pillar/attract/application/__init__.py

296 lines
8.7 KiB
Python
Raw Normal View History

2015-04-07 12:42:50 -03:00
import os
import json
2015-04-07 12:42:50 -03:00
2015-03-10 11:38:57 +01:00
from eve import Eve
2015-04-07 12:42:50 -03:00
# import random
# import string
2015-03-10 11:38:57 +01:00
from eve.auth import TokenAuth
from eve.auth import BasicAuth
2015-03-10 11:38:57 +01:00
from eve.io.mongo import Validator
from eve.methods.post import post_internal
from bson import ObjectId
2015-03-10 11:38:57 +01:00
from flask import g
from flask import request
from pre_hooks import pre_GET
from pre_hooks import pre_PUT
from pre_hooks import pre_PATCH
from pre_hooks import pre_POST
from pre_hooks import pre_DELETE
from pre_hooks import check_permissions
from pre_hooks import compute_permissions
2015-04-08 11:48:38 -03:00
from datetime import datetime
from datetime import timedelta
RFC1123_DATE_FORMAT = '%a, %d %b %Y %H:%M:%S GMT'
2015-04-07 12:42:50 -03:00
class SystemUtility():
def __new__(cls, *args, **kwargs):
raise TypeError("Base class may not be instantiated")
@staticmethod
def blender_id_endpoint():
"""Gets the endpoint for the authentication API. If the env variable
is defined, it's possible to override the (default) production address.
"""
return os.environ.get(
'BLENDER_ID_ENDPOINT', "https://www.blender.org/id")
def validate(token):
"""Validate a Token against Blender ID server
"""
2015-04-07 12:42:50 -03:00
import requests
payload = dict(
token=token)
try:
r = requests.post("{0}/u/validate_token".format(
SystemUtility.blender_id_endpoint()), data=payload)
except requests.exceptions.ConnectionError as e:
raise e
if r.status_code == 200:
message = r.json()['message']
valid = r.json()['valid']
user = r.json()['user']
2015-04-07 12:42:50 -03:00
else:
message = ""
valid = False
user = None
return dict(valid=valid, message=message, user=user)
2015-04-07 12:42:50 -03:00
def validate_token():
token = request.authorization.username
tokens = app.data.driver.db['tokens']
users = app.data.driver.db['users']
lookup = {'token': token, 'expire_time': {"$gt": datetime.now()}}
dbtoken = tokens.find_one(lookup)
if not dbtoken:
validation = validate(token)
if validation['valid']:
email = validation['user']['email']
dbuser = users.find_one({'email': email})
tmpname = email.split('@')[0]
if not dbuser:
user_data = {
'first_name': tmpname,
'last_name': tmpname,
'email': email,
'role': ['admin'],
}
r = post_internal('users', user_data)
user_id = r[0]["_id"]
else:
user_id = dbuser['_id']
token_data = {
'user': user_id,
'token': token,
'expire_time': datetime.now() + timedelta(hours=1)
}
post_internal('tokens', token_data)
return token_data
else:
return None
else:
token_data = {
'user': dbtoken['user'],
'token': dbtoken['token'],
'expire_time': dbtoken['expire_time']
}
return token_data
class TokensAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
2015-04-08 13:14:35 -03:00
if not token:
return False
validate_token()
# if dbtoken:
# check_permissions(dbtoken['user'])
# return True
# return validation['valid']
return True
2015-04-08 11:48:38 -03:00
"""
users = app.data.driver.db['users']
2015-04-16 15:28:28 +02:00
lookup = {'first_name': token['username']}
if allowed_roles:
lookup['role'] = {'$in': allowed_roles}
user = users.find_one(lookup)
if not user:
return False
2015-04-08 11:48:38 -03:00
return token
"""
class BasicsAuth(BasicAuth):
def check_auth(self, username, password, allowed_roles, resource, method):
2015-04-08 11:48:38 -03:00
# return username == 'admin' and password == 'secret'
return True
class CustomTokenAuth(BasicsAuth):
"""Switch between Basic and Token auth"""
def __init__(self):
self.token_auth = TokensAuth()
self.authorized_protected = BasicsAuth.authorized
def authorized(self, allowed_roles, resource, method):
# if resource == 'tokens':
if False:
2015-04-08 11:48:38 -03:00
return self.authorized_protected(
self, allowed_roles, resource, method)
else:
return self.token_auth.authorized(allowed_roles, resource, method)
def authorized_protected(self):
pass
def convert_properties(properties, node_schema):
for prop in node_schema:
if not prop in properties:
continue
schema_prop = node_schema[prop]
prop_type = schema_prop['type']
if prop_type == 'dict':
properties[prop] = convert_properties(
properties[prop], schema_prop['schema'])
if prop_type == 'list':
2015-04-15 11:51:55 -03:00
if properties[prop] in ['', '[]']:
properties[prop] = []
for k, val in enumerate(properties[prop]):
if not 'schema' in schema_prop:
continue
item_schema = {'item': schema_prop['schema']}
item_prop = {'item': properties[prop][k]}
properties[prop][k] = convert_properties(
item_prop, item_schema)['item']
# Convert datetime string to RFC1123 datetime
elif prop_type == 'datetime':
prop_val = properties[prop]
properties[prop] = datetime.strptime(prop_val, RFC1123_DATE_FORMAT)
elif prop_type == 'objectid':
prop_val = properties[prop]
if prop_val:
properties[prop] = ObjectId(prop_val)
else:
properties[prop] = None
return properties
2015-03-10 11:38:57 +01:00
class ValidateCustomFields(Validator):
2015-03-11 16:03:19 +01:00
def _validate_valid_properties(self, valid_properties, field, value):
node_types = app.data.driver.db['node_types']
2015-03-11 16:03:19 +01:00
lookup = {}
lookup['_id'] = ObjectId(self.document['node_type'])
2015-03-11 16:03:19 +01:00
node_type = node_types.find_one(lookup)
try:
value = convert_properties(value, node_type['dyn_schema'])
2015-04-15 11:51:55 -03:00
except Exception, e:
print ("Error converting: {0}".format(e))
2015-05-28 15:30:26 +02:00
#print (value)
2015-03-11 16:03:19 +01:00
v = Validator(node_type['dyn_schema'])
val = v.validate(value)
2015-03-11 16:03:19 +01:00
if val:
return True
else:
try:
print (val.errors)
except:
pass
self._error(
field, "Error validating properties")
2015-03-11 16:03:19 +01:00
def post_item(entry, data):
2015-05-08 11:28:58 -03:00
return post_internal(entry, data)
2015-03-11 16:03:19 +01:00
app = Eve(validator=ValidateCustomFields, auth=CustomTokenAuth)
def global_validation():
setattr(g, 'token_data', validate_token())
setattr(g, 'validate', validate(g.get('token_data')['token']))
check_permissions(g.get('token_data')['user'], app.data.driver)
def pre_GET_nodes(request, lookup):
# Only get allowed documents
global_validation()
# print ("Get")
# print ("Owner: {0}".format(g.get('owner_permissions')))
# print ("World: {0}".format(g.get('world_permissions')))
return pre_GET(request, lookup, app.data.driver)
def pre_PUT_nodes(request, lookup):
# Only Update allowed documents
global_validation()
# print ("Put")
# print ("Owner: {0}".format(g.get('owner_permissions')))
# print ("World: {0}".format(g.get('world_permissions')))
return pre_PUT(request, lookup, app.data.driver)
def pre_PATCH_nodes(request):
return pre_PATCH(request, app.data.driver)
def pre_POST_nodes(request):
global_validation()
# print ("Post")
# print ("World: {0}".format(g.get('world_permissions')))
# print ("Group: {0}".format(g.get('groups_permissions')))
return pre_POST(request, app.data.driver)
def pre_DELETE_nodes(request, lookup):
# Only Delete allowed documents
global_validation()
# print ("Delete")
# print ("Owner: {0}".format(type_owner_permissions))
# print ("World: {0}".format(type_world_permissions))
# print ("Groups: {0}".format(type_groups_permissions))
return pre_DELETE(request, lookup, app.data.driver)
app.on_pre_GET_nodes += pre_GET_nodes
app.on_pre_POST_nodes += pre_POST_nodes
app.on_pre_PATCH_nodes += pre_PATCH_nodes
app.on_pre_PUT_nodes += pre_PUT_nodes
app.on_pre_DELETE_nodes += pre_DELETE_nodes
def post_GET_user(request, payload):
json_data = json.loads(payload.data)
# Check if we are querying the users endpoint (instead of the single user)
if json_data.get('_id') is None:
return
json_data['computed_permissions'] = \
compute_permissions(json_data['_id'], app.data.driver)
payload.data = json.dumps(json_data)
app.on_post_GET_users += post_GET_user
# The file_server module needs app to be defined
from file_server import file_server
app.register_blueprint(file_server, url_prefix='/file_server')