def users_update_address():
if g.get('current_player'):
address_relation = database.execute("SELECT * FROM PlayerAddress WHERE PlayerID = %s AND EndDate IS NULL;", (g.current_player['PlayerID'],)).fetchone()
elif g.get('current_viewer'):
address_relation = database.execute("SELECT * FROM ViewerAddress WHERE ViewerID = %s AND EndDate IS NULL;", (g.current_viewer['ViewerID'],)).fetchone()
else:
flash("You must be logged in as either Player or Viewer to access this page.", 'error')
return redirect(url_for('users_login'))
if address_relation:
address = database.execute("SELECT * FROM Address WHERE AddressID = %s;", (address_relation['AddressID'],)).fetchone()
form = forms.AddressForm(request.form, street_number=address['StreetNumber'], street_number_suffix=address['StreetNumberSuffix'], street_name=address['StreetName'], street_type=address['StreetType'], major_municipality=address['MajorMunicipality'], governing_district=address['GoverningDistrict'], postal_area=address['PostalArea'], country=address['Country'])
else:
form = forms.AddressForm(request.form)
if request.method == "POST" and form.validate():
lastrowid = database.execute("INSERT INTO Address (StreetNumber, StreetNumberSuffix, StreetName, StreetType, MajorMunicipality, GoverningDistrict, PostalArea, Country) VALUES (%s, %s, %s, %s, %s, %s, %s, %s);", (form.street_number.data, form.street_number_suffix.data, form.street_name.data, form.street_type.data, form.major_municipality.data, form.governing_district.data, form.postal_area.data, form.country.data)).lastrowid
if g.get('current_player'):
database.execute("UPDATE PlayerAddress SET EndDate = %s WHERE PlayerID = %s AND EndDate IS NULL;", (datetime.today().date(), g.current_player['PlayerID']))
database.execute("INSERT INTO PlayerAddress (AddressID, PlayerID, StartDate, EndDate) VALUES (%s, %s, %s, NULL);", (lastrowid, g.current_player['PlayerID'], datetime.today().date()))
elif g.get('current_viewer'):
database.execute("UPDATE ViewerAddress SET EndDate = %s WHERE ViewerID = %s AND EndDate IS NULL;", (datetime.today().date(), g.current_viewer['ViewerID']))
database.execute("INSERT INTO ViewerAddress (AddressID, ViewerID, StartDate, EndDate) VALUES (%s, %s, %s, NULL);", (lastrowid, g.current_viewer['ViewerID'], datetime.today().date()))
database.commit()
flash("You have updated your address successfully!", 'notice')
return redirect(url_for('index'))
else:
return render_template('users/update_address.html', form=form)
def authorize_apikeys(resource):
"""Check if user is an apikey, and if it is, do authorization.
Also update 'updated' timestamp everytime a key is accessed
"""
apikeys = current_app.data.driver.db['apikeys']
apikey = apikeys.find_one({'token': g.get('current_token')},
{'permissions': 1})
if apikey:
# Get permission for resource if they exist
permission = apikey['permissions'].get(resource)
# Update timestamp (remove microseconds to match mongo precision)
new_time = dt.utcnow().replace(microsecond=0)
apikeys.update_one({'_id': apikey['_id']},
{'$set': {'_updated': new_time}})
if permission == 'read':
g.resource_admin_readonly = True
elif permission == 'readwrite':
g.resource_admin = True
elif g.get('auth_required'):
abort(403, "The API key exists but does not grant the required "
"permissions.")
def ajax_category_select(name = 'catid', title = '', catid = 0, moduleid = 1, extend = '', deep = 0):
if g.get('cat_id'):
cat_id = g.get('cat_id')
cat_id += 1
g.cat_id = cat_id
else:
cat_id = 1
g.cat_id = cat_id
catid = MyInt(catid)
deep = MyInt(deep)
select = ''
select += '<input name="'+name+'" id="catid_'+str(cat_id)+'" type="hidden" value="'+str(catid)+'"/>'
select += '<span id="load_category_'+str(cat_id)+'">'+get_category_select(title, catid, moduleid, extend, deep, cat_id)+'</span>'
select += '<script type="text/javascript">'
if cat_id == 1:
select += 'var category_moduleid = new Array;'
select += 'category_moduleid['+str(cat_id)+']="'+str(moduleid)+'";'
if cat_id == 1:
select += 'var category_title = new Array;'
select += 'category_title['+str(cat_id)+']=\''+title+'\';'
if cat_id == 1:
select += 'var category_extend = new Array;'
select += 'category_extend['+str(cat_id)+']=\''+extend+'\';'
if cat_id == 1:
select += 'var category_catid = new Array;'
select += 'category_catid['+str(cat_id)+']=\''+str(catid)+'\';'
if cat_id == 1:
select += 'var category_deep = new Array;'
select += 'category_deep['+str(cat_id)+']=\''+str(deep)+'\';'
select += '</script>'
if cat_id == 1:
select += '<script type="text/javascript" src="/static/js/category.js"></script>'
return select
def prometheus():
alerts = []
if request.json and 'alerts' in request.json:
external_url = request.json.get('externalURL', None)
for alert in request.json['alerts']:
try:
incomingAlert = parse_prometheus(alert, external_url)
except ValueError as e:
raise ApiError(str(e), 400)
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
add_remote_ip(request, incomingAlert)
try:
alert = process_alert(incomingAlert)
except RejectException as e:
raise ApiError(str(e), 403)
except Exception as e:
raise ApiError(str(e), 500)
alerts.append(alert)
else:
raise ApiError("no alerts in Prometheus notification payload", 400)
if len(alerts) == 1:
return jsonify(status="ok", id=alerts[0].id, alert=alerts[0].serialize), 201
else:
return jsonify(status="ok", ids=[alert.id for alert in alerts]), 201
def custom(webhook):
try:
incomingAlert = custom_webhooks.webhooks[webhook].incoming(
query_string=request.args,
payload=request.get_json() or request.get_data(as_text=True)
)
except ValueError as e:
raise ApiError(str(e), 400)
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
add_remote_ip(request, incomingAlert)
try:
alert = process_alert(incomingAlert)
except RejectException as e:
raise ApiError(str(e), 403)
except Exception as e:
raise ApiError(str(e), 500)
if alert:
return jsonify(status="ok", id=alert.id, alert=alert.serialize), 201
else:
raise ApiError("insert or update via %s webhook failed" % webhook, 500)
def on_inserted_userservice_session(items):
"""
A new session has been created in the database:
- Add a sessionOpened event
- Create a user service CDR
:param items:
:return: None
"""
for index, item in enumerate(items):
print "Created a new session for service: %s" % item['service_name']
# Add an event
data = {
'userservice_session': item['_id'],
'user': g.get('users_id', None),
'date': datetime.utcnow(),
'type': 'session.opened',
'message': 'Session opening'
}
post_internal("event", data)
# Create a service CDR
data = {
'userservice_session': item['_id'],
'userservice': item['userservice'],
'user_creator': g.get('users_id', None),
'opening_date': datetime.utcnow(),
'status': 'open'
}
post_internal("userservice_cdr", data)
def get_heartbeats(tenant):
tenant = generateDBName(tenant)
try:
heartbeats = db.get_heartbeats(tenant)
except Exception as e:
return jsonify(status="error", message=str(e)), 500
hb_list = list()
for hb in heartbeats:
body = hb.get_body()
if g.get('role', None) != 'admin' and not body['customer'] == g.get('customer', None):
continue
body['href'] = "%s/%s" % (request.base_url.replace('heartbeats', 'heartbeat'), hb.id)
hb_list.append(body)
if hb_list:
return jsonify(
status="ok",
total=len(heartbeats),
heartbeats=hb_list,
time=datetime.datetime.utcnow()
)
else:
return jsonify(
status="ok",
message="not found",
total=0,
heartbeats=hb_list,
time=datetime.datetime.utcnow()
)
def orders_show(order_id):
order = database.execute("SELECT * FROM ViewerOrder WHERE ViewerOrderID = %s;", (order_id,)).fetchone()
if not g.get('current_staff') and not (g.get('current_viewer') and g.current_viewer['ViewerID'] == order['ViewerID']):
return redirect(url_for('users_login', error="You need to be a staff member or you can only view your own orders."))
order_lines = database.execute("SELECT * FROM ViewerOrderLine NATURAL JOIN Video WHERE ViewerOrderID = %s;", (order['ViewerOrderID'],)).fetchall()
order_total = database.execute("SELECT SUM(Price) AS Total FROM ViewerOrderLine NATURAL JOIN Video WHERE ViewerOrderID = %s AND FlagPerk = '0'", (order['ViewerOrderID'],)).fetchone()["Total"]
return render_template('orders/show.html', order=order, order_lines=order_lines, order_total=order_total)
def get_keys():
if g.get('role', None) == 'admin':
try:
keys = db.get_keys()
except Exception as e:
return jsonify(status="error", message=str(e)), 500
else:
user = g.get('user')
try:
keys = db.get_user_keys(user)
except Exception as e:
return jsonify(status="error", message=str(e)), 500
if keys:
return jsonify(
status="ok",
total=len(keys),
keys=keys,
time=datetime.datetime.utcnow()
)
else:
return jsonify(
status="ok",
message="not found",
total=0,
keys=[],
time=datetime.datetime.utcnow()
)
def put(self, user_id):
#if not request.authorization:
# return jsonify(status=401, message="unauthorized")
try:
conn = g.get('db_connection', None)
cur = conn.cursor()
data = request.get_json()
# This variable allows to know if I have to add comma
add_comma = False
user = self.get_role(conn, user_id)
if user == "admin" and not g.get('isadmin', False):
return jsonify(status=401, message="unauthorized")
if "role" in data and data["role"] == "admin" and not g.get('isadmin', False):
return jsonify(status=401, message="unauthorized")
# Build query
query = "UPDATE user SET "
if "lastname" in data:
add_comma = True
query += "lastname = \"" + data["lastname"] + "\""
if "firstname" in data:
if add_comma:
query += ", "
else:
add_comma = True
query += "firstname = \"" + data["firstname"] + "\""
if "email" in data:
if add_comma:
query += ", "
else:
add_comma = True
query += "email = \"" + data["email"] + "\""
if "password" in data:
if add_comma:
query += ", "
else:
add_comma = True
query += "password = \"" + data["password"] + "\""
if "role" in data:
if add_comma:
query += ", "
query += "role = \"" + data["role"] + "\""
query += " WHERE id = " + str(user_id)
# Execute query
affected_count = cur.execute(query)
# End query
conn.commit()
# Close MySQL connection
conn.close()
return jsonify(status=200, affected_row=str(affected_count))
except mdb.Error as e:
print "Error: %s" % str(e)
abort(500)
def create_key():
try:
key = ApiKey.parse(request.json)
except ValueError as e:
raise ApiError(str(e), 400)
if 'admin' in g.scopes or 'admin:keys' in g.scopes:
key.user = key.user or g.user
key.customer = key.customer or g.get('customer', None)
else:
key.user = g.user
key.customer = g.get('customer', None)
if not key.user:
raise ApiError("Must set 'user' to create API key", 400)
for want_scope in key.scopes:
if not Permission.is_in_scope(want_scope, g.scopes):
raise ApiError("Requested scope '%s' not in existing scopes: %s" % (want_scope, ','.join(g.scopes)), 403)
try:
key = key.create()
except Exception as e:
raise ApiError(str(e), 500)
if key:
return jsonify(status="ok", key=key.key, data=key.serialize), 201
else:
raise ApiError("create API key failed", 500)
def assertBase(self, admin, admin_readonly):
"""Assert baseline"""
with self.app.app_context():
self.api.get('/groups', status_code=200,
token=self.get_user_token(self.UID))
self.assertEqual(g.get('resource_admin'), admin)
self.assertEqual(g.get('resource_admin_readonly'), admin_readonly)
def show(page):
try:
username = request.form.get('username', '').strip() or g.get('username')
password = request.form.get('password', '').strip() or g.get('username')
# with app.app_context() as ctx:
# # ctx.pop()
# g.username = username
# g.password = password
# ctx.push()
board_name = request.form.get('board_name', '').strip()
sprint_name = request.form.get('sprint_name', '').strip()
boards = jira.get_boards()
board = jira.get_board(board_name, boards)
sprints = jira.get_sprints(board)
sprint = jira.get_sprint(sprint_name, sprints)
issues = jira.get_issues(sprint)
data = {
'username': username,
'password': password,
'boards': boards,
'sprints': sprints,
'issues': issues,
'types': jira.get_types(issues),
'board_name': board_name,
'sprint_name': sprint_name,
}
return render_template('pages/%s.html' % page, **data)
except TemplateNotFound:
abort(404)
def get_heartbeats():
try:
heartbeats = db.get_heartbeats()
except Exception as e:
return jsonify(status="error", message=str(e)), 500
hb_list = list()
for hb in heartbeats:
body = hb.get_body()
if g.get('role', None) != 'admin' and not body['customer'] == g.get('customer', None):
continue
body['href'] = absolute_url('/heartbeat/' + hb.id)
hb_list.append(body)
if hb_list:
return jsonify(
status="ok",
total=len(heartbeats),
heartbeats=hb_list,
time=datetime.datetime.utcnow()
)
else:
return jsonify(
status="ok",
message="not found",
total=0,
heartbeats=hb_list,
time=datetime.datetime.utcnow()
)
def get_user_keys(user):
query = {"user": user}
if g.get('role', None) != 'admin':
query['customer'] = g.get('customer')
try:
keys = db.get_keys(query)
except Exception as e:
return jsonify(status="error", message=str(e)), 500
if len(keys):
return jsonify(
status="ok",
total=len(keys),
keys=keys,
time=datetime.datetime.utcnow()
)
else:
return jsonify(
status="ok",
message="not found",
total=0,
keys=[],
time=datetime.datetime.utcnow()
)
def index():
form = CreateUserInfoForm();
print g.get('_gspread')
if form.validate_on_submit():
email = form.email.data
techtalks = form.mc_tech_talks.data
core = form.mc_core.data
# check if we 'know' this user
# user = User.query.filter_by(email=email).first()
# if user is None:
# uniqname = email.split("@")[0]
# create new user with this uniqname and add them to our database
# user = User(email=uniqname + "@umich.edu",
# username=uniqname,
# uniqname=uniqname,
# attend_talks=techtalks,
# join_core=core,
# password="******")
# db.session.add(user)
# db.session.commit()
gc = gspread.Client(auth=(os.environ.get('GMAIL'), os.environ.get('GMAIL_PWD')))
gc.login()
sheet = gc.open_by_key(os.environ.get('SPREADSHEET_KEY')).sheet1
num_rows = len(sheet.col_values(1))
sheet.append_row([email, techtalks, core])
# sheet.update_acell('A' + str(num_rows + 1), email)
# print "Added user %s to the database." % email
# Add the email to google spreadsheet (and uniqname to Twilio backend?)
flash("You've been subscribed to the Michigan Hackers E-mail list. We send out E-mails every Wednesday so be on the lookout!", 'success')
return redirect(url_for('main.index'))
return render_template('index.html', form=form)
def create_key():
if g.get('role', None) == 'admin':
try:
user = request.json.get('user', g.user)
customer = request.json.get('customer', None)
except AttributeError:
return jsonify(status="error", message="Must supply 'user' as parameter"), 400
else:
try:
user = g.user
customer = g.get('customer', None)
except AttributeError:
return jsonify(status="error", message="Must supply API Key or Bearer Token when creating new API key"), 400
type = request.json.get("type", "read-only")
if type not in ['read-only', 'read-write']:
return jsonify(status="error", message="API key 'type' must be 'read-only' or 'read-write'"), 400
text = request.json.get("text", "API Key for %s" % user)
try:
key = db.create_key(user, type, customer, text)
except Exception as e:
return jsonify(status="error", message=str(e)), 500
return jsonify(status="ok", key=key), 201, {'Location': absolute_url('/key/' + key)}
def newrelic():
hook_started = webhook_timer.start_timer()
try:
incomingAlert = parse_newrelic(request.json)
except ValueError as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 400
if g.get("customer", None):
incomingAlert.customer = g.get("customer")
try:
alert = process_alert(incomingAlert)
except RejectException as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 403
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
webhook_timer.stop_timer(hook_started)
if alert:
body = alert.get_body()
body["href"] = absolute_url("/alert/" + alert.id)
return jsonify(status="ok", id=alert.id, alert=body), 201, {"Location": body["href"]}
else:
return jsonify(status="error", message="insert or update of New Relic alert failed"), 500
def prometheus():
if request.json and 'alerts' in request.json:
hook_started = webhook_timer.start_timer()
status = request.json['status']
for alert in request.json['alerts']:
try:
incomingAlert = parse_prometheus(status, alert)
except ValueError as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 400
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
try:
process_alert(incomingAlert)
except RejectException as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 403
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
webhook_timer.stop_timer(hook_started)
else:
return jsonify(status="error", message="no alerts in Prometheus notification payload"), 400
return jsonify(status="ok"), 200
def get_category_select(title = '', catid = 0, moduleid = 1, extend = '', deep = 0, cat_id = 1):
if g.get('pchild'):
pchild = g.get('pchild')
else:
pchild = []
g.pchild = pchild
if catid:
r = MallCategory.query.filter_by(id=catid).first()
parents = r.arrparentid.split(',')
if r.child:
parents.append(catid)
else:
parents = ['0']
select = ''
k = 0
for v in parents:
if deep and deep <= k:
break
select += '<select onchange="load_category(this.value, '+str(cat_id)+');" '+extend+'>'
if title:
select += '<option value="0">'+title+'</option>'
parentid = v if v else "0"
result = MallCategory.query.filter_by(parentid=parentid).all()
for c in result:
selectid = parents[k+1] if k+1 < len(parents) else str(catid)
selected = 'selected' if str(c.id) == selectid else ''
if pchild and c.id in pchild :
continue
select += '<option value="'+str(c.id)+'"'+selected+'>'+c.catname+'</option>'
select += '</select>'
k +=1
return select
def delete(self, user_id):
#if not request.authorization:
# return jsonify(status=401, message="unauthorized")
try:
conn = g.get('db_connection', None)
cur = conn.cursor()
user = self.get_role(conn, user_id)
if user == "admin" and not g.get('isadmin', False):
return jsonify(status=401, message="unauthorized")
# Execute query
affected_count = cur.execute("DELETE FROM user WHERE id=%s", (user_id,))
# End query
conn.commit()
# Close MySQL connection
conn.close()
return jsonify(status=200, affected_row=str(affected_count)), 200
except mdb.Error as e:
print "Error: %s" % str(e)
abort(500)
def stackdriver():
hook_started = webhook_timer.start_timer()
try:
incomingAlert = parse_stackdriver(request.json)
except ValueError as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 400
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
add_remote_ip(request, incomingAlert)
try:
alert = process_alert(incomingAlert)
except RejectException as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 403
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
webhook_timer.stop_timer(hook_started)
if alert:
body = alert.get_body()
body['href'] = absolute_url('/alert/' + alert.id)
return jsonify(status="ok", id=alert.id, alert=body), 201, {'Location': body['href']}
else:
return jsonify(status="error", message="notification from stackdriver failed"), 500
def receive():
try:
incomingAlert = Alert.parse(request.json)
except ValueError as e:
raise ApiError(str(e), 400)
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
add_remote_ip(request, incomingAlert)
try:
alert = process_alert(incomingAlert)
except RejectException as e:
raise ApiError(str(e), 403)
except RateLimit as e:
return jsonify(status="error", message=str(e), id=incomingAlert.id), 429
except BlackoutPeriod as e:
return jsonify(status="ok", message=str(e), id=incomingAlert.id), 202
except Exception as e:
raise ApiError(str(e), 500)
if alert:
return jsonify(status="ok", id=alert.id, alert=alert.serialize), 201
else:
raise ApiError("insert or update of received alert failed", 500)
def cloudwatch():
hook_started = webhook_timer.start_timer()
try:
incomingAlert = parse_notification(request.data)
except ValueError as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 400
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
try:
alert = process_alert(incomingAlert)
except RejectException as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 403
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
webhook_timer.stop_timer(hook_started)
if alert:
body = alert.get_body()
body['href'] = absolute_url('/alert/' + alert.id)
return jsonify(status="ok", id=alert.id, alert=body), 201, {'Location': body['href']}
else:
return jsonify(status="error", message="insert or update of cloudwatch alarm failed"), 500
def orders():
if not g.get('current_staff') and not g.get('current_viewer'):
return redirect(url_for('users_login', error="You need to be a staff member or viewer to list orders"))
if g.get('current_staff'):
orders = database.execute("SELECT ViewerOrder.ViewerOrderID, OrderDate, ViewedStatus, SUM(CASE WHEN FlagPerk = 1 THEN 0 ELSE Price END) AS OrderTotal FROM ViewerOrder LEFT JOIN ViewerOrderLine ON ViewerOrder.ViewerOrderID = ViewerOrderLine.ViewerOrderID LEFT JOIN Video ON ViewerOrderLine.VideoID = Video.VideoID WHERE ViewedStatus IN ('Pending', 'Viewed', 'Fraud') GROUP BY ViewerOrderID ORDER BY ViewerOrderID DESC;").fetchall()
else:
orders = database.execute("SELECT ViewerOrder.ViewerOrderID, OrderDate, ViewedStatus, SUM(CASE WHEN FlagPerk = 1 THEN 0 ELSE Price END) AS OrderTotal FROM ViewerOrder LEFT JOIN ViewerOrderLine ON ViewerOrder.ViewerOrderID = ViewerOrderLine.ViewerOrderID LEFT JOIN Video ON ViewerOrderLine.VideoID = Video.VideoID WHERE ViewerID = %s AND ViewedStatus IN ('Pending', 'Viewed') GROUP BY ViewerOrderID ORDER BY ViewerOrderID DESC;", (g.current_viewer['ViewerID'],)).fetchall()
return render_template('orders/index.html', orders=orders)
def test_debug_mixin():
with app.test_request_context('/'):
assert_is_none(g.get('debug'))
mixin = Debug()
mixin.before()
assert_true(g.get('debug'))
mixin.after({})
def _projects():
print g.get('user',nme).name
user = get_user()
print user.projects.all() if user is not None else ''
if user is not None:
#print [dir(p) for p in user.projects]
projects = [p.to_json() for p in user.projects.all()]# else Project.objects.get(id=p.id).to_json()]
else:
projects = []
return jsonify(projects=projects)
def get(self):
try:
print(g.get('auth_token'))
if g.get('auth_token', None) is not None and g.get('auth_user', None) is not None:
cache_token = app_cache.get(g.get('auth_token'))
if cache_token is not None:
return {'status': True}, 200
return {'status': False}, 401
except Exception as e:
app.logger.exception(msg="Exception occured")
return {'status': False}, 404
def wrapper(*args,**kwargs):
headers = request.headers
auth = headers.get('Authorization',None)
if auth is not None:
print auth
token = auth.split(' ')[-1]
if not token == 'null':
user_data = jwt.decode(token,str(session.get('user_id',None)))
if int(user_data.get('id')) == session.get('user_id'):
g.user = User.get(user_data.get('id'))
print g.get('user',nme).name
return f(*args,**kwargs)
def after_cursor_execute(conn, cursor, statement, parameters, context, executemany):
total = time.time() - context._query_start_time
source_line = _get_sql_line()
source = source_line['items'] if source_line else None
logger.debug('Query complete; total time: %s', total, extra={'sql_log_type': 'end',
'req_path': (request.path
if has_request_context()
else None),
'sql_source': source,
'sql_duration': total,
'sql_verb': statement.split()[0]})
g.sql_query_count = g.get('sql_query_count', 0) + 1
g.req_query_duration = g.get('req_query_duration', 0) + total
def getScriptBaseURL(self):
if g.get('static_site'):
return 'static/js'
else:
return url_parse('%s/js' % self.getBaseURL()).path
def get_auth_token():
if "auth_token" in g:
return g.get("auth_token")
else:
return None
def get_db():
if not g.get('gb'): # when ther is no global connection, should create it
con = sqlite3.connect(app.config['DATABASE'])
con.row_factory = sqlite3.Row
g.db = con
return g.db
def before_replace(resource, document):
user = g.get('user', None)
if user is not None:
document[modified_by_field] = user
def get_locale():
return g.get('lang_code', 'en')
def getImagesBaseSecureURL(self):
if has_app_context() and g.get('static_site'):
return "static/images"
else:
return url_parse("%s/images" % self.getBaseSecureURL()).path
def close_db(error):
"""Zamykanie połączenia z bazą"""
if g.get('db'):
g.db.close()
def grafana():
hook_started = webhook_timer.start_timer()
alerts = []
data = request.json
if data and data['state'] == 'alerting':
for match in data.get('evalMatches', []):
try:
incomingAlert = parse_grafana(data, match)
except ValueError as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 400
if g.get('customer', None):
incomingAlert.customer = g.get('customer')
add_remote_ip(request, incomingAlert)
try:
alert = process_alert(incomingAlert)
except RejectException as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 403
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
alerts.append(alert)
webhook_timer.stop_timer(hook_started)
elif data and data['state'] == 'ok' and data.get('ruleId', None):
try:
existingAlerts = db.get_alerts({
'attributes.ruleId': data['ruleId'],
'customer': g.get('customer', None)
})
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
for updateAlert in existingAlerts:
updateAlert.severity = 'normal'
updateAlert.status = 'closed'
try:
alert = process_alert(updateAlert)
except RejectException as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 403
except Exception as e:
webhook_timer.stop_timer(hook_started)
return jsonify(status="error", message=str(e)), 500
alerts.append(alert)
webhook_timer.stop_timer(hook_started)
else:
return jsonify(
status="error",
message="no alerts in Grafana notification payload"), 400
if len(alerts) == 1:
body = alerts[0].get_body()
body['href'] = absolute_url('/alert/' + alerts[0].id)
return jsonify(status="ok", id=alerts[0].id, alert=body), 201, {
'Location': body['href']
}
else:
return jsonify(status="ok", ids=[alert.id for alert in alerts]), 201
def handler(prefix, path):
path = posixpath.join('/', prefix, path)
clearCache() # init fossil cache
logger = Logger.get('httpapi')
if request.method == 'POST':
# Convert POST data to a query string
queryParams = [(key, [x.encode('utf-8') for x in values])
for key, values in request.form.iterlists()]
query = urllib.urlencode(queryParams, doseq=1)
# we only need/keep multiple values so we can properly validate the signature.
# the legacy code below expects a dict with just the first value.
# if you write a new api endpoint that needs multiple values get them from
# ``request.values.getlist()`` directly
queryParams = {key: values[0] for key, values in queryParams}
else:
# Parse the actual query string
queryParams = dict((key, value.encode('utf-8'))
for key, value in request.args.iteritems())
query = request.query_string
apiKey = get_query_parameter(queryParams, ['ak', 'apikey'], None)
cookieAuth = get_query_parameter(queryParams, ['ca', 'cookieauth'],
'no') == 'yes'
signature = get_query_parameter(queryParams, ['signature'])
timestamp = get_query_parameter(queryParams, ['timestamp'],
0,
integer=True)
noCache = get_query_parameter(queryParams, ['nc', 'nocache'],
'no') == 'yes'
pretty = get_query_parameter(queryParams, ['p', 'pretty'], 'no') == 'yes'
onlyPublic = get_query_parameter(queryParams, ['op', 'onlypublic'],
'no') == 'yes'
onlyAuthed = get_query_parameter(queryParams, ['oa', 'onlyauthed'],
'no') == 'yes'
scope = 'read:legacy_api' if request.method == 'GET' else 'write:legacy_api'
if not request.headers.get('Authorization',
'').lower().startswith('basic '):
try:
oauth_valid, oauth_request = oauth.verify_request([scope])
if not oauth_valid and oauth_request and oauth_request.error_message != 'Bearer token not found.':
raise BadRequest('OAuth error: {}'.format(
oauth_request.error_message))
elif g.get(
'received_oauth_token'
) and oauth_request.error_message == 'Bearer token not found.':
raise BadRequest('OAuth error: Invalid token')
except ValueError:
# XXX: Dirty hack to workaround a bug in flask-oauthlib that causes it
# not to properly urlencode request query strings
# Related issue (https://github.com/lepture/flask-oauthlib/issues/213)
oauth_valid = False
else:
oauth_valid = False
# Get our handler function and its argument and response type
hook, dformat = HTTPAPIHook.parseRequest(path, queryParams)
if hook is None or dformat is None:
raise NotFound
# Disable caching if we are not just retrieving data (or the hook requires it)
if request.method == 'POST' or hook.NO_CACHE:
noCache = True
ak = error = result = None
ts = int(time.time())
typeMap = {}
status_code = None
is_response = False
try:
used_session = None
if cookieAuth:
used_session = session
if not used_session.user: # ignore guest sessions
used_session = None
if apiKey or oauth_valid or not used_session:
if not oauth_valid:
# Validate the API key (and its signature)
ak, enforceOnlyPublic = checkAK(apiKey, signature, timestamp,
path, query)
if enforceOnlyPublic:
onlyPublic = True
# Create an access wrapper for the API key's user
user = ak.user if ak and not onlyPublic else None
else: # Access Token (OAuth)
at = load_token(oauth_request.access_token.access_token)
user = at.user if at and not onlyPublic else None
# Get rid of API key in cache key if we did not impersonate a user
if ak and user is None:
cacheKey = normalizeQuery(
path,
query,
remove=('_', 'ak', 'apiKey', 'signature', 'timestamp',
'nc', 'nocache', 'oa', 'onlyauthed'))
else:
cacheKey = normalizeQuery(path,
query,
remove=('_', 'signature',
'timestamp', 'nc', 'nocache',
'oa', 'onlyauthed'))
if signature:
# in case the request was signed, store the result under a different key
cacheKey = 'signed_' + cacheKey
else:
# We authenticated using a session cookie.
token = request.headers.get(
'X-CSRF-Token', get_query_parameter(queryParams,
['csrftoken']))
if used_session.csrf_protected and used_session.csrf_token != token:
raise HTTPAPIError('Invalid CSRF token', 403)
user = used_session.user if not onlyPublic else None
userPrefix = 'user-{}_'.format(used_session.user.id)
cacheKey = userPrefix + normalizeQuery(
path,
query,
remove=('_', 'nc', 'nocache', 'ca', 'cookieauth', 'oa',
'onlyauthed', 'csrftoken'))
# Bail out if the user requires authentication but is not authenticated
if onlyAuthed and not user:
raise HTTPAPIError('Not authenticated', 403)
addToCache = not hook.NO_CACHE
cache = GenericCache('HTTPAPI')
cacheKey = RE_REMOVE_EXTENSION.sub('', cacheKey)
if not noCache:
obj = cache.get(cacheKey)
if obj is not None:
result, extra, ts, complete, typeMap = obj
addToCache = False
if result is None:
g.current_api_user = user
# Perform the actual exporting
res = hook(user)
if isinstance(res, current_app.response_class):
addToCache = False
is_response = True
result, extra, complete, typeMap = res, {}, True, {}
elif isinstance(res, tuple) and len(res) == 4:
result, extra, complete, typeMap = res
else:
result, extra, complete, typeMap = res, {}, True, {}
if result is not None and addToCache:
ttl = api_settings.get('cache_ttl')
if ttl > 0:
cache.set(cacheKey, (result, extra, ts, complete, typeMap),
ttl)
except HTTPAPIError as e:
error = e
if e.getCode():
status_code = e.getCode()
if result is None and error is None:
# TODO: usage page
raise NotFound
else:
if ak and error is None:
# Commit only if there was an API key and no error
norm_path, norm_query = normalizeQuery(path,
query,
remove=('signature',
'timestamp'),
separate=True)
uri = to_unicode('?'.join(filter(None, (norm_path, norm_query))))
ak.register_used(request.remote_addr, uri, not onlyPublic)
db.session.commit()
else:
# No need to commit stuff if we didn't use an API key (nothing was written)
# XXX do we even need this?
db.session.rollback()
# Log successful POST api requests
if error is None and request.method == 'POST':
logger.info('API request: %s?%s', path, query)
if is_response:
return result
serializer = Serializer.create(dformat,
query_params=queryParams,
pretty=pretty,
typeMap=typeMap,
**hook.serializer_args)
if error:
if not serializer.schemaless:
# if our serializer has a specific schema (HTML, ICAL, etc...)
# use JSON, since it is universal
serializer = Serializer.create('json')
result = fossilize(error)
else:
if serializer.encapsulate:
result = fossilize(
HTTPAPIResult(result, path, query, ts, complete, extra),
IHTTPAPIExportResultFossil)
del result['_fossil']
try:
data = serializer(result)
response = current_app.make_response(data)
content_type = serializer.get_response_content_type()
if content_type:
response.content_type = content_type
if status_code:
response.status_code = status_code
return response
except Exception:
logger.exception('Serialization error in request %s?%s', path,
query)
raise
def get_timezone():
user = g.get('user', None)
if user is not None:
return user.timezone
def inject_data():
return dict(user=current_user, \
lang_code=g.get('lang_code', None))
def get_locale():
return g.get('lang_code', app.config['BABEL_DEFAULT_LOCALE'])
def ensure_lang_support():
lang_code = g.get('lang_code', None)
if lang_code and lang_code not in app.config['SUPPORTED_LANGUAGES'].keys():
return abort(404)
def set_language_code(endpoint, values):
if 'lang_code' in values or not g.get('lang_code', None):
return
if app.url_map.is_endpoint_expecting(endpoint, 'lang_code'):
values['lang_code'] = g.lang_code
def parse_assignment_load():
# Lookup Code
assignment_group_id = parse_lookup_code()
# Assignment Group ID
if assignment_group_id is None:
assignment_group_id = maybe_int(
request.args.get('assignment_group_id'))
# Exact "url" code for group
if assignment_group_id is None:
assignment_group_id = AssignmentGroup.id_by_url(
request.args.get('assignment_group_url'))
# Assignment ID
current_assignment_id = maybe_int(request.args.get('assignment_id'))
# Exact "url" code for assignment
if current_assignment_id is None:
current_assignment_id = Assignment.id_by_url(
request.args.get('assignment_url'))
# User
user = g.get('user', None)
user_id = user.id if user else None
# Course ID of the user
course_id = maybe_int(request.args.get('course_id', None))
if course_id is None:
course_id = int(g.course.id) if 'course' in g and g.course else None
# LTI submission URL
new_submission_url = request.form.get('lis_result_sourcedid', None)
# Embedded?
embed = request.values.get('embed', 'false').lower() == 'true'
# Get group
assignment_group = AssignmentGroup.by_id(assignment_group_id)
# Get assignments
if assignment_group is None:
assignment = Assignment.by_id(current_assignment_id)
if assignment:
assignments = [assignment]
else:
assignments = []
else:
assignments = assignment_group.get_assignments()
# Potentially adjust assignment_id
if current_assignment_id is None and assignments:
current_assignment_id = assignments[0].id
# Get submissions
if user_id is None or course_id is None:
submissions = []
else:
submissions = [
assignment.load_or_new_submission(user_id, course_id,
new_submission_url,
assignment_group_id)
for assignment in assignments
]
# Determine the users' role in relation to this information
role = user.determine_role(assignments,
submissions) if user else "anonymous"
if role in ("student", "anonymous"):
# Check for any IP locked assignments
for assignment in assignments:
if not assignment.is_allowed(request.remote_addr):
return abort(
403,
"You cannot access this assignment from your current location: "
+ request.remote_addr)
# Check passcode
passcode_protected = False
for assignment in assignments:
if assignment.has_passcode() and not passcode_protected:
passcode_protected = True
# Combine the submissions and assignments
group = list(zip(assignments, submissions))
# Okay we've got everything
return dict(group=group,
assignment_group=assignment_group,
assignments=assignments,
submissions=submissions,
assignment_group_id=assignment_group_id,
current_assignment_id=current_assignment_id,
user=user,
user_id=user_id,
role=role,
course_id=course_id,
embed=embed,
passcode_protected=passcode_protected)
def get_locale():
# try to guess the language from the user accept
# header the browser transmits. The best match wins.
# return request.accept_languages.best_match(['de', 'sk', 'en'])
return g.get('current_lang', app.config['BABEL_DEFAULT_LOCALE'])
def add_request_id(response):
response.headers.add('X-REQUEST-ID', g.get('request_id'))
return response
def teardown_request(response: Response) -> Response:
if g.get('p') is not None:
perf.check(g.p, 'slow_page', request.path, 'decksite')
db().close()
return response
def save_session(self, *args, **kwargs):
if g.get('login_via_request'):
return
return super(CustomSecureCookieSessionInterface, self).save_session(*args, **kwargs)
def get_locale():
return g.get('current_lang',
request.accept_languages.best_match(VALID_LANGUAGES, 'en'))
def rule_find_one(id):
db_session = g.get("db_session")
result = db_session.query(Rule).filter(Rule.id == id).first()
if result is None:
return make_response(f"Can't find data with id {id}", 404)
return jsonify(result.to_dict())
def current_user(self) -> Union[None, Any]:
return g.get('flask_httpauth_user', None)
def before_insert(resource, documents):
user = g.get('user', None)
if user is not None:
for document in documents:
document[created_by_field] = user
document[modified_by_field] = user
def get_locale():
g.locale = request.cookies.get("lang")
if not g.get('locale', None):
translations = ["en", "fr"]
g.locale = request.accept_languages.best_match(translations)
return g.locale
def _get_private_filters(self, repo, invisible_stages):
query = {}
if repo == 'ingest':
query = {'and': [{'term': {'_type': 'ingest'}}]}
elif repo == 'archive':
user_id = g.get('user', {}).get('_id')
query = {
'and': [{
'exists': {
'field': 'task.desk'
}
}, {
'bool': {
'should': [
{
'and': [{
'term': {
ITEM_STATE: CONTENT_STATE.DRAFT
}
}, {
'term': {
'task.user': str(user_id)
}
}]
},
{
'terms': {
ITEM_STATE: [
CONTENT_STATE.FETCHED,
CONTENT_STATE.ROUTED,
CONTENT_STATE.PROGRESS,
CONTENT_STATE.SUBMITTED,
CONTENT_STATE.SPIKED
]
}
},
],
'must_not': {
'term': {
'version': 0
}
}
}
}]
}
elif repo == 'published':
query = {
'and': [{
'term': {
'_type': 'published'
}
}, {
'terms': {
ITEM_STATE: [
CONTENT_STATE.SCHEDULED, CONTENT_STATE.PUBLISHED,
CONTENT_STATE.KILLED, CONTENT_STATE.CORRECTED
]
}
}]
}
elif repo == 'archived':
query = {'and': [{'term': {'_type': 'archived'}}]}
if invisible_stages and (repo == 'archive' or repo == 'published'):
query['and'].append(
{'not': {
'terms': {
'task.stage': invisible_stages
}
}})
return query
def CurrentUser():
return g.get('User')
def close_db(error):
if g.get('db'):
g.db.close()
def teardown_db_connection(exception):
connection = g.get('connection')
if connection is not None:
connection.close()
def getFontsBaseURL(self):
if g.get('static_site'):
return "static/fonts"
else:
return url_parse("%s/fonts" % self.getBaseURL()).path
def getCssBaseURL(self):
if has_app_context() and g.get('static_site'):
return "static/css"
else:
return url_parse("%s/css" % self.getBaseURL()).path
