def create_shared_folder_pool(self, user_account, localpoolname):
errorMessage = ""
errorCode = 0
is_root = 0
pool_dbo = DboPool(self.application.sql_client)
# TOOD: here should begin trans. and able to rollback.
is_pass_check, poolid = pool_dbo.add(user_account, is_root)
if is_pass_check:
if poolid > 0:
#localpoolname = path
can_edit = 1
status = dbconst.POOL_STATUS_SHARED
pool_subscriber_dbo = DboPoolSubscriber(
self.application.sql_client)
is_pass_check = pool_subscriber_dbo.add(
user_account, poolid, localpoolname, can_edit, status)
if not is_pass_check:
errorMessage = "Add new pool_subscriber fail"
errorCode = 1032
else:
is_pass_check = False
errorMessage = "poolid is wrong"
errorCode = 1031
else:
errorMessage = "Add new pool fail"
errorCode = 1030
return is_pass_check, poolid, errorMessage, errorCode
def create_repo_pool(self, user_account):
errorMessage = ""
errorCode = 0
is_root = 1
pool_dbo = DboPool(self.application.sql_client)
if not pool_dbo is None:
# each time claim, reset old data.
pool_dbo.empty()
# TOOD: here should begin trans. and able to rollback.
is_pass_check, poolid = pool_dbo.add(user_account, is_root)
if is_pass_check:
if poolid > 0:
localpoolname = ""
can_edit = 1
status = dbconst.POOL_STATUS_OWNER
pool_subscriber_dbo = DboPoolSubscriber(
self.application.sql_client)
is_pass_check = pool_subscriber_dbo.add(
user_account, poolid, localpoolname, can_edit, status)
if not is_pass_check:
errorMessage = "Add new pool_subscriber fail"
errorCode = 1032
else:
is_pass_check = False
errorMessage = "poolid is wrong"
errorCode = 1031
else:
errorMessage = "Add new pool fail"
errorCode = 1030
if is_pass_check:
if poolid > 0:
user_home = u'%s/storagepool/%s' % (
options.storage_access_point, poolid)
self._mkdir_recursive(user_home)
from app.controller.meta_manager import MetaManager
user_dict = {'account': user_account, 'poolid': poolid}
metadata_manager = MetaManager(self.application.sql_client,
user_dict, "")
is_pass_check, query_result, errorMessage = metadata_manager.add_metadata(
is_dir=1)
#print "query_result", query_result
if not is_pass_check:
errorMessage = "add metadata in database fail"
errorCode = 1040
# set server claimed.
self.application.claimed = True
return is_pass_check, errorMessage, errorCode
def pool_owner(self, query_path=None):
if query_path is None:
query_path = self.full_path
#logging.info('query_path %s' % (query_path))
owner = self.account
if not self.poolid is None:
if len(query_path) > 1:
dbo_pool = DboPool(self.sys_sql_client)
pool_dict = dbo_pool.pk_query(self.poolid)
if not pool_dict is None:
owner = pool_dict['ownerid']
return owner
def get_not_conflict_poolname(self, account, path):
ret = False
new_path = path
pool_dbo = DboPool(self.application.sql_client)
current_user = {
'account': account,
'poolid': pool_dbo.get_root_pool(account)
}
metadata_manager = MetaManager(self.application.sql_client,
current_user, new_path)
if not metadata_manager.get_path() is None:
for i in range(100000):
new_path = "%s(%d)" % (path, i)
metadata_manager.init_with_path(current_user, new_path)
if metadata_manager.get_path() is None:
#bingo
ret = True
break
else:
#bingo
ret = True
return ret, new_path
def post(self):
self.set_header('Content-Type', 'application/json')
auth_dbo = self.db_account
repo_sharing_dbo = DboRepoSharing(self.application.sql_client)
errorMessage = ""
errorCode = 0
#logging.info('body:%s' % (self.request.body))
is_pass_check = True
if repo_sharing_dbo is None:
errorMessage = "database return null"
errorCode = 1001
is_pass_check = False
_body = None
if is_pass_check:
is_pass_check = False
try:
_body = json.loads(self.request.body)
is_pass_check = True
except Exception:
#raise BadRequestError('Wrong JSON', 3009)
errorMessage = "wrong json format"
errorCode = 1002
pass
share_code = None
request_id = None
password = ""
if is_pass_check:
is_pass_check = False
if _body:
try:
if 'share_code' in _body:
share_code = _body['share_code'][:16]
if 'request_id' in _body:
request_id = _body['request_id']
if 'password' in _body:
password = _body['password']
is_pass_check = True
except Exception:
errorMessage = "parse json fail"
errorCode = 1004
pass
if is_pass_check:
if share_code is None:
errorMessage = "share_code empty"
errorCode = 1010
is_pass_check = False
else:
if len(share_code) < 16:
errorMessage = "share_code malformat"
errorCode = 1010
is_pass_check = False
if request_id is None:
errorMessage = "request_id empty"
errorCode = 1012
is_pass_check = False
if is_pass_check:
if password is None:
password = ""
if is_pass_check:
# [TODO]: Password brute-force attack.
x_real_ip = self.request.headers.get("X-Real-IP")
remote_ip = self.request.remote_ip if not x_real_ip else x_real_ip
sharing_dict = None
if is_pass_check:
sharing_dict = repo_sharing_dbo.match(share_code, password)
if sharing_dict is None:
errorMessage = "Password not match"
errorCode = 1021
is_pass_check = False
ret_dict = {}
ret_dict['share_code'] = share_code
user_account = ""
user_password = ""
if is_pass_check:
# start check on public server.
is_pass_check = False
http_code, json_obj = self.call_repo_sharing_confirm_api(
share_code, request_id)
if http_code > 0:
if http_code == 200 and not json_obj is None:
#print "json:", json_obj
account_sn = json_obj.get('account_sn', '')
ret_dict['account_sn'] = account_sn
ret, user_account, user_password = auth_dbo.is_account_sn_exist(
account_sn)
if not ret:
# new user.
is_owner = 0
ret, user_account, user_password = auth_dbo.new_user(
is_owner, account_sn=account_sn)
#print "new user:"******"%s,%s" % (user_account,user_password)
is_pass_check = True
else:
errorMessage = "create new user fail"
errorCode = 1040
else:
# shared folder user.
is_pass_check = True
pass
ret_dict['account'] = user_account
ret_dict['password'] = user_password
if http_code >= 400 and http_code <= 403 and not json_obj is None:
# by pass the error message
is_pass_check = False
error_json = json_obj.get('error', None)
if not error_json is None:
errorMessage = error_json.get('message', '')
errorCode = error_json.get('code', 0)
else:
#print "server is not able be connected or cancel by user"
pass
if is_pass_check:
pool_dbo = DboPool(self.application.sql_client)
new_poolid = pool_dbo.get_root_pool(user_account)
if not new_poolid is None:
is_pass_check = False
errorMessage = "subscribed"
errorCode = 1050
if is_pass_check:
is_pass_check, errorMessage, errorCode = self.create_shared_repo_pool(
user_account)
if is_pass_check:
# clean_repo_sharing
is_pass_check = repo_sharing_dbo.pk_delete(share_code)
if not is_pass_check:
errorMessage = "Remove share_code fail"
errorCode = 1041
if is_pass_check:
# every thing is correct
self.write(ret_dict)
else:
self.set_status(400)
self.write(dict(error=dict(message=errorMessage, code=errorCode)))
def __init__(self, db_conn):
BaseTable.__init__(self, db_conn)
self.dbo_token = DboToken(db_conn)
self.dbo_pool = DboPool(db_conn)
self.dbo_pool_subcriber = DboPoolSubscriber(db_conn)
class DboAccount(BaseTable):
sql_return_fields = "account,password,title,is_owner,account_sn,security_answer_md5"
sql_table_name = "users"
sql_primary_key = "account"
sql_create_table = '''
CREATE TABLE IF NOT EXISTS `users` (
`account` TEXT NOT NULL PRIMARY KEY,
`password` TEXT NOT NULL,
`title` TEXT NULL,
`is_owner` INTEGER,
`account_sn` TEXT NULL,
`security_question` TEXT NULL,
`security_answer_md5` TEXT NULL,
`createdTime` DATETIME NULL
);
'''
sql_create_index = ['''
''']
dbo_token = None
dbo_pool = None
dbo_pool_subcriber = None
def __init__(self, db_conn):
BaseTable.__init__(self, db_conn)
self.dbo_token = DboToken(db_conn)
self.dbo_pool = DboPool(db_conn)
self.dbo_pool_subcriber = DboPoolSubscriber(db_conn)
# return:
# True: insert successfully.
# False: fail
def new_user(self, is_owner, account_sn=None):
account = utils.get_token()
while self.pk_exist(account):
account = utils.get_token()
password = utils.get_token()
ret = self.save(account, password, is_owner, account_sn=account_sn)
return ret, account, password
# return: is server owner
def is_owner(self, account):
sql = 'SELECT account FROM users WHERE account=? and is_owner=1'
cursor = self.conn.execute(sql, (account, ))
ret = False
for row in cursor:
ret = True
return ret
# return: is server owner
def is_account_sn_exist(self, account_sn):
account = None
password = None
sql = 'SELECT account,password FROM users WHERE account_sn=? LIMIT 1'
cursor = self.conn.execute(sql, (account_sn, ))
ret = False
for row in cursor:
ret = True
account = row[0]
password = row[1]
return ret, account, password
# return:
# True: insert successfully.
# False: fail
def save(self, account, password, is_owner, account_sn=None):
result = False
try:
# start to insert.
sql = "INSERT INTO users(account,password,is_owner,account_sn) VALUES (?,?,?,?)"
self.conn.execute(sql, (account, password, is_owner, account_sn))
self.conn.commit()
result = True
except Exception as error:
logging.error("sqlite error: %s", "{}".format(error))
#except sqlite3.IntegrityError:
#except sqlite3.OperationalError, msg:
#print("Error: {}".format(error))
#raise
pass
return result
# return:
# False: login fail.
# True: login successfully.
def login(self, account, password):
sql = 'SELECT account FROM users WHERE account=? and password=? LIMIT 1'
cursor = self.conn.execute(sql, (
account,
password,
))
ret = False
for row in cursor:
ret = True
return ret
# return:
# None: token not exist.
# account info dict: token valid.
def check_token(self, token_id):
ret = None
sql = 'SELECT account FROM token WHERE token=? LIMIT 1'
cursor = self.conn.execute(sql, (token_id, ))
for row in cursor:
ret = row[0]
return ret
def get_root_pool(self, account):
return self.dbo_pool.get_root_pool(account)
# return:
# 0: insert successfully.
# else: database error code.
def save_token(self, token_id, account, ip_address):
return self.dbo_token.add(token_id, account, ip_address)
# return:
# (is_cross_owner_pool, poolid)
def find_share_poolid(self, account, path):
return self.dbo_pool_subcriber.find_share_poolid(account, path)
# return:
# False: update fail.
# True: update successfully.
def account_sn_update(self, account, account_sn):
result = False
try:
sql = "UPDATE users set account_sn=? WHERE account=?;"
cursor = self.conn.execute(sql, (account_sn, account))
self.conn.commit()
result = True
except Exception as error:
#except sqlite3.IntegrityError:
#except sqlite3.OperationalError, msg:
#print("Error: {}".format(error))
logging.error("sqlite error: %s", "{}".format(error))
#logging.error("sql: %s", "{}".format(sql))
#raise
return result
# return:
# False: update fail.
# True: update successfully.
def security_update(self, account, security_question, security_answer):
result = False
try:
security_answer_md5 = misc.md5_hash(security_answer)
sql = "UPDATE users set security_question=?, security_answer_md5=? WHERE account=?;"
cursor = self.conn.execute(
sql, (security_question, security_answer_md5, account))
self.conn.commit()
result = True
except Exception as error:
#except sqlite3.IntegrityError:
#except sqlite3.OperationalError, msg:
#print("Error: {}".format(error))
logging.error("sqlite error: %s", "{}".format(error))
#logging.error("sql: %s", "{}".format(sql))
#raise
return result
# return:
# False: reset fail.
# True: reset successfully.
def reset_all_security_question(self):
result = False
try:
sql = "UPDATE users set security_question=null, security_answer_md5=null;"
#print "sql:",sql
cursor = self.conn.execute(sql)
self.conn.commit()
result = True
except Exception as error:
#except sqlite3.IntegrityError:
#except sqlite3.OperationalError, msg:
#print("Error: {}".format(error))
logging.error("sqlite error: %s", "{}".format(error))
#logging.error("sql: %s", "{}".format(sql))
#raise
return result