示例#1
0
 def new(self):
     self.verify()
     page = yield db.value(
         "insert into pages (user_id) values (%(user_id)s) returning id",
         {'user_id': self.request.user})
     self['page'] = page
     yield self.add()
示例#2
0
 def new(self):
     self.verify()
     avatar = yield db.value(
         "insert into avatars (user_id) values (%(user_id)s) returning id",
         {'user_id': self.request.user})
     self['avatar'] = avatar
     yield self.add()
示例#3
0
    def login(self):
        username, password = self['username'], self['password']
        salt_hash = yield db.row(
            """
            select id, salt, hash from users where username = %(username)s""",
            {'username': username})

        if not salt_hash: raise Stink("no user named %s" % username)

        user_id, salt, hash = tuple(
            (salt_hash[key] for key in ('id', 'salt', 'hash')))
        if hashlib.sha256(password + salt).hexdigest() == hash:
            token = os.urandom(16).encode('hex')
            yield db.query(
                """
                insert into tokens (user_id, token) values (%(user_id)s, %(token)s)""",
                {
                    'user_id': user_id,
                    'token': token
                })
            self.set_cookie('token', token)
        else:
            raise Stink("bad password")
        self.request.user = yield db.value(
            """select user_id from tokens where token = %(token)s""",
            {'token': token})
        defer.returnValue({
            'message': 'logged in',
            'token': token,
            'user': {
                'id': self.request.user
            }
        })
示例#4
0
def save(data, klass, set_id, name=None):
    image = Image.open(StringIO.StringIO(data))
    id = yield db.value("""insert into files (set_id, name) values (%(set_id)s, %(name)s) returning id""",
        {'set_id' : set_id, 'name': name})
    url = 'files/%s/%s.%s' % (klass, id, image.format.lower())
    yield db.query("update files set url = %(url)s where id = %(id)s",
        {'url': '/'+url, 'id':id})
    with open(url, 'w') as f: f.write(data)
示例#5
0
 def is_owner(self):
     user_id = yield db.value("""
         select users.id from users, avatars
             where avatars.user_id = users.id
             and avatars.id = %(avatar)s""",
         {'avatar': self['avatar']})
     if not user_id: raise Stink("no avatar set %s" % self['avatar'])
     if user_id != self.request.user: raise Stink("you don't own avatar %s" % self['avatar'])
     defer.returnValue(True)
示例#6
0
 def is_owner(self):
     user_id = yield db.value(
         """
         select users.id from users, avatars
             where avatars.user_id = users.id
             and avatars.id = %(avatar)s""", {'avatar': self['avatar']})
     if not user_id: raise Stink("no avatar set %s" % self['avatar'])
     if user_id != self.request.user:
         raise Stink("you don't own avatar %s" % self['avatar'])
     defer.returnValue(True)
示例#7
0
    def process(self, method, merge={}):
        import sessionland
        log.msg("process %s %s %s" % (method, self.request.path, self.args()))
        if self.request.path.endswith('.json'):
            path = self.request.path[:-5]
            render = False
        else:
            path = self.request.path
            render = True

        self.request.user = yield db.value(
            """select user_id from tokens where token = %(token)s""",
            {'token': self['token']})
        data = {'user': {'id': self.request.user}}

        for call in self.api[method]:
            match = call.route.match(path)
            if match:
                log.msg('calling %s: %s' % (call.route.pattern, call.__name__))
                try:
                    result = yield call(*match.groups())
                    data.update(merge)
                    if result: data.update(result)
                    log.msg('got data:\n%s' % pprint.pformat(data))
                    if render:
                        if call.last:
                            self.redirect(self.arg('last'), status=303)
                        elif call.redirect:
                            self.redirect(call.redirect, status=303)
                        else:
                            data['last'] = self.request.path
                            data['data'] = dumps(data)
                            log.msg('getting template: %s' % call.template)
                            self.write(
                                sessionland.jinja.get_template(
                                    call.template).render(**data))
                    else:
                        log.msg("return JSON: " + dumps(data))
                        self.write(dumps(data))
                except Stink as e:
                    log.msg('request args: %s, message: %s' %
                            (self.request.arguments, e.message))
                    data = {'message': e.message}
                    if render:
                        if 'last' in self.request.arguments:
                            self.request.path = self.request.arguments['last'][
                                0]
                            yield self.process('GET', merge=data)
                        else:
                            self.write(e.message)
                    else:
                        log.msg("return JSON: " + dumps(data))
                        self.write(dumps(data))
                return
示例#8
0
def save(data, klass, set_id, name=None):
    image = Image.open(StringIO.StringIO(data))
    id = yield db.value(
        """insert into files (set_id, name) values (%(set_id)s, %(name)s) returning id""",
        {
            'set_id': set_id,
            'name': name
        })
    url = 'files/%s/%s.%s' % (klass, id, image.format.lower())
    yield db.query("update files set url = %(url)s where id = %(id)s", {
        'url': '/' + url,
        'id': id
    })
    with open(url, 'w') as f:
        f.write(data)
示例#9
0
    def process(self, method, merge = {}):
        import sessionland
        log.msg("process %s %s %s" % (method, self.request.path, self.args()))
        if self.request.path.endswith('.json'):
            path = self.request.path[:-5]
            render = False
        else: 
            path = self.request.path
            render = True

        self.request.user = yield db.value("""select user_id from tokens where token = %(token)s""", {'token':self['token']})
        data = {'user':{'id':self.request.user}}

        for call in self.api[method]:
            match = call.route.match(path)
            if match: 
                log.msg('calling %s: %s' % (call.route.pattern, call.__name__))
                try:
                    result = yield call(*match.groups())
                    data.update(merge)
                    if result: data.update(result)
                    log.msg('got data:\n%s' % pprint.pformat(data))
                    if render: 
                        if call.last: self.redirect(self.arg('last'), status=303)
                        elif call.redirect: self.redirect(call.redirect, status=303)
                        else:
                            data['last'] = self.request.path
                            data['data'] = dumps(data)
                            log.msg('getting template: %s' % call.template)
                            self.write(sessionland.jinja.get_template(call.template).render(**data))
                    else: 
                        log.msg("return JSON: "+dumps(data))
                        self.write(dumps(data))
                except Stink as e:
                    log.msg('request args: %s, message: %s' % (self.request.arguments, e.message))
                    data = {'message': e.message}
                    if render: 
                        if 'last' in self.request.arguments:
                            self.request.path = self.request.arguments['last'][0]
                            yield self.process('GET', merge=data)
                        else: self.write(e.message)
                    else: 
                        log.msg("return JSON: "+dumps(data))
                        self.write(dumps(data))
                return
示例#10
0
    def login(self):
        username, password = self['username'], self['password']
        salt_hash = yield db.row("""
            select id, salt, hash from users where username = %(username)s""", 
            {'username':username})

        if not salt_hash: raise Stink("no user named %s" % username)
        
        user_id, salt, hash = tuple((salt_hash[key] for key in ('id', 'salt', 'hash')))
        if hashlib.sha256(password + salt).hexdigest() == hash:
            token = os.urandom(16).encode('hex')
            yield db.query("""
                insert into tokens (user_id, token) values (%(user_id)s, %(token)s)""",
                {'user_id':user_id, 'token':token})
            self.set_cookie('token', token)
        else: raise Stink("bad password")
        self.request.user = yield db.value("""select user_id from tokens where token = %(token)s""", {'token':token})
        defer.returnValue({'message' : 'logged in', 'token':token, 'user': {'id': self.request.user}})
示例#11
0
    def register(self):
        log.msg('register args: %s' % self.request.arguments)
        username, password = self['username'], self['password']
        salt = os.urandom(16).encode('hex')
        hash = hashlib.sha256(password + salt).hexdigest()
        user_id = yield db.value("""
            insert into users (username, hash, salt) 
                values (%(username)s, %(hash)s, %(salt)s) returning id""",
                {'username':username, 'hash':hash, 'salt':salt})

        data = yield self.login()

        avatar_handler = avatar.AvatarHandler(self.application, self.request)
        avatar_handler['name'] = 'chill'
        yield avatar_handler.new()
        yield avatar_handler.select()
        data['message'] = 'registered your account'
        defer.returnValue(data)
示例#12
0
 def post_message(self):
     forum, thread, content, avatar = (self['forum'], self['thread'], self['content'], self['avatar'])
     if not self.request.user: raise Stink('must be logged in/token must be valid')
     if not avatar: raise Stink('must specify avatar id')
     if not (forum or thread): raise Stink('must specify forum id or thread')
     if forum and thread: raise Stink('pick one, a forum or a thread to post to')
     if forum:
         page = yield db.value("select page from users where id = %(forum)s", {'forum':forum})
         if not page: raise Stink("can't post a thread to a forum with no page")
         yield db.query("""
             insert into ops (user_id, content, forum_id, avatar_id, dt, page_id)
             values (%(user_id)s, %(content)s, %(forum)s, %(avatar)s, now(), %(page)s)""",
             {'user_id': self.request.user, 'content':content, 'forum': forum, 'avatar': avatar, 'page':page})
     else:     
         yield db.query("""
             insert into posts (user_id, content, thread_id, avatar_id, dt)
             values (%(user_id)s, %(content)s, (select id from ops where content = %(thread)s), %(avatar)s, now())""",
             {'user_id': self.request.user, 'content':content, 'avatar': avatar, 'thread': thread})
     defer.returnValue({'success' : True})
示例#13
0
 def post_message(self):
     forum, thread, content, avatar = (self['forum'], self['thread'],
                                       self['content'], self['avatar'])
     if not self.request.user:
         raise Stink('must be logged in/token must be valid')
     if not avatar: raise Stink('must specify avatar id')
     if not (forum or thread):
         raise Stink('must specify forum id or thread')
     if forum and thread:
         raise Stink('pick one, a forum or a thread to post to')
     if forum:
         page = yield db.value(
             "select page from users where id = %(forum)s",
             {'forum': forum})
         if not page:
             raise Stink("can't post a thread to a forum with no page")
         yield db.query(
             """
             insert into ops (user_id, content, forum_id, avatar_id, dt, page_id)
             values (%(user_id)s, %(content)s, %(forum)s, %(avatar)s, now(), %(page)s)""",
             {
                 'user_id': self.request.user,
                 'content': content,
                 'forum': forum,
                 'avatar': avatar,
                 'page': page
             })
     else:
         yield db.query(
             """
             insert into posts (user_id, content, thread_id, avatar_id, dt)
             values (%(user_id)s, %(content)s, (select id from ops where content = %(thread)s), %(avatar)s, now())""",
             {
                 'user_id': self.request.user,
                 'content': content,
                 'avatar': avatar,
                 'thread': thread
             })
     defer.returnValue({'success': True})
示例#14
0
    def register(self):
        log.msg('register args: %s' % self.request.arguments)
        username, password = self['username'], self['password']
        salt = os.urandom(16).encode('hex')
        hash = hashlib.sha256(password + salt).hexdigest()
        user_id = yield db.value(
            """
            insert into users (username, hash, salt) 
                values (%(username)s, %(hash)s, %(salt)s) returning id""", {
                'username': username,
                'hash': hash,
                'salt': salt
            })

        data = yield self.login()

        avatar_handler = avatar.AvatarHandler(self.application, self.request)
        avatar_handler['name'] = 'chill'
        yield avatar_handler.new()
        yield avatar_handler.select()
        data['message'] = 'registered your account'
        defer.returnValue(data)
示例#15
0
 def new(self):
     self.verify()
     avatar = yield db.value("insert into avatars (user_id) values (%(user_id)s) returning id", 
         {'user_id': self.request.user})
     self['avatar'] = avatar
     yield self.add()
示例#16
0
 def new(self):
     self.verify()
     page = yield db.value("insert into pages (user_id) values (%(user_id)s) returning id", 
         {'user_id': self.request.user})
     self['page'] = page
     yield self.add()