def approve(key_id): user = session['user'] if user['id'] not in config['admins']: return render_template('gitout.html') key = r.table('applications').get(key_id).run(get_db()) m = hashlib.sha256() m.update(key['id'].encode()) m.update(str(randint(10000, 99999)).encode()) token = m.hexdigest() r.table('keys').insert({ "id": token, "name": key['name'], "owner": key['owner'], "owner_name": key['owner_name'], "email": key['email'], "email_consent": key.get('email_consent', 'Not Available'), "description": key.get('description', 'Not Available'), "reason": key['reason'], "link": key.get('link', 'Not Available'), "type": key.get('type', 'Unknown'), "creation_time": key.get('time', 0), "acceptance_time": r.now(), "total_usage": 0, "usages": {}, "unlimited": False, "ratelimit_reached": 0 }).run(get_db()) r.table('applications').get(key_id).delete().run(get_db()) return redirect(url_for('.admin'))
def images_delete(event_id, image_id): auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS) group_memberships = list() try: _, group_memberships = get_group_memberships() except Exception as ex: __logger.exception(ex) abort(500) db = None event = None try: db = get_db() event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0}) except Exception as ex: __logger.exception(ex) abort(500) if not check_group_event_admin_access(event, group_memberships): abort(401) msg = "[delete image]: event id %s, image id: %s" % (str(event_id), str(image_id)) try: S3EventsImages().delete(event_id, image_id) db = get_db() db[cfg.IMAGE_COLLECTION].delete_one({'_id': ObjectId(image_id)}) except Exception as ex: __logger.exception(ex) abort(500) return success_response(202, msg, str(event_id))
def admin(): user = session['user'] if user['id'] not in config['admins']: return render_template('gitout.html') apps = r.table('applications').run(get_db()) keys = r.table('keys').run(get_db()) return render_template('admin.html', name=user['username'], apps=apps, keys=keys)
def unlimited(key_id): user = session['user'] if user['id'] not in config['admins']: return render_template('gitout.html') key = r.table('keys').get(key_id).run(get_db()) unlimited = not key['unlimited'] r.table('keys').get(key_id).update({'unlimited': unlimited}).run(get_db()) return redirect(url_for('.admin'))
def delete(key_id): user = session['user'] k = r.table('keys').get(key_id).run(get_db()) if user['id'] in config['admins']: r.table('keys').get(key_id).delete().run(get_db()) return redirect(url_for('.admin')) elif user['id'] == k['owner']: r.table('keys').get(key_id).delete().run(get_db()) return redirect(url_for('.dashboard')) else: return render_template('gitout.html')
def patch(event_id): auth_middleware.authorize(auth_middleware.rokwire_event_manager_group) if not ObjectId.is_valid(event_id): abort(400) req_data = request.get_json(force=True) try: req_data = query_params.formate_datetime(req_data) if req_data.get('category') or req_data.get('subcategory'): db = get_db() for data_tuple in db['events'].find({'_id': ObjectId(event_id)}, { '_id': 0, 'categorymainsub': 1 }): req_data = query_params.update_category(req_data, data_tuple) break coordinates = [] try: if req_data.get('location.latitude') or req_data.get( 'location.latitude'): db = get_db() for data_tuple in db['events'].find( {'_id': ObjectId(event_id)}, { '_id': 0, 'coordinates': 1 }): coordinates = data_tuple.get('coordinates') if not coordinates: abort(500) break req_data = query_params.update_coordinates( req_data, coordinates) except Exception as ex: __logger.exception(ex) abort(500) except Exception as ex: __logger.exception(ex) abort(405) try: db = get_db() status = db['events'].update_one({'_id': ObjectId(event_id)}, {"$set": req_data}) msg = "[PATCH]: event id %s, nUpdate = %d " % (str(event_id), status.modified_count) __logger.debug(msg) except Exception as ex: __logger.exception(ex) abort(500) return success_response(200, msg, str(event_id))
def run(self, key, **kwargs): get_redis().incr(self.name + ':hits') start = perf_counter() res = self.generate(**kwargs) t = round((perf_counter() - start) * 1000, 2) # Time in ms, formatted to 2dp self.avg_generation_times.append(t) k = r.table('keys').get(key).run(get_db()) usage = k['usages'].get(self.name, 0) + 1 r.table('keys').get(key) \ .update({"total_usage": k['total_usage'] + 1, "usages": {self.name: usage}}) \ .run(get_db()) return res
def admin(): user = session['user'] if user['id'] not in config['admins']: return render_template('gitout.html') sort = request.args.get('sort', 'age') if sort == 'age_asc': keys = r.table('keys').order_by(r.asc('creation_time')).run(get_db()) elif sort == 'age_desc': keys = r.table('keys').order_by(r.desc('creation_time')).run(get_db()) elif sort == 'usage_asc': keys = r.table('keys').order_by(r.asc('total_usage')).run(get_db()) elif sort == 'usage_desc': keys = r.table('keys').order_by(r.desc('total_usage')).run(get_db()) elif sort == 'accept_asc': keys = r.table('keys').order_by(r.asc('acceptance_time')).run(get_db()) elif sort == 'accept_desc': keys = r.table('keys').order_by(r.desc('acceptance_time')).run( get_db()) else: keys = r.table('keys').order_by(r.asc('creation_time')).run(get_db()) apps = r.table('applications').order_by('time').run(get_db()) return render_template('admin.html', name=user['username'], apps=apps, keys=keys, sort=sort)
def images_put(event_id, image_id): auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS) group_memberships = list() try: _, group_memberships = get_group_memberships() except Exception as ex: __logger.exception(ex) abort(500) db = None event = None try: db = get_db() event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0}) except Exception as ex: __logger.exception(ex) abort(500) # If this is a group event, apply group authorization. Regular events can proceed like before. if not check_group_event_admin_access(event, group_memberships): abort(401) tmpfile = None try: db = get_db() # check if image exists if db[cfg.IMAGE_COLLECTION].find_one({'_id': ObjectId(image_id)}): file = request.files.get('file') if file: if file.filename == '': raise if localfile.allowed_file(file.filename): filename = secure_filename(file.filename) tmpfile = localfile.savefile(file, filename) S3EventsImages().upload(tmpfile, event_id, image_id) msg = "[put image]: image id %s" % (str(image_id)) else: raise else: raise else: raise except Exception as ex: __logger.exception(ex) abort(500) finally: localfile.deletefile(tmpfile) return success_response(200, msg, str(image_id))
def endpoint_ratelimit(auth, cache=globalcache, max_usage=5): key = r.table('keys').get(auth).run(get_db()) if key['unlimited']: return { 'X-RateLimit-Limit': 'Unlimited', 'X-RateLimit-Remaining': 'Unlimited', 'X-RateLimit-Reset': 2147483647 } if key['id'] in cache: usage = cache.get(key['id']) if usage < max_usage: cache.set(key['id'], usage + 1) return { 'X-RateLimit-Limit': max_usage, 'X-RateLimit-Remaining': max_usage - usage - 1, 'X-RateLimit-Reset': cache.expires_at(key['id']) } else: ratelimit_reached = key.get('ratelimit_reached', 0) + 1 r.table('keys').get(auth).update({ "ratelimit_reached": ratelimit_reached }).run(get_db()) if ratelimit_reached % 5 == 0 and 'webhook_url' in config: requests.post( config['webhook_url'], json={ "embeds": [{ "title": f"Application '{key['name']}' ratelimited 5 times!", "description": f"Owner: {key['owner']}\n" f"Total: {ratelimit_reached}" }] }) return { 'X-RateLimit-Limit': max_usage, 'X-RateLimit-Remaining': -1, 'X-RateLimit-Reset': cache.expires_at(key['id'], ), 'Retry-After': cache.expires_in(key['id']) } else: cache.set(key['id'], 1) return { 'X-RateLimit-Limit': max_usage, 'X-RateLimit-Remaining': max_usage - 1, 'X-RateLimit-Reset': cache.expires_at(key['id']) }
def delete(key_id): user = session['user'] if user['id'] not in config['admins']: return render_template('gitout.html') r.table('keys').get(key_id).delete().run(get_db()) return redirect(url_for('.admin'))
def images_put(event_id, image_id): auth_middleware.authorize(auth_middleware.rokwire_event_manager_group) tmpfile = None try: db = get_db() # check if image exists if db[cfg.IMAGE_COLLECTION].find_one({'_id': ObjectId(image_id)}): file = request.files.get('file') if file: if file.filename == '': raise if localfile.allowed_file(file.filename): filename = secure_filename(file.filename) tmpfile = localfile.savefile(file, filename) S3EventsImages().upload(tmpfile, event_id, image_id) msg = "[put image]: image id %s" % (str(image_id)) else: raise else: raise else: raise except Exception as ex: __logger.exception(ex) abort(500) finally: localfile.deletefile(tmpfile) return success_response(200, msg, str(image_id))
def configs_put(id): auth_middleware.authorize(auth_middleware.rokwire_app_config_manager_group) req_data = request.get_json(force=True) if not check_format(req_data): abort(405) if not ObjectId.is_valid(id): abort(405) try: db = conn.get_db() add_version_numbers(req_data) status = db[cfg.APP_CONFIGS_COLLECTION].update_one( {'_id': ObjectId(id)}, {"$set": req_data}) msg = "[PUT]: api config id %s, nUpdate = %d " % ( str(id), status.modified_count) __logger.info(msg) except DuplicateKeyError as err: __logger.error(err) abort(405) except Exception as ex: __logger.exception(ex) abort(500) return success_response(200, msg, str(id))
def images_post(event_id): auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS) tmpfile = None try: file = request.files.get('file') if file: if file.filename == '': raise if localfile.allowed_file(file.filename): filename = secure_filename(file.filename) tmpfile = localfile.savefile(file, filename) db = get_db() result = db[cfg.IMAGE_COLLECTION].insert_one( {'eventId': event_id}) image_id = str(result.inserted_id) S3EventsImages().upload(tmpfile, event_id, image_id) msg = "[post image]: image id %s" % (str(image_id)) else: raise else: raise except Exception as ex: __logger.exception(ex) abort(500) finally: localfile.deletefile(tmpfile) return success_response(201, msg, str(image_id))
def post(): auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS) req_data = request.get_json(force=True) if not query_params.required_check(req_data): abort(400) try: req_data = query_params.formate_datetime(req_data) req_data = query_params.formate_location(req_data) req_data = query_params.formate_category(req_data) except Exception as ex: __logger.exception(ex) abort(400) try: db = get_db() event_id = db['events'].insert(req_data) msg = "[POST]: event record created: id = %s" % str(event_id) if req_data is not None: msg_json = jsonutils.create_log_json("Events", "POST", req_data) else: msg_json = jsonutils.create_log_json("Events", "POST", {}) __logger.info("POST " + json.dumps(msg_json)) except Exception as ex: __logger.exception(ex) abort(500) return success_response(201, msg, str(event_id))
def put(event_id): auth_middleware.authorize(auth_middleware.rokwire_event_manager_group) if not ObjectId.is_valid(event_id): abort(400) req_data = request.get_json(force=True) if not query_params.required_check(req_data): abort(400) try: req_data = query_params.formate_datetime(req_data) req_data = query_params.formate_location(req_data) req_data = query_params.formate_category(req_data) except Exception as ex: __logger.exception(ex) abort(400) try: db = get_db() status = db['events'].replace_one({'_id': ObjectId(event_id)}, req_data) msg = "[PUT]: event id %s, nUpdate = %d " % (str(event_id), status.modified_count) except Exception as ex: __logger.exception(ex) abort(500) return success_response(200, msg, str(event_id))
def create_key(): user = session['user'] if user['id'] not in config['admins']: return render_template('gitout.html') if request.method == 'GET': return render_template('create.html') elif request.method == 'POST': name = request.form.get('name', None) token = request.form.get('token', None) owner = request.form.get('owner', None) owner_name = request.form.get('owner_name', None) email = request.form.get('email', None) if not token or not name or not owner or not owner_name or not email: result = 'Please fill in all required inputs' return render_template('result.html', result=result, success=False) r.table('keys').insert({ "id": token, "name": name, "owner": owner, "owner_name": owner_name, "email": email, "total_usage": 0, "usages": {}, "unlimited": False, "ratelimit_reached": 0 }).run(get_db()) result = 'Key Created 👌' return render_template('result.html', result=result, success=True)
def configs_post(): auth_middleware.authorize(auth_middleware.rokwire_app_config_manager_group) req_data = request.get_json(force=True) if not check_format(req_data): abort(400) try: db = conn.get_db() add_version_numbers(req_data) app_config_id = db[cfg.APP_CONFIGS_COLLECTION].insert_one( req_data).inserted_id msg = "[POST]: api config document created: id = %s" % str( app_config_id) __logger.info(msg) except DuplicateKeyError as err: __logger.error(err) abort(400) except Exception as ex: __logger.exception(ex) abort(500) return success_response(201, msg, str(app_config_id))
def view(key_id): user = session['user'] if user['id'] in config['admins']: admin = True else: admin = False key = r.table('applications').get(key_id).run(get_db()) key_type = 'app' if not key: key = r.table('keys').get(key_id).run(get_db()) key_type = 'key' if key['owner'] == user['id'] or admin: return render_template('app.html', key=key, key_type=key_type, admin=admin) else: return render_template('gitout.html')
def dashboard(): user = session['user'] is_admin = user['id'] in config['admins'] keys = r.table('keys').filter(r.row['owner'] == user['id']).run(get_db()) return render_template('dashboard.html', name=user['username'], keys=keys, admin=is_admin)
def _get_imagefiles_result(query): """ Perform the get_imagefiles query and return the results. This is its own function to enable caching to work. Returns: result """ db = get_db() cursor = db[cfg.IMAGE_COLLECTION].find(query, {'_id': 1}) return [str(i['_id']) for i in cursor]
def delete(event_id): auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS) if not ObjectId.is_valid(event_id): abort(400) group_memberships = list() try: _, group_memberships = get_group_memberships() except Exception as ex: __logger.exception(ex) abort(500) db = None event = None try: db = get_db() event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0}) except Exception as ex: __logger.exception(ex) abort(500) if not check_group_event_admin_access(event, group_memberships): abort(401) try: db = get_db() req_data = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0}) status = db['events'].delete_one({'_id': ObjectId(event_id)}) msg = "[DELETE]: event id %s, nDelete = %d " % (str(event_id), status.deleted_count) if req_data is not None: msg_json = jsonutils.create_log_json("Events", "DELETE", req_data) else: msg_json = jsonutils.create_log_json("Events", "DELETE", {}) __logger.info("DELETE " + json.dumps(msg_json)) except Exception as ex: __logger.exception(ex) abort(500) if status.deleted_count == 0: abort(404) return success_response(202, msg, str(event_id))
def _get_app_config_by_id_result(query): """ Perform the get_app_config_by_id query and returns a list of results. This is its function to enable caching to work. Returns: a list of results """ db = conn.get_db() cursor = db[cfg.APP_CONFIGS_COLLECTION].find(query, {"version_numbers": 0}) return [decode(c) for c in cursor]
def _get_events_result(query, limit, skip): """ Perform the get_events query and return the serialized results. This is its own function to enable caching to work. Returns: (string, count) """ if not query: return [] is_super_event = False for cond in query.get('$and'): if cond.get('isSuperEvent'): is_super_event = True db = get_db() cursor = db['events'].find(query, { 'coordinates': 0, 'categorymainsub': 0 }).sort([ ('startDate', pymongo.ASCENDING), ('endDate', pymongo.ASCENDING), ]) if limit > 0: cursor = cursor.limit(limit) if skip > 0: cursor = cursor.skip(skip) events = [] for event in cursor: # use the db `_id` as id in the returning event. event['id'] = str(event.pop('_id')) if is_super_event: subevents_ids = list() for subevent in event.get('subEvents'): subevents_ids.append(ObjectId(subevent.get("id"))) subevents_cursor = db['events'].find( { '_id': { '$in': subevents_ids } }, { 'coordinates': 0, 'categorymainsub': 0 }).sort([ ('startDate', pymongo.ASCENDING), ('endDate', pymongo.ASCENDING), ]) for subevent_detail in subevents_cursor: subevent_detail['id'] = str(subevent_detail.pop('_id')) events.append(subevent_detail) else: events.append(event) return flask.json.dumps( events, default=query_params.format_datetime_response), len(events)
def execute(self, context): year, quarter = datetime_to_year_quarter(context['execution_date']) quarter_string = datetime_to_quarter(context['execution_date']) engine = get_db() load_title_counts( filename=full_path( table_files['title_count']).format(quarter_string), year=year, quarter=quarter, db_engine=engine, )
def wrapper(*args, **kwargs): if r.table('keys').get(request.headers.get( 'authorization', '')).coerce_to('bool').default(False).run(get_db()): return func(*args, **kwargs) return jsonify({ 'status': 401, 'error': 'You are not authorized to access this endpoint' }), 401
def _get_categories_result(): """ Perform the get_categories query and return the serialized results. This is its own function to enable caching to work. Returns: (string, count) """ db = get_db() cursor = db['categories'].find({}, { '_id': 0 }).sort('category', pymongo.ASCENDING) categories = list(cursor) return flask.json.dumps(categories), len(categories)
def images_delete(event_id, image_id): auth_middleware.authorize(auth_middleware.rokwire_event_manager_group) msg = "[delete image]: event id %s, image id: %s" % (str(event_id), str(image_id)) try: S3EventsImages().delete(event_id, image_id) db = get_db() db[cfg.IMAGE_COLLECTION].delete_one({'_id': ObjectId(image_id)}) except Exception as ex: __logger.exception(ex) abort(500) return success_response(202, msg, str(event_id))
def put(event_id): auth_middleware.authorize(auth_middleware.ROKWIRE_EVENT_WRITE_GROUPS) if not ObjectId.is_valid(event_id): abort(400) req_data = request.get_json(force=True) if not query_params.required_check(req_data): abort(400) try: req_data = query_params.formate_datetime(req_data) req_data = query_params.formate_location(req_data) req_data = query_params.formate_category(req_data) except Exception as ex: __logger.exception(ex) abort(400) group_memberships = list() try: _, group_memberships = get_group_memberships() except Exception as ex: __logger.exception(ex) abort(500) db = None event = None try: db = get_db() event = db['events'].find_one({'_id': ObjectId(event_id)}, {'_id': 0}) except Exception as ex: __logger.exception(ex) abort(500) # If this is a group event, apply group authorization. Regular events can proceed like before. if not check_group_event_admin_access(event, group_memberships): abort(401) try: status = db['events'].replace_one({'_id': ObjectId(event_id)}, req_data) msg = "[PUT]: event id %s, nUpdate = %d " % (str(event_id), status.modified_count) if req_data is not None: msg_json = jsonutils.create_log_json("Events", "PUT", req_data) else: msg_json = jsonutils.create_log_json("Events", "PUT", {}) __logger.info("PUT " + json.dumps(msg_json)) except Exception as ex: __logger.exception(ex) abort(500) return success_response(200, msg, str(event_id))
def _get_event_result(query): """ Perform the get_event query and return the serialized results. This is its own function to enable caching to work. Returns: (string, found) """ db = get_db() event = db['events'].find_one(query, { '_id': 0, 'coordinates': 0, 'categorymainsub': 0 }) return flask.json.dumps(event), (not event is None)