# coding=utf-8
import json
import _mysql
import time
from framework import *
from database import *
from post import *
def api(self, path_split):
validated = False
manage_cookie = getCookie(self, 'weabot_manage')
if manage_cookie:
staff_account = validateSession(manage_cookie)
if not staff_account:
self.output = api_error("error", "Session expired")
deleteCookie(self, 'weabot_manage')
if staff_account:
validated = True
if 'session_id' in staff_account:
renewSession(staff_account['session_id'])
UpdateDb('UPDATE `staff` SET `lastactive` = ' + str(timestamp()
) + ' WHERE `id` = ' + staff_account['id'] + ' LIMIT 1')
if len(path_split) > 2:
try:
if validated:
self.output = api_process(self, path_split)
else:
self.output = api_error("error", "No has iniciado sesión ")
except APIError, e:
self.output = api_error("error", e.message)
except UserError, e:
self.output = api_error("failed", e.message)
except Exception, e:
import sys
import traceback
exc_type, exc_value, exc_traceback = sys.exc_info()
detail = ["%s : %s : %s : %s" % (os.path.basename(
o[0]), o[1], o[2], o[3]) for o in traceback.extract_tb(exc_traceback)]
self.output = api_error("exception", str(e), str(type(e)), detail)
else:
self.output = api_error("error", "No method specified")
def api_process(self, path_split):
formdata = self.formdata
ip = self.environ["REMOTE_ADDR"]
t = time.time()
method = path_split[2]
values = {'state': 'success'}
if method == 'news':
news = FetchAll(
"SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC")
values['news'] = news
else:
raise APIError, "Invalid method"
values['time'] = int(t)
return json.dumps(values, sort_keys=True, separators=(',', ':'))
def api_error(errtype, msg, type=None, detail=None):
values = {'state': errtype, 'message': msg}
if type:
values['type'] = type
if detail:
values['detail'] = detail
return json.dumps(values)
def newSession(staff_id):
import uuid
session_uuid = uuid.uuid4().hex
param_session_id = _mysql.escape_string(session_uuid)
param_expires = timestamp() + Settings.SESSION_TIME
param_staff_id = int(staff_id)
InsertDb("INSERT INTO `session` (`session_id`, `expires`, `staff_id`) VALUES (UNHEX('%s'), %d, %d)" %
(param_session_id, param_expires, param_staff_id))
return session_uuid
def validateSession(session_id):
cleanSessions()
param_session_id = _mysql.escape_string(session_id)
param_now = timestamp()
session = FetchOne(
"SELECT HEX(session_id) as session_id, id, username, rights, added FROM `session` "
"INNER JOIN `staff` ON `session`.`staff_id` = `staff`.`id` "
"WHERE `session_id` = UNHEX('%s')" %
(param_session_id))
if session:
return session
return None
def renewSession(session_id):
param_session_id = _mysql.escape_string(session_id)
param_expires = timestamp() + Settings.SESSION_TIME
UpdateDb("UPDATE `session` SET expires = %d WHERE session_id = UNHEX('%s')" %
(param_expires, param_session_id))
def deleteSession(session_id):
param_session_id = _mysql.escape_string(session_id)
UpdateDb("DELETE FROM `session` WHERE session_id = UNHEX('%s')" %
param_session_id)
def cleanSessions():
param_now = timestamp()
UpdateDb("DELETE FROM `session` WHERE expires <= %d" % param_now)
def logAction(staff, action):
InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (" + str(timestamp()) +
", '" + _mysql.escape_string(staff) + "\', \'" + _mysql.escape_string(action) + "\')")
class APIError(Exception):
pass