def run_executable_update(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_WR)
if r != SUCCESS:
return None, msg
executable_body_filter = executable_body.get('filter', {})
err_message = populate_with_params_values(did, app_did,
executable_body_filter, params)
if err_message:
return None, err_message
executable_body_update = executable_body.get('update').get('$set')
err_message = populate_with_params_values(did, app_did,
executable_body_update, params)
if err_message:
return None, err_message
options = populate_options_update_one(executable_body)
err_message = populate_with_params_values(did, app_did, options, params)
if err_message:
return None, err_message
col = get_collection(target_did, target_app_did,
executable_body.get('collection'))
data, err_message = query_update_one(col, executable_body, options)
if err_message:
return None, err_message
db_size = get_mongo_database_size(target_did, target_app_did)
update_vault_db_use_storage_byte(did, db_size)
return data, None
def run_executable_insert(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_WR)
if not r:
return None, msg
executable_body_document = executable_body.get('document', {})
populate_params_insert_update(did, app_did, executable_body_document,
params)
created = "created" in executable_body_document.keys()
options = populate_options_insert_one(executable_body)
col = get_collection(target_did, target_app_did,
executable_body.get('collection'))
data, err_message = query_insert_one(col,
executable_body,
options,
created=created)
if err_message:
return None, err_message
db_size = get_mongo_database_size(target_did, target_app_did)
update_vault_db_use_storage_byte(did, db_size)
return data, None
def run_executable_find(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if r != SUCCESS:
return None, msg
executable_body_filter = executable_body.get('filter', {})
err_message = populate_with_params_values(did, app_did,
executable_body_filter, params)
if err_message:
return None, err_message
options = populate_options_find_many(executable_body)
err_message = populate_with_params_values(did, app_did, options, params)
if err_message:
return None, err_message
col = get_collection(target_did, target_app_did,
executable_body.get('collection'))
if not col:
return None, f'Can not find the collection {executable_body.get("collection")}'
data, err_message = query_find_many(col, executable_body, options)
if err_message:
return None, err_message
return data, None
def did_post_json_param_pre_proc(response,
*args,
access_vault=None,
access_backup=None):
did, app_id = did_auth()
if did is None:
return did, None, response.response_err(UNAUTHORIZED, "auth failed")
content = request.get_json(force=True, silent=True)
if content is None:
return did, None, response.response_err(
BAD_REQUEST, "parameter is not application/json")
if access_vault:
r, msg = can_access_vault(did, access_vault)
if r != SUCCESS:
return did, app_id, None, response.response_err(r, msg)
if access_backup:
r, msg = can_access_backup(did)
if r != SUCCESS:
return did, None, response.response_err(r, msg)
for arg in args:
data = content.get(arg, None)
if data is None:
return did, None, response.response_err(
BAD_REQUEST, "parameter " + arg + " is null")
return did, content, None
def did_get_param_pre_proc(response,
*args,
access_vault=None,
access_backup=None):
did, app_id = did_auth()
if did is None:
return did, None, response.response_err(UNAUTHORIZED, "auth failed")
if access_vault:
r, msg = can_access_vault(did, access_vault)
if r != SUCCESS:
return did, app_id, None, response.response_err(r, msg)
if access_backup:
r, msg = can_access_backup(did)
if r != SUCCESS:
return did, None, response.response_err(r, msg)
content = dict()
for arg in args:
data = request.args.get(arg, None)
if data is None:
return did, app_id, None, response.response_err(
BAD_REQUEST, "parameter " + arg + " is null")
else:
content[arg] = data
return did, content, None
def run_executable_file_upload(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_WR)
if r != SUCCESS:
return None, msg
executable_body_path = executable_body.get("path", "")
if executable_body_path.startswith(f"{SCRIPTING_EXECUTABLE_PARAMS}."):
v = executable_body_path.replace(f"{SCRIPTING_EXECUTABLE_PARAMS}.", "")
try:
v = params[v]
except Exception as e:
return None, f"Exception: {str(e)}"
executable_body_path = v
if not executable_body_path:
return None, f"Path cannot be empty"
full_path_name, err = query_upload_get_filepath(target_did, target_app_did,
executable_body_path)
if err:
return None, f"Exception: Could not upload file. Status={err['status_code']} Error='{err['description']}'"
content = {
"document": {
"file_name": executable_body_path,
"fileapi_type": "upload"
}
}
col = get_collection(target_did, target_app_did,
SCRIPTING_SCRIPT_TEMP_TX_COLLECTION)
if not col:
return None, f"collection {SCRIPTING_SCRIPT_TEMP_TX_COLLECTION} does not exist"
data, err_message = query_insert_one(col, content, {})
if err_message:
return None, f"Could not insert data into the database: Err: {err_message}"
db_size = get_mongo_database_size(target_did, target_app_did)
update_vault_db_use_storage_byte(target_did, db_size)
row_id = data.get("inserted_id", None)
if not row_id:
return None, f"Could not retrieve the transaction ID. Please try again"
data = {
"transaction_id":
jwt.encode(
{
"row_id": row_id,
"target_did": target_did,
"target_app_did": target_app_did
},
hive_setting.DID_STOREPASS,
algorithm='HS256')
}
return data, None
def run_script_fileapi_setup(self, transaction_id, fileapi_type):
# Request script content first
try:
transaction_detail = jwt.decode(transaction_id,
hive_setting.DID_STOREPASS,
algorithms=['HS256'])
row_id, target_did, target_app_did = transaction_detail.get('row_id', None), transaction_detail.get('target_did', None), \
transaction_detail.get('target_app_did', None)
except Exception as e:
err = [
INTERNAL_SERVER_ERROR,
f"Error while executing file {fileapi_type} via scripting: Could not unpack details "
f"from transaction_id jwt token. Exception: {str(e)}"
]
return None, None, None, None, err
r, m = can_access_vault(target_did, VAULT_ACCESS_R)
if r != SUCCESS:
err = [
r,
f"Error while executing file {fileapi_type} via scripting: vault can not be accessed"
]
return None, None, None, None, err
# Find the temporary tx in the database
try:
col = get_collection(target_did, target_app_did,
SCRIPTING_SCRIPT_TEMP_TX_COLLECTION)
content_filter = {"_id": ObjectId(row_id)}
script_temp_tx = col.find_one(content_filter)
except Exception as e:
err = [
NOT_FOUND,
f"Error while executing file {fileapi_type} via scripting: Exception: {str(e)}"
]
return None, None, None, None, err
if not script_temp_tx:
err = [
NOT_FOUND,
f"Error while executing file {fileapi_type} via scripting: "
f"Exception: Could not find the transaction ID '{transaction_id}' in the database"
]
return None, None, None, None, err
file_name = script_temp_tx.get('file_name', None)
if not file_name:
err = [
NOT_FOUND,
f"Error while executing file {fileapi_type} via scripting: Could not find a file_name "
f"'{file_name}' to be used to upload"
]
return None, None, None, None, err
return row_id, target_did, target_app_did, file_name, None
def pre_proc(response, access_vault=None):
did, app_id = did_auth()
if (did is None) or (app_id is None):
return did, app_id, response.response_err(UNAUTHORIZED, "auth failed")
if access_vault:
r, msg = can_access_vault(did, access_vault)
if r != SUCCESS:
return did, app_id, response.response_err(r, msg)
return did, app_id, None
def list_files(self):
did, app_id = did_auth()
if (did is None) or (app_id is None):
return self.response.response_err(UNAUTHORIZED, "auth failed")
r, msg = can_access_vault(did, VAULT_ACCESS_R)
if r != SUCCESS:
return self.response.response_err(r, msg)
docs, resp_err = v2_wrapper(self.ipfs_files.list_folder_with_path)(did, app_id, request.args.get('path'))
if resp_err:
return resp_err
file_info_list = list(map(lambda d: HiveFile.get_info_by_metadata(d), docs))
return self.response.response_ok({"file_info_list": file_info_list})
def run_executable_file_download(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if not r:
return None, msg
executable_body_path = executable_body.get("path", "")
if executable_body_path.startswith(f"{SCRIPTING_EXECUTABLE_PARAMS}."):
v = executable_body_path.replace(f"{SCRIPTING_EXECUTABLE_PARAMS}.", "")
if not (params and params.get(v, None)):
return None, "Exception: Parameter is not set"
executable_body_path = params[v]
if not executable_body_path:
return None, f"Path cannot be empty"
content = {
"document": {
"file_name": executable_body_path,
"fileapi_type": "download"
}
}
col = get_collection(target_did, target_app_did,
SCRIPTING_SCRIPT_TEMP_TX_COLLECTION)
if not col:
return None, f"collection {SCRIPTING_SCRIPT_TEMP_TX_COLLECTION} does not exist"
data, err_message = query_insert_one(col, content, {})
if err_message:
return None, f"Could not insert data into the database: Err: {err_message}"
db_size = get_mongo_database_size(target_did, target_app_did)
update_vault_db_use_storage_byte(target_did, db_size)
row_id = data.get("inserted_id", None)
if not row_id:
return None, f"Could not retrieve the transaction ID. Please try again"
data = {
"transaction_id":
jwt.encode(
{
"row_id": row_id,
"target_did": target_did,
"target_app_did": target_app_did
},
hive_setting.DID_STOREPASS,
algorithm='HS256')
}
return data, None
def download_file(self):
resp = Response()
did, app_id = did_auth()
if (did is None) or (app_id is None):
resp.status_code = UNAUTHORIZED
return resp
r, msg = can_access_vault(did, VAULT_ACCESS_R)
if r != SUCCESS:
resp.status_code = r
return resp
data, resp_err = v2_wrapper(self.ipfs_files.download_file_with_path)(did, app_id, request.args.get('path'))
if resp_err:
return resp_err
return data
def run_executable_file_hash(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if not r:
return None, msg
executable_body_path = executable_body.get("path", "")
name = ""
if executable_body_path.startswith(f"{SCRIPTING_EXECUTABLE_PARAMS}."):
v = executable_body_path.replace(f"{SCRIPTING_EXECUTABLE_PARAMS}.", "")
if not (params and params.get(v, None)):
return None, "Exception: Parameter is not set"
name = params[v]
data, err = query_hash(target_did, target_app_did, name)
if err:
return None, f"Exception: Could not get hash of file. Status={err['status_code']} Error='{err['description']}'"
return data, None
def download_file(self):
resp = Response()
did, app_id = did_auth()
if (did is None) or (app_id is None):
resp.status_code = UNAUTHORIZED
return resp
r, msg = can_access_vault(did, VAULT_ACCESS_R)
if not r:
resp.status_code = FORBIDDEN
return resp
file_name = request.args.get('path')
data, status_code = query_download(did, app_id, file_name)
if status_code != SUCCESS:
resp.status_code = status_code
return resp
return data
def run_executable_find(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if not r:
return None, msg
executable_body_filter = executable_body.get('filter', {})
populate_params_find_count_delete(did, app_did, executable_body_filter,
params)
options = populate_options_find_many(executable_body)
col = get_collection(target_did, target_app_did,
executable_body.get('collection'))
data, err_message = query_find_many(col, executable_body, options)
if err_message:
return None, err_message
return data, None
def run_executable_delete(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if not r:
return None, msg
executable_body_filter = executable_body.get('filter', {})
populate_params_find_count_delete(did, app_did, executable_body_filter,
params)
col = get_collection(target_did, target_app_did,
executable_body.get('collection'))
data, err_message = query_delete_one(col, executable_body)
if err_message:
return None, err_message
db_size = get_mongo_database_size(target_did, target_app_did)
update_vault_db_use_storage_byte(did, db_size)
return data, None
def list_files(self):
did, app_id = did_auth()
if (did is None) or (app_id is None):
return self.response.response_err(UNAUTHORIZED, "auth failed")
r, msg = can_access_vault(did, VAULT_ACCESS_R)
if not r:
return self.response.response_err(BAD_REQUEST, msg)
path = get_save_files_path(did, app_id)
name = request.args.get('path')
if name is None:
full_path_name = path
else:
name = filter_path_root(name)
full_path_name = (path / name).resolve()
if not (full_path_name.exists() and full_path_name.is_dir()):
return self.response.response_err(NOT_FOUND, "folder not exists")
try:
files = os.listdir(full_path_name.as_posix())
except Exception as e:
return self.response.response_ok({"files": []})
file_info_list = list()
for file in files:
full_file = full_path_name / file
stat_info = full_file.stat()
file_info = {
"type": "file" if full_file.is_file() else "folder",
"name": file,
"size": stat_info.st_size,
"last_modify": stat_info.st_mtime,
}
file_info_list.append(file_info)
return self.response.response_ok({"file_info_list": file_info_list})
def run_executable_file_hash(did, app_did, target_did, target_app_did,
executable_body, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if r != SUCCESS:
return None, msg
executable_body_path = executable_body.get("path", "")
name = ""
if executable_body_path.startswith(f"{SCRIPTING_EXECUTABLE_PARAMS}."):
v = executable_body_path.replace(f"{SCRIPTING_EXECUTABLE_PARAMS}.", "")
try:
v = params[v]
except Exception as e:
return None, f"Exception: {str(e)}"
name = v
metadata, resp_err = v2_wrapper(IpfsFiles().get_file_metadata)(
target_did, target_app_did, name)
if resp_err:
return None, f'Exception: Could not get the hash of the file. Status={resp_err[1]} Error={resp_err[0]}'
data = {"SHA256": metadata[COL_IPFS_FILES_SHA256]}
return data, None
def __run_script(self, script_name, caller_did, caller_app_did, target_did,
target_app_did, params):
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if r != SUCCESS:
logging.debug(
f"Error while executing script named '{script_name}': vault can not be accessed"
)
return self.response.response_err(r, msg)
# Find the script in the database
col = get_collection(target_did, target_app_did,
SCRIPTING_SCRIPT_COLLECTION)
content_filter = {"name": script_name}
err_message = f"could not find script '{script_name}' in the database. Please register the script " \
f"first with set_script' API endpoint"
try:
script = col.find_one(content_filter)
except Exception as e:
err_message = f"{err_message}. Exception: {str(e)}"
logging.debug(
f"Error while executing script named '{script_name}': {err_message}"
)
return self.response.response_err(INTERNAL_SERVER_ERROR,
err_message)
if not script:
logging.debug(
f"Error while executing script named '{script_name}': {err_message}"
)
return self.response.response_err(NOT_FOUND, err_message)
# Validate anonymity options
allow_anonymous_user = script.get('allowAnonymousUser', False)
allow_anonymous_app = script.get('allowAnonymousApp', False)
if (allow_anonymous_user is True) and (allow_anonymous_app is False):
err_message = "Error while validating anonymity options: Cannot set allowAnonymousUser to be True but " \
"allowAnonymousApp to be False as we cannot request an auth to prove an app identity without " \
"proving the user identity"
logging.debug(err_message)
return self.response.response_err(BAD_REQUEST, err_message)
if allow_anonymous_user is True:
caller_did = None
else:
if not caller_did:
logging.debug(
f"Error while executing script named '{script_name}': Auth failed. caller_did "
f"not set")
return self.response.response_err(
UNAUTHORIZED, "Auth failed. caller_did not set")
if allow_anonymous_app is True:
caller_app_did = None
else:
if not caller_app_did:
logging.debug(
f"Error while executing script named '{script_name}': Auth failed. "
f"caller_app_did not set")
return self.response.response_err(
UNAUTHORIZED, "Auth failed. caller_app_did not set")
logging.debug(
f"Executing a script named '{script_name}' with params: "
f"Caller DID: '{caller_did}', Caller App DID: '{caller_app_did}', "
f"Target DID: '{target_did}', Target App DID: '{target_app_did}', "
f"Anonymous User Access: {allow_anonymous_user}, Anonymous App Access: {allow_anonymous_app}"
)
condition = script.get('condition', None)
if condition:
# Currently, there's only one kind of condition("count" db query)
r, msg = can_access_vault(target_did, VAULT_ACCESS_R)
if r != SUCCESS:
logging.debug(
f"Error while executing script named '{script_name}': vault can not be accessed"
)
return self.response.response_err(r, msg)
passed = self.__condition_execution(caller_did, caller_app_did,
target_did, target_app_did,
condition, params)
if not passed:
err_message = f"the conditions were not met to execute this script"
logging.debug(
f"Error while executing script named '{script_name}': {err_message}"
)
return self.response.response_err(FORBIDDEN, err_message)
executable = script.get("executable")
unmassage_keys_with_dollar_signs(executable)
output = {}
data = self.__executable_execution(caller_did,
caller_app_did,
target_did,
target_app_did,
executable,
params,
output=output,
output_key=executable.get(
'name', "output0"))
return data
