def on_post(self, req, resp): try: userinfo = req.context['user'] if not userinfo.is_logged_in(): resp.status = falcon.HTTP_400 return user = session.query(model.User).filter(model.User.id == userinfo.get_id()).first() files = multipart.MultiDict() content_type, options = multipart.parse_options_header(req.content_type) boundary = options.get('boundary','') if not boundary: raise multipart.MultipartError("No boundary for multipart/form-data.") for part in multipart.MultipartParser(req.stream, boundary, req.content_length): files[part.name] = part file = files.get('file') user_id = req.context['user'].get_id() tmpfile = tempfile.NamedTemporaryFile(delete = False) file.save_as(tmpfile.name) mime = magic.Magic(mime=True).from_file(tmpfile.name) if mime not in ALLOWED_MIME_TYPES: resp.status = falcon.HTTP_400 return if not os.path.isdir(UPLOAD_DIR): try: os.makedirs(UPLOAD_DIR) except OSError: print 'Unable to create directory for profile pictures' resp.status = falcon.HTTP_500 return new_picture = os.path.join(UPLOAD_DIR, 'user_%d.%s' % (user_id, ALLOWED_MIME_TYPES[mime])) self._crop(tmpfile.name, new_picture) try: os.remove(tmpfile.name) except OSError: print 'Unable to remove temporary file %s' % tmpfile.name user.profile_picture = new_picture session.add(user) session.commit() except SQLAlchemyError: session.rollback() raise finally: session.close()
async def handle(self, body): ctype = dict(self.scope['headers'])[b'content-type'] _, options = parse_options_header(ctype.decode()) mp = MultipartParser(BytesIO(body), options['boundary']) content = '' for part in mp.parts(): if part.filename: content = part.value await self.send_response(200, b'%d' % len(content), headers=[ ('Content-Type', 'text/plain; charset=utf-8'), ])
def _do_parse_payload(self, request): env = request.env # Parse Content-Type header c_type_hdr = env.get('CONTENT_TYPE', '') c_type, options = multipart.parse_options_header(c_type_hdr) # Content-Length c_len = int(env.get('CONTENT_LENGTH', '-1')) # wsgi.input # Using ``or`` here prevents unnecessary instantiations if the get # operation is to succeed, which is almost always the case. stream = env.get('wsgi.input', None) or BytesIO() # Check mimetype of payload against configuration. if c_type in self._acceptable_post_mimes: return _FORM_CONTENT_HANDLERS[c_type](stream, c_len, options) return None, None
def on_post(self, req, resp): user = req.context['user'] if (not user.is_logged_in()) or (not user.is_org()): req.context['result'] = { 'errors': [ { 'status': '401', 'title': 'Unauthorized', 'detail': u'Upravovat content může pouze organizátor.' } ] } resp.status = falcon.HTTP_400 return if req.get_param('path'): shortPath = req.get_param('path').replace('..', '') else: shortPath = "." dirPath = 'data/content/' + shortPath if not req.content_length: resp.status = falcon.HTTP_411 return if req.content_length > util.config.MAX_UPLOAD_FILE_SIZE: resp.status = falcon.HTTP_413 return files = multipart.MultiDict() content_type, options = multipart.parse_options_header(req.content_type) boundary = options.get('boundary', '') if not boundary: raise multipart.MultipartError("No boundary for multipart/form-data.") try: if not os.path.isdir(dirPath): os.makedirs(dirPath) for part in multipart.MultipartParser(req.stream, boundary, req.content_length, 2**30, 2**20, 2**18, 2**16, 'utf-8'): path = '%s/%s' % (dirPath, part.filename) part.save_as(path) except: resp.status = falcon.HTTP_500 raise req.context['result'] = {} resp.status = falcon.HTTP_200
def file_add(): user = users.get_current_user() if not user: redirect(users.create_login_url(request.url)) response.headers['Content-Type'] = 'text/html; charset=utf-8' url_id = request.forms.get('url_id') application = ndb.Key(urlsafe=url_id).get() if application.author != user and not users.is_current_user_admin(): redirect('/') try: upload = request.files["upload"] blob_data = parse_options_header(upload.content_type)[1] blob_key = blob_data["blob-key"] if application.test_blob: application.test_blob.append(blob_key) else: application.test_blob = [blob_key] application.put() except: pass redirect('/view/%s' % url_id)
def decode_multipart(o, content_type, **kwargs): har = [] try: if isinstance(o, six.string_types): import multipart content_type, options = multipart.parse_options_header( content_type) assert content_type == 'multipart/form-data' stream = six.BytesIO(o) boundary = six.binary_type(options.get('boundary')) assert boundary for part in multipart.MultipartParser(stream, boundary, len(o), **kwargs): if part.filename or not part.is_buffered(): param = {'name': part.name, 'value': part.value, 'filename': part.filename} else: # TODO: Big form-fields are in the files dict. really? param = {'name': part.name, 'value': part.value} har.append(param) except Exception as err: print(repr(err)) return har
def _upload_files(self, req, module, user_id, resp): # Soubory bez specifikace delky neberem. if not req.content_length: resp.status = falcon.HTTP_411 req.context['result'] = { 'result': 'error', 'error': 'Nelze nahrát neukončený stream.' } return # Prilis velke soubory neberem. if req.content_length > util.config.MAX_UPLOAD_FILE_SIZE: resp.status = falcon.HTTP_413 req.context['result'] = { 'result': 'error', 'error': 'Maximální velikost dávky je 20 MB.' } return # Pokud uz existuji odevzdane soubory, nevytvarime nove # evaluation, pouze pripojujeme k j*z existujicimu try: existing = util.module.existing_evaluation(module.id, user_id) if len(existing) > 0: evaluation = session.query(model.Evaluation).get(existing[0]) evaluation.time = datetime.datetime.utcnow() report = evaluation.full_report else: report = (str(datetime.datetime.now()) + ' : === Uploading files for module id \'%s\' for ' 'task id \'%s\' ===\n' % (module.id, module.task)) evaluation = model.Evaluation(user=user_id, module=module.id, ok=True) session.add(evaluation) session.commit() # Lze uploadovat jen omezeny pocet souboru. file_cnt = session.query(model.SubmittedFile).\ filter(model.SubmittedFile.evaluation == evaluation.id).count() if file_cnt > util.config.MAX_UPLOAD_FILE_COUNT: resp.status = falcon.HTTP_400 req.context['result'] = { 'result': 'error', 'error': 'K řešení lze nahrát nejvýše 20 souborů.' } return except SQLAlchemyError: session.rollback() raise dir = util.module.submission_dir(module.id, user_id) try: os.makedirs(dir) except OSError: pass if not os.path.isdir(dir): resp.status = falcon.HTTP_400 req.context['result'] = { 'result': 'error', 'error': 'Chyba 42, kontaktuj orga.' } return files = multipart.MultiDict() content_type, options = multipart.parse_options_header( req.content_type) boundary = options.get('boundary', '') if not boundary: raise multipart.MultipartError( "No boundary for multipart/form-data.") for part in multipart.MultipartParser(req.stream, boundary, req.content_length, 2**30, 2**20, 2**18, 2**16, 'utf-8'): path = '%s/%s' % (dir, part.filename) part.save_as(path) mime = magic.Magic(mime=True).from_file(path) report += (str(datetime.datetime.now()) + ' : [y] uploaded file: \'%s\' (mime: %s) to ' 'file %s\n' % (part.filename, mime, path)) # Pokud je tento soubor j*z v databazi, zaznam znovu nepridavame try: file_in_db = session.query(model.SubmittedFile).\ filter(model.SubmittedFile.evaluation == evaluation.id).\ filter(model.SubmittedFile.path == path).scalar() if file_in_db is None: submitted_file = model.SubmittedFile( evaluation=evaluation.id, mime=mime, path=path) session.add(submitted_file) except SQLAlchemyError: session.rollback() raise evaluation.full_report = report try: session.add(evaluation) session.commit() except SQLAlchemyError: session.rollback() raise finally: session.close() req.context['result'] = {'result': 'ok'}
def _upload_files(self, req, module, user_id, resp): # Soubory bez specifikace delky neberem. if not req.content_length: resp.status = falcon.HTTP_411 req.context['result'] = { 'result': 'error', 'error': 'Nelze nahrát neukončený stream.' } return # Prilis velke soubory neberem. if req.content_length > util.config.MAX_UPLOAD_FILE_SIZE: resp.status = falcon.HTTP_413 req.context['result'] = { 'result': 'error', 'error': 'Maximální velikost dávky je 20 MB.' } return # Pokud uz existuji odevzdane soubory, nevytvarime nove # evaluation, pouze pripojujeme k j*z existujicimu try: existing = util.module.existing_evaluation(module.id, user_id) if len(existing) > 0: evaluation = session.query(model.Evaluation).get(existing[0]) evaluation.time = datetime.datetime.utcnow() report = evaluation.full_report else: report = str(datetime.datetime.now()) + ' : === Uploading files for module id \'%s\' for task id \'%s\' ===\n' % (module.id, module.task) evaluation = model.Evaluation(user=user_id, module=module.id, ok=True) session.add(evaluation) session.commit() # Lze uploadovat jen omezeny pocet souboru. file_cnt = session.query(model.SubmittedFile).\ filter(model.SubmittedFile.evaluation == evaluation.id).count() if file_cnt > util.config.MAX_UPLOAD_FILE_COUNT: resp.status = falcon.HTTP_400 req.context['result'] = { 'result': 'error', 'error': 'K řešení lze nahrát nejvýše 20 souborů.' } return except SQLAlchemyError: session.rollback() raise dir = util.module.submission_dir(module.id, user_id) try: os.makedirs(dir) except OSError: pass if not os.path.isdir(dir): resp.status = falcon.HTTP_400 req.context['result'] = { 'result': 'error', 'error': 'Chyba 42, kontaktuj orga.' } return files = multipart.MultiDict() content_type, options = multipart.parse_options_header(req.content_type) boundary = options.get('boundary', '') if not boundary: raise multipart.MultipartError("No boundary for multipart/form-data.") for part in multipart.MultipartParser(req.stream, boundary, req.content_length, 2**30, 2**20, 2**18, 2**16, 'utf-8'): path = '%s/%s' % (dir, part.filename) part.save_as(path) mime = magic.Magic(mime=True).from_file(path) report += str(datetime.datetime.now()) + ' : [y] uploaded file: \'%s\' (mime: %s) to file %s\n' % (part.filename, mime, path) # Pokud je tento soubor j*z v databazi, zaznam znovu nepridavame try: file_in_db = session.query(model.SubmittedFile).\ filter(model.SubmittedFile.evaluation == evaluation.id).\ filter(model.SubmittedFile.path == path).scalar() if file_in_db is None: submitted_file = model.SubmittedFile(evaluation=evaluation.id, mime=mime, path=path) session.add(submitted_file) except SQLAlchemyError: session.rollback() raise evaluation.full_report = report try: session.add(evaluation) session.commit() except SQLAlchemyError: session.rollback() raise finally: session.close() req.context['result'] = { 'result': 'correct' }
def on_post(self, req, resp): try: userinfo = req.context['user'] if not userinfo.is_logged_in(): resp.status = falcon.HTTP_400 return user = session.query(model.User).\ filter(model.User.id == userinfo.get_id()).\ first() files = multipart.MultiDict() content_type, options = multipart.parse_options_header( req.content_type ) boundary = options.get('boundary', '') if not boundary: raise multipart.MultipartError("No boundary for " "multipart/form-data.") for part in multipart.MultipartParser(req.stream, boundary, req.content_length): files[part.name] = part file = files.get('file') user_id = req.context['user'].get_id() tmpfile = tempfile.NamedTemporaryFile(delete=False) file.save_as(tmpfile.name) mime = magic.Magic(mime=True).from_file(tmpfile.name) if mime not in ALLOWED_MIME_TYPES: resp.status = falcon.HTTP_400 return if not os.path.isdir(UPLOAD_DIR): try: os.makedirs(UPLOAD_DIR) except OSError: print('Unable to create directory for profile pictures') resp.status = falcon.HTTP_500 return new_picture = os.path.join(UPLOAD_DIR, 'user_%d.%s' % ( user_id, ALLOWED_MIME_TYPES[mime] )) self._crop(tmpfile.name, new_picture) try: os.remove(tmpfile.name) except OSError: print('Unable to remove temporary file %s' % tmpfile.name) user.profile_picture = new_picture session.commit() req.context['result'] = {} except SQLAlchemyError: session.rollback() raise finally: session.close()
def edit_post(): user = users.get_current_user() if not user: redirect(users.create_login_url(request.url)) response.headers['Content-Type'] = 'text/html; charset=utf-8' url_id = request.forms.get('url_id') #return url_id application = ndb.Key(urlsafe=url_id).get() if application.author != user and not users.is_current_user_admin() : redirect('/') application.content = decode_field(request.forms.get('content')) application.author_fn = decode_field(request.forms.get('author_fn')) application.author_phone = request.forms.get('author_phone') #application.author_bdate = datetime.strptime(request.forms.get('author_bdate'), '%d-%m-%Y') #application.author_mail = request.forms.get('author_mail') application.author_contacts = decode_field(request.forms.get('author_contacts')) application.app_type = request.forms.get('app_type').decode('utf-8') application.app_title = decode_field(request.forms.get('app_title')) application.app_origin = decode_field(request.forms.get('app_origin')) application.city = decode_field(request.forms.get('city')) application.timing = request.forms.get('timing') if users.is_current_user_admin(): application.app_status = request.forms.get('app_status') #return application.app_title try: upload = request.files["upload"] blob_data = parse_options_header(upload.content_type)[1] blob_key = blob_data["blob-key"] if application.test_blob: application.test_blob.append(blob_key) else: application.test_blob = [blob_key] except: pass try: rehersal = decode_field(request.forms.get('rehersal')) except: rehersal = None if rehersal: match = re.search(r"(?:youtube\.com\/\S*(?:(?:\/e(?:mbed))?\/|watch\?(?:\S*?&?v\=))|youtu\.be\/)([a-zA-Z0-9_-]{6,11})", rehersal) if match: rehersal = match.group(1) if application.rehersals and rehersal: application.rehersals.append(rehersal) elif rehersal and not application.rehersals: application.rehersals = [rehersal] participants_list = [] for i in range(10): fullname = request.forms.get("participant_fn_%d" % i) nickname = request.forms.get("participant_nickname_%d" % i) age = request.forms.get("participant_age_%d" % i) fullname = decode_field(fullname) nickname = decode_field(nickname) delete = request.forms.get("participant_delete_%d" % i) #participants_list.append([fullname, nickname, age, "participant_fn_%d" % i]) if fullname and nickname and age and not delete: try: participants_list.append(Participant(participant_fn=fullname, participant_nickname=nickname, participant_age=int(age) ) ) except: redirect("/error") #print participants_list application.participants = participants_list comment = Comments(parent=comments_key) comment_body = request.forms.get('comment') if comment_body: comment.comment = decode_field(comment_body) comment.author = user comment.application = url_id comment.put() application.put() #return "success" #return application referer = request.headers.get('Referer') return_page = request.query.get('return_page') if return_page: redirect('/%s' % return_page) elif referer: redirect(referer) else: redirect('/')