def queue(self, event, context): # print("Event: {}, context: {}".format(event, context.invoked_function_arn)) source_event = Event(event, context) data = source_event.parse() if data: target = Target(data.get('target')) if not target: self.logger.error("Target validation failed of: {}".format(target.name)) return Response({ "statusCode": 400, "body": json.dumps({'error': 'Target was not valid or missing'}) }).with_security_headers() scan_uuid = str(uuid.uuid4()) self.sqs_client.send_message( QueueUrl=self.queueURL, MessageBody="portscan|" + target.name + "|" + scan_uuid ) # Use a UUID for the scan type and return it return Response({ "statusCode": 200, "body": json.dumps({'uuid': scan_uuid}) }).with_security_headers() else: self.logger.error("Unrecognized payload: {}".format(data)) return Response({ "statusCode": 400, "body": json.dumps({'error': 'Unrecognized payload'}) }).with_security_headers()
def test_get_formatted_content_success(self): resp = Response(SUCCESS, "id:13~result:success~ip:127.0.0.1") self.assertEquals(resp.get_formatted_content(), { 'id': '13', 'result': 'success', 'ip': '127.0.0.1' })
def update(req: Request, res: Response): form = req.body todo_id = form['id'] t = Todo.find_by(id=todo_id) u = current_user(req) if t is None: return res.json({ 'code': 400, 'msg': 'todo {} 不存在'.format(todo_id), }) # todo 项的 id 与当前用户的 id 一样(有权限更新) # 才能编辑 if (u is None and t.user_id > 0) or u.id != t.user_id: res.json({ 'code': 401, 'msg': 'Unauthorized', }) else: form.pop('id') new_t = Todo.update(todo_id, form) log(form) res.json({ 'code': 0, 'msg': '', 'data': new_t.json(), })
def route_logout(req: Request, res: Response): res.cookies.set('session_id', '; max-age=0') res.json({ 'code': 0, 'msg': '登出成功', 'data': {}, })
def delete(req: Request, res: Response): todo_id = req.body['id'] Todo.delete(todo_id) res.json({ 'code': 0, 'msg': '删除成功', })
def _post_update(self): """ 将Customer的类型进行更新 """ # argument的校验与获取 self.parser.add_argument('customer_id', type=int, required=True) self.parser.add_argument('customer_type', type=int, required=True, choices=CustomerType.choices(), help='请传入正确的customer_type参数') args = self.parser.parse_args() customer_id = args.get('customer_id') customer_type = args.get('customer_type') # 获取具体的customer,并更新的客户类型 try: customer = Customer.query.filter_by(id=customer_id).first() customer.customer_type = customer_type customer.update() except AttributeError: return Response.error('请求出错', 'custoemr_id无法定位到一个具体的customer对象') except Exception as e: return Response.error('请求出错', str(e)) return Response.success('customer的状态修改成功')
def _route_method(self, method, request_type): """根据不同的method和reqeust_type返回contorller中不同的方法名 :method: url后面的method参数 :request_type: request请求的方法,GET还是POST方法 :return: json类型的response """ route_method = None if request_type == RequestType.GET: route_method = '_get_{}'.format(method if method else 'index') elif request_type == RequestType.POST: route_method = '_post_{}'.format(method if method else 'index') else: return Response.error('路由错误', 'system routing error') # 如果route_method为空或者contorller中没有route_method方法 if route_method is None or not hasattr(self, route_method): return Response.error('请求的方法不存在', 'method does not exist') func = getattr(self, route_method) try: response = func() except BadRequest as ex: return Response.field_error(ex.description) return response
def process_connection(self, connection): with connection: r = b'' while True: content = connection.recv(1024) r += content if len(content) != 1024: break log('request log:\n <{}>'.format(r)) r = r.decode() if r: request = Request(r) response = Response() m_num = len(self.middlewares) if m_num > 0: # 下一个中间件的 index next_i = 0 def next(): nonlocal next_i if next_i == m_num: self.handle_path(request, response) else: m = self.middlewares[next_i] next_i += 1 m(request, response, next) next() else: self.handle_path(request, response) # 把响应发送给客户端 connection.sendall(response.toHttp())
def error(req: Request, res: Response): """ 根据 code 返回不同的错误响应 目前只有 404 """ res.code = 404 res.body = '<h1>NOT FOUND</h1>'
def _get_salesman(self): """ 销售维度的业绩统计 """ result = { 'salesman_name': '', # 销售员的姓名 'salesman_id': '', # 销售员的主键id 'start_date': '', # 业绩统计的起始日期 'end_date': '', # 业绩统计的结束日期 'achievements': dict() # 具体的业绩数据 } # argument self.parser.add_argument('salesman', type=int, required=True) # 销售员的用户id self.parser.add_argument('start_date', type=int, required=True) self.parser.add_argument('end_date', type=int, required=True) args = self.parser.parse_args() salesman_id = args.get('salesman') start_timestamp = args.get('start_date') end_timestamp = args.get('end_date') start_date = date.fromtimestamp(start_timestamp) end_date = date.fromtimestamp(end_timestamp) try: # 找出这段时间内销售不同类型产品的业绩 achievements = Achievement.query.with_entities( Achievement.salesman_name, Achievement.salesman_id, Achievement.order_type, func.sum(Achievement.order_money).label('sum_money'), func.sum(Achievement.order_price).label('sum_price')).filter( Achievement.salesman_id == salesman_id, Achievement.order_date.between( start_date, end_date)).group_by(Achievement.salesman_name, Achievement.salesman_id, Achievement.order_type) # 如果销售在这一段时间内没有业绩 if len(list(achievements)) <= 0: return Response.construct_response('该销售员在这一段时间内没有业绩') # 构造result result['salesman_name'] = achievements[0].salesman_name result['salesman_id'] = achievements[0].salesman_id result['start_date'] = start_date.strftime('%Y-%m-%d') result['end_date'] = end_date.strftime('%Y-%m-%d') for achievement in achievements: achievement_json = { 'order_type': achievement.order_type, 'sum_money': achievement.sum_money, 'sum_price': achievement.sum_price, } result['achievements'][str( achievement.order_type)] = achievement_json except Exception as e: return Response.error('请求出错', str(e)) return result
def downloadResults(self, event, context): # This is a lambda function called from API GW # Event type will always be "api-gw" source_event = Event(event, context) data = source_event.parse() if data: target = Target(data.get('target')) if not target: self.logger.error("Target validation failed of: {}".format( target.name)) return Response({ "statusCode": 400, "body": json.dumps({'error': 'Target was not valid or missing'}) }).with_security_headers() results = Results(target.name, self.s3_client, self.bucket, self.base_results_path) # Always use the download route scan_results, status = results.download() if scan_results: return Response({ "statusCode": status, "headers": { "Content-Type": "application/gzip", "Content-Disposition": "attachment; filename={}.tgz".format(target.name) }, "body": base64.b64encode(scan_results.getvalue()).decode("utf-8"), "isBase64Encoded": True }).with_security_headers() else: if status == 404: resp_body = 'No results found for target' elif status == 500: resp_body = 'Unable to download scan results' else: resp_body = 'Unknown error' return Response({ "statusCode": status, "body": json.dumps({'error': resp_body}) }).with_security_headers() else: self.logger.error("Unrecognized payload: {}".format(data)) return Response({ "statusCode": 400, "body": json.dumps({'error': 'Unrecognized payload'}) }).with_security_headers()
def test_without_security_headers(self): original_response = { "statusCode": 200, "body": json.dumps({'foo': 'bar'}) } response = Response(original_response) assert type(Response(original_response)) == Response assert response.without_security_headers() == { 'body': '{"foo": "bar"}', 'statusCode': 200 }
def fn(req: Request, res: Response, next): if not req.path.startswith(public_path): return next() filepath = req.path[len(public_path) + 1:] realpath = os.path.join(os.getcwd(), 'public/static', filepath) if os.path.isfile(realpath): _, extname = os.path.splitext(filepath) res.headers['Content-type'] = mimetypes.types_map[extname] with open(realpath, 'rb') as f: res.body = f.read() else: res.headers['Content-type'] = 'text/html' res.body = '<h1>NOT FOUND</h1>'
def fn(req: Request, res: Response, next): # 如果在 cookie 中检查不到 cookie,就进行设置 if req.cookies.get(options['cookie_name'], None) is None: res.cookies.set(options['cookie_name'], csrf_token) # 简单请求不需要检查 csrf_token if req.method in simple_methods: return next() log(req.method, req.headers, options['header_name']) if req.headers.get(options['header_name'], None) != csrf_token: res.code = 403 res.body = '' else: next()
def test_with_security_headers(self): original_response = { "statusCode": 200, "body": json.dumps({'foo': 'bar'}) } new_headers_expectation = Response.SECURITY_HEADERS response = Response(original_response) assert type(Response(original_response)) == Response assert response.with_security_headers() == { 'body': '{"foo": "bar"}', 'headers': new_headers_expectation, 'statusCode': 200 }
def test_movie_insert(api): response = Response() request_data = { 'companys': ['카카오', '토스'], 'directors': ['김택윤', '이운기'], 'genreAlt': '테스트', 'movieCd': '2', 'movieNm': '포스트테스트', 'movieNmEn': 'POSTTEST', 'nationAlt': '테스트', 'openDt': '20200101', 'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편', } api_response = api.post( '/movies', data=json.dumps(request_data), content_type="application/json" ) assert api_response.status_code == 200 api_response = api.get( '/movies/2' ) payload = json.loads(api_response.data.decode('utf-8')) payload = {key: value for key, value in dict(payload).items()} assert api_response.status_code == 200 response_data = { 'companys': [{'id': 2, 'name': '카카오'}, {'id': 3, 'name': '토스'}], 'directors': [{'id': 2, 'name': '김택윤'}, {'id': 3, 'name': '이운기'}], 'genreAlt': '테스트', 'movieCd': '2', 'movieNm': '포스트테스트', 'movieNmEn': 'POSTTEST', 'nationAlt': '테스트', 'openDt': '20200101', 'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편' } assert payload == response(status='NORMAL', data=response_data, unit_test=True)
def _post_delete(self): """ 将指定的customer对象删除 """ # argument的校验与获取 self.parser.add_argument('customer_id', type=int, required=True) args = self.parser.parse_args() customer_id = args.get('customer_id') try: customer = Customer.query.filter_by(id=customer_id).first() Customer.delete(customer) except AttributeError: return Response.error('请求出错', 'custoemr_id无法定位到一个具体的customer对象') except Exception as e: return Response.error('请求出错', str(e)) return Response.success('删除成功')
def test_ping(api): response = Response() api_response = api.get('/ping') payload = json.loads(api_response.data.decode('utf-8')) assert api_response.status_code == 200 assert payload == response(status='NORMAL', data=payload['data'], unit_test=True)
def add(req: Request, res: Response): """ 用于增加新 todo 的路由函数 """ u = current_user(req) if u is None: return res.json({ 'code': 401, 'msg': 'Unauthorized', }) form = req.body t = Todo.add(form, u.id) res.json({ 'code': 0, 'msg': '添加 todo 成功', 'data': t.json(), })
def __call__(self, req: Request, res: Response, next): now = datetime.now() # try getting session from cookie if self.cookie_id in req.cookies: # TODO check expiration date user_id = req.cookies[self.cookie_id] self.user = self._get_user(user_id) result = next(req, res) if self.user: res.set_cookie(self.cookie_id, str(self.user.id), self.max_age) else: res.set_cookie(self.cookie_id, '', max_age=now.timestamp()) self.user = None return result
def decorate_function(*args, **kwargs): response = Response() if request.method in ['PUT', 'POST']: content_type = request.headers.get('Content-Type') if str(content_type) != 'application/json': return response(status='NOT_ACCEPTABLE', data='None') return f(*args, **kwargs)
def index(req: Request, res: Response): """ todo 首页的路由函数 """ try: user_id = int(req.query['userId']) except: return res.json({ 'code': 400, 'msg': '参数错误', }) todos = Todo.find_all(user_id=user_id) res.json({ 'code': 0, 'msg': '', 'data': [t.json() for t in todos], })
def _get_order_type(self): """ 完成产品类型维度的业绩统计 """ result = { 'order_type': '', # 产品类型 'start_date': '', # 业绩统计的起始日期 'end_date': '', # 业绩统计的结束日期 'achievements': dict() # 具体的业绩数据 } # argumengts self.parser.add_argument('order_type', type=int, required=True) # 产品类型 self.parser.add_argument('start_date', type=int, required=True) self.parser.add_argument('end_date', type=int, required=True) args = self.parser.parse_args() order_type = args.get('order_type') start_timestamp = args.get('start_date') end_timestamp = args.get('end_date') start_date = date.fromtimestamp(start_timestamp) end_date = date.fromtimestamp(end_timestamp) try: # 找出这段时间部门不同类型产品的业绩, 这里将部门和部门线数据拼称一个列表 achievements = Achievement.query.with_entities( func.array_append(Achievement.department_line, cast(Achievement.department_id, VARCHAR(50))).label('department_line'), func.sum(Achievement.order_money).label('sum_money'), func.sum(Achievement.order_price).label('sum_price')).filter( Achievement.order_type == order_type, Achievement.order_date.between( start_date, end_date)).group_by(Achievement.department_id, Achievement.department_line) # 构造result result['order_type'] = order_type result['start_date'] = start_date.strftime('%Y-%m-%d') result['end_date'] = end_date.strftime('%Y-%m-%d') for achievement in achievements: for department in achievement.department_line: if department not in result['achievements']: # 如果当前部门在数据中没有,则作为一条新数据添加进achievements中 achievement_json = { 'department': department, 'sum_money': achievement.sum_money, 'sum_price': achievement.sum_price, } result['achievements'][department] = achievement_json else: # 如果部门已经在achievements中了,直接累加 result['achievements'][department][ 'sum_money'] += achievement.sum_money result['achievements'][department][ 'sum_price'] += achievement.sum_price except Exception as e: return Response.error('请求出错', str(e)) return result
def route_passport_status(req: Request, res: Response): """ 登录页面的路由函数 """ user_current = current_user(req) if user_current: res.json({ 'code': 0, 'msg': 'success', 'data': { 'username': user_current.username, 'id': user_current.id, }, }) else: res.json({ 'code': 401, 'msg': 'Unauthorized', 'data': {}, })
def dispatch(self): cookie = Cookie.SimpleCookie(self.environ.get("HTTP_COOKIE","")) if 'authToken' in cookie: token = cookie["authToken"].value self.checkAuthByToken(token) if not self.loggedUser: self.checkAuth() path = os.path.join(os.path.dirname(__file__), "..", "templates", "login.html") htmlFile = open(path, "r") content = htmlFile.read() htmlFile.close() r = Response(content, encoder=None) r.setHeaders([ ('Content-type', "text/html") ]) return r
def signin(req:Request, res: Response): if sessionManager.user is None: user = User() user.id = 1 user.username = '******' user.password = '******' sessionManager.signin_user(user) res.status_code = 302 res.headers.add('Location', '/') return res
def route_register(req: Request, res: Response): if 'username' in req.body and 'password' in req.body: u, result = User.register( dict( username=req.body['username'], password=req.body['password'], )) if u is None: res.json({ 'code': 400, 'msg': result, 'data': {}, }) else: res.json({ 'code': 0, 'msg': '注册成功', 'data': { 'username': u.username, 'id': u.id, } }) else: res.json({ 'code': 400, 'msg': '缺乏参数 username 或 password', 'data': {}, })
def test_with_security_headers_preexisting_sec(self): original_headers = {'Content-Security-Policy': 'nope'} original_response = { "statusCode": 200, "body": json.dumps({'foo': 'bar'}), # We're adding to make sure it's not overwritten 'headers': original_headers } new_headers_expectation = {} new_headers_expectation.update(Response.SECURITY_HEADERS) new_headers_expectation['Content-Security-Policy'] = 'nope' response = Response(original_response) assert type(Response(original_response)) == Response assert response.with_security_headers() == { 'body': '{"foo": "bar"}', 'headers': new_headers_expectation, 'statusCode': 200 }
def _post_index(self): """ 请求Customer的列表数据 """ result = { 'total': 0, # 当前页面的customer数量 'page': 0, # 当面页码 'pages': 0, # 总页码 'customers': list() # 当前customer的数据 } # argument的获取与校验 self.parser.add_argument('page', type=int, default=1) self.parser.add_argument('per_page', type=int, default=20) args = self.parser.parse_args() page = args.get('page', 1) per_page = args.get('per_page', 20) # 如果page小于等于0,返回错误 if page <= 0: return Response(*CommonPrompt.INVALID_PAGE) # 获取customer数据 try: customers_page = Customer.query.order_by(Customer.id) \ .paginate(page=page, per_page=per_page) pages = customers_page.pages customers_data = customers_page.items customers_json = [ customer.to_json() for customer in customers_data ] # 构造result result['total'] = len(customers_json) result['page'] = page result['pages'] = pages result['customers'] = customers_json except Exception as e: return Response.error('请求出错', str(e)) return result
def _post_add(self): """ 新增一个customer对象 """ # argument的校验与获取 self.parser.add_argument('short_name', type=str, required=True) self.parser.add_argument('full_name', type=str, required=True) self.parser.add_argument('telephone', type=str, required=True) self.parser.add_argument('customer_type', type=int, required=True, choices=CustomerType.choices(), help='请传入正确的customer_type参数') args = self.parser.parse_args() short_name = args.get('short_name') full_name = args.get('full_name') telephone = args.get('telephone') customer_type = args.get('customer_type') if Customer.query.filter_by(short_name=short_name).first(): return Response.error('请求出错', f'{short_name}已经添加在customer列表中了') if Customer.query.filter_by(full_name=full_name).first(): return Response.error('请求出错', f'{full_name}已经添加在customer列表中了') if not Validator.validate_phone(telephone): return Response.error('请求出错', 'telephone不是一个有效的电话号码') try: customer = Customer(short_name=short_name, full_name=full_name, telephone=telephone, customer_type=customer_type) Customer.add(obj=customer) except Exception as e: return Response.error('请求出错', str(e)) return Response.success('添加成功')
def test_response_successful(self): resp = Response(SUCCESS, "OK") self.assertEquals(resp.is_success(), SUCCESS) self.assertEquals(resp.get_status(), SUCCESS) self.assertEquals(resp.get_content(), "OK")
def test_get_formatted_content_doublecolon(self): resp = Response(SUCCESS, "id:13~key:this:contains:double:colon") self.assertEquals(resp.get_formatted_content(), {'id':'13', 'key':'this:contains:double:colon'})
def test_get_formatted_content_empty(self): resp = Response(SUCCESS, "id:13~novaluekey") self.assertEquals(resp.get_formatted_content(), {'id':'13', 'novaluekey':''})
def test_get_formatted_content_success(self): resp = Response(SUCCESS, "id:13~result:success~ip:127.0.0.1") self.assertEquals(resp.get_formatted_content(), { 'id':'13', 'result':'success', 'ip':'127.0.0.1'})
def test_get_formatted_content_failure(self): resp = Response(FAILURE, "Any error test") self.assertEquals(resp.get_formatted_content(), {})
def test_response_failed(self): resp = Response(FAILURE, "Error here") self.assertEquals(resp.is_success(), FAILURE)