def is_valid(email): m = User.find_by_email(email) if m is None: return False else: expires_in = config_app().data['token_expires_after_seconds'] s = Serializer(config_app().data['secret_key'], expires_in=expires_in) token = s.dumps({'id': m.id}) return token.decode('ascii')
def before_request(): try: secret = request.path.split('/')[2] except: return stop(412, 'The parameter secret is empty or missing') model = model_default.get_by_secret(secret) if model is not None: if config_app().data['limit'].get(model.limit, None) is None: return stop(501, 'The requested functionality is not supported') if model is not None: counter = model_default.get_usage(model) if counter >= config_app().data['limit'][model.limit]: return stop(429, 'The usage limit has been reached') else: return stop(401, 'The secret used is not authorized')
def update_usage(m): if m is not None: today = time.strftime(config_app().data['date_format']) try: log = json.loads(m.log) if today in log: log[today] += 1 else: log[today] = 1 except: log = {today: 1} if log[today] - 1 < config_app().data['limit'][m.limit]: if len(log) > config_app().data['database_log_backup_count']: del log[log.keys()[-1]] m.log = json.dumps(log) db.session.commit()
def validate(email): response = False try: http = urllib3.PoolManager() params = { 'secret': config_app().data['service_email_validate_secret'], 'email': email } r = http.request('GET', config_app().data['service_email_validate_baseurl'], None, params) payload = json.loads(r.data.decode('utf-8')) if payload['valid'] is not None: response = payload['valid'] except Exception as e: _(500, str(e)) response = None pass return response
def get_usage(m): counter = 0 try: log = json.loads(m.log) today = time.strftime(config_app().data['date_format']) if today in log: counter = log[today] except: pass return counter
def default(*args, **kwargs): try: secret = request.headers.get('secret') except: return _(412, 'The parameter secret is empty or missing', stop=True) model = model_default.get_by_secret(secret) if model is not None: if config_app().data['limit'].get(model.limit, None) is None: return _(501, 'The requested functionality is not supported', stop=True) if model is not None: counter = model_default.get_usage(model) if counter >= config_app().data['limit'][model.limit]: return _(429, 'The usage limit has been reached', stop=True) else: return _(401, 'The secret used is not authorized', stop=True) return f(*args, **kwargs)
def clean(): now = service_timestamp_get() diff = now - config_app().data['ban_trap_range_millis'] / 1000 try: Ban.query.filter(Ban.last_update_date < diff).delete() db.session.commit() db.session.close() return True except BaseException as e: _(500, str(e)) return False
def default(secret): response = { 'timezone': config_app().data['timezone'], 'posix': { 'timestamp': int(round(time.time())), 'millis': int(round(time.time() * 1000)) } } response = jsonify(response) response.status_code = 200 return response
def get(): response = False try: http = urllib3.PoolManager() r = http.request('GET', config_app().data['service_timer_baseurl']) payload = json.loads(r.data.decode('utf-8')) if payload['posix'] is not None: response = int(payload['posix']['timestamp']) except Exception as e: _(500, str(e)) response = None pass return response
def grant(m): if isinstance(m, Ban): now = service_timestamp_get() if (now - m.last_update_date ) > config_app().data['ban_timeout_millis'] / 1000: m.is_banned = False m.counter = 0 m.last_update_date = now if m.last_update_date < ( now - config_app().data['ban_trap_range_millis'] / 1000): m.counter = 0 m.last_update_date = now else: m.counter += 1 if m.counter > config_app( ).data['ban_trap_max_attempts_in_range']: return False if m.is_banned is True: return False db.session.commit() db.session.close() return True
def authenticate(email, password): now = service_timestamp_get() m = User.query.filter_by(email=email).first() if not isinstance(m, User): return None if User.verify_password(password, m.password) is not True: return False if m.is_active == 0: return False if User.refresh_nonce(m.id) is not True: return False expires_in = config_app().data['token_expires_after_seconds'] s = Serializer(m.nonce, expires_in=expires_in) token = s.dumps({'id': m.id}) expiration_time = now + expires_in return { 'token': token.decode('ascii'), 'expiration_time': expiration_time }
def ott_generate(email, token): if model_token_banlist.is_banned(token) is True: return False attrs = User.verify_auth_token(email, token) if attrs is False or attrs is None or attrs['email'] != email: return False now = service_timestamp_get() m = User.query.filter_by(email=email).first() if m is None: return m if m.is_active == 0: return False expires_in = config_app().data['ott_token_expires_after_seconds'] expiration_time = now + expires_in s = Serializer(m.nonce, expires_in=expires_in) new_token = s.dumps({'id': m.id}) return { 'token': new_token.decode('ascii'), 'expiration_time': expiration_time }
def reset_password(token): now = service_timestamp_get() s = Serializer(config_app().data['secret_key']) try: data = s.loads(token) except SignatureExpired: return False except BadSignature: return False m = db.session.query(User).get(data['id']) if m is None: return m try: model_history.add_by_user_id(m.id, 'password', m.password) m.last_update_date = now new_password = User.generate_password() print('New password has been generated', new_password) m.password = User.password_hash(new_password) db.session.commit() db.session.close() return str(base64.b64encode(bytes(new_password, "utf-8")))[1:] except BaseException as e: _(500, str(e)) return False
def __init__(self): response = Flask( import_name=__name__, instance_path=config_app().data['instance_path'], instance_relative_config=config_app().data['instance_relative_config'] ) response.config['DEFAULT_TIMEZONE'] = config_app().data['timezone'] response.config['SECRET_KEY'] = config_app().data['secret_key'] response.config['TESTING'] = config_app().data['testing'] response.debug = config_app().data['debug'] response.config['SQLALCHEMY_BINDS'] = { 'sqlite': config_app().data['database_conn_sqlite'], 'mysql': config_app().data['database_conn_mysql'] } response.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = config_app().data['sqlalchemy_track_modifications'] self.data = response if config_app().data['enable_internal_log']: from logging.handlers import RotatingFileHandler import logging handler = RotatingFileHandler( config_app().data['internal_log_file_path'], maxBytes=config_app().data['internal_log_max_bytes'], backupCount=config_app().data['internal_log_backup_count'] ) logger = logging.getLogger(config_app().data['import_name']) logger.setLevel(logging.ERROR) logger.addHandler(handler)
### # Increases the usage limit and # enable cross-origin resource sharing. ### @app.after_request @increase_usage def after_request(f): if not hasattr(g, 'after_request_callbacks'): g.after_request_callbacks = [] g.after_request_callbacks.append(f) f.headers.add('Access-Control-Allow-Origin', '*') f.headers.add('Access-Control-Allow-Headers', '*') f.headers.add('Access-Control-Allow-Methods', '*') return f ### # Clean up banned tokens as scheduled job. ### def transport(): model_token_banlist.clean() model_ban.clean() schedule = BackgroundScheduler(timezone=config_app().data['timezone'], daemon=True) schedule.add_job(transport, 'interval', seconds=config_app().data['transport_interval_seconds']) schedule.start()
# -*- coding: utf-8 -*- from app import app from flask import g, request, jsonify import logging from app.config.Config import Config as config_app logger = logging.getLogger(config_app().data['import_name']) from app.models.DefaultModel import Default as model_default @app.before_request def before_request(): try: secret = request.path.split('/')[2] except: return stop(412, 'The parameter secret is empty or missing') model = model_default.get_by_secret(secret) if model is not None: if config_app().data['limit'].get(model.limit, None) is None: return stop(501, 'The requested functionality is not supported') if model is not None: counter = model_default.get_usage(model) if counter >= config_app().data['limit'][model.limit]: return stop(429, 'The usage limit has been reached') else: return stop(401, 'The secret used is not authorized') @app.after_request def after_request(f): if not hasattr(g, 'after_request_callbacks'):
#!/usr/bin/env python3 # -*- coding: utf-8 -*- from cherrypy import wsgiserver from app import app from app.config.Config import Config as config_app ### # The app runner. ### if config_app().data['debug'] and config_app().data['testing']: app.run( config_app().data['ip'], port=config_app().data['port'] ) ### # With the flags debug and testing on false # the app is considered running in production mode and a different server is used. ### else: d = wsgiserver.WSGIPathInfoDispatcher({'/': app}) server = wsgiserver.CherryPyWSGIServer( (config_app().data['ip'], config_app().data['port']), d) server.start()