aboutsummaryrefslogblamecommitdiff
path: root/cgi/modapi.py
blob: c76cb8bd66dcf184e1d1afbc1afb1d40087f62a7 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12











                          
                        
















































                                                                                                                    

                             
                                                                                                                                                                                          
                                   


                                                                         



                                                                              





                                           












































































                                                                                                         
# coding=utf-8
import json
import _mysql
import time

from framework import *
from database import *
from post import *


def api(self, path_split):
    validated = False
    staff_account = None

    manage_cookie = getCookie(self, 'weabot_manage')
    if manage_cookie:
        staff_account = validateSession(manage_cookie)
        if not staff_account:
            self.output = api_error("error", "Session expired")
            deleteCookie(self, 'weabot_manage')

    if staff_account:
        validated = True
        if 'session_id' in staff_account:
            renewSession(staff_account['session_id'])

        UpdateDb('UPDATE `staff` SET `lastactive` = ' + str(timestamp()
                                                            ) + ' WHERE `id` = ' + staff_account['id'] + ' LIMIT 1')

    if len(path_split) > 2:
        try:
            if validated:
                self.output = api_process(self, path_split)
            else:
                self.output = api_error("error", "No has iniciado sesión ")
        except APIError, e:
            self.output = api_error("error", e.message)
        except UserError, e:
            self.output = api_error("failed", e.message)
        except Exception, e:
            import sys
            import traceback
            exc_type, exc_value, exc_traceback = sys.exc_info()
            detail = ["%s : %s : %s : %s" % (os.path.basename(
                o[0]), o[1], o[2], o[3]) for o in traceback.extract_tb(exc_traceback)]

            self.output = api_error("exception", str(e), str(type(e)), detail)
    else:
        self.output = api_error("error", "No method specified")


def api_process(self, path_split):
    formdata = self.formdata
    ip = self.environ["REMOTE_ADDR"]
    t = time.time()
    method = path_split[2]
    values = {'state': 'success'}

    if method == 'news':
        news = FetchAll(
            "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC")
        values['news'] = news
    elif method == 'reports':
        reports = FetchAll(
            "SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC")
        values['reports'] = reports
    elif method == 'logs':
        logs = FetchAll("SELECT * FROM `logs` ORDER BY `timestamp` DESC")
        values['logs'] = logs
    elif method == 'staffPosts':
        posts = FetchAll(
            "SELECT * FROM `news` WHERE type = '0' ORDER BY `timestamp` DESC")
        values['posts'] = posts
    elif method == 'login':
        # testing
        username = formdata.get('username')
        password = formdata.get('password')
        values['username'] = username
        values['password'] = password
    else:
        raise APIError, "Invalid method"

    values['time'] = int(t)
    return json.dumps(values, sort_keys=True, separators=(',', ':'))


def api_error(errtype, msg, type=None, detail=None):
    values = {'state': errtype, 'message': msg}

    if type:
        values['type'] = type
    if detail:
        values['detail'] = detail

    return json.dumps(values)


def newSession(staff_id):
    import uuid
    session_uuid = uuid.uuid4().hex

    param_session_id = _mysql.escape_string(session_uuid)
    param_expires = timestamp() + Settings.SESSION_TIME
    param_staff_id = int(staff_id)

    InsertDb("INSERT INTO `session` (`session_id`, `expires`, `staff_id`) VALUES (UNHEX('%s'), %d, %d)" %
             (param_session_id, param_expires, param_staff_id))

    return session_uuid


def validateSession(session_id):
    cleanSessions()

    param_session_id = _mysql.escape_string(session_id)
    param_now = timestamp()
    session = FetchOne(
        "SELECT HEX(session_id) as session_id, id, username, rights, added FROM `session` "
        "INNER JOIN `staff` ON `session`.`staff_id` = `staff`.`id` "
        "WHERE `session_id` = UNHEX('%s')" %
        (param_session_id))

    if session:
        return session

    return None


def renewSession(session_id):
    param_session_id = _mysql.escape_string(session_id)
    param_expires = timestamp() + Settings.SESSION_TIME

    UpdateDb("UPDATE `session` SET expires = %d WHERE session_id = UNHEX('%s')" %
             (param_expires, param_session_id))


def deleteSession(session_id):
    param_session_id = _mysql.escape_string(session_id)

    UpdateDb("DELETE FROM `session` WHERE session_id = UNHEX('%s')" %
             param_session_id)


def cleanSessions():
    param_now = timestamp()

    UpdateDb("DELETE FROM `session` WHERE expires <= %d" % param_now)


def logAction(staff, action):
    InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (" + str(timestamp()) +
             ", '" + _mysql.escape_string(staff) + "\', \'" + _mysql.escape_string(action) + "\')")


class APIError(Exception):
    pass