def is_valid(email):
m = User.find_by_email(email)
if m is None:
return False
else:
expires_in = config_app().data['token_expires_after_seconds']
s = Serializer(config_app().data['secret_key'],
expires_in=expires_in)
token = s.dumps({'id': m.id})
return token.decode('ascii')
def before_request():
try:
secret = request.path.split('/')[2]
except:
return stop(412, 'The parameter secret is empty or missing')
model = model_default.get_by_secret(secret)
if model is not None:
if config_app().data['limit'].get(model.limit, None) is None:
return stop(501, 'The requested functionality is not supported')
if model is not None:
counter = model_default.get_usage(model)
if counter >= config_app().data['limit'][model.limit]:
return stop(429, 'The usage limit has been reached')
else:
return stop(401, 'The secret used is not authorized')
def update_usage(m):
if m is not None:
today = time.strftime(config_app().data['date_format'])
try:
log = json.loads(m.log)
if today in log:
log[today] += 1
else:
log[today] = 1
except:
log = {today: 1}
if log[today] - 1 < config_app().data['limit'][m.limit]:
if len(log) > config_app().data['database_log_backup_count']:
del log[log.keys()[-1]]
m.log = json.dumps(log)
db.session.commit()
def validate(email):
response = False
try:
http = urllib3.PoolManager()
params = {
'secret': config_app().data['service_email_validate_secret'],
'email': email
}
r = http.request('GET',
config_app().data['service_email_validate_baseurl'],
None, params)
payload = json.loads(r.data.decode('utf-8'))
if payload['valid'] is not None:
response = payload['valid']
except Exception as e:
_(500, str(e))
response = None
pass
return response
def get_usage(m):
counter = 0
try:
log = json.loads(m.log)
today = time.strftime(config_app().data['date_format'])
if today in log:
counter = log[today]
except:
pass
return counter
def default(*args, **kwargs):
try:
secret = request.headers.get('secret')
except:
return _(412,
'The parameter secret is empty or missing',
stop=True)
model = model_default.get_by_secret(secret)
if model is not None:
if config_app().data['limit'].get(model.limit, None) is None:
return _(501,
'The requested functionality is not supported',
stop=True)
if model is not None:
counter = model_default.get_usage(model)
if counter >= config_app().data['limit'][model.limit]:
return _(429, 'The usage limit has been reached', stop=True)
else:
return _(401, 'The secret used is not authorized', stop=True)
return f(*args, **kwargs)
def clean():
now = service_timestamp_get()
diff = now - config_app().data['ban_trap_range_millis'] / 1000
try:
Ban.query.filter(Ban.last_update_date < diff).delete()
db.session.commit()
db.session.close()
return True
except BaseException as e:
_(500, str(e))
return False
def default(secret):
response = {
'timezone': config_app().data['timezone'],
'posix': {
'timestamp': int(round(time.time())),
'millis': int(round(time.time() * 1000))
}
}
response = jsonify(response)
response.status_code = 200
return response
def get():
response = False
try:
http = urllib3.PoolManager()
r = http.request('GET', config_app().data['service_timer_baseurl'])
payload = json.loads(r.data.decode('utf-8'))
if payload['posix'] is not None:
response = int(payload['posix']['timestamp'])
except Exception as e:
_(500, str(e))
response = None
pass
return response
def grant(m):
if isinstance(m, Ban):
now = service_timestamp_get()
if (now - m.last_update_date
) > config_app().data['ban_timeout_millis'] / 1000:
m.is_banned = False
m.counter = 0
m.last_update_date = now
if m.last_update_date < (
now - config_app().data['ban_trap_range_millis'] / 1000):
m.counter = 0
m.last_update_date = now
else:
m.counter += 1
if m.counter > config_app(
).data['ban_trap_max_attempts_in_range']:
return False
if m.is_banned is True:
return False
db.session.commit()
db.session.close()
return True
def authenticate(email, password):
now = service_timestamp_get()
m = User.query.filter_by(email=email).first()
if not isinstance(m, User):
return None
if User.verify_password(password, m.password) is not True:
return False
if m.is_active == 0:
return False
if User.refresh_nonce(m.id) is not True:
return False
expires_in = config_app().data['token_expires_after_seconds']
s = Serializer(m.nonce, expires_in=expires_in)
token = s.dumps({'id': m.id})
expiration_time = now + expires_in
return {
'token': token.decode('ascii'),
'expiration_time': expiration_time
}
def ott_generate(email, token):
if model_token_banlist.is_banned(token) is True:
return False
attrs = User.verify_auth_token(email, token)
if attrs is False or attrs is None or attrs['email'] != email:
return False
now = service_timestamp_get()
m = User.query.filter_by(email=email).first()
if m is None:
return m
if m.is_active == 0:
return False
expires_in = config_app().data['ott_token_expires_after_seconds']
expiration_time = now + expires_in
s = Serializer(m.nonce, expires_in=expires_in)
new_token = s.dumps({'id': m.id})
return {
'token': new_token.decode('ascii'),
'expiration_time': expiration_time
}
def reset_password(token):
now = service_timestamp_get()
s = Serializer(config_app().data['secret_key'])
try:
data = s.loads(token)
except SignatureExpired:
return False
except BadSignature:
return False
m = db.session.query(User).get(data['id'])
if m is None:
return m
try:
model_history.add_by_user_id(m.id, 'password', m.password)
m.last_update_date = now
new_password = User.generate_password()
print('New password has been generated', new_password)
m.password = User.password_hash(new_password)
db.session.commit()
db.session.close()
return str(base64.b64encode(bytes(new_password, "utf-8")))[1:]
except BaseException as e:
_(500, str(e))
return False
def __init__(self):
response = Flask(
import_name=__name__,
instance_path=config_app().data['instance_path'],
instance_relative_config=config_app().data['instance_relative_config']
)
response.config['DEFAULT_TIMEZONE'] = config_app().data['timezone']
response.config['SECRET_KEY'] = config_app().data['secret_key']
response.config['TESTING'] = config_app().data['testing']
response.debug = config_app().data['debug']
response.config['SQLALCHEMY_BINDS'] = {
'sqlite': config_app().data['database_conn_sqlite'],
'mysql': config_app().data['database_conn_mysql']
}
response.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = config_app().data['sqlalchemy_track_modifications']
self.data = response
if config_app().data['enable_internal_log']:
from logging.handlers import RotatingFileHandler
import logging
handler = RotatingFileHandler(
config_app().data['internal_log_file_path'],
maxBytes=config_app().data['internal_log_max_bytes'],
backupCount=config_app().data['internal_log_backup_count']
)
logger = logging.getLogger(config_app().data['import_name'])
logger.setLevel(logging.ERROR)
logger.addHandler(handler)
###
# Increases the usage limit and
# enable cross-origin resource sharing.
###
@app.after_request
@increase_usage
def after_request(f):
if not hasattr(g, 'after_request_callbacks'):
g.after_request_callbacks = []
g.after_request_callbacks.append(f)
f.headers.add('Access-Control-Allow-Origin', '*')
f.headers.add('Access-Control-Allow-Headers', '*')
f.headers.add('Access-Control-Allow-Methods', '*')
return f
###
# Clean up banned tokens as scheduled job.
###
def transport():
model_token_banlist.clean()
model_ban.clean()
schedule = BackgroundScheduler(timezone=config_app().data['timezone'],
daemon=True)
schedule.add_job(transport,
'interval',
seconds=config_app().data['transport_interval_seconds'])
schedule.start()
# -*- coding: utf-8 -*-
from app import app
from flask import g, request, jsonify
import logging
from app.config.Config import Config as config_app
logger = logging.getLogger(config_app().data['import_name'])
from app.models.DefaultModel import Default as model_default
@app.before_request
def before_request():
try:
secret = request.path.split('/')[2]
except:
return stop(412, 'The parameter secret is empty or missing')
model = model_default.get_by_secret(secret)
if model is not None:
if config_app().data['limit'].get(model.limit, None) is None:
return stop(501, 'The requested functionality is not supported')
if model is not None:
counter = model_default.get_usage(model)
if counter >= config_app().data['limit'][model.limit]:
return stop(429, 'The usage limit has been reached')
else:
return stop(401, 'The secret used is not authorized')
@app.after_request
def after_request(f):
if not hasattr(g, 'after_request_callbacks'):
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cherrypy import wsgiserver
from app import app
from app.config.Config import Config as config_app
###
# The app runner.
###
if config_app().data['debug'] and config_app().data['testing']:
app.run(
config_app().data['ip'],
port=config_app().data['port']
)
###
# With the flags debug and testing on false
# the app is considered running in production mode and a different server is used.
###
else:
d = wsgiserver.WSGIPathInfoDispatcher({'/': app})
server = wsgiserver.CherryPyWSGIServer(
(config_app().data['ip'], config_app().data['port']), d)
server.start()
