def call_api(func, args=""): add_json_header(response) s = request.environ.get('beaker.session') # Accepts standard http auth auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST or 'session' in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get('session'), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return error(401, "Unauthorized") if not PYLOAD.isAuthorized(func, api.user): return error(403, "Forbidden") if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return error(404, "Not Found") # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # file upload, reads whole file into memory for name, f in request.files.iteritems(): kwargs["filename"] = f.filename content = StringIO() f.save(content) kwargs[name] = content.getvalue() content.close() # convert arguments from json to obj separately for x, y in request.params.iteritems(): try: if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) except Exception, e: # Unsupported input msg = "Invalid Input %s, %s : %s" % (x, y, e.message) print_exc() print msg return error(415, msg)
def call_api(func, args=""): add_json_header(response) s = request.environ.get('beaker.session') # Accepts standard http auth auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST or 'session' in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get('session'), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return error(401, "Unauthorized") if not PYLOAD.isAuthorized(func, api.user): return error(403, "Forbidden") if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return error(404, "Not Found") # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # file upload, reads whole file into memory for name, f in request.files.iteritems(): kwargs["filename"] = f.filename content = StringIO() f.save(content) kwargs[name] = content.getvalue() content.close() # convert arguments from json to obj separately for x, y in request.params.iteritems(): try: if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) except Exception, e: # Unsupported input msg = "Invalid Input %s, %s : %s" % (x, y, e.message) print_exc() print msg return error(415, msg)
def overridePlugins(self): excludedList = [] if self.plugintype == "hoster": pluginMap = dict((name.lower(), name) for name in self.core.pluginManager.hosterPlugins.iterkeys()) accountList = [account.type.lower() for account in self.core.api.getAccounts(False) if account.valid and account.premium] else: pluginMap = {} accountList = [name[::-1].replace("Folder"[::-1], "", 1).lower()[::-1] for name in self.core.pluginManager.crypterPlugins.iterkeys()] for plugin in self.pluginsCached(): name = remove_chars(plugin, "-.") if name in accountList: excludedList.append(plugin) else: if name in pluginMap: self.supported.append(pluginMap[name]) else: self.new_supported.append(plugin) if not self.supported and not self.new_supported: self.logError(_("No %s loaded") % self.plugintype) return # inject plugin plugin self.logDebug("Overwritten %ss: %s" % (self.plugintype, ", ".join(sorted(self.supported)))) for plugin in self.supported: hdict = self.core.pluginManager.plugins[self.plugintype][plugin] hdict['new_module'] = self.pluginmodule hdict['new_name'] = self.pluginname if excludedList: self.logInfo(_("%ss not overwritten: %s") % (self.plugintype.capitalize(), ", ".join(sorted(excludedList)))) if self.new_supported: plugins = sorted(self.new_supported) self.logDebug("New %ss: %s" % (self.plugintype, ", ".join(plugins))) # create new regexp regexp = r'.*(?P<DOMAIN>%s).*' % "|".join(x.replace('.', '\.') for x in plugins) if hasattr(self.pluginclass, "__pattern") and isinstance(self.pluginclass.__pattern, basestring) and '://' in self.pluginclass.__pattern: regexp = r'%s|%s' % (self.pluginclass.__pattern, regexp) self.logDebug("Regexp: %s" % regexp) hdict = self.core.pluginManager.plugins[self.plugintype][self.pluginname] hdict['pattern'] = regexp hdict['re'] = re.compile(regexp)
def overridePlugins(self): excludedList = [] if self.plugintype == "hoster": pluginMap = dict((name.lower(), name) for name in self.core.pluginManager.hosterPlugins.iterkeys()) accountList = [account.type.lower() for account in self.core.api.getAccounts(False) if account.valid and account.premium] else: pluginMap = {} accountList = [name[::-1].replace("Folder"[::-1], "", 1).lower()[::-1] for name in self.core.pluginManager.crypterPlugins.iterkeys()] for plugin in self.pluginsCached(): name = remove_chars(plugin, "-.") if name in accountList: excludedList.append(plugin) else: if name in pluginMap: self.supported.append(pluginMap[name]) else: self.new_supported.append(plugin) if not self.supported and not self.new_supported: self.logError(_("No %s loaded") % self.plugintype) return # inject plugin plugin self.logDebug("Overwritten %ss: %s" % (self.plugintype, ", ".join(sorted(self.supported)))) for plugin in self.supported: hdict = self.core.pluginManager.plugins[self.plugintype][plugin] hdict['new_module'] = self.pluginmodule hdict['new_name'] = self.pluginname if excludedList: self.logInfo(_("%ss not overwritten: %s") % (self.plugintype.capitalize(), ", ".join(sorted(excludedList)))) if self.new_supported: plugins = sorted(self.new_supported) self.logDebug("New %ss: %s" % (self.plugintype, ", ".join(plugins))) # create new regexp regexp = r'.*(?P<DOMAIN>%s).*' % "|".join(x.replace('.', '\.') for x in plugins) if hasattr(self.pluginclass, "__pattern") and isinstance(self.pluginclass.__pattern, basestring) and '://' in self.pluginclass.__pattern: regexp = r'%s|%s' % (self.pluginclass.__pattern, regexp) self.logDebug("Regexp: %s" % regexp) hdict = self.core.pluginManager.plugins[self.plugintype][self.pluginname] hdict['pattern'] = regexp hdict['re'] = re.compile(regexp)
def call_api(func, args=""): add_header(response) s = request.environ.get("beaker.session") # Accepts standard http auth auth = parse_auth(request.get_header("Authorization", "")) if "session" in request.POST or "session" in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get("session"), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get("REMOTE_ADDR", None)) # if auth is correct create a pseudo session if user: s = {"uid": user.uid} api = get_user_api(s) if not api: return HTTPError(401, dumps("Unauthorized"), **response.headers) if not PYLOAD.isAuthorized(func, api.user): return HTTPError(403, dumps("Forbidden"), **response.headers) if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return HTTPError(404, dumps("Not Found"), **response.headers) # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # convert arguments from json to obj separately for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) try: result = getattr(api, func)(*args, **kwargs) # null is invalid json response if result is None: result = True return dumps(result) except ExceptionObject, e: return HTTPError(400, dumps(e), **response.headers)
def call_api(func, args=""): add_header(response) s = request.environ.get('beaker.session') # Accepts standard http auth auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST or 'session' in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get('session'), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return HTTPError(401, dumps("Unauthorized"), **response.headers) if not PYLOAD.isAuthorized(func, api.user): return HTTPError(403, dumps("Forbidden"), **response.headers) if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return HTTPError(404, dumps("Not Found"), **response.headers) # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # convert arguments from json to obj separately for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) try: result = getattr(api, func)(*args, **kwargs) # null is invalid json response if result is None: result = True return dumps(result) except ExceptionObject, e: return HTTPError(400, dumps(e), **response.headers)
def parseHeader(self): """parse data from received header""" for orgline in self.decodeResponse(self.header).splitlines(): line = orgline.strip().lower() if line.startswith("accept-ranges") and "bytes" in line: self.p.chunkSupport = True if "content-disposition" in line: m = search("filename(?P<type>=|\*=(?P<enc>.+)'')(?P<name>.*)", line) if m: name = remove_chars(m.groupdict()['name'], "\"';/").strip() self.p._name = name self.log.debug("Content-Disposition: %s" % name) if not self.resume and line.startswith("content-length"): self.p._size = int(line.split(":")[1]) self.headerParsed = True
def parseHeader(self): """parse data from received header""" for orgline in self.decodeResponse(self.header).splitlines(): line = orgline.strip().lower() if line.startswith("accept-ranges") and "bytes" in line: self.p.chunkSupport = True if "content-disposition" in line: m = search("filename(?P<type>=|\*=(?P<enc>.+)'')(?P<name>.*)", line) if m: name = remove_chars(m.groupdict()['name'], "\"';/").strip() self.p._name = name self.log.debug("Content-Disposition: %s" % name) if not self.resume and line.startswith("content-length"): self.p.size = int(line.split(":")[1]) self.headerParsed = True
def downloadFile(self, pyfile): url = pyfile.url for i in range(5): header = self.load(url, just_header=True) # self.load does not raise a BadHeader on 404 responses, do it here if 'code' in header and header['code'] == 404: raise ResponseException(404) if 'location' in header: self.logDebug("Location: " + header['location']) base = search(r'https?://[^/]+', url).group(0) if header['location'].startswith("http"): url = unquote(header['location']) elif header['location'].startswith("/"): url = base + unquote(header['location']) else: url = '%s/%s' % (base, unquote(header['location'])) else: break name = html_unescape(unquote(urlparse(url).path.split("/")[-1])) if 'content-disposition' in header: self.logDebug("Content-Disposition: " + header['content-disposition']) m = search("filename(?P<type>=|\*=(?P<enc>.+)'')(?P<name>.*)", header['content-disposition']) if m: disp = m.groupdict() self.logDebug(disp) if not disp['enc']: disp['enc'] = 'utf-8' name = remove_chars(disp['name'], "\"';").strip() name = unicode(unquote(name), disp['enc']) if not name: name = url pyfile.name = name self.logDebug("Filename: %s" % pyfile.name) self.download(url, disposition=True)
def downloadFile(self, pyfile): url = pyfile.url for _ in xrange(5): header = self.load(url, just_header=True) # self.load does not raise a BadHeader on 404 responses, do it here if "code" in header and header["code"] == 404: raise ResponseException(404) if "location" in header: self.logDebug("Location: " + header["location"]) base = match(r"https?://[^/]+", url).group(0) if header["location"].startswith("http"): url = unquote(header["location"]) elif header["location"].startswith("/"): url = base + unquote(header["location"]) else: url = "%s/%s" % (base, unquote(header["location"])) else: break name = html_unescape(unquote(urlparse(url).path.split("/")[-1])) if "content-disposition" in header: self.logDebug("Content-Disposition: " + header["content-disposition"]) m = search("filename(?P<type>=|\*=(?P<enc>.+)'')(?P<name>.*)", header["content-disposition"]) if m: disp = m.groupdict() self.logDebug(disp) if not disp["enc"]: disp["enc"] = "utf-8" name = remove_chars(disp["name"], "\"';").strip() name = unicode(unquote(name), disp["enc"]) if not name: name = url pyfile.name = name self.logDebug("Filename: %s" % pyfile.name) self.download(url, disposition=True)
def normalize(domain): """ Normalize domain/plugin name, so they are comparable """ return remove_chars(domain.strip().lower(), "-.")
def normalize(domain): """ Normalize domain/plugin name, so they are comparable """ return remove_chars(domain.strip().lower(), "-.")