if extendType == 2:
result['info']['serials'] = ','.join(ser_arr)
result['info']['updates'] = ','.join(upd_arr)
result['time'] = max_time
result['count'] = count
result['serial'] = serial
return result
# myown device will get all data that its owned
def log(message: str, tag: str = ' info'):
utils.log(message, tag, 'mobile')
def elog(message: str, tag: str = 'error'):
utils.log(message, tag, 'mobile')
def sql_request(sql: str):
db.sql_request(sql)
def sql_request_ignore_error(sql: str):
db.sql_request_ignore_error(sql)
if not auth.isMobile: # check that this request from mobile application
headers.jsonAPI(False)
elog('Only from mobile uid:' + str(auth.user_id))
headers.errorResponse('Wrong type')
def badExit(index: int):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('Request error - ' + str(index), 'reg')
headers.errorResponse(translation.getValue('bad_request'))
def wrongCred(index: int):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('Credentials error - ' + str(index), 'auth')
headers.errorResponse(translation.getValue('user_not_found'))
else:
sync1 = -1
if sync2 == 1:
sync2 = 2
else:
sync2 = -1
if sync3 == 1:
sync3 = 3
else:
sync3 = -1
src = safeGETint('src')
if src < 0:
headers.errorResponse('@str.permission_denied')
dst = safeGETint('dst')
db.sql_request('select id from devices where id=' + str(src) + ' and uid=' +
str(auth.user_id) + ' and state>0 and `default`=0')
row = db.mydb.fetchone()
if (row is None) or ('id' not in row) or (row['id'] is None) or (int(
row['id']) < 1) or (int(row['id']) != src):
headers.errorResponse('@str.permission_denied')
if dst > 0:
db.sql_request('select id from devices where id=' + str(dst) +
' and uid!=' + str(auth.user_id) + ' and state>0')
row = db.mydb.fetchone()
if (row is None) or ('id' not in row) or (row['id'] is None) or (int(
row['id']) < 1) or (int(row['id']) != dst):
headers.errorResponse('@str.permission_denied')
if 'password' not in jsonpost:
badExit(3)
if 'device' not in jsonpost:
badExit(4)
if ('crc32_control' not in jsonpost) or ('crc32_str' not in jsonpost):
badExit(5)
crc32_control = int(jsonpost['crc32_control'])
if crc32_control != utils.crc32(str(jsonpost['crc32_str'])):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('CRC32 control mistake', 'critical')
headers.errorResponse("CRC32 algorithm error")
if len(jsonpost['login']) < 4 or len(jsonpost['password']) < 4 or len(
jsonpost['device']) < 4:
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('Too short symbols', 'auth')
headers.errorResponse(translation.getValue('mobile_too_short'))
jsonpost['remember'] = -1
if auth.isMobile: # Yes only from Mobile!!!
jsonpost['remember'] = 1
else:
badExit(6)
import inspect
import os
import sys
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api import auth
from _common.api import headers
from mobile_service.apiv1 import _mobile
headers.jsonAPI()
devid = auth.user_some_state
if (auth._POST is None): # only POST accepted
_mobile.elog('No posted info uid:' + auth.user_id)
headers.errorResponse('Wrong information')
json = auth._POST
if 'need_tasks' not in json:
_mobile.elog('Incorrect tasks uid:' + auth.user_id)
headers.errorResponse('Nothing was sent')
tasks = json['need_tasks']
if len(tasks) < 1:
headers.errorResponse('No requested information was sent')
obj = _mobile.getTotalIdsString(user_id=auth.user_id,
devid=auth.user_some_state,
cross=tasks,
extendType=1)
if obj is None:
headers.errorResponse('SQL error')
headers.goodResponse(obj)
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api._settings import mydb
from _common.api import auth
from _common.api import headers
from _common.api import utils
from _common.api import translation
headers.jsonAPI()
sql = 'delete from tasks where devid in (select id from devices where uid=' + str(
auth.user_id) + ')'
try:
mydb.execute(sql)
except Exception as ex:
utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile')
headers.errorResponse('Can not remove tasks')
sql = 'delete from sync_devices where src in (select id from devices where uid=' + str(
auth.user_id) + ')'
try:
mydb.execute(sql)
except Exception as ex:
utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile')
headers.errorResponse('Can not remove source sync devices')
sql = 'delete from sync_devices where dst in (select id from devices where uid=' + str(
auth.user_id) + ')'
try:
mydb.execute(sql)
except Exception as ex:
utils.log(utils.clearUserLogin(str(ex)), 'error', 'mobile')
def wrongCred():
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
headers.errorResponse('@str.user_not_found','@str.error', 404)
devid=auth.user_some_state,
myself=False,
cache=False) # except myself
result = {'own': [], 'in': [], 'out': []}
def_id = db.getDefaultDevice(auth.user_id)
for dev in own['all']:
if (dev['id'] == def_id) or (dev['id'] == auth.user_id):
continue
result['own'].append({'id': dev['id'], 'device': dev['name']})
for key in links['in']['all']:
dev = links['in']['all'][key]
result['in'].append({
'id': dev,
'device': links['names'][dev]['device'],
'user': links['names'][dev]['user']
})
for key in links['out']['all']:
dev = links['out']['all'][key]
result['out'].append({
'id': dev,
'device': links['names'][dev]['device'],
'user': links['names'][dev]['user']
})
if len(result['out']) < 1 and len(result['in']) < 1 and len(result['own']) < 1:
headers.errorResponse(
'No devices available.\nInvite new devices on settings page')
headers.goodResponse(result)
usr = mydb.fetchone()
if usr is None:
wrongCred()
if usr['fail_login_timestamp'] is None:
usr['fail_login_timestamp'] = 0
if usr['fail_login_counter'] is None:
usr['fail_login_counter'] = 0
timestamp_int = int(time.time() * 1000)
if (abs(timestamp_int - int(usr['fail_login_timestamp'])) < 60 * 1000) and (int(usr['fail_login_counter']) > 5):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
headers.errorResponse('@str.wait_1_min', '@str.attention', 403)
timestamp_string = str(timestamp_int)
if usr['password'] != jsonpost['password'] or int(usr['state']) < 1:
mydb.execute(
'update users set fail_login_counter=(fail_login_counter+1),fail_login_timestamp=' + timestamp_string + ' where id=' + str(
usr['id']))
wrongCred() # auth fail
auth.user_id = int(usr['id']) # before! buildCredentials call
if auth.isMobile:
badExit() # using this form from mobile app APIs is not permitted
else:
mydb.execute('update users set fail_login_counter=0,fail_login_timestamp=0,lastlogin='******' where id=' + str(auth.user_id))
def badExit(index: int = 0):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
headers.errorResponse(
' @str.bad_request', '@str.error',400)
def sql_request(sql: str):
try:
mydb.execute(sql)
except Exception as ex:
utils.log(utils.clearUserLogin(str(ex)), 'error')
headers.errorResponse('SQL error')
import sys
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api import auth
from _common.api import headers
from _common.api import db
from _common.api import utils
from _common.api import translation
from mobile_service.apiv1._mobile import sql_request_ignore_error, getTotalIdsString, sql_request
from _common.api._settings import mydb
headers.jsonAPI()
if (auth._POST is None):
headers.errorResponse("Bad request")
out = ''
your = ''
tasks = ''
duplicate = (auth.safeGETint('duplicate') == 1)
if ('out' in auth._POST) and not (auth._POST['out'] is None):
out = utils.clearStringHard(auth._POST['out'])
if ('your' in auth._POST) and not (auth._POST['your'] is None):
your = utils.clearStringHard(auth._POST['your'])
if ('tasks' in auth._POST) and not (auth._POST['tasks'] is None):
tasks = utils.clearGlobalIds(auth._POST['tasks'])
out_arr = []
your_arr = []
tasks_arr = []
tasks = getTotalIdsString(user_id=auth.user_id,
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api._settings import mydb
from _common.api import auth
from _common.api import headers
from _common.api import utils
from mobile_service.apiv1._mobile import sql_request
headers.jsonAPI()
jsonpost = auth._POST
if (jsonpost is None) or ('login' not in jsonpost) or ('device'
not in jsonpost):
headers.errorResponse('Bad request')
login = utils.clearUserLogin(jsonpost['login'])
device = utils.clearUserLogin(jsonpost['device'])
sql_request('select id from users where login="******" and state>0')
uid = 0
rows = mydb.fetchall()
for row in rows:
uid = int(row['id'])
sql_request('select id from devices where uid=' + str(uid) + ' and name="' +
device + '"')
another_device = 0
rows = mydb.fetchall()
for row in rows:
import os
import sys
currentdir = os.path.dirname(os.path.abspath(
inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api import auth
from _common.api import headers
from _common.api import db
from _common.api import utils
from _common.api import translation
from mobile_service.apiv1._mobile import sql_request
headers.jsonAPI()
if (auth._POST is None):
headers.errorResponse("Bad request")
out = ''
incom = ''
your = ''
if ('out' in auth._POST) and not (auth._POST['out'] is None):
out = utils.clearStringHard(auth._POST['out'])
if ('in' in auth._POST) and not (auth._POST['in'] is None):
incom = utils.clearStringHard(auth._POST['in'])
if ('your' in auth._POST) and not (auth._POST['your'] is None):
your = utils.clearStringHard(auth._POST['your'])
out_arr = {}
in_arr = {}
your_arr = {}
if len(out) > 0:
out_arr = set(str(int(x)) for x in out.split(','))
if len(incom) > 0:
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir)))
from _common.api._settings import mydb
from _common.api import auth
from _common.api import headers
from _common.api import utils
from _common.api import translation
from mobile_service.apiv1._mobile import sql_request
headers.jsonAPI()
jsonpost = auth._POST
if (jsonpost is None) or ('invite' not in jsonpost):
headers.errorResponse('Bad request')
invite = utils.clearStringHard(str(jsonpost['invite']))[:7].lower()
if len(invite) < 3:
headers.errorResponse('Too short invite')
sql_request('select id from sync_devices where (dst=' +
str(auth.user_some_state) + ') and invite="' + invite + '"')
row = mydb.fetchone()
id = 0
if row is None:
headers.errorResponse('Not found')
id = int(row['id'])
if id < 1:
headers.errorResponse('Not found')
sql_request('update sync_devices set invite="", state=1 where id=' + str(id))
headers.goodResponse({'state': True}, translation.getValue('confirm_invite'))
