def development_view():
cork = get_cork_instance()
current_user = get_current_user(cork)
return bottle.template("development", {
"title": "Development",
"current_user": current_user
})
def validate_registration(registration_code):
"""Validate registration, create user account"""
cork = get_cork_instance()
try:
username = cork._store.pending_registrations[registration_code][
"username"]
except:
#valideate_registration will handle
pass
cork.validate_registration(registration_code)
process = subprocess.run(["sudo", "script/adduser.tcl", username],
stdout=subprocess.PIPE)
status = process.returncode
stdout = process.stdout.decode("utf-8")
if status != 0 or "error" in stdout.lower():
cork.user(username).delete() #clean up cork user
app_settings.logger.error("failed to add user from script.", {
"actor": username,
"action": "error",
"object": "register"
})
bottle.abort(500, "Failed to add user: {}".format(stdout))
bottle.redirect("/?flash=Thank you for registering.")
def pricing_view():
cork = get_cork_instance()
current_user = get_current_user(cork)
return bottle.template("pricing", {
"title": "Pricing",
"current_user": current_user
})
def docs_view():
cork = get_cork_instance()
current_user = get_current_user(cork)
return bottle.template("docs", {
"title": "Documentation",
"current_user": current_user
})
def del_file(filename):
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect="/?error=You are not authorized to access this page.")
current_user = get_current_user(cork)
db = FileDBOMongo(app_settings.get_database())
success = db.delete_file(filename, current_user, "file")
if not success:
error = "Failed to delete file."
app_settings.logger.error("error deleteing file",
extra={
"actor": current_user,
"action": "delete file",
"object": filename
})
bottle.redirect("/dashboard?error={}".format(error))
else:
for xx in range(0, int(app_settings.BIGCGI_TOTAL_INSTANCES)):
delete_file.apply_async(args=[current_user, filename, "file"],
kwargs={},
queue='bigcgi_instance_' + str(xx))
app_settings.logger.info("file deleted",
extra={
"actor": current_user,
"action": "delete file",
"object": filename
})
bottle.redirect("/dashboard?flash={}".format("Successful delete."))
def reset_password():
"""Send out password reset email"""
cork = get_cork_instance()
try:
cork.send_password_reset_email(username=post_get('username'), )
bottle.redirect("/?flash=Password reset sent.")
except AAAException as e:
bottle.redirect("/reset-password?error={}".format(str(e)))
def login_view():
cork = get_cork_instance()
current_user = get_current_user(cork)
return bottle.template("login", {
"title": "Login",
"csrf": get_csrf_token(),
"current_user": current_user
})
def login():
#Authenticate users
cork = get_cork_instance()
username = post_get('username')
password = post_get('password')
cork.login(username,
password,
success_redirect='/?flash=Hello {}.'.format(username),
fail_redirect='/?error=Login failure.')
def index():
cork = get_cork_instance()
flash, error = set_flash_and_error()
current_user = get_current_user(cork)
return bottle.template("index", {
"current_user": current_user,
"flash": flash,
"error": error
})
def terms_view():
cork = get_cork_instance()
current_user = get_current_user(cork)
with open("TERMS", "r") as terms_file:
terms = terms_file.read()
return bottle.template("terms", {
"title": "Terms of Service",
"terms": terms,
"current_user": current_user
})
def admin_delete_user():
cork = get_cork_instance()
cork.require(role='admin', fail_redirect="/?error=Not authorized.")
username = post_get('username')
try:
cork.delete_user(username)
status = os.system("sudo script/deluser.tcl " + username)
if status != 0:
raise Exception("OS script raised nonzero status. Check logs.")
except Exception as e:
bottle.redirect("/admin?error=Failed to delete user: "******"/admin/?flash=Deleted user.")
def register_view():
cork = get_cork_instance()
flash, error = set_flash_and_error()
current_user = get_current_user(cork)
return bottle.template(
"register", {
"title": "Register",
"csrf": get_csrf_token(),
"flash": flash,
"error": error,
"current_user": current_user
})
def secure_app(appname, security_setting):
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect="/?error=You are not authorized to access this page.")
current_user = get_current_user(cork)
db = AppDBOMongo(app_settings.get_database())
db.secure_app(current_user, appname, security_setting)
if security_setting == 1:
bottle.redirect("/dashboard?flash=Secured app {}.".format(appname))
else:
bottle.redirect("/dashboard?flash=Unsecured app {}.".format(appname))
def admin_modify_user_role():
cork = get_cork_instance()
cork.require(role="admin", fail_redirect="/?error=Not authorized.")
username = post_get("username")
role = post_get("role")
try:
cork._store.users._coll.find_one_and_update({"login": username},
{"$set": {
"role": role
}})
except Exception as e:
bottle.redirect("/admin/?error=Failed to modify user role: " + str(e))
bottle.redirect("/admin/?flash=Modified user role.")
def create_app():
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect="/?error=You are not authorized to access this page.")
current_user = get_current_user(cork)
name = bottle.request.forms.get('name')
if not name:
bottle.redirect("/dashboard?error={}".format("App must have a name."))
return
if "/" in name or ".." in name:
error = "Invalid app name: cannot contain .. or /"
bottle.redirect("/dashboard?error={}".format(error))
upload = bottle.request.files.get('upload')
if upload.content_length > 1000000: #cap uploads to 1Mb
error = "Failed to upload app: exceeded maximum of 1Mb"
app_settings.logger.info("user attempted large upload",
extra={
"actor": current_user,
"action": "created file",
"object": name
})
bottle.redirect("/dashboard?error={}".format(error))
db = FileDBOMongo(app_settings.get_database())
success = db.add_file(upload.file.read(), name, current_user, "app")
if not success:
error = "Failed to upload app."
app_settings.logger.error("error uploading app",
extra={
"actor": current_user,
"action": "created app",
"object": name
})
bottle.redirect("/dashboard?error={}".format(error))
else:
for xx in range(0, int(app_settings.BIGCGI_TOTAL_INSTANCES)):
sync_file.apply_async(args=[name, current_user, "app"],
kwargs={},
queue='bigcgi_instance_' + str(xx))
flash = "Successfully uploaded app."
db = AppDBOMongo(app_settings.get_database())
db.create(name, current_user)
app_settings.logger.info("file created",
extra={
"actor": current_user,
"action": "created app",
"object": name
})
bottle.redirect("/dashboard?flash={}".format(flash))
def get_app_logs(appname):
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect="/?error=You are not authorized to access this page.")
current_user = get_current_user(cork)
db = AppDBOMongo(app_settings.get_database())
logs = db.get_app_logs(current_user, appname)
return bottle.template("app-logs", {
"title": "Logs for " + appname,
"current_user": current_user,
"logs": logs
})
def create_file_view():
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect="/?error=You are not authorized to access this page.")
flash, error = set_flash_and_error()
current_user = get_current_user(cork)
return bottle.template(
"create-file", {
"title": "Create File",
"current_user": current_user,
"flash": flash,
"error": error,
"csrf": get_csrf_token()
})
def register():
#Send out registration email
cork = get_cork_instance()
username = post_get('username')
password = post_get('password')
email_addr = post_get('email_address')
cork.register(username, password, email_addr)
app_settings.logger.info("new user registered", {
"actor": username,
"action": "registered",
"object": "bigcgi"
})
send_gmail("New bigCGI User!", "U: " + username + " E: " + email_addr,
"*****@*****.**", "*****@*****.**")
bottle.redirect("/?flash=Confirmation email sent.")
def delete_app_view(appname):
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect="/?error=You are not authorized to access this page.")
flash, error = set_flash_and_error()
current_user = get_current_user(cork)
return bottle.template(
"delete-app", {
"title": "Delete App",
"current_user": current_user,
"flash": flash,
"error": error,
"appname": appname,
"csrf": get_csrf_token()
})
def error(error):
cork = get_cork_instance()
current_user = get_current_user(cork)
obj = str(bottle.request.path) + "?" + str(bottle.request.query_string)
app_settings.logger.error(
"{} - {}".format(error.status, error.body),
extra={
"actor": current_user if current_user else "anonymous",
"action": "errored",
"object": obj
})
return bottle.template("error", {
"title": error.status,
"message": error.body,
"current_user": current_user
})
def authorize(username, creds):
cork = get_cork_instance()
creds_username = creds[0]
creds_password = creds[1]
if creds_username != username:
return False
user = cork._store.users._coll.find_one({"login": username})
if not user:
return False
salted_hash = user["hash"]
if hasattr(salted_hash, 'encode'):
salted_hash = salted_hash.encode('ascii')
valid = cork._verify_password(username, creds_password, salted_hash)
if not valid:
return False
return True
def reset_password_view():
cork = get_cork_instance()
flash = bottle.request.query.flash or None
error = bottle.request.query.error or None
try:
user = cork.current_user
current_user = user.username
except AuthException as e:
current_user = None
return bottle.template(
"cork/reset_password", {
"title": "Reset Password",
"current_user": current_user,
"csrf": get_csrf_token(),
"flash": flash,
"error": error
})
def dashboard():
cork = get_cork_instance()
cork.require(
role="user",
fail_redirect='/?error=You are not authorized to access this page.')
flash, error = set_flash_and_error()
current_user = get_current_user(cork)
db = AppDBOMongo(app_settings.get_database())
apps = db.get_summary(current_user)
file_db = FileDBOMongo(app_settings.get_database())
files = file_db.get_user_files(current_user)
return bottle.template(
"dashboard", {
"title": "Dashboard",
"current_user": current_user,
"apps": apps,
"files": files,
"flash": flash,
"error": error,
"csrf": get_csrf_token()
})
def admin():
"""Only admin users can see this"""
cork = get_cork_instance()
cork.require(role='admin', fail_redirect='/?error=Not authorized.')
flash = bottle.request.query.flash or None
error = bottle.request.query.error or None
#pregenerate selectbox html (bottle templates don't support nesting fors)
select_html = ""
for r in cork.list_roles():
select_html += "<option value='{}'>{}</option>".format(r[0], r[0])
return bottle.template(
"admin/admin_page", {
"current_user": cork.current_user,
"users": sorted(cork.list_users()),
"roles": reversed(
sorted(cork.list_roles(), key=lambda x: int(x[1]))),
"select_html": select_html,
"csrf": get_csrf_token(),
"flash": flash,
"error": error
})
def logout():
cork = get_cork_instance()
cork.logout(success_redirect='/?flash=Logout success.')
def change_password():
cork = get_cork_instance()
cork.reset_password(post_get('reset_code'), post_get('password'))
bottle.redirect("/?flash=Password successfully reset.")
