1 # -*- coding: utf-8 -*-
4 # Util functions previously in `httpserver`
7 __author__
= "Alfonso Tierno, Gerardo Garcia"
14 from jsonschema
import exceptions
as js_e
15 from jsonschema
import validate
as js_v
17 from . import errors
as httperrors
19 logger
= logging
.getLogger('openmano.http')
22 def remove_clear_passwd(data
):
24 Removes clear passwords from the data received
25 :param data: data with clear password
26 :return: data without the password information
29 passw
= ['password: ', 'passwd: ']
32 init
= data
.find(pattern
)
34 end
= data
.find('\n', init
)
35 data
= data
[:init
] + '{}******'.format(pattern
) + data
[end
:]
37 init
= data
.find(pattern
, init
)
41 def change_keys_http2db(data
, http_db
, reverse
=False):
42 '''Change keys of dictionary data acording to the key_dict values
43 This allow change from http interface names to database names.
44 When reverse is True, the change is otherwise
46 data: can be a dictionary or a list
47 http_db: is a dictionary with hhtp names as keys and database names as value
48 reverse: by default change is done from http api to database.
49 If True change is done otherwise.
50 Return: None, but data is modified'''
51 if type(data
) is tuple or type(data
) is list:
53 change_keys_http2db(d
, http_db
, reverse
)
54 elif type(data
) is dict or type(data
) is bottle
.FormsDict
:
56 for k
,v
in http_db
.items():
57 if v
in data
: data
[k
]=data
.pop(v
)
59 for k
,v
in http_db
.items():
60 if k
in data
: data
[v
]=data
.pop(k
)
64 '''Return string of dictionary data according to requested json, yaml, xml.
67 logger
.debug("OUT: " + yaml
.safe_dump(data
, explicit_start
=True, indent
=4, default_flow_style
=False, tags
=False, encoding
='utf-8', allow_unicode
=True) )
68 accept
= bottle
.request
.headers
.get('Accept')
69 if accept
and 'application/yaml' in accept
:
70 bottle
.response
.content_type
='application/yaml'
71 return yaml
.safe_dump(
72 data
, explicit_start
=True, indent
=4, default_flow_style
=False,
73 tags
=False, encoding
='utf-8', allow_unicode
=True) #, canonical=True, default_style='"'
74 else: #by default json
75 bottle
.response
.content_type
='application/json'
76 #return data #json no style
77 return json
.dumps(data
, indent
=4) + "\n"
80 def format_in(default_schema
, version_fields
=None, version_dict_schema
=None, confidential_data
=False):
82 Parse the content of HTTP request against a json_schema
84 :param default_schema: The schema to be parsed by default
85 if no version field is found in the client data.
86 In None no validation is done
87 :param version_fields: If provided it contains a tuple or list with the
88 fields to iterate across the client data to obtain the version
89 :param version_dict_schema: It contains a dictionary with the version as key,
90 and json schema to apply as value.
91 It can contain a None as key, and this is apply
92 if the client data version does not match any key
93 :return: user_data, used_schema: if the data is successfully decoded and
96 Launch a bottle abort if fails
98 #print "HEADERS :" + str(bottle.request.headers.items())
100 error_text
= "Invalid header format "
101 format_type
= bottle
.request
.headers
.get('Content-Type', 'application/json')
102 if 'application/json' in format_type
:
103 error_text
= "Invalid json format "
104 #Use the json decoder instead of bottle decoder because it informs about the location of error formats with a ValueError exception
105 client_data
= json
.load(bottle
.request
.body
)
106 #client_data = bottle.request.json()
107 elif 'application/yaml' in format_type
:
108 error_text
= "Invalid yaml format "
109 client_data
= yaml
.load(bottle
.request
.body
)
110 elif 'application/xml' in format_type
:
111 bottle
.abort(501, "Content-Type: application/xml not supported yet.")
113 logger
.warning('Content-Type ' + str(format_type
) + ' not supported.')
114 bottle
.abort(httperrors
.Not_Acceptable
, 'Content-Type ' + str(format_type
) + ' not supported.')
116 # if client_data == None:
117 # bottle.abort(httperrors.Bad_Request, "Content error, empty")
119 if confidential_data
:
120 logger
.debug('IN: %s', remove_clear_passwd (yaml
.safe_dump(client_data
, explicit_start
=True, indent
=4, default_flow_style
=False,
121 tags
=False, encoding
='utf-8', allow_unicode
=True)))
123 logger
.debug('IN: %s', yaml
.safe_dump(client_data
, explicit_start
=True, indent
=4, default_flow_style
=False,
124 tags
=False, encoding
='utf-8', allow_unicode
=True) )
125 # look for the client provider version
126 error_text
= "Invalid content "
127 if not default_schema
and not version_fields
:
128 return client_data
, None
129 client_version
= None
131 if version_fields
!= None:
132 client_version
= client_data
133 for field
in version_fields
:
134 if field
in client_version
:
135 client_version
= client_version
[field
]
139 if client_version
== None:
140 used_schema
= default_schema
141 elif version_dict_schema
!= None:
142 if client_version
in version_dict_schema
:
143 used_schema
= version_dict_schema
[client_version
]
144 elif None in version_dict_schema
:
145 used_schema
= version_dict_schema
[None]
146 if used_schema
==None:
147 bottle
.abort(httperrors
.Bad_Request
, "Invalid schema version or missing version field")
149 js_v(client_data
, used_schema
)
150 return client_data
, used_schema
151 except (TypeError, ValueError, yaml
.YAMLError
) as exc
:
152 error_text
+= str(exc
)
153 logger
.error(error_text
, exc_info
=True)
154 bottle
.abort(httperrors
.Bad_Request
, error_text
)
155 except js_e
.ValidationError
as exc
:
157 "validate_in error, jsonschema exception", exc_info
=True)
159 if len(exc
.path
)>0: error_pos
=" at " + ":".join(map(json
.dumps
, exc
.path
))
160 bottle
.abort(httperrors
.Bad_Request
, error_text
+ exc
.message
+ error_pos
)
162 # bottle.abort(httperrors.Bad_Request, "Content error: Failed to parse Content-Type", error_pos)
165 def filter_query_string(qs
, http2db
, allowed
):
166 '''Process query string (qs) checking that contains only valid tokens for avoiding SQL injection
168 'qs': bottle.FormsDict variable to be processed. None or empty is considered valid
169 'http2db': dictionary with change from http API naming (dictionary key) to database naming(dictionary value)
170 'allowed': list of allowed string tokens (API http naming). All the keys of 'qs' must be one of 'allowed'
171 Return: A tuple with the (select,where,limit) to be use in a database query. All of then transformed to the database naming
172 select: list of items to retrieve, filtered by query string 'field=token'. If no 'field' is present, allowed list is returned
173 where: dictionary with key, value, taken from the query string token=value. Empty if nothing is provided
174 limit: limit dictated by user with the query string 'limit'. 100 by default
175 abort if not permited, using bottel.abort
180 #if type(qs) is not bottle.FormsDict:
181 # bottle.abort(httperrors.Internal_Server_Error, '!!!!!!!!!!!!!!invalid query string not a dictionary')
182 # #bottle.abort(httperrors.Internal_Server_Error, "call programmer")
185 select
+= qs
.getall(k
)
188 bottle
.abort(httperrors
.Bad_Request
, "Invalid query string at 'field="+v
+"'")
193 bottle
.abort(httperrors
.Bad_Request
, "Invalid query string at 'limit="+qs
[k
]+"'")
196 bottle
.abort(httperrors
.Bad_Request
, "Invalid query string at '"+k
+"="+qs
[k
]+"'")
197 if qs
[k
]!="null": where
[k
]=qs
[k
]
199 if len(select
)==0: select
+= allowed
200 #change from http api to database naming
201 for i
in range(0,len(select
)):
203 if http2db
and k
in http2db
:
204 select
[i
] = http2db
[k
]
206 change_keys_http2db(where
, http2db
)
207 #print "filter_query_string", select,where,limit
209 return select
,where
,limit