def system_bucket_assistant_for_replace():
if not get_logined_admin_bucket():
abort(404, "not admin")
if request.method == "POST":
system_bucket = request.values.get("system_bucket", "").strip()
user_bucket = request.values.get("user_bucket", "").strip()
cache_client.set("system_assistant_bucket",
system_bucket,
expiration=20 * 60,
zipped=False)
cache_client.set("system_assistant_bucket_for_user",
user_bucket,
expiration=20 * 60,
zipped=False)
system_assistant_bucket = cache_client.get("system_assistant_bucket",
zipped=False) or ""
system_assistant_bucket_for_user = cache_client.get(
"system_assistant_bucket_for_user", zipped=False) or ""
data_obj = dict(system_bucket=system_assistant_bucket,
user_bucket=system_assistant_bucket_for_user)
info = "submit success" if request.method == "POST" else ""
return render_api_template_as_response(
'page_admin_system_bucket_assistant.jade',
data_obj=data_obj,
info=info)
def auto_reset_elasticsearch_memory_config_when_app_started():
block_key = "elasticsearch_memory_config_block_key"
if cache_client.get(block_key):
# 避免多个 instance 起来的时候,反复重启 elasticsearch 的情况
return
else:
cache_client.set(block_key, "yes", expiration=60)
system_configs = get_global_envs()
reset_elasticsearch_memory_config(
system_configs,
es_mem_config_filepath="/elasticsearch/config/jvm.options")
def is_verification_code_correct():
code_id = get_cookie('verification_code')
cache_key = 'vcode_%s' % code_id
vid = cache_client.get(cache_key)
vid_in_request = get_cookie('vid') or '1'
if vid != vid_in_request:
return False
chars = generate_chars(code_id)
verification_code = request.values.get('verification_code',
'').strip().lower()
if chars.lower() == verification_code:
cache_client.delete(cache_key)
return True
else:
return False
def post_method_is_allowed(self):
if re.search(r'\[/\w+\]', self.content): # UBB语法的,认为是robot
return False
if not self.bucket or not self.parent_obj:
return False
# 10 分钟内,超过 5 次评论,认为是不允许的
cache_key = '%s_comment' % self.ip
block_times = cache_client.get(cache_key) or 0
try:
block_times = int(block_times)
except:
block_times = 0
if block_times >= 5:
return False
else:
cache_client.incr(cache_key, expiration=10 * 60)
return True # at last
def get_verified_message_from_web_request(raw_data=None):
# return dict, if done
# else return a response for webview
raw_data = raw_data or request.values
bucket = raw_data.get('bucket')
timestamp = raw_data.get('timestamp')
signature = raw_data.get('signature') # sign all data in request
action = raw_data.get('action') # record & config
data = raw_data.get('data') # if action==create, data is None
try:
data = ungzip_content(data, base64=True)
except:
pass
try:
timestamp = int(timestamp)
except:
return 'timestamp is error'
if not bucket or not timestamp or not signature:
return 'fields not filled, bucket is %s, timestamp is %s, signature is %s' % (
bucket, timestamp, signature)
if not data and not allowed_empty_data_for_action(action):
# show_xxx, config_xxx, create_bucket, the data can be {}, []
return 'fields not filled, action is %s, has data:%s' % (action,
bool(data))
current_timestamp = time.time()
if abs(current_timestamp - timestamp) > 60 * 60:
return 'compared to now, the offset is more than one hour'
max_size = MAX_RECORD_SIZE
if action.startswith('config_'):
max_size = MAX_RECORD_SIZE_FOR_CONFIG # `设置`类型的限制
if data:
data_size = len(data)
if data_size > max_size:
return 'data should be less than %sk per record, current is %sk' % (
max_size / 1024., data_size / 1024.)
public_key = get_public_key_from_bucket(bucket)
if not public_key:
return 'bucket is not on current node now or no public_key in bucket'
if not public_key:
return 'bucket lost public key, error!'
# verify the message
content_to_verify = dict(
bucket=bucket,
timestamp=timestamp,
)
if data:
content_to_verify['data'] = data
if action:
content_to_verify['action'] = action
public_key_in_request = request.values.get("public_key")
if public_key_in_request:
content_to_verify['public_key'] = public_key_in_request
verified = verify_by_public_key(public_key, signature, content_to_verify)
if not verified:
return 'verify failed'
if not action:
action = 'record' # default action
message = dict(
bucket=bucket,
action=action,
data=data, # string
public_key=public_key,
)
# patch by helper?
helper_bucket = cache_client.get("system_assistant_bucket", zipped=False)
if helper_bucket and bucket == helper_bucket:
helper_bucket_for_user = cache_client.get(
"system_assistant_bucket_for_user", zipped=False)
if helper_bucket_for_user and is_valid_bucket_name(
helper_bucket_for_user):
user_public_key = get_public_key_from_bucket(
helper_bucket_for_user)
if user_public_key:
message["bucket"] = bucket
message["public_key"] = user_public_key
return message
def is_blocked(block_id, ttl=60):
cache_key = "mblock_%s" % block_id
if cache_client.get(cache_key):
return True
else:
cache_client.set(cache_key, "y", expiration=ttl)