def notification(request): """ View to receive notifications from google about order status """ data = request.POST log.debug(data) # check the given merchant id log.debug("Google Checkout Notification") response = auth.do_auth(request) if response: return response # ok its authed, get the type and serial type = data['_type'] serial_number = data['serial-number'].strip() log.debug("type: %s" % type) log.debug("serial-number: %s" % serial_number) # check type if type == 'new-order-notification': notifications.notify_neworder(request, data) elif type == 'order-state-change-notification': notifications.notify_statechanged(request, data) elif type == 'charge-amount-notification': notifications.notify_chargeamount(request, data) # return ack so google knows we handled the message ack = '<notification-acknowledgment xmlns="http://checkout.google.com/schema/2" serial-number="%s"/>' % serial_number response = http.HttpResponse(content=ack, content_type="text/xml; charset=UTF-8") log.debug(response) return response
def do_auth(path,conn,params): try: if len(path) == len(config["auth_spec_path"]):#do auth with md5. if params["method"] == "auth": if not ("id" in params and "user" in params and "md5" in params): conn.send(res_bad_request) return id_str = params["id"] user_name = params["user"] sum_md5 = params["md5"] if len(id_str) != 32 * 2 or user_name == "" or sum_md5 == "": conn.send(res_bad_request) return res_msg = "" if auth.do_auth(id_str,user_name,sum_md5): res_msg = "ok" auth.add_id(id_str) conn.send(res_text_ok_cookie.format(len(res_msg),res_msg,id_str)) else: res_msg = "fail" conn.send(res_text_ok.format(len(res_msg),res_msg)) elif params["method"] == "login":#generate a auth id. code = auth.gen_code() conn.send(res_text_ok.format(len(code),code)) else: lpath = config["auth"] + path[len(config["auth_spec_path"]):] send_file(lpath,path,conn) except Exception , e: log.debug("do_auth:" + str(e)) conn.send(res_bad_request)
def do_auth(path, conn, params): try: if len(path) == len(config["auth_spec_path"]): #do auth with md5. if params["method"] == "auth": if not ("id" in params and "user" in params and "md5" in params): conn.send(res_bad_request) return id_str = params["id"] user_name = params["user"] sum_md5 = params["md5"] if len(id_str) != 32 * 2 or user_name == "" or sum_md5 == "": conn.send(res_bad_request) return res_msg = "" if auth.do_auth(id_str, user_name, sum_md5): res_msg = "ok" auth.add_id(id_str) conn.send( res_text_ok_cookie.format(len(res_msg), res_msg, id_str)) else: res_msg = "fail" conn.send(res_text_ok.format(len(res_msg), res_msg)) elif params["method"] == "login": #generate a auth id. code = auth.gen_code() conn.send(res_text_ok.format(len(code), code)) else: lpath = config["auth"] + path[len(config["auth_spec_path"]):] send_file(lpath, path, conn) except Exception, e: log.debug("do_auth:" + str(e)) conn.send(res_bad_request)
def do_GET(self, serv): qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: serv.send_error(401) return if "path" in qs: fileid = resolve_path(qs["path"][0]) else: fileid = publicid_to_fileid(qs["id"][0])[1] if fileid == None: serv.send_error(400) if fileid == None: serv.send_error(400) f = fetch_file(fileid) if f == None: serv.send_error(400) return if f["userid"] != userid: serv.send_error(401) return f2 = {} for k in f: if k in file_restricted_fields: continue if k == "fileid": f2["id"] = fileid_to_publicid(fileid, userid) continue if k == "other_meta" and f[k] != "" and f[k] != None: try: meta = json.loads(f[k]) except ValueError: meta = {} for k2 in meta: f2[k2] = estr(meta[k2]) continue f2[k] = estr(f[k]) f2["is_dir"] = f2["mimeType"] == FOLDER_MIME body = json.dumps(f2) body = bstr(body) serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: serv.send_error(401) return if "path" in qs: fileid = resolve_path(qs["path"][0]) else: fileid = publicid_to_fileid(qs["id"][0])[1] if fileid == None: serv.send_error(404) return alog("fetching file %s" % fileid); f = fetch_file(fileid) if f == None: serv.send_error(400) return if is_folder(f): serv.send_error(401) return if f["userid"] != userid: serv.send_error(401) return try: file = open(f["diskpath"], "rb") except OSError: serv.send_error(404) return body = file.read() file.close() serv.gen_headers("GET", len(body), "application/octet-stream") serv.send_header("Content-Disposition", "attachment; filename=\"%s\"" % f["name"]) #Content-Disposition: attachment; filename=FILENAME serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: serv.send_error(401) return if "path" in qs: path = qs["path"][0] else: path = publicid_to_fileid(qs["id"][0]) if path == None: serv.send_error(404) return alog("fetching file %s" % path); f = File(path, userid) if f == None: serv.send_error(400) return if is_folder(f): serv.send_error(401) return print("diskpath:", f.diskpath) try: file = open(f.diskpath, "rb") except OSError: serv.send_error(404) return body = file.read() file.close() serv.gen_headers("GET", len(body), "application/octet-stream") serv.send_header("Content-Disposition", "attachment; filename=\"%s\"" % f.name) #Content-Disposition: attachment; filename=FILENAME serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "name" not in qs or "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return if ".." in qs["name"][0]: serv.send_error(403) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: serv.send_error(401) return if "id" in qs: folderid = publicid_to_fileid(qs["id"][0]) else: folderid = qs["path"][0] if folderid == None: serv.send_error(400) return path = local_to_real(folderid + "/" + qs["name"][0]) print("PATH", path, exists(path)) #see if folder (or a file) already exists if exists(path): serv.send_error(400) return os.makedirs(path) body = json.dumps({"success": True}) body = bstr(body) serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_PUT(self, serv): alog("fileapi access" + serv.path) qs = get_qs(serv.path) if "accessToken" not in qs or "uploadToken" not in qs: elog("fileapi: invalid tokens") serv.send_error(400) return tok = qs["accessToken"][0] utoken = qs["uploadToken"][0] userid = do_auth(tok) if userid == None: elog("invalid authorization") serv.send_error(401) return status = UploadStatus(utoken) if status.invalid: elog("invalid upload token ", utoken) serv.send_error(401) return if "Content-Range" not in serv.headers: elog("missing header " + json.dumps(serv.headers)) serv.send_error(400) return r = serv.headers["Content-Range"].strip() if not r.startswith("bytes"): elog("malformed request 1") serv.send_error(400) return r = r[len("bytes"):].strip() r = r.split("/") if r == None or len(r) != 2: elog("malformed request 2") serv.send_error(400) return try: max_size = int(r[1]) except ValueError: elog("malformed request 3") serv.send_error(400) return r = r[0].split("-") if r == None or len(r) != 2: elog("malformed request 4") serv.send_error(400) return try: r = [int(r[0]), int(r[1])] except ValueError: elog("malformed request 4") serv.send_error(400) return if r[0] < 0 or r[1] < 0 or r[0] >= max_size or r[1] >= max_size \ or r[0] > r[1]: elog("malformed request 5") serv.send_error(400) return if status.size == -1: status.size = max_size buflen = r[1]-r[0]+1 buf = serv.rfile.read(buflen) if len(buf) != buflen: elog("malformed request 6") serv.send_error(400) return """ if not status.file_init: status.file = open(status.realpath, "wb") csize = 1024*1024*1024 ilen = math.ceil(max_size/csize); zerobuf = b""*csize; for i in range(ilen): if i == ilen-1: c = b""*(max_size%(csize+1)) else: c = zerobuf; status.file.write(c) status.file.flush() status.file.close() #""" if r[0] == 0: mode = "wb" else: mode = "ab" status.file = open(status.realpath, mode); status.file.seek(r[0]); status.file.write(buf); status.file.flush() status.file.close() status.commit() body = json.dumps({"success" : True}); body = bstr(body) serv.gen_headers("PUT", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): elog("fileapi access" + serv.path) qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: elog("Need user id") serv.send_error(401) return path = qs["path"][0] if "id" in qs: fileid = qs["id"][0] else: fileid = resolve_path(path) if fileid == None: elog("creating new file") cs = os.path.split(path) folderid = resolve_path(cs[0]) if folderid == None: elog("invalid folder " + cs[0]) serv.send_error(401); return if len(cs) == 1 or cs[1] == "": fname = cs[0] else: fname = cs[1] mime = "application/octet-stream" fileid = create_file(userid, fname, mime, folderid) meta = fetch_file(fileid); else: meta = fetch_file(fileid); if meta == None: elog("Invalid file id") serv.send_error(400) return print("\n\nFILE", meta, "\n\n") if is_folder(meta): elog("target file is a folder" + meta["name"]) serv.send_error(401) return utoken = gen_token("U", userid); ustatus = UploadStatus() ustatus.create(utoken, path, userid, fileid, meta["parentid"]) ustatus.commit() f = open(ustatus.realpath, "w"); f.close(); realpath = ustatus.realpath cur, con = mysql_connect() try: qstr = sql_update("filedata", ["diskpath"], [realpath], [sq.path], ["fileid"], [fileid], [sq.int]) except SQLParamError: do_param_error("upload start") serv.send_error(401) """ qstr = "UPDATE filedata SET " qstr += "diskpath=%s"%estr(realpath) qstr += " WHERE fileid=%d"%fileid #""" cur.execute(qstr) con.commit() body = json.dumps({"uploadToken" : utoken}); body = bstr(body) print("\nupload start result:", body, "\n\n\n") serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "name" not in qs or "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: serv.send_error(401) return if "id" in qs: folderid = publicid_to_fileid(qs["id"][0]) else: folderid = [userid, resolve_path(qs["path"][0])] path = None if folderid == None: serv.send_error(400) return if userid != folderid[0]: self.send_error(401) folderid = folderid[1]; if folderid != 1: cols = ["fileid", "userid"] values = [folderid, userid] types = [sq.int , sq.int] try: qstr = sql_selectall("filedata", cols, values, types) except SQLParamError: do_param_error("dirnew") serv.send_error(400) return cur, con = mysql_connect() cur.execute(qstr) ret = cur.fetchone() if ret == None: serv.send_error(400) return path = "/" + ret["name"] while ret != None and ret["parentid"] != ROOT_PARENT_ID: cols = ["id" ] values = [ret["parentid"]] types = [sq.int] try: qstr = sql_selectall("filedata", cols, values, types) except SQLParamError: do_param_error("dirnew") serv.send_error(400) return cur, con = mysql_connect() cur.execute(qstr) ret = cur.fetchone() if ret != None: path = ret["name"] + "/" + path path = path + "/" + qs["name"][0] else: path = "/" + qs["name"][0] print("path", path) print("folderid", folderid); #see if folder (or a file) already exists if resolve_path(path) != None: serv.send_error(400) return id = create_file(userid, qs["name"][0], FOLDER_MIME, folderid); print("FINAL FOLDER ID:", id, folderid); body = json.dumps({"success": True}) body = bstr(body) serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: elog("Invalid access in file api") serv.send_error(401) return if "id" in qs: folderid = publicid_to_fileid(qs["id"][0]) else: folderid = [userid, resolve_path(qs["path"][0])] if folderid == None or folderid[0] != userid: elog("Bad folder " + str(qs["id"][0]) if folderid == None else "Invalid user " + str(userid) + ", " + str(folderid)) serv.send_error(401) return folderid = folderid[1] types = [sq.int , sq.int ] cols = ["userid", "parentid"] values = [userid , folderid ] try: qstr = sql_selectall("filedata", cols, values, types) except SQLParamError: do_param_error("dirlist") serv.send_error(400) return """ qstr = "SELECT name,fileid,mimeType FROM filedata " qstr += "WHERE userid="+estr(userid) + " AND " qstr += "parentid="+estr(folderid) """ cur, con = mysql_connect() cur.execute(qstr) ret = cur.fetchall() files = [] if ret != None: for row in ret: f = {} f["name"] = row["name"] f["id"] = fileid_to_publicid(row["fileid"], userid) f["mimeType"] = row["mimeType"] f["is_dir"] = row["mimeType"] == FOLDER_MIME files.append(f) body = json.dumps({"items": files}) body = bstr(body) serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): elog("fileapi access" + serv.path) qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: elog("Need user id") print("Bad auth") serv.send_error(401) return path = qs["path"][0] if "id" in qs: fileid = publicid_to_fileid(qs["id"][0]) else: fileid = urllib.unquote(path) meta = File(fileid, userid) if meta != None: print("DISKPATH", meta.diskpath) if meta == None or not os.path.exists(meta.diskpath): elog("creating new file") cs = os.path.split(path) folderid = cs[0] f = File(folderid, userid) if not os.path.exists(f.diskpath): elog("invalid folder " + f.diskpath) print("invalid folder " + f.diskpath) serv.send_error(401); return if len(cs) == 1 or cs[1] == "": fname = cs[0] else: fname = cs[1] mime = "application/octet-stream" #create empty file f = open(f.diskpath+"/"+fname, "w") f.close() meta = File(fileid, userid) if meta == None: elog("Invalid file id") serv.send_error(400) return print("\n\nFILE", meta, "\n\n") if is_folder(meta): elog("target file is a folder" + meta["name"]) serv.send_error(401) return utoken = gen_token("U", userid); ustatus = UploadStatus() #ignore fileid/parentid in upload status token ustatus.create(utoken, path, userid, fileid, -1) try: ustatus.commit() except: import traceback elog("USTATUS.COMMIT failed!") traceback.print_exc() f = open(ustatus.realpath, "w"); f.close(); realpath = ustatus.realpath body = json.dumps({"uploadToken" : utoken}); body = bstr(body) print("\nupload start result:", body, "\n\n\n") serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: serv.send_error(401) return if "path" in qs: fileid = qs["path"][0] fileid = urllib.unquote(fileid); else: fileid = qs["id"][0] path = local_to_real(fileid); if not os.path.exists(path): serv.send_error(404); return st = os.stat(path) fname = fileid.replace("\\", "/").strip() dir = "" if "/" in fname and fname[-1] != "/": dir = fname[:fname.rfind("/")].strip() fname = fname[len(dir):] while fname[0] == "/": fname = fname[1:] #ROOT_PARENT_ID mime = "unknown" if stat.S_ISDIR(st.st_mode): mime = FOLDER_MIME else: pass #deal with later #stupid quoting #id = urllib.quote(fileid, "").strip() id = fileid_to_publicid(fileid, userid).strip() #if id[0] == "'" or id[0] == "\"" and id[0] == id[-1]: f = { 'name' : fname, 'id' : id, 'parentid' : dir, 'mimeType' : mime, 'modified' : st.st_mtime, 'is_dir' : stat.S_ISDIR(st.st_mode) }; f2 = {} for k in f: if k in file_restricted_fields: continue f2[k] = f[k] body = json.dumps(f2) body = bstr(body) serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)
def do_GET(self, serv): qs = get_qs(serv.path) if "accessToken" not in qs or ("path" not in qs and "id" not in qs): serv.send_error(400) return tok = qs["accessToken"][0] userid = do_auth(tok) if userid == None: elog("Invalid access in file api") serv.send_error(401) return if "id" in qs: path = publicid_to_fileid(qs["id"][0]) else: path = qs["path"][0] path = urllib.unquote(path).strip(); print("PATHPATH", path); dir = File(path, userid) if ".." in path: serv.send_error(401) return if not serv_all_local: prefix = files_root#+rot_userid(userid) try: os.makedirs(prefix) except FileExistsError: pass dirpath = local_to_real(path) files = [] for f in listdir(dirpath): path2 = path + os.path.sep + f file = File(path2, userid) f = {} if file == None: continue print("error!", dirpath) #if file == None: continue f["name"] = file.name f["id"] = file.id f["mimeType"] = file.mimeType f["is_dir"] = 1 if file.is_dir else 0 f["parentid"] = file.parentid files.append(f) body = jsondumps({"items": files}) body = bstr(body) serv.gen_headers("GET", len(body), json_mimetype) serv.wfile.write(body)