Пример #1
0
def call_api(func, args=""):
    add_json_header(response)

    s = request.environ.get('beaker.session')
    # Accepts standard http auth
    auth = parse_auth(request.get_header('Authorization', ''))
    if 'session' in request.POST or 'session' in request.GET:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1],
                                request.environ.get('REMOTE_ADDR', None))
        # if auth is correct create a pseudo session
        if user: s = {'uid': user.uid}

    api = get_user_api(s)
    if not api:
        return error(401, "Unauthorized")

    if not PYLOAD.isAuthorized(func, api.user):
        return error(403, "Forbidden")

    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return error(404, "Not Found")

    # TODO: possible encoding
    # TODO Better error codes on invalid input

    args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
    kwargs = {}

    # accepts body as json dict
    if request.json:
        kwargs = request.json

    # file upload, reads whole file into memory
    for name, f in request.files.iteritems():
        kwargs["filename"] = f.filename
        content = StringIO()
        f.save(content)
        kwargs[name] = content.getvalue()
        content.close()

    # convert arguments from json to obj separately
    for x, y in request.params.iteritems():
        try:
            if not x or not y or x == "session": continue
            kwargs[x] = loads(unquote(y))
        except Exception, e:
            # Unsupported input
            msg = "Invalid Input %s, %s : %s" % (x, y, e.message)
            print_exc()
            print msg
            return error(415, msg)
Пример #2
0
def call_api(func, args=""):
    add_json_header(response)

    s = request.environ.get('beaker.session')
    # Accepts standard http auth
    auth = parse_auth(request.get_header('Authorization', ''))
    if 'session' in request.POST or 'session' in request.GET:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
        # if auth is correct create a pseudo session
        if user: s = {'uid': user.uid}

    api = get_user_api(s)
    if not api:
        return error(401, "Unauthorized")

    if not PYLOAD.isAuthorized(func, api.user):
        return error(403, "Forbidden")

    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return error(404, "Not Found")

    # TODO: possible encoding
    # TODO Better error codes on invalid input

    args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
    kwargs = {}

    # accepts body as json dict
    if request.json:
        kwargs = request.json

    # file upload, reads whole file into memory
    for name, f in request.files.iteritems():
        kwargs["filename"] = f.filename
        content = StringIO()
        f.save(content)
        kwargs[name] = content.getvalue()
        content.close()

    # convert arguments from json to obj separately
    for x, y in request.params.iteritems():
        try:
            if not x or not y or x == "session": continue
            kwargs[x] = loads(unquote(y))
        except Exception, e:
            # Unsupported input
            msg = "Invalid Input %s, %s : %s" % (x, y, e.message)
            print_exc()
            print msg
            return error(415, msg)
Пример #3
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get("beaker.session")
    # Accepts standard http auth
    auth = parse_auth(request.get_header("Authorization", ""))
    if "session" in request.POST or "session" in request.GET:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.params.get("session"), "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get("REMOTE_ADDR", None))
        # if auth is correct create a pseudo session
        if user:
            s = {"uid": user.uid}

    api = get_user_api(s)
    if not api:
        return HTTPError(401, dumps("Unauthorized"), **response.headers)

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(403, dumps("Forbidden"), **response.headers)

    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"), **response.headers)

    # TODO: possible encoding
    # TODO Better error codes on invalid input

    args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
    kwargs = {}

    # accepts body as json dict
    if request.json:
        kwargs = request.json

    # convert arguments from json to obj separately
    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if not x or not y or x == "session":
            continue
        kwargs[x] = loads(unquote(y))

    try:
        result = getattr(api, func)(*args, **kwargs)
        # null is invalid json response
        if result is None:
            result = True
        return dumps(result)

    except ExceptionObject, e:
        return HTTPError(400, dumps(e), **response.headers)
Пример #4
0
def call_api(func, args=""):
    add_header(response)

    s = request.environ.get('beaker.session')
    # Accepts standard http auth
    auth = parse_auth(request.get_header('Authorization', ''))
    if 'session' in request.POST or 'session' in request.GET:
        # removes "' so it works on json strings
        s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
    elif auth:
        user = PYLOAD.checkAuth(auth[0], auth[1],
                                request.environ.get('REMOTE_ADDR', None))
        # if auth is correct create a pseudo session
        if user: s = {'uid': user.uid}

    api = get_user_api(s)
    if not api:
        return HTTPError(401, dumps("Unauthorized"), **response.headers)

    if not PYLOAD.isAuthorized(func, api.user):
        return HTTPError(403, dumps("Forbidden"), **response.headers)

    if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
        print "Invalid API call", func
        return HTTPError(404, dumps("Not Found"), **response.headers)

    # TODO: possible encoding
    # TODO Better error codes on invalid input

    args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
    kwargs = {}

    # accepts body as json dict
    if request.json:
        kwargs = request.json

    # convert arguments from json to obj separately
    for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
        if not x or not y or x == "session": continue
        kwargs[x] = loads(unquote(y))

    try:
        result = getattr(api, func)(*args, **kwargs)
        # null is invalid json response
        if result is None: result = True
        return dumps(result)

    except ExceptionObject, e:
        return HTTPError(400, dumps(e), **response.headers)
Пример #5
0
    def handle_call(self, msg, req):
        """ Parses the msg for an argument call. If func is null an response was already sent.

        :return: func, args, kwargs
        """
        try:
            o = loads(msg)
        except ValueError, e: #invalid json object
            self.log.debug("Invalid Request: %s" % e)
            self.send_result(req, self.ERROR, "No JSON request")
            return None, None, None
Пример #6
0
    def handle_call(self, msg, req):
        """ Parses the msg for an argument call. If func is null an response was already sent.

        :return: func, args, kwargs
        """
        try:
            o = loads(msg)
        except ValueError, e:  #invalid json object
            self.log.debug("Invalid Request: %s" % e)
            self.send_result(req, self.ERROR, "No JSON request")
            return None, None, None