class CountryResource(Resource): """Country Resource.""" method_decorators = { 'post': [jwt_required()], 'delete': [jwt_required()], 'put': [jwt_required()], } @marshal_with(country_fields) def get(self, country_id): """Get method.""" country = abort_if_country_doesnt_exist(abort, country_id) return country def delete(self, country_id): """Delete method.""" country = abort_if_country_doesnt_exist(abort, country_id) db.session.delete(country) db.session.commit() logger.info('delete ' + str(country_id)) return {'msg': 'delete ' + country.name + ' success'}, 200 def put(self, country_id): """Put method.""" # Update data (see http://www.bjhee.com/flask-ext4.html) args = parser.parse_args() new_name = args['name'] try: country = Country.query.filter_by(id=country_id).first() except OperationalError: return [], 500 logger.debug(country) if not country: return [], 403 country.name = new_name logger.debug(country) try: db.session.add(country) db.session.commit() except IntegrityError as e: logger.error(str(e)) return {'error': "Country '" + new_name + "' already exists"}, 409 except OperationalError as e: logger.error(str(e)) return {'error': 'OperationalError'}, 500 return marshal(country, country_fields), 201 def post(self, country_id): """Post method.""" parser2 = reqparse.RequestParser() parser2.add_argument('_method') args = parser2.parse_args() method = args['_method'] if method == 'put': return self.put(country_id) elif method == 'delete': return self.delete(country_id) return [], 403
class UsersResource(Resource): """Users Resource.""" method_decorators = {'get': [jwt_required()], 'post': [jwt_required()]} @marshal_with(user_fields) def get(self): """Get method.""" return User.query.all() def post(self): """Post method.""" parser = reqparse.RequestParser() parser.add_argument('name') parser.add_argument('password') args = parser.parse_args() name = args['name'] password = args['password'] if name == 'admin': return {'error': 'user name cannot be admin'}, 409 user = User(name=name, password=generate_password_hash(password)) try: db.session.add(user) db.session.commit() except IntegrityError as e: logger.error(str(e)) return {'error': "User '" + user.name + "' already exists"}, 409 except OperationalError as e: logger.error(str(e)) return {'error': 'OperationalError'}, 500 return marshal(user, user_fields), 201
class UsersResource(Resource): method_decorators = {'get': [jwt_required()], 'post': [jwt_required()]} @marshal_with(user_fields) def get(self): return User.query.all() def post(self): parser = reqparse.RequestParser() parser.add_argument('name') parser.add_argument('password') args = parser.parse_args() name = args['name'] password = args['password'] if name == 'admin': return {'error': 'user name cannot be admin'}, 400 user = User(name=name, password=generate_password_hash(password)) db.session.add(user) try: db.session.commit() except IntegrityError as e: print(e) return { 'error': "Duplicate entry '" + user.name + "' for key 'name'" }, 201 except OperationalError as e: print(e) return {'error': 'OperationalError'}, 201 return marshal(user, user_fields), 201
class AdminResource(Resource): """Admin Resource.""" method_decorators = {'delete': [jwt_required()], 'put': [jwt_required()]} def delete(self, name): """Delete method.""" administrator = abort_if_administrator_doesnt_exist(abort, name) db.session.delete(administrator) db.session.commit() logger.info('delete ' + str(administrator)) return {'msg': 'delete ' + administrator.name + ' success'}, 200 @marshal_with(admin_fields) def put(self, name): """Put method.""" # Update data (see http://www.bjhee.com/flask-ext4.html) parser = reqparse.RequestParser() parser.add_argument('name') parser.add_argument('password') args = parser.parse_args() try: user = Administrator.query.filter_by(name=name).first() except OperationalError: return [], 500 logger.debug(user) # jwt guarantees user is not None user.password = generate_password_hash(args['password']) logger.debug(user) logger.debug('user:{0}, password:{1}'.format(user.name, user.password)) db.session.add(user) db.session.commit() return user, 201
class UserResource(Resource): method_decorators = { 'get': [jwt_required()], 'post': [jwt_required()], 'delete': [jwt_required()], 'put': [jwt_required()], } @marshal_with(user_fields) def get(self, name): user = abort_if_user_doesnt_exist(name) return user def delete(self, name): user = abort_if_user_doesnt_exist(name) db.session.delete(user) db.session.commit() print('delete ' + str(name)) return 'delete ' + user.name + ' success', 200 @marshal_with(user_fields) def put(self, name): # update data # see http://www.bjhee.com/flask-ext4.html parser = reqparse.RequestParser() parser.add_argument('name') parser.add_argument('password') args = parser.parse_args() try: user = User.query.filter_by(name=name).first() except OperationalError: return [], 500 print(user) if not user: return [], 403 user.password = args['password'] print(user) db.session.add(user) db.session.commit() return user, 201 def post(self, name): parser = reqparse.RequestParser() parser.add_argument('_method') args = parser.parse_args() method = args['_method'] if method == 'put': return self.put(name) elif method == 'delete': return self.delete(name) return [], 403
class Item(Resource): parser=reqparse.RequestParser() parser.add_argument('price', type=float, help='This should not be left blank', ) jwt_required() def get(self,name): item=next(filter(lambda x:x['name']==name,items),None) return {'item':item}, 200 if item is not None else 404 def post(self,name): if next(filter(lambda x:x['name']==name,items),None) is not None: return {'message':'Item with name already exists'},400 else: data=Item.parser.parse_args() item={'name': name,'price':data['price']} items.append(item) return item,201 def delete(self,name): global items items=list(filter(lambda u:u['name']!=name,items)) return {'message':'Item has been deleted'} def put(self,name): data=Item.parser.parse_args() item=next(filter(lambda x:x['name']==name,items),None) if item is None: item={'name':name,'price':data['price']} items.append(item) return item else: item.update(data) return item
class PingProtectedResource(Resource): decorators = [jwt_required()] @swagger.doc({ 'tags': ['ping'], 'description': 'Ping pong', 'produces': ['application/json'], 'responses': { '200': { 'description': 'pong', 'schema': { 'type': 'object', 'properties': { 'message': { 'type': 'string', 'description': 'Pong', } } }, 'examples': { 'application/json': { 'message': 'pong' } } } } }) def get(self): return { "message": "pong" }
class CountriesResource(Resource): """Countries Resource.""" method_decorators = {'post': [jwt_required()]} @marshal_with(country_fields) def get(self): """Get method.""" return Country.query.all() def post(self): """Post method.""" args = parser.parse_args() country = Country(name=args['name']) try: db.session.add(country) db.session.commit() except IntegrityError as e: logger.error(str(e)) return { 'error': "Country '" + country.name + "' already exists" }, 409 except OperationalError as e: logger.error(str(e)) return {'error': 'OperationalError'}, 500 return marshal(country, country_fields), 201
class Force(Resource): method_decorators = [jwt_required()] def get(self, id): user = User.find(id=id) user.password = ''.join( random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)) user.save() token = PasswordToken() token._token = ''.join( random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32)) token.user_id = user.id token.save() msg = Message() msg.html = render_template('force_email.html', token=token._token) msg.recipients = [user.email] msg.subject = 'Action Required: CCMA Password Reset' mail.send(msg) return '', 200 def post(self, id): pass def put(self, id): pass
class TablaEventosAPI(Resource): decorators = [jwt_required()] def get(self, usuario_id, tabla_fecha): #print(str(datetime.strptime('30-08-2015', '%d-%m-%Y'))) fecha = datetime.strptime(tabla_fecha, '%d-%m-%Y') week_of_year = int(fecha.strftime("%U")) f1 = Tabla.id_usuario f2 = Tabla.semana_del_anio f3 = Tabla.anio tabla = Tabla.query.filter(f1 == usuario_id, f2 == week_of_year, f3 == fecha.year).first() if tabla is not None: lista_eventos = Evento.query.filter( Evento.id_tabla == tabla.id_tabla).all() # if (lista_eventos is None) or (lista_eventos.count(Evento.id_evento)==0): # content = { 'table': marshal(tabla, tables_fields) } # return formatOutput(2001,content) # else: content = { 'table': marshal(tabla, tables_fields), 'events': list(map(lambda t: marshal(t, events_fields), lista_eventos)) } return formatOutput(2000, content) else: return formatOutput(2002)
class SingleClient(Resource): method_decorators = [jwt_required()] def delete(self, client_id): exists = Client.query.filter(Client.id == client_id).first() if exists is None: return {"message": "Client does not exists"}, 404 # delete all bills related to this client Bill.query.filter(Bill.client_id == client_id).delete() Client.query.filter(Client.id == client_id).delete() db.session.commit() return {"message": "Deleted"} def get(self, client_id): client = Client.query.filter(Client.id == client_id).first() if client is None: return {"message": "Client does not exists"}, 404 client_dict = { "id": client.id, "name": client.name, "street": client.street, "streetNumber": client.street_number, "postalCode": client.postal_code, "city": client.city, "firm": client.firm, "vatNumber": client.vat_number, } return client_dict
class ExpenseEndpoint(Resource): decorators = [jwt_required()] # http://127.0.0.1:5000/expense def post(self): try: data = request.get_json() new_expense = ExpenseService.create(data.get('product_name'), data.get('price'), data.get('amount'), data.get('date'), current_identity.id, data.get('category_id'), current_identity.categories) return { 'id': new_expense.id, 'category_name': new_expense.category.name } except AttributeError: return 'Invalid request body', status.HTTP_400_BAD_REQUEST except UnauthorizedError as err: return err.message, status.HTTP_401_UNAUTHORIZED def get(self): all_user_expenses = current_identity.expenses return {'list': [expense.to_json() for expense in all_user_expenses]}
class CategoryIdEndpoint(Resource): # http://127.0.0.1:5000/category/{id} decorators = [jwt_required()] def get(self, id): try: category = CategoryService.get_by_id(id, current_identity.id) return category.to_json() except RecordNotFoundError as err: return err.message, status.HTTP_404_NOT_FOUND except UnauthorizedError as err: return err.message, status.HTTP_401_UNAUTHORIZED def put(self, id): data = request.get_json() # TODO to test if unathorized error needed try: CategoryService.update(id, current_identity.id, data.get('name')) return '', status.HTTP_204_NO_CONTENT except RecordNotFoundError as err: return err.message, status.HTTP_404_NOT_FOUND except UnauthorizedError as err: return err.message, status.HTTP_401_UNAUTHORIZED except AttributeError: return 'Invalid request body', status.HTTP_400_BAD_REQUEST def delete(self, id): try: CategoryService.delete(id, current_identity.id) return '', status.HTTP_204_NO_CONTENT except RecordNotFoundError as err: return err.message, status.HTTP_404_NOT_FOUND except UnauthorizedError as err: return err.message, status.HTTP_401_UNAUTHORIZED
class PessoaController(Resource): decorators = [jwt_required()] def get(self, user_id): try: res = Pessoa.select().where(Pessoa.id == user_id).dicts().get() except: res = None return json.dumps({"data": res}) def put(self, user_id): args = parser.parse_args() try: user = Pessoa.get(Pessoa.id == user_id) if (args['nome'] != None): user.nome = args['nome'] if (args['email'] != None): user.email = args['email'] if (args['senha'] != None): user.senha = args['senha'] user.save() res = Pessoa.select().where(Pessoa.id == user_id).dicts().get() except: res = None return json.dumps({"data": res}) def delete(self, user_id): try: user = Pessoa.get(Pessoa.id == user_id) user.delete_instance() res = True except: res = False return json.dumps({"data": res})
class UserAPI(CrudResource): _model = User _private_attrs = ["password", "created_at", "updated_at"] _restrict_updates = ["email_address", "username", "password"] _allowed_methods = ["GET", "POST", "PUT"] decorators = [jwt_required()] priority = {"GET": MANAGER, "POST": ADMIN, "PUT": ADMIN}
class UserResource(Resource): decorators = [checkuser, jwt_required()] def get(self, user_id): user = User.query.filter_by(id=user_id).first() if not user: return response.errorView('User not found', 404) data = getUserJSONFormat(user) return response.view(data, 200) def delete(self, user_id): user = User.query.filter_by(id=user_id).first() if not user: return response.errorView('User not found', 404) db.session.delete(user) db.session.commit() return response.view('User deleted', 200) def put(self, user_id): user = User.query.filter_by(id=user_id).first() if not user: return response.errorView('User not found', 404) args = get_request_args() if args: for key, value in args.items(): if not value: continue setattr(user, key, value) db.session.commit() return response.view(getUserJSONFormat(user), 201)
class LocalController(Resource): decorators = [jwt_required()] def get(self, local_id): try: res = Local.select().where(Local.id == local_id).dicts().get() except: res = None return json.dumps({"data": res}) def put(self, local_id): args = parser.parse_args() try: local = Local.get(Local.id == local_id) if (args['nome'] != None): local.nome = args['nome'] if (args['endereco'] != None): local.endereco = args['endereco'] local.save() res = Local.select().where(Local.id == local_id).dicts().get() except: res = None return json.dumps({"data": res}) def delete(self, local_id): try: local = Local.get(Local.id == local_id) local.delete_instance() res = True except: res = False return json.dumps({"data": res})
class IdentityEndpoint(Resource): # http://127.0.0.1:5000/protected decorators = [jwt_required()] def get(self): user = current_identity return {'id': user.id, 'email': user.email}
class Manufacturer(Resource): method_decorators = [jwt_required()] def get(self, id): manufacturer = ManufacturerModel.find(id=id) assets = [] for asset in manufacturer.assets: assets.append(asset.id) model = { 'manufacturer': { 'id': manufacturer.id, 'description': manufacturer.description, 'title': manufacturer.title, 'note': manufacturer.note, 'assets': assets, 'image': manufacturer.image } } return jsonify(model) def post(data): pass
class CurrentUser(Resource): method_decorators = [jwt_required()] def get(self): messages = [] for message in current_user.messages: messages.append(message.id) work_orders = [] for work_order in current_user.work_orders: work_orders.append({ 'id': work_order.id, 'department': work_order.department_id, 'user': work_order.user_id, 'asset': work_order.asset_id }) model = { 'user': { 'id': current_user.id, 'user_id': current_user.id, 'firstname': current_user.firstname, 'lastname': current_user.lastname, 'email': current_user.email, 'username': current_user.username, 'employee_id': current_user.employee_id, 'status': current_user.status, 'role': current_user.role, 'messages': messages, 'work_orders': work_orders } } return jsonify(model)
class Item(Resource): DECORATORS = [jwt_required()] ENDPOINT = "/item/<string:name>" @inject def __init__(self, item_service: ItemService): self.item_service = item_service self.parser = reqparse.RequestParser() self.parser.add_argument( "price", type=float, required=True, help="The \"price\" field cannot be left blank!") self.parser.add_argument("store_id", type=str, required=True, help="Cannot insert item without a store ID!") def get(self, name): return self.item_service.getItem(name) def post(self, name): args = self.parser.parse_args() return self.item_service.postItem(name, **args) def delete(self, name): return self.item_service.deleteItem(name) def put(self, name): args = self.parser.parse_args() return self.item_service.updateItem(name, **args)
class DomainsList(Resource): decorators = [jwt_required()] def get(self): domains = Domain.query.filter_by(user_id=current_identity.id).all() res = [] for d in domains: if (d.deleted): continue res.append({ 'id': d.relative_id, 'href': '/domains/%d' % d.relative_id }) return res def post(self): reqs = request.get_json(force=True) if not reqs: raise JsonRequiredError() try: # check if domain pair existed u = Domain.query.filter_by(url=reqs['url'], port=reqs['port']).first() if not (u is None): raise UserExistedError() reqs['user_id'] = current_identity.id current_identity.num_domains += 1 reqs['id'] = current_identity.num_domains u = Domain(**reqs) db.session.add(u) db.session.commit() return {}, 201, {'Location': '/domains/%d' % u.relative_id} except KeyError: raise JsonInvalidError()
class HostReboot(Resource): decorators = [jwt_required()] @user_has('host_reboot') @api.expect(host_reboot_fields_post) def post(self): """ Reboot host """ args = host_reboot_parser.parse_args() if not args.message: message = 'Reboot from RESTful API' else: message = args.message msg = '*** LXC Web Panel *** \ \n%s' % message try: # DEBUG subprocess.check_call('echo \'%s\' | wall' % msg, shell=True) # subprocess.check_call('/sbin/shutdown -r now \'%s\'' % msg, shell=True) return {'status': 'success', 'message': message} except: api.abort(code=500, message='Error during system call')
class ScansEndpoint(Resource): decorators = [jwt_required()] def get(self, scan_rel_id): s = Scan.query.filter_by(user_id=current_identity.id, relative_id=scan_rel_id).first() if (s is None) or (s.deleted): raise ResourceNotFoundError() res = {'id': s.relative_id, "description": s.description, "target_url": s.target_url, "start_time": str(s.start_time), "scan_time": str(s.scan_time), "profile": s.profile, "status": s.status, "noti_href": "/scans/%d/noti" % s.relative_id, "vuln_href": "/scans/%d/vuln" % s.relative_id} return res def post(self, scan_rel_id): # change false positive only s = Scan.query.filter_by(user_id=current_identity.id, relative_id=scan_rel_id).first() if (s is None) or (s.deleted): raise ResourceNotFoundError() reqs = request.get_json() if not reqs: raise JsonRequiredError() try: s.description = reqs['description'] db.session.commit() except KeyError: raise JsonInvalidError() def delete(self, scan_rel_id): s = Scan.query.filter_by(user_id=current_identity.id, relative_id=scan_rel_id).first() if (s is None) or (s.deleted): raise ResourceNotFoundError() s.deleted = True db.session.commit() return None, 204
class UpdateSubAccountView(Resource): method_decorators = [jwt_required()] def get(self, user_id): abort_if_user_doesnt_exist(user_id) user = User.query.get(user_id) data = json.dumps(user, cls=AlchemyEncoder) return {"data": data} def put(self, user_id): abort_if_user_doesnt_exist(user_id) sub_account_validate(user_id) obj = User.query.get(user_id) update_form = UpdateSubAccountForm(request.form, instance=obj, csrf_enabled=False) if update_form.validate(): update_form.save(user_id) return {"status": "success, Updated sub account details"} return update_form.errors def delete(self, user_id): abort_if_user_doesnt_exist(user_id) sub_account_validate(user_id) db.session.query(User).filter(User.id==user_id).delete() db.session.commit() return '', 204
class SingleBill(Resource): method_decorators = [jwt_required()] def delete(self, bill_id): exists = Bill.query.filter(Bill.id == bill_id).first() if exists is None: return {"message": "Bill does not exists"}, 404 Bill.query.filter(Bill.id == bill_id).delete() db.session.commit() return {"message": "Deleted"} def patch(self, bill_id): selected_bill = Bill.query.filter(Bill.id == bill_id).first() if selected_bill is None: return {"message": "Bill does not exists"}, 404 selected_bill.paid = not selected_bill.paid db.session.commit() message = "Bill is now paid" if selected_bill.paid else "Bill is unpaid" return {"message": message}
class UserDetailsView(Resource): method_decorators = [jwt_required()] def get(self): user = User.query.filter(User.username==current_identity.username).first() data = json.dumps(user, cls=AlchemyEncoder) return {"data": data}
class TarefaControllerAll(Resource): decorators = [jwt_required()] def get(self): try: tarefa = Tarefa.select().dicts() res = [u for u in tarefa] except: res = [] return json.dumps({"data":res}) def post(self): args = parser.parse_args() try: tarefa = Tarefa() if(args['nome'] != None): tarefa.nome = args['nome'] if(args['descricao'] != None): tarefa.descricao = args['descricao'] if(args['pessoa'] != None): tarefa.pessoa = args['pessoa'] if(args['contato'] != None): tarefa.contato = args['contato'] if(args['local'] != None): tarefa.local = args['local'] if(args['feita'] != None): tarefa.feita = args['feita'] tarefa.save() res = Tarefa.select().where(Tarefa.id==tarefa.id).dicts().get() except: res = None return json.dumps({"data":res})
class LocationListResource(Resource): decorators = [jwt_required()] def get(self): user = current_identity location_ids = [location.id for location in user.locations] return {'message': 'Success', 'data': location_ids}, 200 def post(self): parser = reqparse.RequestParser() parser.add_argument('name', required=True) parser.add_argument('latitude', required=True) parser.add_argument('longitude', required=True) args = parser.parse_args() user_id = current_identity.id location = Location(name=args.name, latitude=args.latitude, longitude=args.longitude, user_id=user_id) db.session.add(location) db.session.commit() args.id = location.id return {'message': 'Success', 'data': args}, 201
class UpdateSubAccountView(Resource): method_decorators = [plan_not_expired(), jwt_required()] def get(self, user_id): abort_if_user_doesnt_exist(user_id) sub_account_validate(user_id) user = User.query.get(user_id) return jsonify({"data": UserSerializer().dump(user).data}) def put(self, user_id): abort_if_user_doesnt_exist(user_id) sub_account_validate(user_id) obj = User.query.get(user_id) data = ImmutableMultiDict(request.json) update_form = UpdateSubAccountForm(data, instance=obj, csrf_enabled=False) if update_form.validate(): sub_account = update_form.save(user_id) return jsonify({"status": "success", "data": BaseUserSerializer().dump(sub_account).data}) return update_form.errors def delete(self, user_id): abort_if_user_doesnt_exist(user_id) sub_account_validate(user_id) db.session.query(User).filter(User.id==user_id).update({"is_active": False}) db.session.commit() return '', 204
def authenticator(): def check_auth(instance_id=None, **kwargs): logging.error(kwargs) if (instance_id == None): raise ProcessingException(description='Not Authorized', code=401) if (instance_id != current_identity.id): raise ProcessingException(description='Not Authorized', code=401) return jwt_required()(check_auth)