diff options
Diffstat (limited to 'cgi/modapi.py')
| -rw-r--r-- | cgi/modapi.py | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py new file mode 100644 index 0000000..d80a689 --- /dev/null +++ b/cgi/modapi.py @@ -0,0 +1,138 @@ +# coding=utf-8 +import json +import _mysql +import time + +from framework import * +from database import * +from post import * + + +def api(self, path_split): + validated = False + + manage_cookie = getCookie(self, 'weabot_manage') + if manage_cookie: + staff_account = validateSession(manage_cookie) + if not staff_account: + self.output = api_error("error", "Session expired") + deleteCookie(self, 'weabot_manage') + + if staff_account: + validated = True + if 'session_id' in staff_account: + renewSession(staff_account['session_id']) + + UpdateDb('UPDATE `staff` SET `lastactive` = ' + str(timestamp() + ) + ' WHERE `id` = ' + staff_account['id'] + ' LIMIT 1') + + if len(path_split) > 2: + try: + if validated: + self.output = api_process(self, path_split) + else: + self.output = api_error("error", "No has iniciado sesiĆ³n ") + except APIError, e: + self.output = api_error("error", e.message) + except UserError, e: + self.output = api_error("failed", e.message) + except Exception, e: + import sys + import traceback + exc_type, exc_value, exc_traceback = sys.exc_info() + detail = ["%s : %s : %s : %s" % (os.path.basename( + o[0]), o[1], o[2], o[3]) for o in traceback.extract_tb(exc_traceback)] + + self.output = api_error("exception", str(e), str(type(e)), detail) + else: + self.output = api_error("error", "No method specified") + + +def api_process(self, path_split): + formdata = self.formdata + ip = self.environ["REMOTE_ADDR"] + t = time.time() + method = path_split[2] + values = {'state': 'success'} + + if method == 'news': + news = FetchAll( + "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC") + values['news'] = news + else: + raise APIError, "Invalid method" + + values['time'] = int(t) + return json.dumps(values, sort_keys=True, separators=(',', ':')) + + +def api_error(errtype, msg, type=None, detail=None): + values = {'state': errtype, 'message': msg} + + if type: + values['type'] = type + if detail: + values['detail'] = detail + + return json.dumps(values) + + +def newSession(staff_id): + import uuid + session_uuid = uuid.uuid4().hex + + param_session_id = _mysql.escape_string(session_uuid) + param_expires = timestamp() + Settings.SESSION_TIME + param_staff_id = int(staff_id) + + InsertDb("INSERT INTO `session` (`session_id`, `expires`, `staff_id`) VALUES (UNHEX('%s'), %d, %d)" % + (param_session_id, param_expires, param_staff_id)) + + return session_uuid + + +def validateSession(session_id): + cleanSessions() + + param_session_id = _mysql.escape_string(session_id) + param_now = timestamp() + session = FetchOne( + "SELECT HEX(session_id) as session_id, id, username, rights, added FROM `session` " + "INNER JOIN `staff` ON `session`.`staff_id` = `staff`.`id` " + "WHERE `session_id` = UNHEX('%s')" % + (param_session_id)) + + if session: + return session + + return None + + +def renewSession(session_id): + param_session_id = _mysql.escape_string(session_id) + param_expires = timestamp() + Settings.SESSION_TIME + + UpdateDb("UPDATE `session` SET expires = %d WHERE session_id = UNHEX('%s')" % + (param_expires, param_session_id)) + + +def deleteSession(session_id): + param_session_id = _mysql.escape_string(session_id) + + UpdateDb("DELETE FROM `session` WHERE session_id = UNHEX('%s')" % + param_session_id) + + +def cleanSessions(): + param_now = timestamp() + + UpdateDb("DELETE FROM `session` WHERE expires <= %d" % param_now) + + +def logAction(staff, action): + InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (" + str(timestamp()) + + ", '" + _mysql.escape_string(staff) + "\', \'" + _mysql.escape_string(action) + "\')") + + +class APIError(Exception): + pass |