def sign_up_valid(form):
if not (form.get("username", None) or form.get("mobile", None)
or form.get("email", None)):
raise flask_restless.ProcessingException(description=u'用户名/手机/电子邮件 错误',
code=400)
elif not form.get("password", None):
raise flask_restless.ProcessingException(description=u'密码 错误',
code=400)
else:
form["password"] = hash_password(form.get("password", None))
def pre_get_many(search_params=None, **kwargs):
if search_params is None:
search_params = {}
if not search_params.get('order_by'):
# Impose the default reverse-chronological order if order_by is not explicitly given.
search_params['order_by'] = [{'field': 'id', 'direction': 'desc'}]
if 'filters' not in search_params:
search_params['filters'] = []
query_params = flask.request.args
if len(query_params.getlist('year')) > 1:
raise flask_restless.ProcessingException(
description='More than one year specified.')
year = query_params.get('year')
if year:
if not YEAR_PATTERN.match(year):
raise flask_restless.ProcessingException(
description="Invalid year '{}'.".format(year))
search_params['filters'].append(
dict(name='title', op='like', val='{}%'.format(year)))
if len(query_params.getlist('team')) > 1:
raise flask_restless.ProcessingException(
description='More than one team specified.')
team = query_params.get('team')
if team:
search_params['filters'].append(dict(name='team', op='==', val=team))
if len(query_params.getlist('stage')) > 1:
raise flask_restless.ProcessingException(
description='More than one stage specified.')
stage = query_params.get('stage')
if stage:
if stage == 'special':
search_params['filters'].append(
dict(name='special', op='==', val=True))
else:
search_params['filters'].append(
dict(name='stage', op='==', val=stage))
if len(query_params.getlist('member')) > 1:
raise flask_restless.ProcessingException(
description='More than one member specified.')
member = query_params.get('member')
if member:
search_params['filters'].append(
dict(name='performers', op='like', val='%{},%'.format(member)))
def auth():
username = flask.request.json.get('username')
password = flask.request.json.get('password')
# check if the user is in any of the tables
matches = Customer.query.filter_by(username=username,
password=password).all()
matches += Deliveryperson.query.filter_by(username=username,
password=password).all()
matches += Restaurant.query.filter_by(username=username,
password=password).all()
if len(matches) > 0:
# generate a token (this is obviously an insecure way of doing so)
token = md5(password.encode('utf-8')).hexdigest()
# store token in database
dbentry = Token(username=username, token=token)
db.session.add(dbentry)
db.session.commit()
# hand the token to the API client
return flask.jsonify(token=token)
# no matching user found
raise flask_restless.ProcessingException(description='Not Authorized',
code=401)
def auth_func(**kw):
token = flask.request.headers.get('Authorization')
# search token in databasae
matches = Token.query.filter_by(token=token).all()
if len(matches) == 0:
raise flask_restless.ProcessingException(description='Not Authorized',
code=401)
def post_deployment_preprocessor(data=None, **kw):
"""
It verifies that an executable can be uploaded to the testbed
"""
# We verify the id is in the right format
if 'testbed_id' in data:
if 'executable_id' in data:
# We verify that the testbed exists in the database
testbed = db.session.query(Testbed).filter_by(
id=data['testbed_id']).first()
if testbed:
# We verify now that the executable_id is present in the db
executable = db.session.query(Executable).filter_by(
id=data['executable_id']).first()
if executable:
# We verify that the testbed is on-line
if testbed.on_line:
pass
else:
raise flask_restless.ProcessingException(
description=
'Testbed is off-line, this process needs to be performed manually',
code=403)
else:
raise flask_restless.ProcessingException(
description=
'No executable found with that id in the database',
code=400)
else:
raise flask_restless.ProcessingException(
description='No testbed found with that id in the database',
code=400)
else:
raise flask_restless.ProcessingException(
description='Missing executable_id field in the inputed JSON',
code=400)
else:
raise flask_restless.ProcessingException(
description='Missing testbed_id field in the inputed JSON',
code=400)
def patch_execution_preprocessor(instance_id=None, data=None, **kw):
"""
It allows to change the status of a running execution
"""
execution = db.session.query(Execution).filter_by(id=instance_id).first()
if execution:
if 'status' in data:
if data['status'] == Execution.__status_cancel__:
url = execution.execution_configuration.testbed.endpoint
executor.cancel_execution(execution, url)
elif data['status'] == Execution.__status_stop__ or data[
'status'] == Execution.__status_restart__:
if (execution.status == Execution.__status_running__
or execution.status == Execution.__status_restarted__
or execution.status == Execution.__status_restart__
) and data['status'] == Execution.__status_stop__:
executor.stop_execution(execution)
elif (execution.status == Execution.__status_stopped__
or execution.status == Execution.__status_stop__
) and data['status'] == Execution.__status_restart__:
executor.restart_execution(execution)
else:
description = 'Execution is not in right state'
raise flask_restless.ProcessingException(
description=description, code=409)
else:
raise flask_restless.ProcessingException(
description='No valid state to try to change', code=409)
elif 'add_resource' in data:
executor.add_resource(execution)
elif 'remove_resource' in data:
executor.remove_resource(execution)
else:
raise flask_restless.ProcessingException(
description=
'No status, remove_resource, or add_resource field in the payload',
code=409)
else:
raise flask_restless.ProcessingException(
description='No execution by the given id', code=409)
def post_testbed_preprocessor(data=None, **kw):
"""
It checks the data in the testbed payload to check if it is possible to
add nodes to if necessaryexi
"""
if 'nodes' in data:
create = can_create_the_node(testbed=data)
if not create['create']:
raise flask_restless.ProcessingException(
description=create['reason'], code=405)
def check_permissions(**kw):
if current_user.sysadmin == 1:
return
# extracting tablename from URL
table_name = request.path.split("/")[-1:][0]
curr_user = current_user.id if hasattr(current_user, "id") else None
table = tables.query.filter(func.lower(tables.name) == table_name).first()
permission = permissions.query.filter_by(table_id=table.id,
user_id=curr_user).first()
if permission is None:
raise flask_restless.ProcessingException(code=401)
if request.method == "GET" and permission.read_flag == 1:
return
elif request.method == "PUT" and permission.edit_flag == 1:
return
elif request.method == "POST" and permission.edit_flag == 1:
return
elif request.method == "DELETE" and permission.delete_flag == 1:
return
else:
raise flask_restless.ProcessingException(code=401)
def put_testbed_preprocessor(instance_id=None, data=None, **kw):
"""
It is going to check if the testbed allows the creation of nodes
"""
if instance_id != None:
if 'nodes' in data:
create = can_create_the_node(testbed_id=instance_id)
if not create['create'] and create['reason'] != no_testbed:
raise flask_restless.ProcessingException(
description=create['reason'], code=405)
def patch_execution_script_preprocessor(instance_id=None, data=None, **kw):
"""
It is going to start the execution of an application in the selected testbed
"""
if 'launch_execution' in data:
if data['launch_execution']:
execution_script = db.session.query(
ExecutionConfiguration).filter_by(id=instance_id).first()
deployment = db.session.query(Deployment).filter_by(
executable_id=execution_script.executable_id,
testbed_id=execution_script.testbed_id).first()
if not deployment:
raise flask_restless.ProcessingException(
description=
'No deployment configured to execute the application',
code=409)
elif not execution_script.testbed.on_line:
raise flask_restless.ProcessingException(
description='Testbed does not allow on-line connection',
code=403)
else:
create_profile = False
use_storaged_profile = False
if 'create_profile' in data:
if data['create_profile']:
create_profile = True
elif 'use_storaged_profile' in data:
if data['use_storaged_profile']:
if execution_script.profile_file:
use_storaged_profile = True
executor.execute_application(execution_script, create_profile,
use_storaged_profile)
def check_user_mod(app, instance_id=None, data=None, **kw): # pylint: disable=unused-argument
""" Check authentication status """
if not instance_id:
raise flask_restless.ProcessingException(
description='No instance ID specified', code=400)
mod_subject = User.query.get(instance_id)
if not mod_subject:
raise flask_restless.ProcessingException(description='Unknown subject',
code=404)
if current_user.is_anonymous:
raise flask_restless.ProcessingException(
description='Operation requires login.', code=401)
if 'roles' in data:
if not current_user.is_admin:
raise flask_restless.ProcessingException(
description='Only admins may edit roles', code=401)
else:
# check general modification constraints
if not current_user.can_modify(mod_subject):
raise flask_restless.ProcessingException(
description='Operation not allowed', code=401)
def post_and_patch_application_preprocessor(data=None, **kw):
"""
It is going to start the execution of an application in the selected testbed
"""
app_types = current.config['APP_TYPES']
if 'application_type' in data:
if data['application_type'] in app_types:
pass
else:
raise flask_restless.ProcessingException(
description='Application type ' + data['application_type'] +
' not supported',
code=406)
def post_patch_auth_func(**kw):
if not current_identity.id != kw["data"]["user_id"]:
raise flask_restless.ProcessingException(
description='Not authenticated!', code=401)
kw["data"]["updated_at"] = datetime.utcnow()
def check_user_mod_many(app, search_params=None, data=None, **kwargs): # pylint: disable=unused-argument
""" Check authentication status """
if current_user.is_anonymous or not current_user.is_admin:
raise flask_restless.ProcessingException(description='Not Authorized',
code=401)
def post_patch_many_auth_func(**kw):
if not current_identity.auth != 0:
raise flask_restless.ProcessingException(
description='Not authenticated!', code=401)
def pre_get_single(instance_id=None, **kwargs):
raise flask_restless.ProcessingException(
description='Single resource requests disabled.')
def check_db_connectivity(**kw):
if not check_tcp_socket(app.config['DATABASE_URL'], 3306):
raise flask_restless.ProcessingException(
description='Database Connectivity Error', code=500)
def caching_preprocessor(**kwargs):
key = cache_key()
cached_result = cache.get(key)
if cached_result:
raise flask_restless.ProcessingException(
response=json.loads(cached_result), code=200)
def auth_func(**kwargs):
if flask.request.headers.get('X-Secret-Key', '') != access_password:
raise flask_restless.ProcessingException(
description='Not authenticated!', code=401)
def user_auth_func(**kw):
if not current_identity.id != kw["data"]["user_id"]:
raise flask_restless.ProcessingException(
description='Not authenticated!', code=401)
def get_user_list(**kw):
if current_identity.auth != 0:
raise flask_restless.ProcessingException(
description='Not authenticated!', code=401)
def check_role_mod():
""" Check that current user can modify roles """
if current_user.is_anonymous or not current_user.is_admin:
raise flask_restless.ProcessingException(description='Not Authorized',
code=401)
