def authorize_sign_in(state, code, flow):
"""Complete the authorization and return the response."""
if state != tx.user.session["state"]:
raise web.BadRequest("bad state")
if flow == "profile":
endpoint = tx.user.session["authorization_endpoint"]
elif flow == "token":
endpoint = tx.user.session["token_endpoint"]
else:
raise web.BadRequest("only `profile` and `token` flows supported")
response = web.post(
endpoint,
headers={
"Accept": "application/json"
},
data={
"grant_type": "authorization_code",
"code": code,
"client_id": tx.user.session["client_id"],
"redirect_uri": tx.user.session["redirect_uri"],
"code_verifier": tx.user.session["code_verifier"],
},
).json
create_guest(tx.db, response)
return response
def GET(self, req_path):
req_path = cgi.escape(req_path)
inputs = web.input()
action = inputs.get("action", "read")
if action not in consts.g_actions:
raise web.BadRequest()
if action == "read":
return page.wp_read(config_agent=config_agent,
req_path=req_path,
tpl_render=tpl_render)
elif action == "update":
return page.wp_update(config_agent=config_agent,
req_path=req_path,
tpl_render=tpl_render)
elif action == "rename":
return page.wp_rename(config_agent=config_agent,
req_path=req_path,
tpl_render=tpl_render)
elif action == "delete":
return page.wp_de1lete(config_agent=config_agent,
req_path=req_path,
tpl_render=tpl_render)
elif action == "source":
return page.wp_source(config_agent=config_agent,
req_path=req_path,
tpl_render=tpl_render)
else:
raise web.BadRequest()
def POST(self, req_path):
req_path = cgi.escape(req_path)
inputs = web.input()
action = inputs.get("action")
if (not action) or (action not in ("update", "rename")):
raise web.BadRequest()
new_content = inputs.get("content")
new_content = web.utils.safestr(new_content)
if action == "update":
if (req_path in consts.g_special_paths) or (
req_path
in consts.g_redirect_paths) or req_path.endswith("/"):
raise web.BadRequest()
return page.wp_update_post(config_agent=config_agent,
req_path=req_path,
new_content=new_content)
elif action == "rename":
new_path = inputs.get("new_path")
if (req_path in consts.g_special_paths) or (
req_path in consts.g_redirect_paths) or (not new_path):
raise web.BadRequest()
return page.wp_rename_post(config_agent=config_agent,
tpl_render=tpl_render,
req_path=req_path,
new_path=new_path)
url = os.path.join("/", req_path)
web.redirect(url)
return
def POST(self):
try:
data = web.data()
json_data = json.loads(data) if data else {}
res = UpmpHandler.charge(json_data)
web.header('Content-Type', 'application/json')
raise web.OK(json.dumps(res))
except InvalidMerchantException:
raise web.BadRequest('Invalid merchant')
except ChargeFailException:
raise web.BadRequest('Charge fail')
except InvalidContentTypeException:
raise web.BadRequest('Invalid content type')
def POST(self):
"""
Expects a JSON object that looks something like this:
{
"game_secret" : "a shared secret between you and the server per game",
"ifa" : "1ad75bdc85527914459b41f44f3af0ff",
"ifv" : "f43adc9fc7548eef59b9314ec88078f6",
"receipt" : "8f4c538fb296a31b49bd38360ce49f838f4c538fb296a31b49bd38360ce49f838f4c538fb296a31b49bd38360ce49f838f4c538fb296a31b49bd38360ce49f83==",
"xact_id" : "06f5d6cbfd02476834906e83816662f8",
"bid" : "some game bundle id",
"bvrs" : "1.0",
}
Passing along extra data with the transaction is encouraged. Examples include:
- device_type
- device_version
- os_version
- level
- playtime at transaction time
Data passed that interferes with the internal usage of the verification server will be discarded.
"""
post_body = urllib.unquote(web.data())
try:
# In theory I should check the header for compression. This costs more, but is more foolproof.
# Honestly, if your games are making so much money that this is a problem, you can afford to spin
# up a medium instance instead of a micro.
post_body = zlib.decompress(post_body)
except zlib.error:
pass
try:
post_body = post_body.decode("utf-8")
data = json.loads(post_body)
except ValueError:
raise web.BadRequest("invalid json")
for param in invalid_params:
if param in data:
raise web.BadRequest("invalid param " + param)
try:
return self.record_data(data)
except InvalidGameError:
return web.BadRequest("Invalid Game")
def POST(self):
try:
data = web.data()
UpmpHandler.notify(data)
web.header('Content-Type', 'text/html')
raise web.OK('success')
except InvalidMerchantException:
raise web.BadRequest('Invalid merchant')
except InvalidNotifyException:
raise web.BadRequest('Notify fail')
except InvalidContentTypeException:
raise web.BadRequest('Invalid content type')
except Exception, e:
print e
raise web.OK('success')
def GET(self, request_packer, package):
if not request_packer or not package: web.BadRequest()
else:
packer = pdb['packer-symlinks'].get(
request_packer,
request_packer) #try to resolve similar packers
super_packer = pdb['super-packer'].get(packer, '')
ret = pdb.get(package, {}).get(packer, False)
ret = ret if ret else pdb.get(package, {}).get(super_packer, False)
if not ret:
try:
if polite:
local_announce(
"Client `%s` asked for the tool `%s` in packer `%s` but i do not have it in my Database. Please update me!"
% (web.ctx.ip, package, packer))
else:
local_announce("404: no %s/%s for %s" %
(request_packer, package,
gethostbyaddr(web.ctx.ip)[0]))
except Exception, e:
print("Got Exception %s: %s" % (str(Exception), (e)))
web.NotFound()
return "not found. i'm so sorry :("
else:
def wp_update(config_agent, tpl_render, req_path):
view_settings = get_view_settings(config_agent, simple=True)
static_files = static_file.get_global_static_files(**view_settings)
folder_pages_full_path = config_agent.get_full_path("paths", "pages_path")
local_full_path = mdutils.req_path_to_local_full_path(
req_path, folder_pages_full_path)
title = "Editing %s" % req_path
create_new = False
if local_full_path.endswith("/"):
msg = "not allow to edit path/to/folder, using path/to/folder/index instead"
raise web.BadRequest(message=msg)
# os.path.exists(local_full_path)
if os.path.isfile(local_full_path):
buf = commons.shutils.cat(local_full_path)
else:
# not os.path.exists(local_full_path)
create_new = True
buf = ""
return tpl_render.update(config_agent=config_agent,
static_files=static_files,
req_path=req_path,
create_new=create_new,
title=title,
content=buf,
**view_settings)
def POST(self):
def update(d, i):
for c in column_names():
# input names are not decoded
u = c.encode('utf8')
if i.has_key(u):
d[c] = i.get(u)
d['_tags'] = get_tags(d)
i = web.input()
a = i.get('__action', None)
if a == 'add':
d = {}
update(d, i)
o = objs.save(d)
o = list(objs.find(d))
return render.index(conf.title, columns(), o, 'add')
elif a == 'update':
if i.get('_id', None):
d = objs.find_one(ObjectId(i['_id']))
if d:
update(d, i)
oid = objs.save(d)
o = [objs.find_one(oid)]
return render.index(conf.title, columns(), o, 'update')
elif a == 'delete':
if i.get('_id', None):
objs.remove(ObjectId(i['_id']))
raise web.SeeOther('/')
raise web.BadRequest()
def POST(self):
data = web.input()
if "cdr" in data:
self.process_cdr(data.cdr)
headers = {'Content-type': 'text/plain'}
raise web.OK(None, headers)
raise web.BadRequest()
def create_task(self):
parameters = web.input()
if not ("service" in parameters and "generator_type" in parameters
and "generator_options" in parameters):
raise web.BadRequest()
t = db.transaction()
result = db.select("service",
what="id",
where="name = $name",
vars={"name": parameters["service"]})
try:
service_id = result[0]["id"]
except IndexError:
service_id = db.insert("service", name=parameters["service"])
task_id = str(uuid.uuid1())
db.insert("task",
id=task_id,
status="available",
service_id=service_id,
generator_type=parameters["generator_type"],
generator_options=parameters["generator_options"])
t.commit()
return task_id
def wp_rename_post(config_agent, tpl_render, req_path, new_path):
folder_pages_full_path = config_agent.get_full_path("paths", "pages_path")
old_path = req_path
old_full_path = mdutils.req_path_to_local_full_path(
old_path, folder_pages_full_path)
new_full_path = mdutils.req_path_to_local_full_path(
new_path, folder_pages_full_path)
if old_full_path == new_full_path:
return web.seeother("/%s" % new_path)
elif not os.path.exists(old_full_path):
msg = "old %s doesn't exists" % old_full_path
raise web.BadRequest(msg)
msg = """<pre>
allow
file -> new_file
folder -> new_folder
not allow
file -> new_folder
folder -> new_file
</pre>"""
if os.path.isfile(old_full_path):
if new_full_path.endswith("/"):
raise web.BadRequest(msg)
elif os.path.isdir(old_full_path):
if not new_full_path.endswith("/"):
raise web.BadRequest(msg)
parent = os.path.dirname(new_full_path)
if not os.path.exists(parent):
os.makedirs(parent)
shutil.move(old_full_path, new_full_path)
cache.update_all_pages_list_cache(folder_pages_full_path)
cache.update_recent_change_cache(folder_pages_full_path)
if os.path.isfile(new_full_path):
return web.seeother("/%s" % new_path)
elif os.path.isdir(new_full_path):
return web.seeother("/%s/" % new_path)
else:
raise web.BadRequest()
def POST(self):
data = web.input()
if not ("ident" in data and "csr" in data):
raise web.BadRequest()
crt = sign_csr(data.csr, data.ident)
web.header('Content-Type', "application/json")
return json.dumps({'certificate': crt})
def render_error(msg):
"""
Renders an error response.
"""
web.BadRequest()
response = {'error': True, 'msg': msg}
return response_renderer.render(response)
def adjust_credits(self, data):
required_fields = ["imsi", "change"]
if not all([_ in data for _ in required_fields]):
return web.BadRequest()
imsi = data["imsi"]
try:
change = int(data["change"])
except ValueError:
return web.BadRequest()
old_credit = subscriber.get_account_balance(imsi)
if change > 0:
subscriber.add_credit(imsi, str(abs(change)))
elif change < 0:
subscriber.subtract_credit(imsi, str(abs(change)))
new_credit = subscriber.get_account_balance(imsi)
# Codeship is stupid. These imports break CI and this is an untested
# method :)
from core import freeswitch_interconnect, freeswitch_strings
# Send a confirmation to the subscriber
number = subscriber.get_caller_id(imsi)
change_frmt = freeswitch_strings.humanize_credits(change)
balance_frmt = freeswitch_strings.humanize_credits(new_credit)
fs_ic = freeswitch_interconnect.freeswitch_ic(self.conf)
fs_ic.send_to_number(
number, '000',
freeswitch_strings.gt(
"The network operator adjusted your credit by %(change)s. "
"Your balance is now %(balance)s.") % {
'change': change_frmt,
'balance': balance_frmt
})
# TODO(matt): all credit adjustments are of the kind "add_money," even
# if they actually subtract credit.
reason = 'Update from web UI (add_money)'
events.create_add_money_event(imsi,
old_credit,
new_credit,
reason,
to_number=number)
return web.ok()
def POST(self):
try:
tid_value = web.input()['tid']
except KeyError:
return web.BadRequest()
try:
team_id = cfg['TEAM_ID_DICT'][tid_value.upper()]
except KeyError:
return web.Unauthorized()
if len(web.data()) == 0:
return web.BadRequest()
api = WxApi(cfg['CORP_ID'], cfg['SECRET'])
api.send_text(web.data(), team_id, 0, '@all')
return web.OK('ok')
def cmdConfighelp(self):
service = web.ctx.env["QUERY_STRING"].split('_')
if len(service) != 2:
raise web.BadRequest()
var = service[1]
service = service[0]
if not service in ['cache', 'redirect', 'forward', 'image']:
raise web.BadRequest()
from lib import cache, redirect, forward, image
data = eval('%s.Service.__doc__' % service)
e = re.search('- %s: ([^-]+)' % var, data, re.MULTILINE)
# Force browser cache
web.header("Cache-Control", "public, max-age=3600")
web.header("Age", "0")
if not e:
return 'No help available'
doc = textwrap.wrap(e.group(1).strip(), 50)
return '<br />'.join(doc)
def POST(self, command):
"""Handles certain POST commands."""
# Always send back these headers.
headers = {'Content-type': 'text/plain'}
# Validate the exact endpoint.
valid_post_commands = ('deactivate_number', 'deactivate_subscriber')
if command not in valid_post_commands:
return web.NotFound()
# Get the posted data and validate. There should be a 'jwt' key with
# signed data. That dict should contain a 'number' key -- the one we
# want to deactivate.
data = web.input()
jwt = data.get('jwt', None)
if not jwt:
return web.BadRequest()
serializer = itsdangerous.JSONWebSignatureSerializer(
self.conf['bts_secret'])
try:
jwt = serializer.loads(jwt)
except itsdangerous.BadSignature:
return web.BadRequest()
if command == 'deactivate_number':
if 'number' not in jwt:
return web.BadRequest()
# The params validated, deactivate the number. ValueError is
# raised if this is the subscriber's last number.
# The number should correspond to an IMSI or give a 404
try:
imsi = subscriber.get_imsi_from_number(jwt['number'])
subscriber.delete_number(imsi, jwt['number'])
except SubscriberNotFound:
return web.NotFound()
except ValueError:
return web.BadRequest()
return web.ok(None, headers)
elif command == 'deactivate_subscriber':
if 'imsi' not in jwt:
return web.BadRequest()
# The number should correspond to an IMSI.
try:
subscriber.delete_subscriber(jwt['imsi'])
except SubscriberNotFound:
return web.NotFound()
return web.ok(None, headers)
def DELETE(self, transferId):
''' DELETE /transfer/{ID}
Deletes one transfer resource.
'''
if not transferId:
msg = "Cannot DELETE the transfer resource without specifying a valid transfer resource ID in the path transfer/{ID}"
web.debug(msg)
raise web.BadRequest(msg)
try:
transferId = int(transferId)
policy.remove(transferId)
return ''
except TransferNotFound:
msg = "Cannot DELETE transfer resource transfer/" + str(
transferId) + ". Resource not found."
web.debug(msg)
raise web.BadRequest(msg)
def cmdConfigvars(self):
if not web.ctx.env["QUERY_STRING"] in [
'cache', 'redirect', 'forward', 'image'
]:
raise web.BadRequest()
from lib import cache, redirect, forward, image
try:
service = '%s.Service' % web.ctx.env["QUERY_STRING"]
d = eval("dir(%s)" % service)
vars = [
x for x in d
if not x[0] == '_' and not callable(getattr(eval(service), x))
]
# Force browser cache
web.header("Cache-Control", "public, max-age=3600")
web.header("Age", "0")
return str(vars)
except Exception:
raise web.BadRequest()
def PUT(self, transferId):
''' PUT /transfer/{ID}
Updates one transfer.
'''
if not transferId:
msg = "Cannot PUT to the transfer resource without specifying a valid transfer resource ID in the path transfer/{ID}"
web.debug(msg)
raise web.BadRequest(msg)
try:
transferId = int(transferId)
except ValueError as e:
msg = "Invalid transfer id: " + str(e)
web.debug(msg)
raise web.BadRequest(msg)
try:
raw = web.data()
if config.audit:
web.debug("Request Body: " + str(raw))
parsed = json.loads(raw)
transfer = web.storify(parsed)
transfer = policy.update(transferId, transfer)
return json.dumps(transfer)
except TransferNotFound:
msg = "Cannot PUT to transfer resource transfer/" + str(
transferId) + ". Resource not found."
web.debug(msg)
raise web.BadRequest(msg)
except MalformedTransfer as e:
msg = "Bad request body in PUT to transfer/ resource: " + str(e)
web.debug(msg)
raise web.BadRequest(msg)
except NotAllowed as e:
msg = "Bad request body in PUT to transfer/ resource: " + str(e)
web.debug(msg)
raise web.BadRequest(msg)
except PolicyError as e:
msg = "Internal server error: " + str(e)
web.debug(msg)
raise web.InternalError(msg)
def delete_task(self):
parameters = web.input()
if not "id" in parameters:
raise web.BadRequest()
db.update("task",
where="id = $id",
vars={"id": parameters["id"]},
status="deleted",
data_file=None)
return ""
def POST(self):
try:
logger.debug('Request description: POST request for saving valve data')
valve_info = json.loads(web.data())
logger.info('Data to save: %s', valve_info)
update_valve_info(self.valve_id, valve_info)
logger.info('Request completed successfully')
except ValueError as ex:
logger.exception("Could not save data as it is invalid")
raise web.BadRequest(ex.message)
except Exception as ex:
logger.exception("Could not save data due to unknown error")
raise web.InternalError(ex.message)
def convertfrom(self, value, tag, mimetype):
if mimetype == 'application/xml':
element = self.db.elementFromXML(value)
if element.tagName != tag:
raise web.BadRequest(
"Bad request, toplevel XML tag %s does not match final XPath element %s"
% (element.tagName, tag))
return element
elif mimetype == 'application/x-www-form-urlencoded':
# xxxjack here comes a special case, and I don't like it.
# if the url-encoded data contains exactly one element and its name is the same as the
# tag name we don't encode.
if type(value) == type({}) and len(value) == 1 and tag in value:
value = value[tag]
element = self.db.elementFromTagAndData(tag, value)
return element
elif mimetype == 'application/json':
try:
valueDict = json.loads(value)
except ValueError:
raise web.BadRequest(
"No JSON object could be decoded from body")
if not isinstance(valueDict, dict):
raise web.BadRequest(
"Bad request, JSON toplevel object must be object")
# xxxjack here comes a special case, and I don't like it.
# if the JSON dictionary contains exactly one element and its name is the same as the
# tag name we don't encode.
if len(valueDict) == 1 and tag in valueDict:
element = self.db.elementFromTagAndData(tag, valueDict[tag])
else:
element = self.db.elementFromTagAndData(tag, valueDict)
return element
elif mimetype == 'text/plain':
element = self.db.elementFromTagAndData(tag, value)
return element
else:
raise web.InternalError("Conversion from %s not implemented" %
mimetype)
def process(self):
req = web.input()
data = web.data()
logging.info(req)
self.context = {}
try:
d = loads(data)
response = self.dispatch(d)
web.header('Content-Type', 'application/json')
return dumps(response)
except Exception as e:
logging.warn("couldn't dispatch")
return web.BadRequest("couldn't dispatch: %s" % e)
def DELETE(self, name):
user = web.input('user')['user']
machine = load_machine(name)
if not machine.locked:
raise web.BadRequest()
if machine.locked_by != user:
raise web.Forbidden()
res = DB.update('machine',
where='locked = true AND name = $name AND locked_by = $user',
vars=dict(name=name, user=user),
locked=False, locked_by=None)
assert res == 1, 'Failed to unlock machine {name}'.format(name=name)
def wp_source(config_agent, tpl_render, req_path):
folder_pages_full_path = config_agent.get_full_path("paths", "pages_path")
local_full_path = mdutils.req_path_to_local_full_path(
req_path, folder_pages_full_path)
if os.path.isfile(local_full_path):
web.header("Content-Type", "text/plain; charset=UTF-8")
buf = commons.shutils.cat(local_full_path)
return buf
elif os.path.isdir(local_full_path):
msg = "folder doesn't providers source in Markdown, using file instead"
raise web.BadRequest(msg)
else:
raise web.NotFound()
def PUT(self, site):
logger = web.ctx.env.get('wsgilog.logger')
logger.info("Processing NewSEG. site=%s", site)
try:
data = web.data()
parser = seg.NEWSEGParser(data)
ret = self.process(parser,
type=constants.SPLUNK_METRICS,
logger=logger)
return json.dumps(ret, indent=4, sort_keys=True)
except Exception as ex:
logger.error(str(ex), exc_info=True)
raise web.BadRequest(str(ex))
def POST(self):
input_data = web.data()
if len(input_data) == 0:
return web.BadRequest()
json_data = simplejson.loads(input_data)
for i in ISSUES:
if json_data['tid'] == i['tid']:
i['issue_list'].append(json_data['iid'])
return
# if not found, create a init issue list
ISSUES.append({'tid': json_data['tid'], 'issue_list': [json_data['iid']]})
return web.OK
def PUT(self, name):
desc = web.input(desc=None)['desc']
status = web.input(status=None)['status']
sshpubkey = web.input(sshpubkey=None)['sshpubkey']
updated = {}
if desc is not None:
updated['description'] = desc
if status is not None:
updated['up'] = (status == 'up')
if sshpubkey is not None:
updated['sshpubkey'] = sshpubkey
if not updated:
raise web.BadRequest()
DB.update('machine', where='name = $name',
vars=dict(name=name), **updated)
