def queue(self, event, context):
# print("Event: {}, context: {}".format(event, context.invoked_function_arn))
source_event = Event(event, context)
data = source_event.parse()
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(target.name))
return Response({
"statusCode": 400,
"body": json.dumps({'error': 'Target was not valid or missing'})
}).with_security_headers()
scan_uuid = str(uuid.uuid4())
self.sqs_client.send_message(
QueueUrl=self.queueURL,
MessageBody="portscan|" + target.name
+ "|" + scan_uuid
)
# Use a UUID for the scan type and return it
return Response({
"statusCode": 200,
"body": json.dumps({'uuid': scan_uuid})
}).with_security_headers()
else:
self.logger.error("Unrecognized payload: {}".format(data))
return Response({
"statusCode": 400,
"body": json.dumps({'error': 'Unrecognized payload'})
}).with_security_headers()
def test_get_formatted_content_success(self):
resp = Response(SUCCESS, "id:13~result:success~ip:127.0.0.1")
self.assertEquals(resp.get_formatted_content(), {
'id': '13',
'result': 'success',
'ip': '127.0.0.1'
})
def update(req: Request, res: Response):
form = req.body
todo_id = form['id']
t = Todo.find_by(id=todo_id)
u = current_user(req)
if t is None:
return res.json({
'code': 400,
'msg': 'todo {} 不存在'.format(todo_id),
})
# todo 项的 id 与当前用户的 id 一样(有权限更新)
# 才能编辑
if (u is None and t.user_id > 0) or u.id != t.user_id:
res.json({
'code': 401,
'msg': 'Unauthorized',
})
else:
form.pop('id')
new_t = Todo.update(todo_id, form)
log(form)
res.json({
'code': 0,
'msg': '',
'data': new_t.json(),
})
def route_logout(req: Request, res: Response):
res.cookies.set('session_id', '; max-age=0')
res.json({
'code': 0,
'msg': '登出成功',
'data': {},
})
def delete(req: Request, res: Response):
todo_id = req.body['id']
Todo.delete(todo_id)
res.json({
'code': 0,
'msg': '删除成功',
})
def _post_update(self):
""" 将Customer的类型进行更新 """
# argument的校验与获取
self.parser.add_argument('customer_id', type=int, required=True)
self.parser.add_argument('customer_type',
type=int,
required=True,
choices=CustomerType.choices(),
help='请传入正确的customer_type参数')
args = self.parser.parse_args()
customer_id = args.get('customer_id')
customer_type = args.get('customer_type')
# 获取具体的customer,并更新的客户类型
try:
customer = Customer.query.filter_by(id=customer_id).first()
customer.customer_type = customer_type
customer.update()
except AttributeError:
return Response.error('请求出错', 'custoemr_id无法定位到一个具体的customer对象')
except Exception as e:
return Response.error('请求出错', str(e))
return Response.success('customer的状态修改成功')
def _route_method(self, method, request_type):
"""根据不同的method和reqeust_type返回contorller中不同的方法名
:method: url后面的method参数
:request_type: request请求的方法,GET还是POST方法
:return: json类型的response
"""
route_method = None
if request_type == RequestType.GET:
route_method = '_get_{}'.format(method if method else 'index')
elif request_type == RequestType.POST:
route_method = '_post_{}'.format(method if method else 'index')
else:
return Response.error('路由错误', 'system routing error')
# 如果route_method为空或者contorller中没有route_method方法
if route_method is None or not hasattr(self, route_method):
return Response.error('请求的方法不存在', 'method does not exist')
func = getattr(self, route_method)
try:
response = func()
except BadRequest as ex:
return Response.field_error(ex.description)
return response
def process_connection(self, connection):
with connection:
r = b''
while True:
content = connection.recv(1024)
r += content
if len(content) != 1024:
break
log('request log:\n <{}>'.format(r))
r = r.decode()
if r:
request = Request(r)
response = Response()
m_num = len(self.middlewares)
if m_num > 0:
# 下一个中间件的 index
next_i = 0
def next():
nonlocal next_i
if next_i == m_num:
self.handle_path(request, response)
else:
m = self.middlewares[next_i]
next_i += 1
m(request, response, next)
next()
else:
self.handle_path(request, response)
# 把响应发送给客户端
connection.sendall(response.toHttp())
def error(req: Request, res: Response):
"""
根据 code 返回不同的错误响应
目前只有 404
"""
res.code = 404
res.body = '<h1>NOT FOUND</h1>'
def _get_salesman(self):
""" 销售维度的业绩统计 """
result = {
'salesman_name': '', # 销售员的姓名
'salesman_id': '', # 销售员的主键id
'start_date': '', # 业绩统计的起始日期
'end_date': '', # 业绩统计的结束日期
'achievements': dict() # 具体的业绩数据
}
# argument
self.parser.add_argument('salesman', type=int,
required=True) # 销售员的用户id
self.parser.add_argument('start_date', type=int, required=True)
self.parser.add_argument('end_date', type=int, required=True)
args = self.parser.parse_args()
salesman_id = args.get('salesman')
start_timestamp = args.get('start_date')
end_timestamp = args.get('end_date')
start_date = date.fromtimestamp(start_timestamp)
end_date = date.fromtimestamp(end_timestamp)
try:
# 找出这段时间内销售不同类型产品的业绩
achievements = Achievement.query.with_entities(
Achievement.salesman_name, Achievement.salesman_id,
Achievement.order_type,
func.sum(Achievement.order_money).label('sum_money'),
func.sum(Achievement.order_price).label('sum_price')).filter(
Achievement.salesman_id == salesman_id,
Achievement.order_date.between(
start_date,
end_date)).group_by(Achievement.salesman_name,
Achievement.salesman_id,
Achievement.order_type)
# 如果销售在这一段时间内没有业绩
if len(list(achievements)) <= 0:
return Response.construct_response('该销售员在这一段时间内没有业绩')
# 构造result
result['salesman_name'] = achievements[0].salesman_name
result['salesman_id'] = achievements[0].salesman_id
result['start_date'] = start_date.strftime('%Y-%m-%d')
result['end_date'] = end_date.strftime('%Y-%m-%d')
for achievement in achievements:
achievement_json = {
'order_type': achievement.order_type,
'sum_money': achievement.sum_money,
'sum_price': achievement.sum_price,
}
result['achievements'][str(
achievement.order_type)] = achievement_json
except Exception as e:
return Response.error('请求出错', str(e))
return result
def downloadResults(self, event, context):
# This is a lambda function called from API GW
# Event type will always be "api-gw"
source_event = Event(event, context)
data = source_event.parse()
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(
target.name))
return Response({
"statusCode":
400,
"body":
json.dumps({'error': 'Target was not valid or missing'})
}).with_security_headers()
results = Results(target.name, self.s3_client, self.bucket,
self.base_results_path)
# Always use the download route
scan_results, status = results.download()
if scan_results:
return Response({
"statusCode":
status,
"headers": {
"Content-Type":
"application/gzip",
"Content-Disposition":
"attachment; filename={}.tgz".format(target.name)
},
"body":
base64.b64encode(scan_results.getvalue()).decode("utf-8"),
"isBase64Encoded":
True
}).with_security_headers()
else:
if status == 404:
resp_body = 'No results found for target'
elif status == 500:
resp_body = 'Unable to download scan results'
else:
resp_body = 'Unknown error'
return Response({
"statusCode": status,
"body": json.dumps({'error': resp_body})
}).with_security_headers()
else:
self.logger.error("Unrecognized payload: {}".format(data))
return Response({
"statusCode":
400,
"body":
json.dumps({'error': 'Unrecognized payload'})
}).with_security_headers()
def test_without_security_headers(self):
original_response = {
"statusCode": 200,
"body": json.dumps({'foo': 'bar'})
}
response = Response(original_response)
assert type(Response(original_response)) == Response
assert response.without_security_headers() == {
'body': '{"foo": "bar"}',
'statusCode': 200
}
def fn(req: Request, res: Response, next):
if not req.path.startswith(public_path):
return next()
filepath = req.path[len(public_path) + 1:]
realpath = os.path.join(os.getcwd(), 'public/static', filepath)
if os.path.isfile(realpath):
_, extname = os.path.splitext(filepath)
res.headers['Content-type'] = mimetypes.types_map[extname]
with open(realpath, 'rb') as f:
res.body = f.read()
else:
res.headers['Content-type'] = 'text/html'
res.body = '<h1>NOT FOUND</h1>'
def fn(req: Request, res: Response, next):
# 如果在 cookie 中检查不到 cookie,就进行设置
if req.cookies.get(options['cookie_name'], None) is None:
res.cookies.set(options['cookie_name'], csrf_token)
# 简单请求不需要检查 csrf_token
if req.method in simple_methods:
return next()
log(req.method, req.headers, options['header_name'])
if req.headers.get(options['header_name'], None) != csrf_token:
res.code = 403
res.body = ''
else:
next()
def test_with_security_headers(self):
original_response = {
"statusCode": 200,
"body": json.dumps({'foo': 'bar'})
}
new_headers_expectation = Response.SECURITY_HEADERS
response = Response(original_response)
assert type(Response(original_response)) == Response
assert response.with_security_headers() == {
'body': '{"foo": "bar"}',
'headers': new_headers_expectation,
'statusCode': 200
}
def test_movie_insert(api):
response = Response()
request_data = {
'companys': ['카카오', '토스'], 'directors': ['김택윤', '이운기'], 'genreAlt': '테스트', 'movieCd': '2',
'movieNm': '포스트테스트', 'movieNmEn': 'POSTTEST', 'nationAlt': '테스트', 'openDt': '20200101',
'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편',
}
api_response = api.post(
'/movies',
data=json.dumps(request_data),
content_type="application/json"
)
assert api_response.status_code == 200
api_response = api.get(
'/movies/2'
)
payload = json.loads(api_response.data.decode('utf-8'))
payload = {key: value for key, value in dict(payload).items()}
assert api_response.status_code == 200
response_data = {
'companys': [{'id': 2, 'name': '카카오'}, {'id': 3, 'name': '토스'}],
'directors': [{'id': 2, 'name': '김택윤'}, {'id': 3, 'name': '이운기'}],
'genreAlt': '테스트', 'movieCd': '2', 'movieNm': '포스트테스트', 'movieNmEn': 'POSTTEST',
'nationAlt': '테스트', 'openDt': '20200101', 'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편'
}
assert payload == response(status='NORMAL', data=response_data, unit_test=True)
def _post_delete(self):
""" 将指定的customer对象删除 """
# argument的校验与获取
self.parser.add_argument('customer_id', type=int, required=True)
args = self.parser.parse_args()
customer_id = args.get('customer_id')
try:
customer = Customer.query.filter_by(id=customer_id).first()
Customer.delete(customer)
except AttributeError:
return Response.error('请求出错', 'custoemr_id无法定位到一个具体的customer对象')
except Exception as e:
return Response.error('请求出错', str(e))
return Response.success('删除成功')
def test_ping(api):
response = Response()
api_response = api.get('/ping')
payload = json.loads(api_response.data.decode('utf-8'))
assert api_response.status_code == 200
assert payload == response(status='NORMAL', data=payload['data'], unit_test=True)
def add(req: Request, res: Response):
"""
用于增加新 todo 的路由函数
"""
u = current_user(req)
if u is None:
return res.json({
'code': 401,
'msg': 'Unauthorized',
})
form = req.body
t = Todo.add(form, u.id)
res.json({
'code': 0,
'msg': '添加 todo 成功',
'data': t.json(),
})
def __call__(self, req: Request, res: Response, next):
now = datetime.now()
# try getting session from cookie
if self.cookie_id in req.cookies:
# TODO check expiration date
user_id = req.cookies[self.cookie_id]
self.user = self._get_user(user_id)
result = next(req, res)
if self.user:
res.set_cookie(self.cookie_id, str(self.user.id), self.max_age)
else:
res.set_cookie(self.cookie_id, '', max_age=now.timestamp())
self.user = None
return result
def decorate_function(*args, **kwargs):
response = Response()
if request.method in ['PUT', 'POST']:
content_type = request.headers.get('Content-Type')
if str(content_type) != 'application/json':
return response(status='NOT_ACCEPTABLE', data='None')
return f(*args, **kwargs)
def index(req: Request, res: Response):
"""
todo 首页的路由函数
"""
try:
user_id = int(req.query['userId'])
except:
return res.json({
'code': 400,
'msg': '参数错误',
})
todos = Todo.find_all(user_id=user_id)
res.json({
'code': 0,
'msg': '',
'data': [t.json() for t in todos],
})
def _get_order_type(self):
""" 完成产品类型维度的业绩统计 """
result = {
'order_type': '', # 产品类型
'start_date': '', # 业绩统计的起始日期
'end_date': '', # 业绩统计的结束日期
'achievements': dict() # 具体的业绩数据
}
# argumengts
self.parser.add_argument('order_type', type=int, required=True) # 产品类型
self.parser.add_argument('start_date', type=int, required=True)
self.parser.add_argument('end_date', type=int, required=True)
args = self.parser.parse_args()
order_type = args.get('order_type')
start_timestamp = args.get('start_date')
end_timestamp = args.get('end_date')
start_date = date.fromtimestamp(start_timestamp)
end_date = date.fromtimestamp(end_timestamp)
try:
# 找出这段时间部门不同类型产品的业绩, 这里将部门和部门线数据拼称一个列表
achievements = Achievement.query.with_entities(
func.array_append(Achievement.department_line,
cast(Achievement.department_id,
VARCHAR(50))).label('department_line'),
func.sum(Achievement.order_money).label('sum_money'),
func.sum(Achievement.order_price).label('sum_price')).filter(
Achievement.order_type == order_type,
Achievement.order_date.between(
start_date,
end_date)).group_by(Achievement.department_id,
Achievement.department_line)
# 构造result
result['order_type'] = order_type
result['start_date'] = start_date.strftime('%Y-%m-%d')
result['end_date'] = end_date.strftime('%Y-%m-%d')
for achievement in achievements:
for department in achievement.department_line:
if department not in result['achievements']:
# 如果当前部门在数据中没有,则作为一条新数据添加进achievements中
achievement_json = {
'department': department,
'sum_money': achievement.sum_money,
'sum_price': achievement.sum_price,
}
result['achievements'][department] = achievement_json
else:
# 如果部门已经在achievements中了,直接累加
result['achievements'][department][
'sum_money'] += achievement.sum_money
result['achievements'][department][
'sum_price'] += achievement.sum_price
except Exception as e:
return Response.error('请求出错', str(e))
return result
def route_passport_status(req: Request, res: Response):
"""
登录页面的路由函数
"""
user_current = current_user(req)
if user_current:
res.json({
'code': 0,
'msg': 'success',
'data': {
'username': user_current.username,
'id': user_current.id,
},
})
else:
res.json({
'code': 401,
'msg': 'Unauthorized',
'data': {},
})
def dispatch(self):
cookie = Cookie.SimpleCookie(self.environ.get("HTTP_COOKIE",""))
if 'authToken' in cookie:
token = cookie["authToken"].value
self.checkAuthByToken(token)
if not self.loggedUser:
self.checkAuth()
path = os.path.join(os.path.dirname(__file__), "..", "templates", "login.html")
htmlFile = open(path, "r")
content = htmlFile.read()
htmlFile.close()
r = Response(content, encoder=None)
r.setHeaders([
('Content-type', "text/html")
])
return r
def signin(req:Request, res: Response):
if sessionManager.user is None:
user = User()
user.id = 1
user.username = '******'
user.password = '******'
sessionManager.signin_user(user)
res.status_code = 302
res.headers.add('Location', '/')
return res
def route_register(req: Request, res: Response):
if 'username' in req.body and 'password' in req.body:
u, result = User.register(
dict(
username=req.body['username'],
password=req.body['password'],
))
if u is None:
res.json({
'code': 400,
'msg': result,
'data': {},
})
else:
res.json({
'code': 0,
'msg': '注册成功',
'data': {
'username': u.username,
'id': u.id,
}
})
else:
res.json({
'code': 400,
'msg': '缺乏参数 username 或 password',
'data': {},
})
def test_with_security_headers_preexisting_sec(self):
original_headers = {'Content-Security-Policy': 'nope'}
original_response = {
"statusCode": 200,
"body": json.dumps({'foo': 'bar'}),
# We're adding to make sure it's not overwritten
'headers': original_headers
}
new_headers_expectation = {}
new_headers_expectation.update(Response.SECURITY_HEADERS)
new_headers_expectation['Content-Security-Policy'] = 'nope'
response = Response(original_response)
assert type(Response(original_response)) == Response
assert response.with_security_headers() == {
'body': '{"foo": "bar"}',
'headers': new_headers_expectation,
'statusCode': 200
}
def _post_index(self):
""" 请求Customer的列表数据 """
result = {
'total': 0, # 当前页面的customer数量
'page': 0, # 当面页码
'pages': 0, # 总页码
'customers': list() # 当前customer的数据
}
# argument的获取与校验
self.parser.add_argument('page', type=int, default=1)
self.parser.add_argument('per_page', type=int, default=20)
args = self.parser.parse_args()
page = args.get('page', 1)
per_page = args.get('per_page', 20)
# 如果page小于等于0,返回错误
if page <= 0:
return Response(*CommonPrompt.INVALID_PAGE)
# 获取customer数据
try:
customers_page = Customer.query.order_by(Customer.id) \
.paginate(page=page, per_page=per_page)
pages = customers_page.pages
customers_data = customers_page.items
customers_json = [
customer.to_json() for customer in customers_data
]
# 构造result
result['total'] = len(customers_json)
result['page'] = page
result['pages'] = pages
result['customers'] = customers_json
except Exception as e:
return Response.error('请求出错', str(e))
return result
def _post_add(self):
""" 新增一个customer对象 """
# argument的校验与获取
self.parser.add_argument('short_name', type=str, required=True)
self.parser.add_argument('full_name', type=str, required=True)
self.parser.add_argument('telephone', type=str, required=True)
self.parser.add_argument('customer_type',
type=int,
required=True,
choices=CustomerType.choices(),
help='请传入正确的customer_type参数')
args = self.parser.parse_args()
short_name = args.get('short_name')
full_name = args.get('full_name')
telephone = args.get('telephone')
customer_type = args.get('customer_type')
if Customer.query.filter_by(short_name=short_name).first():
return Response.error('请求出错', f'{short_name}已经添加在customer列表中了')
if Customer.query.filter_by(full_name=full_name).first():
return Response.error('请求出错', f'{full_name}已经添加在customer列表中了')
if not Validator.validate_phone(telephone):
return Response.error('请求出错', 'telephone不是一个有效的电话号码')
try:
customer = Customer(short_name=short_name,
full_name=full_name,
telephone=telephone,
customer_type=customer_type)
Customer.add(obj=customer)
except Exception as e:
return Response.error('请求出错', str(e))
return Response.success('添加成功')
def test_response_successful(self):
resp = Response(SUCCESS, "OK")
self.assertEquals(resp.is_success(), SUCCESS)
self.assertEquals(resp.get_status(), SUCCESS)
self.assertEquals(resp.get_content(), "OK")
def test_get_formatted_content_doublecolon(self):
resp = Response(SUCCESS, "id:13~key:this:contains:double:colon")
self.assertEquals(resp.get_formatted_content(), {'id':'13', 'key':'this:contains:double:colon'})
def test_get_formatted_content_empty(self):
resp = Response(SUCCESS, "id:13~novaluekey")
self.assertEquals(resp.get_formatted_content(), {'id':'13', 'novaluekey':''})
def test_get_formatted_content_success(self):
resp = Response(SUCCESS, "id:13~result:success~ip:127.0.0.1")
self.assertEquals(resp.get_formatted_content(), { 'id':'13', 'result':'success', 'ip':'127.0.0.1'})
def test_get_formatted_content_failure(self):
resp = Response(FAILURE, "Any error test")
self.assertEquals(resp.get_formatted_content(), {})
def test_response_failed(self):
resp = Response(FAILURE, "Error here")
self.assertEquals(resp.is_success(), FAILURE)
