# coding=utf-8 import json import _mysql import time from framework import * from database import * from post import * def api(self, path_split): validated = False staff_account = None manage_cookie = getCookie(self, 'weabot_manage') if manage_cookie: staff_account = validateSession(manage_cookie) if not staff_account: self.output = api_error("error", "Session expired") deleteCookie(self, 'weabot_manage') if staff_account: validated = True if 'session_id' in staff_account: renewSession(staff_account['session_id']) UpdateDb('UPDATE `staff` SET `lastactive` = ' + str(timestamp() ) + ' WHERE `id` = ' + staff_account['id'] + ' LIMIT 1') if len(path_split) > 2: try: if validated: self.output = api_process(self, path_split) else: self.output = api_error("error", "No has iniciado sesiĆ³n ") except APIError, e: self.output = api_error("error", e.message) except UserError, e: self.output = api_error("failed", e.message) except Exception, e: import sys import traceback exc_type, exc_value, exc_traceback = sys.exc_info() detail = ["%s : %s : %s : %s" % (os.path.basename( o[0]), o[1], o[2], o[3]) for o in traceback.extract_tb(exc_traceback)] self.output = api_error("exception", str(e), str(type(e)), detail) else: self.output = api_error("error", "No method specified") def api_process(self, path_split): formdata = self.formdata ip = self.environ["REMOTE_ADDR"] t = time.time() method = path_split[2] values = {'state': 'success'} if method == 'news': news = FetchAll( "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC") values['news'] = news elif method == 'login': # testing username = formdata.get('username') password = formdata.get('password') values['username'] = username values['password'] = password else: raise APIError, "Invalid method" values['time'] = int(t) return json.dumps(values, sort_keys=True, separators=(',', ':')) def api_error(errtype, msg, type=None, detail=None): values = {'state': errtype, 'message': msg} if type: values['type'] = type if detail: values['detail'] = detail return json.dumps(values) def newSession(staff_id): import uuid session_uuid = uuid.uuid4().hex param_session_id = _mysql.escape_string(session_uuid) param_expires = timestamp() + Settings.SESSION_TIME param_staff_id = int(staff_id) InsertDb("INSERT INTO `session` (`session_id`, `expires`, `staff_id`) VALUES (UNHEX('%s'), %d, %d)" % (param_session_id, param_expires, param_staff_id)) return session_uuid def validateSession(session_id): cleanSessions() param_session_id = _mysql.escape_string(session_id) param_now = timestamp() session = FetchOne( "SELECT HEX(session_id) as session_id, id, username, rights, added FROM `session` " "INNER JOIN `staff` ON `session`.`staff_id` = `staff`.`id` " "WHERE `session_id` = UNHEX('%s')" % (param_session_id)) if session: return session return None def renewSession(session_id): param_session_id = _mysql.escape_string(session_id) param_expires = timestamp() + Settings.SESSION_TIME UpdateDb("UPDATE `session` SET expires = %d WHERE session_id = UNHEX('%s')" % (param_expires, param_session_id)) def deleteSession(session_id): param_session_id = _mysql.escape_string(session_id) UpdateDb("DELETE FROM `session` WHERE session_id = UNHEX('%s')" % param_session_id) def cleanSessions(): param_now = timestamp() UpdateDb("DELETE FROM `session` WHERE expires <= %d" % param_now) def logAction(staff, action): InsertDb("INSERT INTO `logs` (`timestamp`, `staff`, `action`) VALUES (" + str(timestamp()) + ", '" + _mysql.escape_string(staff) + "\', \'" + _mysql.escape_string(action) + "\')") class APIError(Exception): pass