def callback():
signature = request.headers['X-Line-Signature']
# get request body as text
body = request.get_data(as_text=True)
app.logger.info("Request body: " + body)
# parse webhook body
try:
events = parser.parse(body, signature)
except InvalidSignatureError:
abort(400)
# if event is MessageEvent and message is TextMessage, then echo text
for event in events:
if not isinstance(event, MessageEvent):
continue
if isinstance(event.message, TextMessage):
handle_TextMessage(event)
if isinstance(event.message, ImageMessage):
handle_ImageMessage(event)
if isinstance(event.message, VideoMessage):
handle_VideoMessage(event)
if isinstance(event.message, FileMessage):
handle_FileMessage(event)
if isinstance(event.message, StickerMessage):
handle_StickerMessage(event)
if not isinstance(event, MessageEvent):
continue
if not isinstance(event.message, TextMessage):
continue
return 'OK'
def authenticate_complete():
if not checkban(request.remote_addr):
abort(401)
if not Authenticator.query.all():
abort(401)
authenticators = []
user = User.query.filter_by(id=int(session.pop("lid"))).first()
for authenticator in Authenticator.query.filter_by(user=user.id):
authenticators.append(AttestedCredentialData(authenticator.credential))
data = cbor.decode(request.get_data())
credential_id = data["credentialId"]
client_data = ClientData(data["clientDataJSON"])
auth_data = AuthenticatorData(data["authenticatorData"])
signature = data["signature"]
server.authenticate_complete(
session.pop("state"),
authenticators,
credential_id,
client_data,
auth_data,
signature,
)
login_user(user)
user.sign_count = user.sign_count + 1
user.failed_logins = 0
user.last_failed = 0
user.last_login = int(time.time())
db.session.add(user)
db.session.commit()
unban(request.remote_addr)
return cbor.encode({"status": "OK"})
def callback():
""" Get X-Line-Signature header value """
global user_id, user_name, user_picture
signature = request.headers['X-Line-Signature']
# Get request body as text
body = request.get_data(as_text=True)
app.logger.info("Request body: " + body)
# Try to get user's id
try:
user_id = json.loads(body)["events"][0]["source"]["userId"]
except:
user_id = "-"
# Try to get user's name
try:
user_name = line_bot_api.get_profile(user_id).display_name
except:
user_name = "someone"
#try to get user's profile picture urls
try:
user_picture = line_bot_api.get_profile(user_id).picture_url
except:
user_picture = 'https://image.prntscr.com/image/t2BFLWxiRf2OJq_G4kKKtw.png'
# handle webhook body
try:
handler.handle(body, signature)
except LineBotApiError as e:
print("Got exception from LINE Messaging API: %s\n" % e.message)
for m in e.error.details:
print(" %s: %s" % (m.property, m.message))
print("\n")
except InvalidSignatureError:
abort(400)
return 'OK'
def http_request(self, request):
data = request.get_data()
if data is not None and type(data) != str:
v_files = []
v_vars = []
try:
for(key, value) in list(data.items()):
if type(value) == io.BufferedReader:
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
systype, value, traceback = sys.exc_info()
#raise TypeError("not a valid non-string sequence or mapping object %d" % traceback)
logger.debug("not a valid non-string sequence or mapping object : %s" % traceback)
if len(v_files) == 0:
data = urllib.parse.urlencode(v_vars, self.doseq).encode()
else:
boundary, data = self.multipart_encode(v_vars, v_files)
contenttype = 'multipart/form-data; boundary=%s' % boundary
request.add_unredirected_header('Content-Type', contenttype)
request.add_data(data)
return request
def query():
# no idea why request.data doesn't work, datatype seems correct?
# print(request.data)
# in any case, get the raw bytes and convert to utf-8
data = request.get_data()
args = data.decode("utf-8").split(",")
# todo
# return actual errors
new_query = False
search_arg = None
if len(args) != 2:
print("malformed arguments")
return "error"
else:
if args[1] == "true":
new_query = True
elif args[1] == "false":
new_query = False
else:
print("malformed arguments")
return "error"
search_arg = args[0]
if search_arg == None or search_arg == "":
print("malformed arguments")
return "error"
return search(search_arg)
def http_request(self, request):
data = request.get_data()
if data is not None and type(data) != str:
v_files = []
v_vars = []
try:
for (key, value) in list(data.items()):
if hasattr(value, 'read'):
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
raise TypeError
if len(v_files) == 0:
data = urllib.parse.urlencode(v_vars, doseq)
else:
boundary, data = self.multipart_encode(v_vars, v_files)
contenttype = 'multipart/form-data; boundary=%s' % boundary
if (request.has_header('Content-Type') and request.get_header(
'Content-Type').find('multipart/form-data') != 0):
six.print_("Replacing %s with %s" %
(request.get_header('content-type'),
'multipart/form-data'))
request.add_unredirected_header('Content-Type', contenttype)
request.add_data(data)
return request
def http_request(self, request):
data = request.get_data()
if data is not None and type(data) != str:
v_files = []
v_vars = []
try:
for(key, value) in list(data.items()):
if hasattr(value, 'read'):
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
raise TypeError
if len(v_files) == 0:
data = urllib.parse.urlencode(v_vars, doseq)
else:
boundary, data = self.multipart_encode(v_vars, v_files)
contenttype = 'multipart/form-data; boundary=%s' % boundary
if (
request.has_header('Content-Type') and
request.get_header('Content-Type').find(
'multipart/form-data') != 0
):
six.print_(
"Replacing %s with %s" % (
request.get_header('content-type'),
'multipart/form-data'
)
)
request.add_unredirected_header('Content-Type', contenttype)
request.add_data(data)
return request
def http_request(self, request):
data = request.get_data()
if data is not None and type(data) != str:
v_files = []
v_vars = []
try:
for (key, value) in list(data.items()):
if type(value) == io.BufferedReader:
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
systype, value, traceback = sys.exc_info()
# raise TypeError("not a valid non-string sequence or mapping object %d" % traceback)
logger.debug("not a valid non-string sequence or mapping object : %s" % traceback)
if len(v_files) == 0:
data = urllib.parse.urlencode(v_vars, self.doseq).encode()
else:
boundary, data = self.multipart_encode(v_vars, v_files)
contenttype = "multipart/form-data; boundary=%s" % boundary
request.add_unredirected_header("Content-Type", contenttype)
request.add_data(data)
return request
def http_request(self, request):
data = request.get_data()
if isinstance(data, dict):
v_files = []
v_vars = []
try:
for(key, value) in list(data.items()):
if isinstance(value, file) or hasattr(value, "file") or isinstance(value, io.StringIO):
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
systype, value, traceback = sys.exc_info()
raise SqlmapDataException("not a valid non-string sequence or mapping object").with_traceback(traceback)
if len(v_files) == 0:
data = urllib.parse.urlencode(v_vars, doseq)
else:
boundary, data = self.multipart_encode(v_vars, v_files)
contenttype = "multipart/form-data; boundary=%s" % boundary
#if (request.has_header("Content-Type") and request.get_header("Content-Type").find("multipart/form-data") != 0):
# print "Replacing %s with %s" % (request.get_header("content-type"), "multipart/form-data")
request.add_unredirected_header("Content-Type", contenttype)
request.add_data(data)
return request
def _open(self, method, path, headers=None, data=None):
"""Perform an HTTP request.
Args:
method: The HTTP method (GET, PUT, POST, DELETE).
path: The HTTP path to retrieve.
headers: A dictionary of HTTP headers to add.
data: The data to send as the body of the request.
Returns:
A Response object.
"""
url = urllib.parse.urljoin(self.site, path)
self.log.info('%s %s', method, url)
request = self._request(url)
request.set_method(method)
if headers:
for key, value in headers.items():
request.add_header(key, value)
if self.auth:
# Insert basic authentication header
request.add_header('Authorization', 'Basic {}'.format(self.auth.decode()))
if request.headers:
header_string = '\n'.join([':'.join((k, v)) for k, v in
request.headers.items()])
self.log.debug('request-headers:%s', header_string)
if data:
request.add_header('Content-Type', self.format.mime_type)
request.add_data(data)
self.log.debug('request-body:%s', request.get_data())
elif method in ['POST', 'PUT']:
# Some web servers need a content length on all POST/PUT operations
request.add_header('Content-Type', self.format.mime_type)
request.add_header('Content-Length', '0')
if self.timeout and not _urllib_has_timeout():
# Hack around lack of timeout option in python < 2.6
old_timeout = socket.getdefaulttimeout()
socket.setdefaulttimeout(self.timeout)
try:
http_response = None
try:
http_response = self._handle_error(self._urlopen(request))
except urllib.error.HTTPError as err:
http_response = self._handle_error(err)
except urllib.error.URLError as err:
raise Error(err, url)
response = Response.from_httpresponse(http_response)
self.log.debug('Response(code=%d, headers=%s, msg="%s")',
response.code, response.headers, response.msg)
finally:
if http_response:
http_response.close()
if self.timeout and not _urllib_has_timeout():
socket.setdefaulttimeout(old_timeout)
self.log.info('--> %d %s %db', response.code, response.msg,
len(response.body))
return response
def act_user_search():
para = request.get_data().decode()
ddict = json.loads(para)
pdict = json.loads(para)
tmppage = int(pdict['cur'])
if tmppage > 0:
tmppage -= 1
pdict['cur'] = tmppage
obj = DAO.search(pdict)
obj['cur'] = ddict['cur']
return json.dumps(obj)
def http_request(self, request):
try:
data = request.get_data()
except AttributeError:
data = request.data
if data is not None and type(data) != str:
data = urllib.parse.urlencode(data, doseq).encode("utf-8")
try:
request.add_data(data)
except AttributeError:
request.data = data
return request
def register_complete():
data = cbor.decode(request.get_data())
client_data = ClientData(data["clientDataJSON"])
att_obj = AttestationObject(data["attestationObject"])
auth_data = server.register_complete(session["state"], client_data,
att_obj)
authenticator = Authenticator(credential=auth_data.credential_data,
user=int(session['user_id']),
name=session['token_name'])
db.session.add(authenticator)
db.session.commit()
return cbor.encode({"status": "OK"})
def downloadFile():
if request.method == 'POST':
data = request.get_data()
data = json.loads(data.decode('utf-8'))
query = 'select * from UploadFile where File="' + str(
data['File']) + '"'
conn = Connection()
cursor = conn.cursor()
cursor.execute(query)
data1 = cursor.fetchone()
os.open(data1['path'], os.O_RDWR | os.O_CREAT)
return data1['path']
def callback():
# get X-Line-Signature header value
signature = request.headers["X-Line-Signature"]
# get request body as text
body = request.get_data(as_text=True)
# handle webhook body
try:
handler.handle(body, signature)
except InvalidSignatureError:
abort(400)
return "OK"
def run_jiankong():
json_data = json.loads(request.get_data())
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
for i in json_data:
ip = i
name = json_data[i]['name']
password = json_data[i]['password']
port = int(json_data[i]['port'])
ssh.connect(ip, port, name, password)
stdin, stdout, stderr = ssh.exec_command('我的命令')
ssh.close()
return jsonify(statu='run_success')
def api_call(version, endpoint_path):
"""Call an API endpoint directly over HTTP."""
# Check whether given version is valid
if version not in API_VERSIONS:
return jsonify(error='API version not found'), 404
# Get path and parameters
(path, path_parameters) = path_parser.parse(version, endpoint_path)
query_parameters = request.args.to_dict()
for param in query_parameters:
try:
query_parameters[param] = int(query_parameters[param])
except:
pass
try:
body_parameters = json.loads(request.get_data())
except:
body_parameters = {}
# Create and call request
(req, response) = _process_message({
'id':
0,
'method':
request.method,
'parameters': {
'body': body_parameters,
'path': path_parameters,
'query': query_parameters
},
'path':
path,
'token':
request.headers.get('auth-token')
})
print(
f'HTTP:\t{req.method} to `/{req.path}` resulted in {response.status["code"]}: {response.status["description"]}'
)
sys.stdout.flush()
flask_response = jsonify(json.loads(response.to_JSON()))
flask_response.status_code = response.status['code']
return flask_response
def callback():
print("callback start")
signature = request.headers['X-Line-Signature']
body = request.get_data(as_text=True)
app.logger.info("Request body: " + body)
try:
handler.handle(body, signature)
except InvalidSignatureError as e:
print("InvalidSignatureError message:{0}".format(e.message))
abort(400)
except LineBotApiError as e:
print("LineBotApiError message:{0}".format(e.message))
abort(400)
resp = jsonify(success=True)
return resp
def order_add():
if request.method=='POST':
data = request.get_data()
data = json.loads(data.decode("utf-8"))
addrID = data.get('addrID')
Merchsum = data.get('orderPrice')
Info = data.get('orderInfo')
rsp=model.order_add(addrID,Merchsum,Info)
res={
"err":1,"desc":"内部错误"
}
if rsp == 0:
res["err"]=0
res["desc"] = "订单添加成功"
return jsonify(res)
def apply():
ip = request.remote_addr
# token = request.values.get("token", "")
# session_id = request.values.get("session_id", "")
# sig = request.values.get("sig", "")
# address = request.values.get("address", "")
data = request.get_data()
try:
json_dict = json.loads(data)
except Exception as e:
logger.error(e)
return jsonify({"err_code": "400", "err_msg": "bad request"})
token = json_dict.get("token", "")
session_id = json_dict.get("session_id", "")
sig = json_dict.get("sig", "")
address = json_dict.get("address", "")
scene = json_dict.get("scene", "")
logger.info("apply address: %s", address)
if address.strip() == "":
return jsonify({"err_code": "401", "err_msg": "address is empty"})
if verify(token, session_id, sig, ip, scene):
tx = send(address)
if tx == '-1':
return jsonify({"err_code": "403", "err_msg": "invalid address"})
if tx == '-2':
return jsonify({
"err_code":
"404",
"err_msg":
"server exception, please try again later"
})
if tx != '':
return jsonify({"data": tx})
else:
return jsonify({
"err_code":
"404",
"err_msg":
"server exception, please try again later"
})
return jsonify({"err_code": "402", "err_msg": "verify error"})
def callback():
# get X-Line-Signature header value
signature = request.headers['X-Line-Signature']
# get request body as text
body = request.get_data(as_text=True)
app.logger.info("Request body: " + body)
# handle webhook body
try:
handler.handle(body, signature)
except LineBotApiError as e:
print("Got exception from LINE Messaging API: %s\n" % e.message)
for m in e.error.details:
print(" %s: %s" % (m.property, m.message))
print("\n")
except InvalidSignatureError:
abort(400)
return 'OK'
def http_request(self, request):
data = request.get_data()
def isfiledata(p_str):
import re
r_c = re.compile("^f'(.*)'$")
rert = r_c.search(str(p_str))
#rert = re.search("^f'(.*)'$", p_str)
if rert:
return rert.group(1)
else:
return None
if data is not None and type(data) != str:
v_files = []
v_vars = []
try:
for(key, value) in list(data.items()):
if isfiledata(value): # type(value) == file:
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
systype, value, traceback = sys.exc_info()
raise TypeError("not a valid non-string sequence or mapping object").with_traceback(traceback)
if len(v_files) == 0:
data = urllib.parse.urlencode(v_vars, doseq)
else:
boundary, data = self.multipart_encode(v_vars, v_files)
contenttype = 'multipart/form-data; boundary=%s' % boundary
if(request.has_header('Content-Type')
and request.get_header('Content-Type').find('multipart/form-data') != 0):
print("Replacing %s with %s" % (request.get_header('content-type'), 'multipart/form-data'))
request.add_unredirected_header('Content-Type', contenttype)
request.add_data(data)
return request
def do_request_(self, request):
host = request.get_host()
if not host:
raise URLError('no host given')
if request.has_data(): # POST
data = request.get_data()
if not request.has_header('Content-type'):
request.add_unredirected_header(
'Content-type',
'application/x-www-form-urlencoded')
scheme, sel = urllib.parse.splittype(request.get_selector())
sel_host, sel_path = urllib.parse.splithost(sel)
if not request.has_header('Host'):
request.add_unredirected_header('Host', sel_host or host)
for name, value in self.parent.addheaders:
name = name.capitalize()
if not request.has_header(name):
request.add_unredirected_header(name, value)
return request
def __write_capture(self, request, response):
ohandle = io.StringIO()
response_body = b''
saved_exception = None
try:
ohandle.write('<capture>\n')
ohandle.write('<request>\n')
method = request.get_method()
url = request.get_full_url()
parsed = urlparse.urlsplit(url)
relative_url = parsed.path
if parsed.query:
relative_url += '?' + parsed.query
if parsed.fragment:
# TODO: will this ever happen?
relative_url += '#' + parsed.fragment
host = None
request_body = None
if hasattr(request, 'get_host'):
host = request.get_host()
# support 3.3
if request.has_data():
request_body = request.get_data()
else:
host = request.host
request_body = request.data
ohandle.write('<method>%s</method>\n' % escape(method))
ohandle.write('<url>%s</url>\n' % escape(url))
ohandle.write('<host>%s</host>\n' % escape(host))
try:
# ghetto
addr = response.fp.raw._sock.getpeername()
if addr:
ohandle.write('<hostip>%s</hostip>\n' % escape(addr[0]))
except Exception as error:
pass
ohandle.write('<datetime>%s</datetime>\n' % escape(time.asctime(time.gmtime())+' GMT')) # TODO: can we calculate request time and elapsed?
request_headers = '%s %s HTTP/1.1\r\n' % (method, relative_url) # TODO: is there access to the HTTP version?
for item in request.header_items():
request_headers += item[0] + ': ' + '\r\n\t'.join(item[1:]) + '\r\n'
if self.re_nonprintable_str.search(request_headers):
ohandle.write('<headers encoding="base64">%s</headers>\n' % base64.b64encode(request_headers.encode('utf-8')).decode('ascii'))
else:
ohandle.write('<headers>%s</headers>\n' % escape(request_headers))
if request_body is not None:
if self.re_nonprintable.search(request_body):
ohandle.write('<body encoding="base64">%s</body>\n' % base64.b64encode(request_body).decode('ascii'))
else:
ohandle.write('<body>%s</body>\n' % escape(request_body.decode('ascii')))
ohandle.write('</request>\n')
ohandle.write('<response>\n')
status = int(response.getcode())
ohandle.write('<status>%d</status>\n' % status)
headers = response.info()
if 'HEAD' == method or status < 200 or status in (204, 304,):
response_body = b''
else:
try:
response_body = response.read()
except urllib2.IncompleteRead as e:
saved_exception = e
response_headers = 'HTTP/1.1 %d %s\r\n' % (status, response.msg) # TODO: is there access to the HTTP version?
response_headers += headers.as_string()
content_type = headers.get('Content-Type')
content_length = headers.get('Content-Length')
if content_type:
ohandle.write('<content_type>%s</content_type>\n' % escape(content_type))
if content_length:
ohandle.write('<content_length>%d</content_length>\n' % int(content_length))
if self.re_nonprintable_str.search(response_headers):
ohandle.write('<headers encoding="base64">%s</headers>\n' % base64.b64encode(response_headers.encode('utf-8')).decode('ascii'))
else:
ohandle.write('<headers>%s</headers>\n' % escape(response_headers))
if response_body:
if self.re_nonprintable.search(response_body):
ohandle.write('<body encoding="base64">%s</body>\n' % base64.b64encode(response_body).decode('ascii'))
else:
ohandle.write('<body>%s</body>\n' % escape(response_body.decode('ascii')))
ohandle.write('</response>\n')
ohandle.write('</capture>\n')
self.ofhandle.write(ohandle.getvalue().encode('utf-8'))
ohandle.close()
self.write_count += 1
if 0 == (self.write_count % self.cut_count):
self.close()
self.open_file()
except Exception as e:
sys.stderr.write('*** unhandled error in RaftCaptureProcessor: %s\n' % (e))
if saved_exception:
raise(saved_exception)
return response_body
