def route(self, req, res):
if (req.user and not req.method in ("GET", "HEAD", "OPTIONS", "TRACE") and
req.params.pop("csrfToken", "") != req.session.csrfToken and
req.body.pop("csrfToken", "") != req.session.csrfToken):
res.status = 400
return
for possibleRoute, handlers in self.routes.iteritems():
match = possibleRoute.match(req.path)
if match:
if req.method in handlers:
res.status = 200
req.params.update(match.groupdict())
handlers[req.method](req, res)
else:
res.status = 405
break
else:
res.status = 404
if not res.body:
if 200 <= res.status <= 299:
res.status = 204
else:
render(req, res, "static/{0}.html".format(res.status))
def createOne(cls, req, res):
password = req.body.pop("password", "")
user = User.findOne(req.body)
if not user or not checkPassword(password, user.passwordHash):
res.status = 400
render(req, res, "session/new.html.bepy")
return
user.isDisabled = False
user.save()
session = Session.create({
"user": user.id,
"passwordHash": user.passwordHash,
"lastAddress": req.remoteAddress,
"lastUse": datetime.utcnow()
})
res.cookies["session"] = session.id
res.cookies["session"]["httponly"] = True
res.cookies["session"]["max-age"] = 365 * 24 * 60 * 60 # 1 year should be permanent enough
res.status = 201
res.headers["Location"] = "/session/{0}".format(session.id)
render(req, res, "redirect-home.html.bepy")
return session
def route(self, req, res):
if (req.user and not req.method in ("GET", "HEAD", "OPTIONS", "TRACE")
and req.params.pop("csrfToken", "") != req.session.csrfToken
and req.body.pop("csrfToken", "") != req.session.csrfToken):
res.status = 400
return
for possibleRoute, handlers in self.routes.iteritems():
match = possibleRoute.match(req.path)
if match:
if req.method in handlers:
res.status = 200
req.params.update(match.groupdict())
handlers[req.method](req, res)
else:
res.status = 405
break
else:
res.status = 404
if not res.body:
if 200 <= res.status <= 299:
res.status = 204
else:
render(req, res, "static/{0}.html".format(res.status))
def createOne(cls, req, res):
password = req.body.pop("password", "")
user = User.findOne(req.body)
if not user or not checkPassword(password, user.passwordHash):
res.status = 400
render(req, res, "session/new.html.bepy")
return
user.isDisabled = False
user.save()
session = Session.create({
"user": user.id,
"passwordHash": user.passwordHash,
"lastAddress": req.remoteAddress,
"lastUse": datetime.utcnow()
})
res.cookies["session"] = session.id
res.cookies["session"]["httponly"] = True
res.cookies["session"][
"max-age"] = 365 * 24 * 60 * 60 # 1 year should be permanent enough
res.status = 201
res.headers["Location"] = "/session/{0}".format(session.id)
render(req, res, "redirect-home.html.bepy")
return session
def find(cls, req, res):
if "home" in req.params:
if req.user:
req.params["home"] = req.user.id
else:
del req.params["home"]
render(req, res, "session/new.html.bepy")
return super(BleatController, cls).find(req, res)
def findAndRender(cls, req, res):
try:
req.params = cls._validateParams(getattr(cls, "findSchema", cls.overallSchema), req.params)
except (TypeError, ValueError):
res.status = 400
return
models = cls.find(req, res)
if 200 <= res.status <= 299 and res.status != 204 and not res.body:
render(req, res, "{0}/find.html.bepy".format(cls._Model.__name__.lower()), models)
def createOneAndRender(cls, req, res):
try:
req.body = cls._validateParams(getattr(cls, "createOneSchema", cls.overallSchema), req.body)
if "id" in req.body:
del req.body["id"]
except (TypeError, ValueError):
res.status = 400
return
model = cls.createOne(req, res)
if 200 <= res.status <= 299 and res.status != 204 and not res.body:
render(req, res, "{0}/findOne.html.bepy".format(cls._Model.__name__.lower()), model)
def deleteOneAndRender(cls, req, res):
try:
req.params = cls._validateParams({"id": getattr(cls, "idType", int)}, req.params)
except (TypeError, ValueError):
res.status = 400
return
isDeleted = cls.deleteOne(req, res)
if 200 <= res.status <= 299 and res.status != 204:
if not isDeleted:
res.status = 404
elif not res.body:
render(req, res, "{0}/deleteOne.html.bepy".format(cls._Model.__name__.lower()))
return bleat
@classmethod
def updateOne(cls, req, res):
res.status = 403
@classmethod
def deleteOne(cls, req, res):
if not req.user:
res.status = 403
return
bleat = Bleat.findOne(req.params)
if not bleat:
return
if req.user.id != bleat.user:
res.status = 403
return
bleat.erase()
return True
_Model = Bleat
defaultRoutes[(
"GET",
"^/bleat/new$")] = lambda req, res: render(req, res, "bleat/new.html.bepy")
defaultRoutes[("GET", "^(?P<home>/index|/|)$")] = BleatController.findAndRender
