async def _handler(self, request: Request) -> StreamResponse:
if not self._started:
raise HTTPInternalServerError()
assert self._scheduler is not None
assert self._webhook_token is not None
if self._check_address and not self._address_is_allowed(request):
raise HTTPNotFound()
if not compare_digest(self._webhook_token,
request.match_info['token']):
raise HTTPNotFound()
update_data = json.loads(await request.read())
update = Update.from_dict(update_data)
await self._scheduler.spawn(self._handle_update(update))
return Response()
def handle_request(self, message, payload):
"""Asyncio callback resolving request to a handler.
Calls handler and returns its response if any or a 404 HTTP error."""
# current "loop time"
now = self._loop.time()
request = Request(
self,
message,
payload,
self.transport,
self.reader,
self.writer
)
sub, handler, infos = self.resolve(request.method, request.path, dict())
debug('handling %s, resolved: %s %s %s' % (request.path, sub, handler, infos))
if sub:
try:
context = Context(self, sub, request)
response = yield from handler(context, **infos)
if not isinstance(response, StreamResponse):
msg = ("Handler {!r} should return response instance, "
"got {!r} [middlewares {!r}]")
msg = msg.format(
{}, # match_info.handler,
type(response),
self.middlewares
)
raise RuntimeError(msg)
except HTTPException as exc:
response = exc
else:
response = HTTPNotFound()
debug(response)
response_message = response.start(request)
yield from response.write_eof()
# notify server about keep-alive
self.keep_alive(response_message.keep_alive())
# log access
self.log_access(
message,
None,
response_message,
self._loop.time() - now
)
async def archivate(request, dir_path, delay=0):
if os.path.samefile(dir_path, '.') or os.path.samefile(dir_path, '..'):
raise HTTPNotFound(reason='путь не должен вести на ".." или "."')
if not os.path.exists(dir_path):
raise HTTPNotFound(reason='Архив не существует или был удален')
archive_hash = request.match_info['archive_hash']
dir_path = os.path.join(dir_path, archive_hash)
cmd = ['zip', '-r', '-', dir_path]
response = web.StreamResponse()
response.headers[
'Content-Disposition'] = 'attachment; filename="archive.zip"'
response.enable_chunked_encoding()
await response.prepare(request)
proc = await asyncio.create_subprocess_exec(*cmd,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE)
try:
while True:
archive_chunk = await proc.stdout.readline()
logger.debug('Sending archive chunk ...')
if not archive_chunk:
break
await response.write(archive_chunk)
await asyncio.sleep(delay)
except asyncio.CancelledError:
logger.warning('Download was interrupted.')
proc.kill()
raise
finally:
response.force_close()
return response
async def error_handler_middleware(request: Request, handler: RequestHandler) -> StreamResponse:
try:
return await handler(request)
except HTTPRedirection as e:
# redirects are implemented as exceptions in aiohttp for whatever reason...
raise e
except NotFoundError as e:
kind = type(e).__name__
message = f"Error: {kind}\nMessage: {str(e)}"
log.info(f"Request {request} has failed with exception: {message}", exc_info=exc_info(e))
raise HTTPNotFound(text=message) from e
except (ClientError, AttributeError) as e:
kind = type(e).__name__
ex_str = str(e)
message = f"Error: {kind}\nMessage: {ex_str}"
log.info(f"Request {request} has failed with exception: {message}", exc_info=exc_info(e))
await event_sender.core_event(
CoreEvent.ClientError, {"version": version(), "kind": kind, "message": ex_str}
)
raise HTTPBadRequest(text=message) from e
except Exception as e:
kind = type(e).__name__
ex_str = str(e)
message = f"Error: {kind}\nMessage: {ex_str}"
log.warning(f"Request {request} has failed with exception: {message}", exc_info=exc_info(e))
await event_sender.core_event(
CoreEvent.ServerError, {"version": version(), "kind": kind, "message": ex_str}
)
raise HTTPBadRequest(text=message) from e
async def _delete(self, request: Request):
id = request.match_info.get('id')
await self._checkDriveHeaders(request)
if id not in self.items:
raise HTTPNotFound()
del self.items[id]
return Response()
async def _process(request):
op_name = request.match_info.get('operation')
def create_handler(
a_type: Callable[[Fid], BaseMessage]
) -> Callable[[Dict[str, Any]], BaseMessage]:
def fn(data: Dict[str, Any]):
fid = Fid.parse(data['fid'])
return a_type(fid)
return fn
msg_factory = {
'rebalance-start': create_handler(SnsRebalanceStart),
'rebalance-stop': create_handler(SnsRebalanceStop),
'rebalance-pause': create_handler(SnsRebalancePause),
'rebalance-resume': create_handler(SnsRebalanceResume),
'repair-start': create_handler(SnsRepairStart),
'repair-stop': create_handler(SnsRepairStop),
'repair-pause': create_handler(SnsRepairPause),
'repair-resume': create_handler(SnsRepairResume),
'disk-attach': create_handler(SnsDiskAttach),
'disk-detach': create_handler(SnsDiskDetach),
}
LOG.debug(f'process_sns_operation: {op_name}')
if op_name not in msg_factory:
raise HTTPNotFound()
data = await request.json()
message = msg_factory[op_name](data)
loop = asyncio.get_event_loop()
await loop.run_in_executor(None, lambda: queue.put(message))
return web.Response()
async def users_login_get(request: Request) -> Response:
session_maker = request.app['db_session_manager']
log.debug(request.headers)
if not request.headers['X-Login'] == request.match_info['login']:
return HTTPForbidden()
session: Session = session_maker()
try:
user = session.query(Users).filter_by(
login=request.match_info['login']).first()
if not user:
return HTTPNotFound()
params = request.rel_url.query.get('output')
if params:
output = [x.strip() for x in params.split(',')]
user_serialized = UsersSchema(only=output).dump(user)
else:
user_serialized = UsersSchema().dump(user)
return Response(body=json.dumps(user_serialized),
headers={'content-type': 'application/json'})
finally:
session.close()
async def put(self) -> Response:
"""Put route function."""
db = self.request.app["db"]
# Authenticate and authorize:
token = await extract_token_from_request(self.request)
await AuthorizationService.authorize(db, token, [Role.ADMIN, Role.USER_ADMIN])
# Process request:
body = await self.request.json()
try:
user = User.from_dict(body)
except KeyError as e:
raise HTTPUnprocessableEntity(
reason=f"Mandatory property {e.args[0]} is missing."
) from e
id = self.request.match_info["id"]
logging.debug(f"Got request-body {body} for {id} of type {type(body)}")
try:
await UsersService.update_user(db, id, user)
except IllegalValueException as e:
raise HTTPUnprocessableEntity() from e
except UserNotFoundException as e:
raise HTTPNotFound() from e
return Response(status=204)
async def processImage(self, data):
#print('data', data)
imgdir = '/var/www/'
try:
image = data["url"]
if image.strip() == "":
return HTTPBadRequest(text="url can not be empty")
elif isUrl(image):
image = await fetch(session, image)
else:
image = image if (
image.startswith('/')) else os.path.abspath(imgdir + image)
if not isReadableFile(image):
raise HTTPNotFound(text="url`s image not exist")
nsfw_prob = classify(image)
text = nsfw_prob.astype(str)
del (data, imgdir, image, nsfw_prob)
return web.Response(text=text)
except KeyError:
return HTTPBadRequest(text="Missing `url` parameter")
except OSError as e:
if "cannot identify" in str(e):
raise HTTPUnsupportedMediaType(text="url is invalid image")
else:
raise e
async def get_queue_limit(request):
query = request.rel_url.query
if 'uid' not in query:
raise HTTPBadRequest(reason=VALIDATION_ERROR)
uid = query['uid'].isdigit() and int(query['uid'])
if uid < 1:
raise HTTPBadRequest(reason=VALIDATION_ERROR)
user = await User.query.where(User.id == uid).gino.one_or_none()
if user is None:
raise HTTPNotFound(reason=USER_NOT_FOUND)
redis = request.app['redis']
lim_key = f'lim_send:{uid}'
ttl = -1
value = await redis.get(lim_key)
value = int(value) if value is not None else 0
if value > 0:
ttl = await redis.ttl(lim_key)
# This case is real and tested
# TODO: LUA script to fetch the value and it's ttl atomically
if ttl == 0:
value = 0
ttl = -1
return {
'value': value,
'ttl': ttl,
'daily': daily_limit[user.role],
}
async def fetch(session, url):
sslcontext = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
with async_timeout.timeout(10):
async with session.get(url, ssl=sslcontext) as response:
if response.status == 404:
raise HTTPNotFound(text="url`s image not found")
return await response.read()
async def get_by_id(self, pk):
result = await self.collection.find_one({
'_id': ObjectId(pk)
})
if not result:
raise HTTPNotFound(text='Notification not found.')
return self._mongo_obj_to_dict(result)
async def archivate(request, photo_folder, delay):
'''Async function archives photos and send it to client by chunks '''
folder = photo_folder + request.match_info['archive_hash']
if not os.path.exists(folder):
raise HTTPNotFound(text='Archive does not exist or was deleted.')
response = web.StreamResponse()
response.headers['Content-Type'] = 'multipart/form-data'
response.headers[
'Content-Disposition'] = 'attachment; filename = "archive.zip"'
#create archivate subprocess
cmd = ['zip', '-r', '-', folder]
create_process = asyncio.create_subprocess_exec(
*cmd, stdout=asyncio.subprocess.PIPE)
archivate_proc = await create_process
await response.prepare(request)
#set chunk size for 64 kb
CHUNK_SIZE = 54120
try:
while True:
archive_chunk = await archivate_proc.stdout.read(CHUNK_SIZE)
if not archive_chunk:
await response.write_eof()
break
await response.write(archive_chunk)
logging.debug(u'Sending archive chunk ...')
if delay:
await asyncio.sleep(int(delay))
return response
except asyncio.CancelledError:
archivate_proc.terminate()
raise
finally:
response.force_close()
logging.debug("Connection was interrupted")
async def verify_contact_method(request, ctx: AppConfig,
session: AuthnSession):
try:
user_profile_id = UUID(request.match_info['user_profile_id'])
contact_method_id = UUID(request.match_info['contact_method_id'])
except ValueError:
raise HTTPNotFound()
challenge_response = AuthnChallengeResponseRequest.unmarshal_request(
await request.json())
if user_profile_id != session.user_profile_id:
raise HTTPForbidden()
if challenge_response.challenge_id != session.pending_challenge.challenge_id:
raise HTTPBadRequest()
session.pending_challenge.attempts += 1
session.changed()
if session.pending_challenge.attempts > security.MaxVerificationChallengeAttempts:
session.invalidate()
raise HTTPForbidden(body="Too many invalid attempts")
if challenge_response.passcode != session.pending_challenge.secret:
raise HTTPUnauthorized(body="Incorrect passcode")
async with op.session(ctx) as ss:
await op.user_profile.\
mark_contact_method_verified(contact_method_id, user_profile_id=user_profile_id).\
execute(ss)
session.clear_pending_challenge()
return HTTPOk()
async def _query(self, request: Request):
await self._checkDriveHeaders(request)
query: str = request.query.get("q", "")
fields = self.parseFields(request.query.get('fields', 'id'))
if mimeTypeQueryPattern.match(query):
ret = []
mimeType = query[len("mimeType='"):-1]
for item in self.items.values():
if item.get('mimeType', '') == mimeType:
ret.append(self.filter_fields(item, fields))
return json_response({'files': ret})
elif parentsQueryPattern.match(query):
ret = []
parent = query[1:-len("' in parents")]
if parent not in self.items:
raise HTTPNotFound()
if parent in self.lostPermission:
return Response(
status=403,
content_type="application/json",
text='{"error": {"errors": [{"reason": "forbidden"}]}}')
for item in self.items.values():
if parent in item.get('parents', []):
ret.append(self.filter_fields(item, fields))
return json_response({'files': ret})
elif len(query) == 0:
ret = []
for item in self.items.values():
ret.append(self.filter_fields(item, fields))
return json_response({'files': ret})
else:
raise HTTPBadRequest
async def get_contact_method_verify_challenge(request, ctx: AppConfig,
session: AuthnSession):
try:
user_profile_id = UUID(request.match_info['user_profile_id'])
contact_method_id = UUID(request.match_info['contact_method_id'])
except ValueError:
raise HTTPNotFound()
if user_profile_id != session.user_profile_id:
raise HTTPForbidden()
async with op.session(ctx) as ss:
cm = await op.user_profile.\
get_contact_method(contact_method_id, user_profile_id=user_profile_id).\
execute(ss)
if cm.verified:
raise ValueError("contact method is already verified")
if cm.contact_method_type is ContactMethodType.Email:
# TODO: deliver challenge
chtype = AuthnChallengeType.Email
elif cm.contact_method_type is ContactMethodType.Phone:
# TODO: deliver challenge
chtype = AuthnChallengeType.SMS
session.require_challenge(chtype)
session.next_challenge_for_contact_method(cm)
return session.pending_challenge.get_view('public')
async def get(self):
await super().get()
val = await self.redis.zrange(self.thingy_uuid+':'+self.sensor, -1, -1)
try:
return json_response(body=val[0])
except IndexError:
return HTTPNotFound(text='No {} sensor data found for {}'.format(self.sensor, self.thingy_uuid))
async def retrieve_all(self):
obj_list = await self.model.query.gino.all()
if not obj_list:
raise HTTPNotFound(text='[]')
return obj_list
def _table_name_from_dr(dr: str) -> str:
if dr not in AVAILABLE_DRS:
msg = f"ZTF data release identify {dr} isn't supported"
raise HTTPNotFound(reason=msg, body=msg)
if dr == 'latest':
dr = LATEST_DR
return dr
async def users_put(request: Request) -> Response:
session_maker = request.app['db_session_manager']
if not request.headers['X-Login'] == request.match_info['login']:
return HTTPForbidden()
session: Session = session_maker()
try:
data = await request.json()
if data:
user = session.query(Users).filter_by(
login=request.match_info['login']).first()
if not user:
return HTTPNotFound()
user_put = UsersSchema().load(data, session=session, partial=True)
user.first_name = user_put.first_name
user.last_name = user_put.last_name
user.email = user_put.email
user.phone = user_put.phone
session.commit()
return HTTPNoContent(headers={'Location': f"/users/{user.login}"})
else:
session.close()
return HTTPBadRequest()
except Exception:
session.rollback()
raise
finally:
session.close()
async def hassioSnapshotInfo(self, request: Request):
if self.checkForSupervisorError() is not None:
return self.checkForSupervisorError()
slug = request.match_info.get('slug')
await self._verifyHassioHeader(request)
if slug not in self.snapshots:
raise HTTPNotFound()
return self.formatDataResponse(self.snapshots[slug])
async def hassioSnapshotDownload(self, request: Request):
if self.checkForSupervisorError() is not None:
return self.checkForSupervisorError()
slug = request.match_info.get('slug')
await self._verifyHassioHeader(request)
if slug not in self.snapshot_data:
raise HTTPNotFound()
return self.serve_bytes(request, self.snapshot_data[slug])
async def download_head(context, request):
util = getUtility(IGlexUtility)
db = await util.get_db()
try:
video = db['videos'][request.GET['id']]
except IndexError:
return HTTPNotFound()
return Response(headers={'Content-Length': video['size']})
async def find_by_id(self, id) -> ModelEvent:
document = None
cursor = self.collection.find({"_id": id})
while await cursor.fetch_next:
document = cursor.next_object()
if document is None:
raise HTTPNotFound(text="cannot find event {0}".format(id))
return deserialize_db_event(document)
async def _deleteSnapshot(self, request: Request):
await self._verifyHeader(request)
slug = request.match_info.get('slug')
if slug not in self._snapshots:
raise HTTPNotFound()
del self._snapshots[slug]
del self._snapshot_data[slug]
return self._formatDataResponse("deleted")
async def addonLogo(self, request: Request):
slug = request.match_info.get('slug')
if not self._ha_source.addonHasLogo(slug):
raise HTTPNotFound()
try:
(content_type, data) = await self._harequests.getAddonLogo(slug)
return web.Response(headers={hdrs.CONTENT_TYPE: content_type}, body=data)
except ClientResponseError as e:
return web.Response(status=e.status)
async def update(self, instance_id, **kwargs):
try:
status = await self.model.update.values(**kwargs)\
.where(self.model.id == int(instance_id)).gino.status()
if status[0] == 'UPDATE 0':
raise HTTPNotFound(text='Requested object does not exist')
except ValueError:
raise HTTPBadRequest(text='Instance id must be an integer')
return status
async def delete(self, instance_id):
try:
status = await self.model.delete.\
where(self.model.id == int(instance_id)).gino.status()
if status[0] == 'DELETE 0':
raise HTTPNotFound(text='Requested object does not exist')
except ValueError:
raise HTTPBadRequest(text='Instance id must be an integer')
return status
async def interface_handle(request):
interface_name = request.match_info["interface"]
local_directory = join(dirname(__file__), "web_interfaces", interface_name)
index_file = join(local_directory, "index.html")
if not isfile(index_file):
index_file = join(local_directory, "build", "index.html")
if isfile(index_file):
return FileResponse(index_file)
return HTTPNotFound()
def get(self, path):
path = os.path.join(self.path, path)
if not os.path.isfile(path):
raise HTTPNotFound()
ext = os.path.splitext(path)[1]
ct = mimetypes.types_map.get(ext, 'application/octet-stream')
with open(path, 'rb') as f:
return StaticInfo(path, ct, f.read())
async def aiohttp_error_middleware(request, handler):
try:
response = await handler(request)
return response
except BotActionNotImplementedError:
raise HTTPNotImplemented()
except PermissionError:
raise HTTPUnauthorized()
except KeyError:
raise HTTPNotFound()
except Exception:
raise HTTPInternalServerError()