aboutsummaryrefslogtreecommitdiff
path: root/cgi
diff options
context:
space:
mode:
authorLibravatar Renard 2020-07-16 13:18:19 -0400
committerLibravatar Renard 2020-07-16 13:18:19 -0400
commit4140287ce8ebd268c9889d2b0269a4812641b803 (patch)
treeff435956d22e45fbce3b251383ee8232d27c05ac /cgi
parent76b399732704a904ba4dbabd0d924334d88e1452 (diff)
downloadweabot-4140287ce8ebd268c9889d2b0269a4812641b803.tar.gz
weabot-4140287ce8ebd268c9889d2b0269a4812641b803.tar.xz
weabot-4140287ce8ebd268c9889d2b0269a4812641b803.zip
Mod API
Diffstat (limited to 'cgi')
-rw-r--r--cgi/modapi.py138
-rwxr-xr-xcgi/weabot.py10
2 files changed, 147 insertions, 1 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py
new file mode 100644
index 0000000..d80a689
--- /dev/null
+++ b/cgi/modapi.py
@@ -0,0 +1,138 @@
+# coding=utf-8
+import json
+import _mysql
+import time
+
+from framework import *
+from database import *
+from post import *
+
+
+def api(self, path_split):
+ validated = False
+
+ manage_cookie = getCookie(self, 'weabot_manage')
+ if manage_cookie:
+ staff_account = validateSession(manage_cookie)
+ if not staff_account:
+ self.output = api_error("error", "Session expired")
+ deleteCookie(self, 'weabot_manage')
+
+ if staff_account:
+ validated = True
+ if 'session_id' in staff_account:
+ renewSession(staff_account['session_id'])
+
+ UpdateDb('UPDATE `staff` SET `lastactive` = ' + str(timestamp()
+ ) + ' WHERE `id` = ' + staff_account['id'] + ' LIMIT 1')
+
+ if len(path_split) > 2:
+ try:
+ if validated:
+ self.output = api_process(self, path_split)
+ else:
+ self.output = api_error("error", "No has iniciado sesiĆ³n ")
+ except APIError, e:
+ self.output = api_error("error", e.message)
+ except UserError, e:
+ self.output = api_error("failed", e.message)
+ except Exception, e:
+ import sys
+ import traceback
+ exc_type, exc_value, exc_traceback = sys.exc_info()
+ detail = ["%s : %s : %s : %s" % (os.path.basename(
+ o[0]), o[1], o[2], o[3]) for o in traceback.extract_tb(exc_traceback)]
+
+ self.output = api_error("exception", str(e), str(type(e)), detail)
+ else:
+ self.output = api_error("error", "No method specified")
+
+
+def api_process(self, path_split):
+ formdata = self.formdata
+ ip = self.environ["REMOTE_ADDR"]
+ t = time.time()
+ method = path_split[2]
+ values = {'state': 'success'}
+
+ if method == 'news':
+ news = FetchAll(
+ "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC")
+ values['news'] = news
+ else:
+ raise APIError, "Invalid method"
+
+ values['time'] = int(t)
+ return json.dumps(values, sort_keys=True, separators=(',', ':'))
+
+
+def api_error(errtype, msg, type=None, detail=None):
+ values = {'state': errtype, 'message': msg}
+
+ if type:
+ values['type'] = type
+ if detail:
+ values['detail'] = detail
+
+ return json.dumps(values)
+
+
+def newSession(staff_id):
+ import uuid
+ session_uuid = uuid.uuid4().hex
+
+ param_session_id = _mysql.escape_string(session_uuid)
+ param_expires = timestamp() + Settings.SESSION_TIME
+ param_staff_id = int(staff_id)
+
+ InsertDb("INSERT INTO `session` (`session_id`, `expires`, `staff_id`) VALUES (UNHEX('%s'), %d, %d)" %
+ (param_session_id, param_expires, param_staff_id))
+
+ return session_uuid
+
+
+def validateSession(session_id):
+ cleanSessions()
+
+ param_session_id = _mysql.escape_string(session_id)
+ param_now = timestamp()
+ session = FetchOne(
+ "SELECT HEX(session_id) as session_id, id, username, rights, added FROM `session` "
+ "INNER JOIN `staff` ON `session`.`staff_id` = `staff`.`id` "
+ "WHERE `session_id` = UNHEX('%s')" %
+ (param_session_id))
+
+ if session:
+ return session
+
+ return None
+
+
+def renewSession(session_id):
+ param_session_id = _mysql.escape_string(session_id)
+ param_expires = timestamp() + Settings.SESSION_TIME
+
+ UpdateDb("UPDATE `session` SET expires = %d WHERE session_id = UNHEX('%s')" %
+ (param_expires, param_session_id))
+
+
+def deleteSession(session_id):
+ param_session_id = _mysql.escape_string(session_id)
+
+ UpdateDb("DELETE FROM `session` WHERE session_id = UNHEX('%s')" %
+ param_session_id)
+
+
+def cleanSessions():
+ param_now = timestamp()
+
+ UpdateDb("DELETE FROM `session` WHERE expires <= %d" % param_now)
+
+
+def logAction(staff, action):
+ InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (" + str(timestamp()) +
+ ", '" + _mysql.escape_string(staff) + "\', \'" + _mysql.escape_string(action) + "\')")
+
+
+class APIError(Exception):
+ pass
diff --git a/cgi/weabot.py b/cgi/weabot.py
index 0f59654..ec88cac 100755
--- a/cgi/weabot.py
+++ b/cgi/weabot.py
@@ -324,7 +324,8 @@ class weabot(object):
elif path_split[1] == "banned":
OpenDb()
packed_ip = self.environ["REMOTE_ADDR"]
- bans = FetchAll("SELECT * FROM `bans` WHERE `ip` = INET6_ATON('"+str(packed_ip)+"')")
+ bans = FetchAll(
+ "SELECT * FROM `bans` WHERE `ip` = INET6_ATON('"+str(packed_ip)+"')")
if bans:
for ban in bans:
if ban["boards"] != "":
@@ -377,6 +378,13 @@ class weabot(object):
except Exception, messagez:
self.output = "Error: " + \
str(messagez) + " : " + str(self.formdata)
+ elif path_split[1] == "mod":
+ import modapi
+ caught = True
+ self.headers = [("Content-Type", "application/json"), ("Access-Control-Allow-Origin", "*"), ("Access-Control-Allow-Methods",
+ "PUT, GET, POST, DELETE, OPTIONS"), ("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With")]
+ OpenDb()
+ modapi.api(self, path_split)
if not caught:
# Redirect the user back to the front page
self.output += '<html xmlns="http://www.w3.org/1999/xhtml"><body><meta http-equiv="refresh" content="0;url=%s" /><p>--&gt; --&gt; --&gt;</p></body></html>' % Settings.HOME_URL