diff options
author | Renard | 2020-07-16 13:18:19 -0400 |
---|---|---|
committer | Renard | 2020-07-16 13:18:19 -0400 |
commit | 4140287ce8ebd268c9889d2b0269a4812641b803 (patch) | |
tree | ff435956d22e45fbce3b251383ee8232d27c05ac | |
parent | 76b399732704a904ba4dbabd0d924334d88e1452 (diff) | |
download | weabot-4140287ce8ebd268c9889d2b0269a4812641b803.tar.gz weabot-4140287ce8ebd268c9889d2b0269a4812641b803.tar.xz weabot-4140287ce8ebd268c9889d2b0269a4812641b803.zip |
Mod API
-rw-r--r-- | cgi/modapi.py | 138 | ||||
-rwxr-xr-x | cgi/weabot.py | 10 |
2 files changed, 147 insertions, 1 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py new file mode 100644 index 0000000..d80a689 --- /dev/null +++ b/cgi/modapi.py @@ -0,0 +1,138 @@ +# coding=utf-8 +import json +import _mysql +import time + +from framework import * +from database import * +from post import * + + +def api(self, path_split): + validated = False + + manage_cookie = getCookie(self, 'weabot_manage') + if manage_cookie: + staff_account = validateSession(manage_cookie) + if not staff_account: + self.output = api_error("error", "Session expired") + deleteCookie(self, 'weabot_manage') + + if staff_account: + validated = True + if 'session_id' in staff_account: + renewSession(staff_account['session_id']) + + UpdateDb('UPDATE `staff` SET `lastactive` = ' + str(timestamp() + ) + ' WHERE `id` = ' + staff_account['id'] + ' LIMIT 1') + + if len(path_split) > 2: + try: + if validated: + self.output = api_process(self, path_split) + else: + self.output = api_error("error", "No has iniciado sesiĆ³n ") + except APIError, e: + self.output = api_error("error", e.message) + except UserError, e: + self.output = api_error("failed", e.message) + except Exception, e: + import sys + import traceback + exc_type, exc_value, exc_traceback = sys.exc_info() + detail = ["%s : %s : %s : %s" % (os.path.basename( + o[0]), o[1], o[2], o[3]) for o in traceback.extract_tb(exc_traceback)] + + self.output = api_error("exception", str(e), str(type(e)), detail) + else: + self.output = api_error("error", "No method specified") + + +def api_process(self, path_split): + formdata = self.formdata + ip = self.environ["REMOTE_ADDR"] + t = time.time() + method = path_split[2] + values = {'state': 'success'} + + if method == 'news': + news = FetchAll( + "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC") + values['news'] = news + else: + raise APIError, "Invalid method" + + values['time'] = int(t) + return json.dumps(values, sort_keys=True, separators=(',', ':')) + + +def api_error(errtype, msg, type=None, detail=None): + values = {'state': errtype, 'message': msg} + + if type: + values['type'] = type + if detail: + values['detail'] = detail + + return json.dumps(values) + + +def newSession(staff_id): + import uuid + session_uuid = uuid.uuid4().hex + + param_session_id = _mysql.escape_string(session_uuid) + param_expires = timestamp() + Settings.SESSION_TIME + param_staff_id = int(staff_id) + + InsertDb("INSERT INTO `session` (`session_id`, `expires`, `staff_id`) VALUES (UNHEX('%s'), %d, %d)" % + (param_session_id, param_expires, param_staff_id)) + + return session_uuid + + +def validateSession(session_id): + cleanSessions() + + param_session_id = _mysql.escape_string(session_id) + param_now = timestamp() + session = FetchOne( + "SELECT HEX(session_id) as session_id, id, username, rights, added FROM `session` " + "INNER JOIN `staff` ON `session`.`staff_id` = `staff`.`id` " + "WHERE `session_id` = UNHEX('%s')" % + (param_session_id)) + + if session: + return session + + return None + + +def renewSession(session_id): + param_session_id = _mysql.escape_string(session_id) + param_expires = timestamp() + Settings.SESSION_TIME + + UpdateDb("UPDATE `session` SET expires = %d WHERE session_id = UNHEX('%s')" % + (param_expires, param_session_id)) + + +def deleteSession(session_id): + param_session_id = _mysql.escape_string(session_id) + + UpdateDb("DELETE FROM `session` WHERE session_id = UNHEX('%s')" % + param_session_id) + + +def cleanSessions(): + param_now = timestamp() + + UpdateDb("DELETE FROM `session` WHERE expires <= %d" % param_now) + + +def logAction(staff, action): + InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (" + str(timestamp()) + + ", '" + _mysql.escape_string(staff) + "\', \'" + _mysql.escape_string(action) + "\')") + + +class APIError(Exception): + pass diff --git a/cgi/weabot.py b/cgi/weabot.py index 0f59654..ec88cac 100755 --- a/cgi/weabot.py +++ b/cgi/weabot.py @@ -324,7 +324,8 @@ class weabot(object): elif path_split[1] == "banned": OpenDb() packed_ip = self.environ["REMOTE_ADDR"] - bans = FetchAll("SELECT * FROM `bans` WHERE `ip` = INET6_ATON('"+str(packed_ip)+"')") + bans = FetchAll( + "SELECT * FROM `bans` WHERE `ip` = INET6_ATON('"+str(packed_ip)+"')") if bans: for ban in bans: if ban["boards"] != "": @@ -377,6 +378,13 @@ class weabot(object): except Exception, messagez: self.output = "Error: " + \ str(messagez) + " : " + str(self.formdata) + elif path_split[1] == "mod": + import modapi + caught = True + self.headers = [("Content-Type", "application/json"), ("Access-Control-Allow-Origin", "*"), ("Access-Control-Allow-Methods", + "PUT, GET, POST, DELETE, OPTIONS"), ("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With")] + OpenDb() + modapi.api(self, path_split) if not caught: # Redirect the user back to the front page self.output += '<html xmlns="http://www.w3.org/1999/xhtml"><body><meta http-equiv="refresh" content="0;url=%s" /><p>--> --> --></p></body></html>' % Settings.HOME_URL |