Exemplo n.º 1
0
def handler(request, context):
    # noinspection PyPep8Naming,PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        s3_resource = boto3.resource('s3', region_name=get('aws_region_name'))
        s3_client = boto3.client('s3', config=Config(signature_version='s3v4',
                                                     region_name=get('aws_region_name')))
        bucket_name = "media-%s" % get('aws_account_id')
        logger.info("before create bucket")
        s3_resource.create_bucket(ACL='private', Bucket=bucket_name)
        logger.info("before generate_presigned_url")
        key = str(uuid.uuid4())
        # Generate the URL to get 'key-name' from 'bucket-name'
        url = s3_client.generate_presigned_url(
            ClientMethod='get_object',
            Params={
                'Bucket': bucket_name,
                'Key': key
            },
            HttpMethod="put"
        )
        return {"url": url, "media_uuid": key}

    return handle_request(request, context, http_get=http_get)
Exemplo n.º 2
0
def handler(request, context):
    # noinspection PyPep8Naming,PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        apigateway_client = boto3.client('apigateway')
        content_type = "json"
        if request_params is not None:
            if "format" in request_params:
                content_type = request_params['format'].lower()
        rest_api_id = None
        response = apigateway_client.get_rest_apis(limit=500)
        # https://console.aws.amazon.com/apigateway/home?region=us-east-1#/apis
        for item in response['items']:
            if item['name'].lower() == "API".lower():
                rest_api_id = item['id']  # 'as2edhw8s7'
        logger.info("rest api id=%s" % rest_api_id)
        response = apigateway_client.get_export(restApiId=rest_api_id,
                                                stageName='v1',
                                                exportType='swagger',
                                                parameters={},
                                                accepts='application/%s' %
                                                content_type)
        # https://gist.github.com/pgolding/9083a6f3590067e3ffe694c947ef90a3
        swagger = response['body'].read().decode("utf-8")
        return swagger

    return handle_request(request, context, http_get=http_get)
Exemplo n.º 3
0
def handler(request, context):
    cognito_idp_client = boto3.client('cognito-idp')

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_post(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info('http_post username='******'username'])
        cognito_app_client_id = get_cognito_app_client_id(
            cognito_idp_client, cognito_user_pool_id=get('aws_user_pools_id'))

        # ##############################################################################################################
        # IF Cognito user pool was created by Amplify or Manually, it may not have an auth flow that works via python
        response = cognito_idp_client.describe_user_pool_client(
            UserPoolId=get('aws_user_pools_id'),
            ClientId=cognito_app_client_id)
        explicit_auth_flows = response['UserPoolClient']['ExplicitAuthFlows']
        explicit_auth_flows_count = len(explicit_auth_flows)
        if 'USER_PASSWORD_AUTH' not in explicit_auth_flows:
            explicit_auth_flows.extend('USER_PASSWORD_AUTH')
        if 'ADMIN_NO_SRP_AUTH' not in explicit_auth_flows:
            explicit_auth_flows.extend('ADMIN_NO_SRP_AUTH')

        if explicit_auth_flows_count != len(explicit_auth_flows):
            # add new auth flows to cognito user pool
            response = cognito_idp_client.update_user_pool_client(
                UserPoolId=get('aws_user_pools_id'),
                ClientId=cognito_app_client_id,
                ExplicitAuthFlows=['ADMIN_NO_SRP_AUTH', 'USER_PASSWORD_AUTH'])
        # ##############################################################################################################

        auth_response = cognito_idp_client.initiate_auth(
            ClientId=cognito_app_client_id,
            AuthFlow='USER_PASSWORD_AUTH',
            AuthParameters={
                'USERNAME': request_body['username'],
                'PASSWORD': request_body['password']
            })

        logger.info('Auth successful')
        if "ChallengeName" in auth_response and auth_response[
                "ChallengeName"] == "NEW_PASSWORD_REQUIRED":
            raise Exception("NEW_PASSWORD_REQUIRED")

        cognito_refresh_token = auth_response['AuthenticationResult'][
            'RefreshToken']

        logger.info('return result tokens')
        return {
            "user": {},
            "access_token":
            auth_response['AuthenticationResult']['AccessToken'],
            "refresh_token":
            auth_response['AuthenticationResult']['RefreshToken'],
            "id_token": auth_response['AuthenticationResult']['IdToken'],
            "token_type": auth_response['AuthenticationResult']['TokenType'],
            "expires_in": auth_response['AuthenticationResult']['ExpiresIn']
        }

    return handle_request(request, context, http_post=http_post)
Exemplo n.º 4
0
def handler(request, context):
    # noinspection PyPep8Naming,PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        from api.rdb.model.table_database_migration import DatabaseMigration
        with DatabaseMigration.atomic():
            database_migration = DatabaseMigration.select().limit(1)
            return {"health": 'OK'}

    return handle_request(request, context, http_get=http_get)
Exemplo n.º 5
0
def handler(request, context):
    cognito_idp_client = boto3.client('cognito-idp')

    # noinspection PyPep8Naming, PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        response = cognito_idp_client.list_users(
            UserPoolId=get('aws_user_pools_id'))
        return response['Users']

    return handle_request(request, context, http_get=http_get)
Exemplo n.º 6
0
def handler(request, context):
    sns_client = boto3.client('sns')

    # noinspection PyPep8Naming, PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        return get_sns_attributes(sns_client, request_params['username'])

    # https://bradmontgomery.net/blog/sending-sms-messages-amazon-sns-and-python/
    # phone  <-- number who'll receive an SMS message in e.I64 format. https://www.twilio.com/docs/glossary/what-e164
    # noinspection PyPep8Naming,PyUnusedLocal
    def http_put(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_put")
        username = request_body['username']
        phone_number = request_body['phone_number']
        # logger.info("username=%s" % username)
        try:
            topic_response = sns_client.create_topic(Name=username)
            subscribe_response = sns_client.subscribe(
                TopicArn=topic_response["TopicArn"],
                Protocol='sms',
                Endpoint=
                phone_number  # <-- number who'll receive an SMS message.
            )
            # HACK for race condition for when topic_arn returned is actually usable
            time.sleep(5)
            # noinspection PyProtectedMember
            return {'topic_arn': topic_response['TopicArn']}
        except Exception as ex:
            logger.warning(str(ex))
            raise ex

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_delete(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_delete")
        # noinspection PyUnresolvedReferences
        sns_client.delete_topic(TopicArn=request_params['topic_arn'])
        return {}

    return handle_request(request,
                          context,
                          http_get=http_get,
                          http_put=http_put,
                          http_delete=http_delete)
Exemplo n.º 7
0
def handler(request, context):
    # noinspection PyPep8Naming,PyUnusedLocal
    def http_put(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_put")
        sns_client = boto3.client('sns')

        topic_attributes = get_sns_attributes(sns_client,
                                              request_body['to_username'])
        topic_arn = topic_attributes['TopicArn']
        if "sns" in request_body and request_body["sns"]:
            logger.info("TopicArn=" + topic_arn)
            response = sns_client.publish(Message=request_body['message'],
                                          TopicArn=topic_arn)
            request_body['sns_message_id'] = response['MessageId']
            logger.info("Create SMS Message=" + request_body['sns_message_id'])
            # noinspection PyProtectedMember
            return {
                'message_id': response['MessageId'],
                'topic_arn': topic_arn
            }

    return handle_request(request, context, http_put=http_put)
Exemplo n.º 8
0
def handler(request, context):
    logger.info('entered:' + context.function_name)

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        s3_client = boto3.client('s3',
                                 config=Config(
                                     signature_version='s3v4',
                                     region_name=get('aws_region_name')))
        bucket_name = "media-%s" % get('aws_account_id')
        s3_client.create_bucket(ACL='private', Bucket=bucket_name)
        url = s3_client.generate_presigned_url(ClientMethod='get_object',
                                               Params={
                                                   'Bucket':
                                                   bucket_name,
                                                   'Key':
                                                   request_params['media_uuid']
                                               })
        logger.info(url)
        return {"url": url}

    return handle_request(request, context, http_get=http_get)
Exemplo n.º 9
0
def handler(request, context):
    from api.rdb.model.table_sample import Sample

    # noinspection PyPep8Naming, PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> list
        # Note request_params, request_body can have values of None
        logger.info("http_get")
        index_key_example = request_params['index_key_example']
        samples = []
        for sample in Sample.select().where(
                Sample.index_key_example == index_key_example):
            samples += [sample.__data__]
        return samples

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_put(request_params, request_body):
        # type: (dict, dict) -> dict
        # Note request_params, request_body can have values of None
        logger.info("http_put")
        with Sample.atomic():
            sample = Sample.create(**request_body)
            # noinspection PyProtectedMember
            return sample.__data__

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_post(request_params, request_body):
        # type: (dict, dict) -> dict
        # Note request_params, request_body can have values of None
        logger.info("http_post")
        # noinspection PyShadowingBuiltins
        id = request_body['id']
        # noinspection PyUnresolvedReferences
        sample = Sample.get(Sample.id == id)

        if "index_key_example" in request_body:
            sample.index_key_example = request_body["index_key_example"]
        if "integer_example" in request_body:
            sample.integer_example = request_body["integer_example"]
        if "datetime_example" in request_body:
            sample.datetime_example = request_body["datetime_example"]
        if "text_example" in request_body:
            sample.text_example = request_body["text_example"]
        if "decimal_example" in request_body:
            sample.decimal_example = request_body["decimal_example"]
        if "boolean_example" in request_body:
            sample.boolean_example = request_body["boolean_example"]
        # save updated fields
        with sample.atomic():
            sample.save()
        return sample.__data__

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_delete(request_params, request_body):
        # type: (dict, dict) -> dict
        # Note request_params, request_body can have values of None
        logger.info("http_delete")
        with Sample.atomic():
            # noinspection PyUnresolvedReferences
            Sample.delete().where(Sample.id == request_params["id"]).execute()
        return {}

    # noinspection PyPep8

    return handle_request(request,
                          context,
                          http_get=http_get,
                          http_put=http_put,
                          http_post=http_post,
                          http_delete=http_delete)
Exemplo n.º 10
0
def handler(request, context):
    # noinspection PyPep8Naming,PyUnusedLocal,PyProtectedMember
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        media_uuid = request_params['media_uuid']
        media = Media.get(Media.media_uuid == media_uuid)
        media.__data__['description'] = tsvectorfield2string(
            media.__data__['description'])
        return media.__data__

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_put(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_put")
        user_profile = User_profile.get(
            User_profile.username == request_body['username'])
        # noinspection PyUnresolvedReferences
        request_body['username'] = user_profile
        with Media.atomic():
            media, created = Media.get_or_create(
                media_uuid=request_body["media_uuid"], defaults=request_body)
            if created:
                logger.info("Media created")
            # noinspection PyProtectedMember
            return media.__data__

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_post(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_post")
        media_uuid = request_body['media_uuid']
        media = Media.get(Media.media_uuid == media_uuid)
        if "tags" in request_body:
            media.tags = request_body["tags"]
        if "likes" in request_body:
            media.likes = request_body["likes"]
        if "description" in request_body:
            media.description = request_body["description"]
        with media.atomic():
            media.save()
        return media.__data__

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_delete(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_delete")

        try:
            with Media.atomic():
                query = Media.delete().where(
                    Media.media_uuid == request_params["media_uuid"])
                response = query.execute()
        except Exception as ex:
            logger.error(str(ex))

        s3_client = boto3.client('s3',
                                 config=Config(
                                     signature_version='s3v4',
                                     region_name=get('aws_region_name')))
        bucket_name = "media-%s" % get('aws_account_id')
        s3_client.delete_object(Bucket=bucket_name,
                                Key=request_params["media_uuid"])
        return {}

    return handle_request(request,
                          context,
                          http_get=http_get,
                          http_put=http_put,
                          http_post=http_post,
                          http_delete=http_delete)
Exemplo n.º 11
0
def handler(request, context):
    global logger
    from api.rdb.model.table_user_blocked import User_blocked

    # noinspection PyPep8Naming, PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        cognito_idp_client = boto3.client('cognito-idp')
        recipient_user_profile = User_profile.get(
            User_profile.username == request_params['recipient_username'])
        blocked_user_profile = User_profile.get(
            User_profile.username == request_params['blocked_username'])

        try:
            # noinspection PyUnresolvedReferences
            result = User_blocked.get(
                User_blocked.recipient_username == recipient_user_profile.id,
                User_blocked.blocked_username == blocked_user_profile.id)
            # noinspection PyProtectedMember
            return {"blocked": True, "id": result.__data__['id']}
        except DoesNotExist as ex:
            return {"blocked": False}

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_put(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_put")
        cognito_idp_client = boto3.client('cognito-idp')
        recipient_user_profile = User_profile.get(
            User_profile.username == request_body['recipient_username'])
        blocked_user_profile = User_profile.get(
            User_profile.username == request_body['blocked_username'])
        defaults = request_body
        with User_blocked.atomic():
            defaults['recipient_username'] = recipient_user_profile
            defaults['blocked_username'] = blocked_user_profile
            # noinspection PyUnresolvedReferences
            user_blocked, created = User_blocked.get_or_create(
                recipient_username=recipient_user_profile.id,
                blocked_username=blocked_user_profile.id,
                defaults=defaults)
        if created:
            logger.info("Contact: %s blocked: %s" %
                        (recipient_user_profile, blocked_user_profile))
        data = user_blocked.__data__
        # noinspection PyProtectedMember
        return user_blocked.__data__

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_delete(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_delete")
        # noinspection PyUnresolvedReferences
        with User_blocked.atomic():
            # noinspection PyUnresolvedReferences
            User_blocked.delete().where(
                User_blocked.id == request_params["id"]).execute()
        return {}

    return handle_request(request,
                          context,
                          http_get=http_get,
                          http_put=http_put,
                          http_delete=http_delete)
Exemplo n.º 12
0
def handler(request, context):
    cognito_idp_client = boto3.client('cognito-idp')

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_put(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_put")
        # Don't Email when new user is provisioned in Cognito if is_test()
        message_action = 'SUPPRESS' if is_test() else 'RESEND'
        cognito_user = user_persist(cognito_idp_client,
                                    get('aws_user_pools_id'),
                                    request_body,
                                    True,
                                    ['EMAIL'],
                                    message_action)
        cognito_user = cognito_idp_client.admin_get_user(UserPoolId=get('aws_user_pools_id'),
                                                         Username=cognito_user['Username'])
        return remove_cruft(cognito_user)

    # noinspection PyPep8Naming,PyUnusedLocal,PyBroadException
    def http_delete(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_delete")
        if request_params and 'force' in request_params:
            logger.info(request_params['force'])
        # if test, delete the user
        # if production, de-activate
        logger.info("http_delete in %s mode" % 'test' if is_test() else 'production')
        # disable user in Cognito
        if is_test() or "force" in request_params:
            try:
                cognito_idp_client.admin_disable_user(UserPoolId=get('aws_user_pools_id'),
                                                      Username=request_params['username'])
                sleep(2)
            except cognito_idp_client.exceptions.UserNotFoundException as ex:
                return {}

        if is_test() or "force" in request_params:
            logger.info("Deleting user %s for real" % request_params['username'])
            cognito_idp_client.admin_delete_user(UserPoolId=get('aws_user_pools_id'),
                                                 Username=request_params['username'])
            logger.info("Deleted user from Cognito")
        return {}

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_get(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_get")
        cognito_user = cognito_idp_client.admin_get_user(UserPoolId=get('aws_user_pools_id'),
                                                         Username=request_params['username'])
        return remove_cruft(cognito_user)

    # noinspection PyPep8Naming,PyUnusedLocal
    def http_post(request_params, request_body):
        # type: (dict, dict) -> dict
        logger.info("http_post")
        cognito_user = cognito_idp_client.admin_get_user(UserPoolId=get('aws_user_pools_id'),
                                                         Username=request_body['username'])

        if "cognito_user_pool_app_client_id" in request_body:
            cognito_app_client_id = request_body['cognito_user_pool_app_client_id']
        else:
            cognito_app_client_id = get_cognito_app_client_id(cognito_idp_client,
                                                              cognito_user_pool_id=get('aws_user_pools_id'))

        # TODO: enable ADMIN_NO_SRP_AUTH and USER_PASSWORD_AUTH auth flows
        if 'newpassword' in request_body:
            # noinspection PyBroadException
            auth_response = cognito_idp_client.admin_initiate_auth(
                UserPoolId=get('aws_user_pools_id'),
                AuthFlow='ADMIN_NO_SRP_AUTH',
                AuthParameters={
                    'USERNAME': cognito_user['Username'],
                    'PASSWORD': request_body['password']
                },
                ClientId=cognito_app_client_id
            )
            # https://github.com/capless/warrant/issues/14
            tokens = cognito_idp_client.respond_to_auth_challenge(
                ClientId=cognito_app_client_id,
                ChallengeName='NEW_PASSWORD_REQUIRED',
                Session=auth_response['Session'],  # 'session_string_from_first_challenge_response',
                ChallengeResponses={
                    'NEW_PASSWORD': request_body['newpassword'],
                    'USERNAME': request_body['username']
                }
            )
            logger.info('newpassword successful, return result tokens')

        cognito_user = remove_cruft(cognito_user)
        return cognito_user

    return handle_request(request, context, http_get=http_get, http_put=http_put, http_delete=http_delete,
                          http_post=http_post)