def new(self):
self.verify()
page = yield db.value(
"insert into pages (user_id) values (%(user_id)s) returning id",
{'user_id': self.request.user})
self['page'] = page
yield self.add()
def new(self):
self.verify()
avatar = yield db.value(
"insert into avatars (user_id) values (%(user_id)s) returning id",
{'user_id': self.request.user})
self['avatar'] = avatar
yield self.add()
def login(self):
username, password = self['username'], self['password']
salt_hash = yield db.row(
"""
select id, salt, hash from users where username = %(username)s""",
{'username': username})
if not salt_hash: raise Stink("no user named %s" % username)
user_id, salt, hash = tuple(
(salt_hash[key] for key in ('id', 'salt', 'hash')))
if hashlib.sha256(password + salt).hexdigest() == hash:
token = os.urandom(16).encode('hex')
yield db.query(
"""
insert into tokens (user_id, token) values (%(user_id)s, %(token)s)""",
{
'user_id': user_id,
'token': token
})
self.set_cookie('token', token)
else:
raise Stink("bad password")
self.request.user = yield db.value(
"""select user_id from tokens where token = %(token)s""",
{'token': token})
defer.returnValue({
'message': 'logged in',
'token': token,
'user': {
'id': self.request.user
}
})
def save(data, klass, set_id, name=None):
image = Image.open(StringIO.StringIO(data))
id = yield db.value("""insert into files (set_id, name) values (%(set_id)s, %(name)s) returning id""",
{'set_id' : set_id, 'name': name})
url = 'files/%s/%s.%s' % (klass, id, image.format.lower())
yield db.query("update files set url = %(url)s where id = %(id)s",
{'url': '/'+url, 'id':id})
with open(url, 'w') as f: f.write(data)
def is_owner(self):
user_id = yield db.value("""
select users.id from users, avatars
where avatars.user_id = users.id
and avatars.id = %(avatar)s""",
{'avatar': self['avatar']})
if not user_id: raise Stink("no avatar set %s" % self['avatar'])
if user_id != self.request.user: raise Stink("you don't own avatar %s" % self['avatar'])
defer.returnValue(True)
def is_owner(self):
user_id = yield db.value(
"""
select users.id from users, avatars
where avatars.user_id = users.id
and avatars.id = %(avatar)s""", {'avatar': self['avatar']})
if not user_id: raise Stink("no avatar set %s" % self['avatar'])
if user_id != self.request.user:
raise Stink("you don't own avatar %s" % self['avatar'])
defer.returnValue(True)
def process(self, method, merge={}):
import sessionland
log.msg("process %s %s %s" % (method, self.request.path, self.args()))
if self.request.path.endswith('.json'):
path = self.request.path[:-5]
render = False
else:
path = self.request.path
render = True
self.request.user = yield db.value(
"""select user_id from tokens where token = %(token)s""",
{'token': self['token']})
data = {'user': {'id': self.request.user}}
for call in self.api[method]:
match = call.route.match(path)
if match:
log.msg('calling %s: %s' % (call.route.pattern, call.__name__))
try:
result = yield call(*match.groups())
data.update(merge)
if result: data.update(result)
log.msg('got data:\n%s' % pprint.pformat(data))
if render:
if call.last:
self.redirect(self.arg('last'), status=303)
elif call.redirect:
self.redirect(call.redirect, status=303)
else:
data['last'] = self.request.path
data['data'] = dumps(data)
log.msg('getting template: %s' % call.template)
self.write(
sessionland.jinja.get_template(
call.template).render(**data))
else:
log.msg("return JSON: " + dumps(data))
self.write(dumps(data))
except Stink as e:
log.msg('request args: %s, message: %s' %
(self.request.arguments, e.message))
data = {'message': e.message}
if render:
if 'last' in self.request.arguments:
self.request.path = self.request.arguments['last'][
0]
yield self.process('GET', merge=data)
else:
self.write(e.message)
else:
log.msg("return JSON: " + dumps(data))
self.write(dumps(data))
return
def save(data, klass, set_id, name=None):
image = Image.open(StringIO.StringIO(data))
id = yield db.value(
"""insert into files (set_id, name) values (%(set_id)s, %(name)s) returning id""",
{
'set_id': set_id,
'name': name
})
url = 'files/%s/%s.%s' % (klass, id, image.format.lower())
yield db.query("update files set url = %(url)s where id = %(id)s", {
'url': '/' + url,
'id': id
})
with open(url, 'w') as f:
f.write(data)
def process(self, method, merge = {}):
import sessionland
log.msg("process %s %s %s" % (method, self.request.path, self.args()))
if self.request.path.endswith('.json'):
path = self.request.path[:-5]
render = False
else:
path = self.request.path
render = True
self.request.user = yield db.value("""select user_id from tokens where token = %(token)s""", {'token':self['token']})
data = {'user':{'id':self.request.user}}
for call in self.api[method]:
match = call.route.match(path)
if match:
log.msg('calling %s: %s' % (call.route.pattern, call.__name__))
try:
result = yield call(*match.groups())
data.update(merge)
if result: data.update(result)
log.msg('got data:\n%s' % pprint.pformat(data))
if render:
if call.last: self.redirect(self.arg('last'), status=303)
elif call.redirect: self.redirect(call.redirect, status=303)
else:
data['last'] = self.request.path
data['data'] = dumps(data)
log.msg('getting template: %s' % call.template)
self.write(sessionland.jinja.get_template(call.template).render(**data))
else:
log.msg("return JSON: "+dumps(data))
self.write(dumps(data))
except Stink as e:
log.msg('request args: %s, message: %s' % (self.request.arguments, e.message))
data = {'message': e.message}
if render:
if 'last' in self.request.arguments:
self.request.path = self.request.arguments['last'][0]
yield self.process('GET', merge=data)
else: self.write(e.message)
else:
log.msg("return JSON: "+dumps(data))
self.write(dumps(data))
return
def login(self):
username, password = self['username'], self['password']
salt_hash = yield db.row("""
select id, salt, hash from users where username = %(username)s""",
{'username':username})
if not salt_hash: raise Stink("no user named %s" % username)
user_id, salt, hash = tuple((salt_hash[key] for key in ('id', 'salt', 'hash')))
if hashlib.sha256(password + salt).hexdigest() == hash:
token = os.urandom(16).encode('hex')
yield db.query("""
insert into tokens (user_id, token) values (%(user_id)s, %(token)s)""",
{'user_id':user_id, 'token':token})
self.set_cookie('token', token)
else: raise Stink("bad password")
self.request.user = yield db.value("""select user_id from tokens where token = %(token)s""", {'token':token})
defer.returnValue({'message' : 'logged in', 'token':token, 'user': {'id': self.request.user}})
def register(self):
log.msg('register args: %s' % self.request.arguments)
username, password = self['username'], self['password']
salt = os.urandom(16).encode('hex')
hash = hashlib.sha256(password + salt).hexdigest()
user_id = yield db.value("""
insert into users (username, hash, salt)
values (%(username)s, %(hash)s, %(salt)s) returning id""",
{'username':username, 'hash':hash, 'salt':salt})
data = yield self.login()
avatar_handler = avatar.AvatarHandler(self.application, self.request)
avatar_handler['name'] = 'chill'
yield avatar_handler.new()
yield avatar_handler.select()
data['message'] = 'registered your account'
defer.returnValue(data)
def post_message(self):
forum, thread, content, avatar = (self['forum'], self['thread'], self['content'], self['avatar'])
if not self.request.user: raise Stink('must be logged in/token must be valid')
if not avatar: raise Stink('must specify avatar id')
if not (forum or thread): raise Stink('must specify forum id or thread')
if forum and thread: raise Stink('pick one, a forum or a thread to post to')
if forum:
page = yield db.value("select page from users where id = %(forum)s", {'forum':forum})
if not page: raise Stink("can't post a thread to a forum with no page")
yield db.query("""
insert into ops (user_id, content, forum_id, avatar_id, dt, page_id)
values (%(user_id)s, %(content)s, %(forum)s, %(avatar)s, now(), %(page)s)""",
{'user_id': self.request.user, 'content':content, 'forum': forum, 'avatar': avatar, 'page':page})
else:
yield db.query("""
insert into posts (user_id, content, thread_id, avatar_id, dt)
values (%(user_id)s, %(content)s, (select id from ops where content = %(thread)s), %(avatar)s, now())""",
{'user_id': self.request.user, 'content':content, 'avatar': avatar, 'thread': thread})
defer.returnValue({'success' : True})
def post_message(self):
forum, thread, content, avatar = (self['forum'], self['thread'],
self['content'], self['avatar'])
if not self.request.user:
raise Stink('must be logged in/token must be valid')
if not avatar: raise Stink('must specify avatar id')
if not (forum or thread):
raise Stink('must specify forum id or thread')
if forum and thread:
raise Stink('pick one, a forum or a thread to post to')
if forum:
page = yield db.value(
"select page from users where id = %(forum)s",
{'forum': forum})
if not page:
raise Stink("can't post a thread to a forum with no page")
yield db.query(
"""
insert into ops (user_id, content, forum_id, avatar_id, dt, page_id)
values (%(user_id)s, %(content)s, %(forum)s, %(avatar)s, now(), %(page)s)""",
{
'user_id': self.request.user,
'content': content,
'forum': forum,
'avatar': avatar,
'page': page
})
else:
yield db.query(
"""
insert into posts (user_id, content, thread_id, avatar_id, dt)
values (%(user_id)s, %(content)s, (select id from ops where content = %(thread)s), %(avatar)s, now())""",
{
'user_id': self.request.user,
'content': content,
'avatar': avatar,
'thread': thread
})
defer.returnValue({'success': True})
def register(self):
log.msg('register args: %s' % self.request.arguments)
username, password = self['username'], self['password']
salt = os.urandom(16).encode('hex')
hash = hashlib.sha256(password + salt).hexdigest()
user_id = yield db.value(
"""
insert into users (username, hash, salt)
values (%(username)s, %(hash)s, %(salt)s) returning id""", {
'username': username,
'hash': hash,
'salt': salt
})
data = yield self.login()
avatar_handler = avatar.AvatarHandler(self.application, self.request)
avatar_handler['name'] = 'chill'
yield avatar_handler.new()
yield avatar_handler.select()
data['message'] = 'registered your account'
defer.returnValue(data)
def new(self):
self.verify()
avatar = yield db.value("insert into avatars (user_id) values (%(user_id)s) returning id",
{'user_id': self.request.user})
self['avatar'] = avatar
yield self.add()
def new(self):
self.verify()
page = yield db.value("insert into pages (user_id) values (%(user_id)s) returning id",
{'user_id': self.request.user})
self['page'] = page
yield self.add()