2014-03-11 16:57:33 +00:00
|
|
|
import logging
|
2014-09-04 18:24:20 +00:00
|
|
|
import datetime
|
2015-12-22 14:05:17 +00:00
|
|
|
import json
|
2016-04-11 18:51:58 +00:00
|
|
|
from enum import Enum
|
2014-03-11 16:57:33 +00:00
|
|
|
|
2015-08-12 15:58:04 +00:00
|
|
|
from app import app, metric_queue
|
2016-04-11 18:51:58 +00:00
|
|
|
from flask import Blueprint, Response, request, make_response, jsonify, session, url_for
|
2014-03-11 16:57:33 +00:00
|
|
|
from flask.ext.restful import Resource, abort, Api, reqparse
|
|
|
|
from flask.ext.restful.utils.cors import crossdomain
|
2014-03-10 22:30:41 +00:00
|
|
|
from calendar import timegm
|
|
|
|
from email.utils import formatdate
|
2014-03-11 03:54:55 +00:00
|
|
|
from functools import partial, wraps
|
|
|
|
from jsonschema import validate, ValidationError
|
|
|
|
|
|
|
|
from data import model
|
|
|
|
from util.names import parse_namespace_repository
|
2014-03-18 23:21:27 +00:00
|
|
|
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
|
|
|
|
AdministerRepositoryPermission, UserReadPermission,
|
|
|
|
UserAdminPermission)
|
2014-03-12 16:37:06 +00:00
|
|
|
from auth import scopes
|
2014-03-18 20:45:18 +00:00
|
|
|
from auth.auth_context import get_authenticated_user, get_validated_oauth_token
|
2014-03-13 00:33:57 +00:00
|
|
|
from auth.auth import process_oauth
|
2014-03-25 18:32:26 +00:00
|
|
|
from endpoints.csrf import csrf_protect
|
2015-06-02 19:56:44 +00:00
|
|
|
from endpoints.decorators import check_anon_protection
|
2015-08-12 15:58:04 +00:00
|
|
|
from util.saas.metricqueue import time_decorator
|
2016-02-09 22:25:33 +00:00
|
|
|
from util.pagination import encrypt_page_token, decrypt_page_token
|
2014-03-10 22:30:41 +00:00
|
|
|
|
2014-03-11 16:57:33 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
api_bp = Blueprint('api', __name__)
|
2014-03-17 19:23:49 +00:00
|
|
|
api = Api()
|
|
|
|
api.init_app(api_bp)
|
2014-03-25 19:37:58 +00:00
|
|
|
api.decorators = [csrf_protect,
|
2014-10-03 19:05:34 +00:00
|
|
|
crossdomain(origin='*', headers=['Authorization', 'Content-Type']),
|
2015-08-12 15:58:04 +00:00
|
|
|
process_oauth, time_decorator(api_bp.name, metric_queue)]
|
2014-03-11 16:57:33 +00:00
|
|
|
|
2014-03-10 22:30:41 +00:00
|
|
|
|
2016-04-11 18:51:58 +00:00
|
|
|
class ApiErrorType(Enum):
|
|
|
|
external_service_timeout = 'external_service_timeout'
|
|
|
|
invalid_request = 'invalid_request'
|
|
|
|
invalid_response = 'invalid_response'
|
|
|
|
invalid_token = 'invalid_token'
|
|
|
|
insufficient_scope = 'insufficient_scope'
|
|
|
|
fresh_login_required = 'fresh_login_required'
|
|
|
|
exceeds_license = 'exceeds_license'
|
|
|
|
not_found = 'not_found'
|
|
|
|
downstream_issue = 'downstream_issue'
|
|
|
|
|
|
|
|
|
|
|
|
ERROR_DESCRIPTION = {
|
|
|
|
ApiErrorType.external_service_timeout.value: "An external service timed out. Retrying the request may resolve the issue.",
|
|
|
|
ApiErrorType.invalid_request.value: "The request was invalid. It may have contained invalid values or was improperly formatted.",
|
|
|
|
ApiErrorType.invalid_response.value: "The response was invalid.",
|
|
|
|
ApiErrorType.invalid_token.value: "The access token provided was invalid. It may have expired.",
|
|
|
|
ApiErrorType.insufficient_scope.value: "The access token did not have sufficient scope to access the requested resource.",
|
|
|
|
ApiErrorType.fresh_login_required.value: "The action requires a fresh login to succeed.",
|
|
|
|
ApiErrorType.exceeds_license.value: "The action was refused because the current license does not allow it.",
|
|
|
|
ApiErrorType.not_found.value: "The resource was not found.",
|
|
|
|
ApiErrorType.downstream_issue.value: "An error occurred in a downstream service.",
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
class ApiException(Exception):
|
2016-04-11 18:51:58 +00:00
|
|
|
"""
|
|
|
|
o "type" (string) - A URI reference that identifies the
|
|
|
|
problem type.
|
|
|
|
|
|
|
|
o "title" (string) - A short, human-readable summary of the problem
|
|
|
|
type. It SHOULD NOT change from occurrence to occurrence of the
|
|
|
|
problem, except for purposes of localization
|
|
|
|
|
|
|
|
o "status" (number) - The HTTP status code
|
|
|
|
|
|
|
|
o "detail" (string) - A human-readable explanation specific to this
|
|
|
|
occurrence of the problem.
|
|
|
|
|
|
|
|
o "instance" (string) - A URI reference that identifies the specific
|
|
|
|
occurrence of the problem. It may or may not yield further
|
|
|
|
information if dereferenced.
|
|
|
|
"""
|
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
def __init__(self, error_type, status_code, error_description, payload=None):
|
|
|
|
Exception.__init__(self)
|
|
|
|
self.error_description = error_description
|
|
|
|
self.status_code = status_code
|
|
|
|
self.payload = payload
|
|
|
|
self.error_type = error_type
|
|
|
|
|
2016-04-11 18:51:58 +00:00
|
|
|
print(self)
|
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
def to_dict(self):
|
|
|
|
rv = dict(self.payload or ())
|
2016-04-11 18:51:58 +00:00
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
if self.error_description is not None:
|
2016-04-11 18:51:58 +00:00
|
|
|
rv['detail'] = self.error_description
|
|
|
|
|
|
|
|
rv['title'] = self.error_type.value
|
|
|
|
rv['type'] = url_for('error', error_type=self.error_type.value, _external=True)
|
|
|
|
rv['status'] = self.status_code
|
2014-03-17 20:57:35 +00:00
|
|
|
|
|
|
|
return rv
|
|
|
|
|
|
|
|
|
2015-10-13 21:26:40 +00:00
|
|
|
class ExternalServiceTimeout(ApiException):
|
|
|
|
def __init__(self, error_description, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.external_service_timeout, 520, error_description, payload)
|
2015-10-13 21:26:40 +00:00
|
|
|
|
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
class InvalidRequest(ApiException):
|
|
|
|
def __init__(self, error_description, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.invalid_request, 400, error_description, payload)
|
2014-03-17 20:57:35 +00:00
|
|
|
|
2015-10-13 21:26:40 +00:00
|
|
|
|
2014-11-25 21:08:01 +00:00
|
|
|
class InvalidResponse(ApiException):
|
|
|
|
def __init__(self, error_description, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.invalid_response, 400, error_description, payload)
|
2014-11-25 21:08:01 +00:00
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
|
|
|
|
class InvalidToken(ApiException):
|
|
|
|
def __init__(self, error_description, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.invalid_token, 401, error_description, payload)
|
2014-03-17 20:57:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
class Unauthorized(ApiException):
|
|
|
|
def __init__(self, payload=None):
|
2014-03-19 17:57:36 +00:00
|
|
|
user = get_authenticated_user()
|
|
|
|
if user is None or user.organization:
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.invalid_token, 401, "Requires authentication", payload)
|
2014-03-19 17:57:36 +00:00
|
|
|
else:
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.insufficient_scope, 403, 'Unauthorized', payload)
|
2014-03-19 17:57:36 +00:00
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
|
2014-09-04 18:24:20 +00:00
|
|
|
class FreshLoginRequired(ApiException):
|
|
|
|
def __init__(self, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.fresh_login_required, 401, "Requires fresh login", payload)
|
2014-09-04 18:24:20 +00:00
|
|
|
|
|
|
|
|
2014-05-28 19:22:36 +00:00
|
|
|
class ExceedsLicenseException(ApiException):
|
|
|
|
def __init__(self, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.exceeds_license, 402, 'Payment Required', payload)
|
2014-05-28 19:22:36 +00:00
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
|
|
|
|
class NotFound(ApiException):
|
|
|
|
def __init__(self, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.not_found, 404, 'Not Found', payload)
|
2014-03-17 20:57:35 +00:00
|
|
|
|
|
|
|
|
2015-10-23 19:20:28 +00:00
|
|
|
class DownstreamIssue(ApiException):
|
|
|
|
def __init__(self, payload=None):
|
2016-04-11 18:51:58 +00:00
|
|
|
ApiException.__init__(self, ApiErrorType.downstream_issue, 520, 'Downstream Issue', payload)
|
2015-10-23 19:20:28 +00:00
|
|
|
|
|
|
|
|
2014-03-17 20:57:35 +00:00
|
|
|
@api_bp.app_errorhandler(ApiException)
|
|
|
|
@crossdomain(origin='*', headers=['Authorization', 'Content-Type'])
|
|
|
|
def handle_api_error(error):
|
2016-04-11 18:51:58 +00:00
|
|
|
print(error)
|
|
|
|
response = Response(json.dumps(error.to_dict()), error.status_code, mimetype='application/problem+json')
|
|
|
|
if error.status_code is 401:
|
2014-03-17 20:57:35 +00:00
|
|
|
response.headers['WWW-Authenticate'] = ('Bearer error="%s" error_description="%s"' %
|
|
|
|
(error.error_type, error.error_description))
|
|
|
|
return response
|
|
|
|
|
2014-03-11 16:57:33 +00:00
|
|
|
def resource(*urls, **kwargs):
|
|
|
|
def wrapper(api_resource):
|
2014-04-03 23:32:09 +00:00
|
|
|
if not api_resource:
|
|
|
|
return None
|
|
|
|
|
2014-03-11 16:57:33 +00:00
|
|
|
api.add_resource(api_resource, *urls, **kwargs)
|
|
|
|
return api_resource
|
|
|
|
return wrapper
|
2014-03-10 22:30:41 +00:00
|
|
|
|
|
|
|
|
2014-04-03 23:32:09 +00:00
|
|
|
def show_if(value):
|
|
|
|
def f(inner):
|
|
|
|
if not value:
|
|
|
|
return None
|
|
|
|
|
|
|
|
return inner
|
|
|
|
return f
|
|
|
|
|
|
|
|
|
|
|
|
def hide_if(value):
|
|
|
|
def f(inner):
|
|
|
|
if value:
|
|
|
|
return None
|
|
|
|
|
|
|
|
return inner
|
|
|
|
return f
|
|
|
|
|
|
|
|
|
2014-03-10 22:30:41 +00:00
|
|
|
def truthy_bool(param):
|
|
|
|
return param not in {False, 'false', 'False', '0', 'FALSE', '', 'null'}
|
|
|
|
|
|
|
|
|
|
|
|
def format_date(date):
|
|
|
|
""" Output an RFC822 date format. """
|
2014-03-25 22:01:50 +00:00
|
|
|
if date is None:
|
|
|
|
return None
|
2014-03-10 22:30:41 +00:00
|
|
|
return formatdate(timegm(date.utctimetuple()))
|
|
|
|
|
|
|
|
|
|
|
|
def add_method_metadata(name, value):
|
|
|
|
def modifier(func):
|
2014-04-06 04:36:19 +00:00
|
|
|
if func is None:
|
|
|
|
return None
|
|
|
|
|
2014-03-10 22:30:41 +00:00
|
|
|
if '__api_metadata' not in dir(func):
|
2014-03-11 03:54:55 +00:00
|
|
|
func.__api_metadata = {}
|
|
|
|
func.__api_metadata[name] = value
|
2014-03-10 22:30:41 +00:00
|
|
|
return func
|
|
|
|
return modifier
|
|
|
|
|
|
|
|
|
|
|
|
def method_metadata(func, name):
|
2014-04-06 04:36:19 +00:00
|
|
|
if func is None:
|
|
|
|
return None
|
|
|
|
|
2014-03-10 22:30:41 +00:00
|
|
|
if '__api_metadata' in dir(func):
|
2014-03-11 03:54:55 +00:00
|
|
|
return func.__api_metadata.get(name, None)
|
2014-03-10 22:30:41 +00:00
|
|
|
return None
|
|
|
|
|
|
|
|
|
2014-04-03 23:32:09 +00:00
|
|
|
|
2014-03-10 22:30:41 +00:00
|
|
|
nickname = partial(add_method_metadata, 'nickname')
|
2014-03-14 21:35:52 +00:00
|
|
|
related_user_resource = partial(add_method_metadata, 'related_user_resource')
|
2014-03-14 22:07:03 +00:00
|
|
|
internal_only = add_method_metadata('internal', True)
|
2014-03-10 22:30:41 +00:00
|
|
|
|
|
|
|
|
2014-08-06 21:47:32 +00:00
|
|
|
def path_param(name, description):
|
|
|
|
def add_param(func):
|
2014-08-19 23:05:28 +00:00
|
|
|
if not func:
|
|
|
|
return func
|
2014-11-25 21:08:01 +00:00
|
|
|
|
2014-08-06 21:47:32 +00:00
|
|
|
if '__api_path_params' not in dir(func):
|
|
|
|
func.__api_path_params = {}
|
|
|
|
func.__api_path_params[name] = {
|
|
|
|
'name': name,
|
|
|
|
'description': description
|
|
|
|
}
|
|
|
|
return func
|
|
|
|
return add_param
|
|
|
|
|
|
|
|
|
2014-03-11 19:20:03 +00:00
|
|
|
def query_param(name, help_str, type=reqparse.text_type, default=None,
|
|
|
|
choices=(), required=False):
|
2014-03-11 16:57:33 +00:00
|
|
|
def add_param(func):
|
|
|
|
if '__api_query_params' not in dir(func):
|
|
|
|
func.__api_query_params = []
|
|
|
|
func.__api_query_params.append({
|
|
|
|
'name': name,
|
|
|
|
'type': type,
|
|
|
|
'help': help_str,
|
|
|
|
'default': default,
|
|
|
|
'choices': choices,
|
|
|
|
'required': required,
|
2014-10-03 19:05:34 +00:00
|
|
|
'location': ('args')
|
2014-03-11 16:57:33 +00:00
|
|
|
})
|
|
|
|
return func
|
|
|
|
return add_param
|
|
|
|
|
2016-01-26 21:27:36 +00:00
|
|
|
def page_support(page_token_kwarg='page_token', parsed_args_kwarg='parsed_args'):
|
|
|
|
def inner(func):
|
|
|
|
""" Adds pagination support to an API endpoint. The decorated API will have an
|
|
|
|
added query parameter named 'next_page'. Works in tandem with the
|
|
|
|
modelutil paginate method.
|
|
|
|
"""
|
|
|
|
@wraps(func)
|
|
|
|
@query_param('next_page', 'The page token for the next page', type=str)
|
|
|
|
def wrapper(self, *args, **kwargs):
|
|
|
|
# Note: if page_token is None, we'll receive the first page of results back.
|
2016-02-09 22:25:33 +00:00
|
|
|
page_token = decrypt_page_token(kwargs[parsed_args_kwarg]['next_page'])
|
2016-01-26 21:27:36 +00:00
|
|
|
kwargs[page_token_kwarg] = page_token
|
2016-02-09 22:25:33 +00:00
|
|
|
|
2016-01-26 21:27:36 +00:00
|
|
|
(result, next_page_token) = func(self, *args, **kwargs)
|
|
|
|
if next_page_token is not None:
|
2016-02-09 22:25:33 +00:00
|
|
|
result['next_page'] = encrypt_page_token(next_page_token)
|
2016-01-26 21:27:36 +00:00
|
|
|
|
|
|
|
return result
|
|
|
|
return wrapper
|
|
|
|
return inner
|
|
|
|
|
|
|
|
def parse_args(kwarg_name='parsed_args'):
|
|
|
|
def inner(func):
|
|
|
|
@wraps(func)
|
|
|
|
def wrapper(self, *args, **kwargs):
|
|
|
|
if '__api_query_params' not in dir(func):
|
|
|
|
abort(500)
|
|
|
|
|
|
|
|
parser = reqparse.RequestParser()
|
|
|
|
for arg_spec in func.__api_query_params:
|
|
|
|
parser.add_argument(**arg_spec)
|
|
|
|
kwargs[kwarg_name] = parser.parse_args()
|
|
|
|
|
|
|
|
return func(self, *args, **kwargs)
|
|
|
|
return wrapper
|
|
|
|
return inner
|
2014-03-11 16:57:33 +00:00
|
|
|
|
2014-03-11 03:54:55 +00:00
|
|
|
def parse_repository_name(func):
|
|
|
|
@wraps(func)
|
|
|
|
def wrapper(repository, *args, **kwargs):
|
2016-01-21 20:40:51 +00:00
|
|
|
(namespace, repository) = parse_namespace_repository(repository, app.config['LIBRARY_NAMESPACE'])
|
2014-03-11 03:54:55 +00:00
|
|
|
return func(namespace, repository, *args, **kwargs)
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2014-03-12 20:31:37 +00:00
|
|
|
class ApiResource(Resource):
|
2015-06-02 19:56:44 +00:00
|
|
|
method_decorators = [check_anon_protection]
|
2015-05-19 21:52:44 +00:00
|
|
|
|
2014-03-12 20:31:37 +00:00
|
|
|
def options(self):
|
|
|
|
return None, 200
|
|
|
|
|
|
|
|
|
|
|
|
class RepositoryParamResource(ApiResource):
|
2015-06-02 19:56:44 +00:00
|
|
|
method_decorators = [check_anon_protection, parse_repository_name]
|
2014-03-11 03:54:55 +00:00
|
|
|
|
|
|
|
|
2014-03-12 16:37:06 +00:00
|
|
|
def require_repo_permission(permission_class, scope, allow_public=False):
|
2014-03-11 03:54:55 +00:00
|
|
|
def wrapper(func):
|
2014-03-12 16:37:06 +00:00
|
|
|
@add_method_metadata('oauth2_scope', scope)
|
2014-03-11 03:54:55 +00:00
|
|
|
@wraps(func)
|
|
|
|
def wrapped(self, namespace, repository, *args, **kwargs):
|
2014-03-13 00:33:57 +00:00
|
|
|
logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace,
|
|
|
|
repository)
|
2014-03-11 03:54:55 +00:00
|
|
|
permission = permission_class(namespace, repository)
|
|
|
|
if (permission.can() or
|
|
|
|
(allow_public and
|
2015-07-15 21:25:41 +00:00
|
|
|
model.repository.repository_is_public(namespace, repository))):
|
2014-03-11 03:54:55 +00:00
|
|
|
return func(self, namespace, repository, *args, **kwargs)
|
2014-03-17 20:57:35 +00:00
|
|
|
raise Unauthorized()
|
2014-03-11 03:54:55 +00:00
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2014-03-12 16:37:06 +00:00
|
|
|
require_repo_read = require_repo_permission(ReadRepositoryPermission, scopes.READ_REPO, True)
|
|
|
|
require_repo_write = require_repo_permission(ModifyRepositoryPermission, scopes.WRITE_REPO)
|
|
|
|
require_repo_admin = require_repo_permission(AdministerRepositoryPermission, scopes.ADMIN_REPO)
|
2014-03-11 03:54:55 +00:00
|
|
|
|
|
|
|
|
2014-03-18 23:21:27 +00:00
|
|
|
def require_user_permission(permission_class, scope=None):
|
|
|
|
def wrapper(func):
|
|
|
|
@add_method_metadata('oauth2_scope', scope)
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(self, *args, **kwargs):
|
|
|
|
user = get_authenticated_user()
|
|
|
|
if not user:
|
2014-03-19 17:57:36 +00:00
|
|
|
raise Unauthorized()
|
2014-03-18 23:21:27 +00:00
|
|
|
|
2014-03-19 22:09:09 +00:00
|
|
|
logger.debug('Checking permission %s for user %s', permission_class, user.username)
|
2014-03-18 23:21:27 +00:00
|
|
|
permission = permission_class(user.username)
|
|
|
|
if permission.can():
|
|
|
|
return func(self, *args, **kwargs)
|
|
|
|
raise Unauthorized()
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2014-03-19 17:57:36 +00:00
|
|
|
require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER)
|
2015-11-18 17:01:40 +00:00
|
|
|
require_user_admin = require_user_permission(UserAdminPermission, scopes.ADMIN_USER)
|
2014-09-04 18:24:20 +00:00
|
|
|
|
2015-01-08 17:53:36 +00:00
|
|
|
|
|
|
|
def verify_not_prod(func):
|
|
|
|
@add_method_metadata('enterprise_only', True)
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(*args, **kwargs):
|
|
|
|
# Verify that we are not running on a production (i.e. hosted) stack. If so, we fail.
|
|
|
|
# This should never happen (because of the feature-flag on SUPER_USERS), but we want to be
|
|
|
|
# absolutely sure.
|
|
|
|
if app.config['SERVER_HOSTNAME'].find('quay.io') >= 0:
|
|
|
|
logger.error('!!! Super user method called IN PRODUCTION !!!')
|
|
|
|
raise NotFound()
|
|
|
|
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
|
|
|
|
return wrapped
|
|
|
|
|
|
|
|
|
2014-09-04 18:24:20 +00:00
|
|
|
def require_fresh_login(func):
|
|
|
|
@add_method_metadata('requires_fresh_login', True)
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(*args, **kwargs):
|
|
|
|
user = get_authenticated_user()
|
|
|
|
if not user:
|
|
|
|
raise Unauthorized()
|
|
|
|
|
2015-06-28 08:22:34 +00:00
|
|
|
oauth_token = get_validated_oauth_token()
|
|
|
|
if oauth_token:
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
|
2014-09-04 18:24:20 +00:00
|
|
|
logger.debug('Checking fresh login for user %s', user.username)
|
|
|
|
|
2014-09-04 23:15:06 +00:00
|
|
|
last_login = session.get('login_time', datetime.datetime.min)
|
2014-09-04 18:24:20 +00:00
|
|
|
valid_span = datetime.datetime.now() - datetime.timedelta(minutes=10)
|
|
|
|
|
2014-09-04 23:47:12 +00:00
|
|
|
if not user.password_hash or last_login >= valid_span:
|
2014-09-04 18:24:20 +00:00
|
|
|
return func(*args, **kwargs)
|
2014-11-25 21:08:01 +00:00
|
|
|
|
2014-09-04 18:24:20 +00:00
|
|
|
raise FreshLoginRequired()
|
|
|
|
return wrapped
|
2014-03-18 23:21:27 +00:00
|
|
|
|
|
|
|
|
2014-03-13 00:33:57 +00:00
|
|
|
def require_scope(scope_object):
|
|
|
|
def wrapper(func):
|
2014-03-19 22:09:09 +00:00
|
|
|
@add_method_metadata('oauth2_scope', scope_object)
|
2014-03-13 00:33:57 +00:00
|
|
|
@wraps(func)
|
|
|
|
def wrapped(*args, **kwargs):
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2014-03-11 03:54:55 +00:00
|
|
|
def validate_json_request(schema_name):
|
|
|
|
def wrapper(func):
|
|
|
|
@add_method_metadata('request_schema', schema_name)
|
|
|
|
@wraps(func)
|
2014-03-13 00:33:57 +00:00
|
|
|
def wrapped(self, *args, **kwargs):
|
2014-03-11 03:54:55 +00:00
|
|
|
schema = self.schemas[schema_name]
|
|
|
|
try:
|
2015-02-18 20:57:05 +00:00
|
|
|
json_data = request.get_json()
|
|
|
|
if json_data is None:
|
|
|
|
raise InvalidRequest('Missing JSON body')
|
|
|
|
|
|
|
|
validate(json_data, schema)
|
2014-03-13 00:33:57 +00:00
|
|
|
return func(self, *args, **kwargs)
|
2014-03-11 03:54:55 +00:00
|
|
|
except ValidationError as ex:
|
2014-03-18 18:22:14 +00:00
|
|
|
raise InvalidRequest(ex.message)
|
2014-03-11 03:54:55 +00:00
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2014-03-13 00:33:57 +00:00
|
|
|
def request_error(exception=None, **kwargs):
|
|
|
|
data = kwargs.copy()
|
2014-03-18 19:58:37 +00:00
|
|
|
message = 'Request error.'
|
|
|
|
if exception:
|
|
|
|
message = exception.message
|
2016-04-11 18:51:58 +00:00
|
|
|
if 'message' in data.keys():
|
|
|
|
message = data.pop('message')
|
2014-03-18 19:58:37 +00:00
|
|
|
raise InvalidRequest(message, data)
|
2014-03-13 00:33:57 +00:00
|
|
|
|
|
|
|
|
2014-05-28 19:22:36 +00:00
|
|
|
def license_error(exception=None):
|
|
|
|
raise ExceedsLicenseException()
|
|
|
|
|
|
|
|
|
2014-03-18 20:45:18 +00:00
|
|
|
def log_action(kind, user_or_orgname, metadata=None, repo=None):
|
|
|
|
if not metadata:
|
|
|
|
metadata = {}
|
|
|
|
|
|
|
|
oauth_token = get_validated_oauth_token()
|
|
|
|
if oauth_token:
|
|
|
|
metadata['oauth_token_id'] = oauth_token.id
|
|
|
|
metadata['oauth_token_application_id'] = oauth_token.application.client_id
|
|
|
|
metadata['oauth_token_application'] = oauth_token.application.name
|
|
|
|
|
2014-03-13 00:33:57 +00:00
|
|
|
performer = get_authenticated_user()
|
2015-07-15 21:25:41 +00:00
|
|
|
model.log.log_action(kind, user_or_orgname, performer=performer, ip=request.remote_addr,
|
|
|
|
metadata=metadata, repository=repo)
|
2014-03-11 03:54:55 +00:00
|
|
|
|
|
|
|
|
2014-10-02 19:08:32 +00:00
|
|
|
def define_json_response(schema_name):
|
|
|
|
def wrapper(func):
|
|
|
|
@add_method_metadata('response_schema', schema_name)
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(self, *args, **kwargs):
|
|
|
|
schema = self.schemas[schema_name]
|
|
|
|
resp = func(self, *args, **kwargs)
|
|
|
|
|
|
|
|
if app.config['TESTING']:
|
|
|
|
try:
|
|
|
|
validate(resp, schema)
|
|
|
|
except ValidationError as ex:
|
|
|
|
raise InvalidResponse(ex.message)
|
|
|
|
|
|
|
|
return resp
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
2014-03-14 19:35:20 +00:00
|
|
|
import endpoints.api.billing
|
2014-03-13 20:31:37 +00:00
|
|
|
import endpoints.api.build
|
2014-03-14 17:24:01 +00:00
|
|
|
import endpoints.api.discovery
|
2016-04-11 18:51:58 +00:00
|
|
|
import endpoints.api.error
|
2014-03-14 17:06:58 +00:00
|
|
|
import endpoints.api.image
|
2014-03-14 20:02:13 +00:00
|
|
|
import endpoints.api.logs
|
2014-03-14 20:11:31 +00:00
|
|
|
import endpoints.api.organization
|
2014-03-14 17:24:01 +00:00
|
|
|
import endpoints.api.permission
|
2014-03-14 18:51:18 +00:00
|
|
|
import endpoints.api.prototype
|
2014-03-14 17:24:01 +00:00
|
|
|
import endpoints.api.repository
|
2014-07-16 20:30:47 +00:00
|
|
|
import endpoints.api.repositorynotification
|
2014-07-28 18:58:12 +00:00
|
|
|
import endpoints.api.repoemail
|
2014-03-14 17:24:01 +00:00
|
|
|
import endpoints.api.repotoken
|
2014-03-14 20:02:13 +00:00
|
|
|
import endpoints.api.robot
|
2014-03-14 17:24:01 +00:00
|
|
|
import endpoints.api.search
|
2015-01-04 19:38:41 +00:00
|
|
|
import endpoints.api.suconfig
|
2014-04-10 04:26:55 +00:00
|
|
|
import endpoints.api.superuser
|
2014-03-14 17:06:58 +00:00
|
|
|
import endpoints.api.tag
|
2014-03-14 18:20:51 +00:00
|
|
|
import endpoints.api.team
|
2014-03-14 17:24:01 +00:00
|
|
|
import endpoints.api.trigger
|
|
|
|
import endpoints.api.user
|
2015-10-26 19:13:58 +00:00
|
|
|
import endpoints.api.secscan
|
2015-01-04 19:38:41 +00:00
|
|
|
|