABASE']) con.row_factory = sqlite3.Row g.db = con return g.db
def before_replace(resource, document): user = g.get('user', None) if user is not None: document[modified_by_field] = user
def get_locale(): return g.get('lang_code', 'en')
def getImagesBaseSecureURL(self): if has_app_context() and g.get('static_site'): return "static/images" else: return url_parse("%s/images" % self.getBaseSecureURL()).path
def close_db(error): """Zamykanie połączenia z bazą""" if g.get('db'): g.db.close()
def grafana(): hook_started = webhook_timer.start_timer() alerts = [] data = request.json if data and data['state'] == 'alerting': for match in data.get('evalMatches', []): try: incomingAlert = parse_grafana(data, match) except ValueError as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 400 if g.get('customer', None): incomingAlert.customer = g.get('customer') add_remote_ip(request, incomingAlert) try: alert = process_alert(incomingAlert) except RejectException as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 403 except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 alerts.append(alert) webhook_timer.stop_timer(hook_started) elif data and data['state'] == 'ok' and data.get('ruleId', None): try: existingAlerts = db.get_alerts({ 'attributes.ruleId': data['ruleId'], 'customer': g.get('customer', None) }) except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 for updateAlert in existingAlerts: updateAlert.severity = 'normal' updateAlert.status = 'closed' try: alert = process_alert(updateAlert) except RejectException as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 403 except Exception as e: webhook_timer.stop_timer(hook_started) return jsonify(status="error", message=str(e)), 500 alerts.append(alert) webhook_timer.stop_timer(hook_started) else: return jsonify( status="error", message="no alerts in Grafana notification payload"), 400 if len(alerts) == 1: body = alerts[0].get_body() body['href'] = absolute_url('/alert/' + alerts[0].id) return jsonify(status="ok", id=alerts[0].id, alert=body), 201, { 'Location': body['href'] } else: return jsonify(status="ok", ids=[alert.id for alert in alerts]), 201
def handler(prefix, path): path = posixpath.join('/', prefix, path) clearCache() # init fossil cache logger = Logger.get('httpapi') if request.method == 'POST': # Convert POST data to a query string queryParams = [(key, [x.encode('utf-8') for x in values]) for key, values in request.form.iterlists()] query = urllib.urlencode(queryParams, doseq=1) # we only need/keep multiple values so we can properly validate the signature. # the legacy code below expects a dict with just the first value. # if you write a new api endpoint that needs multiple values get them from # ``request.values.getlist()`` directly queryParams = {key: values[0] for key, values in queryParams} else: # Parse the actual query string queryParams = dict((key, value.encode('utf-8')) for key, value in request.args.iteritems()) query = request.query_string apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None) cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'], 'no') == 'yes' signature = get_query_parameter(queryParams, ['signature']) timestamp = get_query_parameter(queryParams, ['timestamp'], 0, integer=True) noCache = get_query_parameter(queryParams, ['nc', 'nocache'], 'no') == 'yes' pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes' onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'], 'no') == 'yes' onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'], 'no') == 'yes' scope = 'read:legacy_api' if request.method == 'GET' else 'write:legacy_api' if not request.headers.get('Authorization', '').lower().startswith('basic '): try: oauth_valid, oauth_request = oauth.verify_request([scope]) if not oauth_valid and oauth_request and oauth_request.error_message != 'Bearer token not found.': raise BadRequest('OAuth error: {}'.format( oauth_request.error_message)) elif g.get( 'received_oauth_token' ) and oauth_request.error_message == 'Bearer token not found.': raise BadRequest('OAuth error: Invalid token') except ValueError: # XXX: Dirty hack to workaround a bug in flask-oauthlib that causes it # not to properly urlencode request query strings # Related issue (https://github.com/lepture/flask-oauthlib/issues/213) oauth_valid = False else: oauth_valid = False # Get our handler function and its argument and response type hook, dformat = HTTPAPIHook.parseRequest(path, queryParams) if hook is None or dformat is None: raise NotFound # Disable caching if we are not just retrieving data (or the hook requires it) if request.method == 'POST' or hook.NO_CACHE: noCache = True ak = error = result = None ts = int(time.time()) typeMap = {} status_code = None is_response = False try: used_session = None if cookieAuth: used_session = session if not used_session.user: # ignore guest sessions used_session = None if apiKey or oauth_valid or not used_session: if not oauth_valid: # Validate the API key (and its signature) ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp, path, query) if enforceOnlyPublic: onlyPublic = True # Create an access wrapper for the API key's user user = ak.user if ak and not onlyPublic else None else: # Access Token (OAuth) at = load_token(oauth_request.access_token.access_token) user = at.user if at and not onlyPublic else None # Get rid of API key in cache key if we did not impersonate a user if ak and user is None: cacheKey = normalizeQuery( path, query, remove=('_', 'ak', 'apiKey', 'signature', 'timestamp', 'nc', 'nocache', 'oa', 'onlyauthed')) else: cacheKey = normalizeQuery(path, query, remove=('_', 'signature', 'timestamp', 'nc', 'nocache', 'oa', 'onlyauthed')) if signature: # in case the request was signed, store the result under a different key cacheKey = 'signed_' + cacheKey else: # We authenticated using a session cookie. token = request.headers.get( 'X-CSRF-Token', get_query_parameter(queryParams, ['csrftoken'])) if used_session.csrf_protected and used_session.csrf_token != token: raise HTTPAPIError('Invalid CSRF token', 403) user = used_session.user if not onlyPublic else None userPrefix = 'user-{}_'.format(used_session.user.id) cacheKey = userPrefix + normalizeQuery( path, query, remove=('_', 'nc', 'nocache', 'ca', 'cookieauth', 'oa', 'onlyauthed', 'csrftoken')) # Bail out if the user requires authentication but is not authenticated if onlyAuthed and not user: raise HTTPAPIError('Not authenticated', 403) addToCache = not hook.NO_CACHE cache = GenericCache('HTTPAPI') cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey) if not noCache: obj = cache.get(cacheKey) if obj is not None: result, extra, ts, complete, typeMap = obj addToCache = False if result is None: g.current_api_user = user # Perform the actual exporting res = hook(user) if isinstance(res, current_app.response_class): addToCache = False is_response = True result, extra, complete, typeMap = res, {}, True, {} elif isinstance(res, tuple) and len(res) == 4: result, extra, complete, typeMap = res else: result, extra, complete, typeMap = res, {}, True, {} if result is not None and addToCache: ttl = api_settings.get('cache_ttl') if ttl > 0: cache.set(cacheKey, (result, extra, ts, complete, typeMap), ttl) except HTTPAPIError as e: error = e if e.getCode(): status_code = e.getCode() if result is None and error is None: # TODO: usage page raise NotFound else: if ak and error is None: # Commit only if there was an API key and no error norm_path, norm_query = normalizeQuery(path, query, remove=('signature', 'timestamp'), separate=True) uri = to_unicode('?'.join(filter(None, (norm_path, norm_query)))) ak.register_used(request.remote_addr, uri, not onlyPublic) db.session.commit() else: # No need to commit stuff if we didn't use an API key (nothing was written) # XXX do we even need this? db.session.rollback() # Log successful POST api requests if error is None and request.method == 'POST': logger.info('API request: %s?%s', path, query) if is_response: return result serializer = Serializer.create(dformat, query_params=queryParams, pretty=pretty, typeMap=typeMap, **hook.serializer_args) if error: if not serializer.schemaless: # if our serializer has a specific schema (HTML, ICAL, etc...) # use JSON, since it is universal serializer = Serializer.create('json') result = fossilize(error) else: if serializer.encapsulate: result = fossilize( HTTPAPIResult(result, path, query, ts, complete, extra), IHTTPAPIExportResultFossil) del result['_fossil'] try: data = serializer(result) response = current_app.make_response(data) content_type = serializer.get_response_content_type() if content_type: response.content_type = content_type if status_code: response.status_code = status_code return response except Exception: logger.exception('Serialization error in request %s?%s', path, query) raise
def get_timezone(): user = g.get('user', None) if user is not None: return user.timezone
def inject_data(): return dict(user=current_user, \ lang_code=g.get('lang_code', None))
def get_locale(): return g.get('lang_code', app.config['BABEL_DEFAULT_LOCALE'])
def ensure_lang_support(): lang_code = g.get('lang_code', None) if lang_code and lang_code not in app.config['SUPPORTED_LANGUAGES'].keys(): return abort(404)
def set_language_code(endpoint, values): if 'lang_code' in values or not g.get('lang_code', None): return if app.url_map.is_endpoint_expecting(endpoint, 'lang_code'): values['lang_code'] = g.lang_code
def parse_assignment_load(): # Lookup Code assignment_group_id = parse_lookup_code() # Assignment Group ID if assignment_group_id is None: assignment_group_id = maybe_int( request.args.get('assignment_group_id')) # Exact "url" code for group if assignment_group_id is None: assignment_group_id = AssignmentGroup.id_by_url( request.args.get('assignment_group_url')) # Assignment ID current_assignment_id = maybe_int(request.args.get('assignment_id')) # Exact "url" code for assignment if current_assignment_id is None: current_assignment_id = Assignment.id_by_url( request.args.get('assignment_url')) # User user = g.get('user', None) user_id = user.id if user else None # Course ID of the user course_id = maybe_int(request.args.get('course_id', None)) if course_id is None: course_id = int(g.course.id) if 'course' in g and g.course else None # LTI submission URL new_submission_url = request.form.get('lis_result_sourcedid', None) # Embedded? embed = request.values.get('embed', 'false').lower() == 'true' # Get group assignment_group = AssignmentGroup.by_id(assignment_group_id) # Get assignments if assignment_group is None: assignment = Assignment.by_id(current_assignment_id) if assignment: assignments = [assignment] else: assignments = [] else: assignments = assignment_group.get_assignments() # Potentially adjust assignment_id if current_assignment_id is None and assignments: current_assignment_id = assignments[0].id # Get submissions if user_id is None or course_id is None: submissions = [] else: submissions = [ assignment.load_or_new_submission(user_id, course_id, new_submission_url, assignment_group_id) for assignment in assignments ] # Determine the users' role in relation to this information role = user.determine_role(assignments, submissions) if user else "anonymous" if role in ("student", "anonymous"): # Check for any IP locked assignments for assignment in assignments: if not assignment.is_allowed(request.remote_addr): return abort( 403, "You cannot access this assignment from your current location: " + request.remote_addr) # Check passcode passcode_protected = False for assignment in assignments: if assignment.has_passcode() and not passcode_protected: passcode_protected = True # Combine the submissions and assignments group = list(zip(assignments, submissions)) # Okay we've got everything return dict(group=group, assignment_group=assignment_group, assignments=assignments, submissions=submissions, assignment_group_id=assignment_group_id, current_assignment_id=current_assignment_id, user=user, user_id=user_id, role=role, course_id=course_id, embed=embed, passcode_protected=passcode_protected)
def get_locale(): # try to guess the language from the user accept # header the browser transmits. The best match wins. # return request.accept_languages.best_match(['de', 'sk', 'en']) return g.get('current_lang', app.config['BABEL_DEFAULT_LOCALE'])
def add_request_id(response): response.headers.add('X-REQUEST-ID', g.get('request_id')) return response
def teardown_request(response: Response) -> Response: if g.get('p') is not None: perf.check(g.p, 'slow_page', request.path, 'decksite') db().close() return response
def save_session(self, *args, **kwargs): if g.get('login_via_request'): return return super(CustomSecureCookieSessionInterface, self).save_session(*args, **kwargs)
def get_locale(): return g.get('current_lang', request.accept_languages.best_match(VALID_LANGUAGES, 'en'))
def rule_find_one(id): db_session = g.get("db_session") result = db_session.query(Rule).filter(Rule.id == id).first() if result is None: return make_response(f"Can't find data with id {id}", 404) return jsonify(result.to_dict())
def current_user(self) -> Union[None, Any]: return g.get('flask_httpauth_user', None)
def before_insert(resource, documents): user = g.get('user', None) if user is not None: for document in documents: document[created_by_field] = user document[modified_by_field] = user
def get_locale(): g.locale = request.cookies.get("lang") if not g.get('locale', None): translations = ["en", "fr"] g.locale = request.accept_languages.best_match(translations) return g.locale
def _get_private_filters(self, repo, invisible_stages): query = {} if repo == 'ingest': query = {'and': [{'term': {'_type': 'ingest'}}]} elif repo == 'archive': user_id = g.get('user', {}).get('_id') query = { 'and': [{ 'exists': { 'field': 'task.desk' } }, { 'bool': { 'should': [ { 'and': [{ 'term': { ITEM_STATE: CONTENT_STATE.DRAFT } }, { 'term': { 'task.user': str(user_id) } }] }, { 'terms': { ITEM_STATE: [ CONTENT_STATE.FETCHED, CONTENT_STATE.ROUTED, CONTENT_STATE.PROGRESS, CONTENT_STATE.SUBMITTED, CONTENT_STATE.SPIKED ] } }, ], 'must_not': { 'term': { 'version': 0 } } } }] } elif repo == 'published': query = { 'and': [{ 'term': { '_type': 'published' } }, { 'terms': { ITEM_STATE: [ CONTENT_STATE.SCHEDULED, CONTENT_STATE.PUBLISHED, CONTENT_STATE.KILLED, CONTENT_STATE.CORRECTED ] } }] } elif repo == 'archived': query = {'and': [{'term': {'_type': 'archived'}}]} if invisible_stages and (repo == 'archive' or repo == 'published'): query['and'].append( {'not': { 'terms': { 'task.stage': invisible_stages } }}) return query
def CurrentUser(): return g.get('User')
def close_db(error): if g.get('db'): g.db.close()
def teardown_db_connection(exception): connection = g.get('connection') if connection is not None: connection.close()
def getFontsBaseURL(self): if g.get('static_site'): return "static/fonts" else: return url_parse("%s/fonts" % self.getBaseURL()).path
def getCssBaseURL(self): if has_app_context() and g.get('static_site'): return "static/css" else: return url_parse("%s/css" % self.getBaseURL()).path