libervia-web: src/server/server.py comparison

comparison src/server/server.py @ 679:a90cc8fc9605

merged branch frontends_multi_profiles

author	Goffi <goffi@goffi.org>
date	Wed, 18 Mar 2015 16:15:18 +0100
parents	3eb3a2c0c011 a8fddccf5b84
children	e6bb64bd6b4d

comparison

equal deleted inserted replaced

-:1bffc4c244c3
+:a90cc8fc9605
 from sat.core.log import getLogger
 log = getLogger(__name__)
 from sat_frontends.bridge.DBus import DBusBridgeFrontend, BridgeExceptionNoService, const_TIMEOUT as BRIDGE_TIMEOUT
 from sat.core.i18n import _, D_
+from sat.core import exceptions
 from sat.tools.xml_tools import paramsXML2XMLUI
 import re
 import glob
 import os.path
 parsed = jsonrpclib.loads(request.content.read())
 fault = jsonrpclib.Fault(C.ERRNUM_LIBERVIA, C.NOT_ALLOWED)  # FIXME: define some standard error codes for libervia
 return jsonrpc.JSONRPC._cbRender(self, fault, request, parsed.get('id'), parsed.get('jsonrpc'))  # pylint: disable=E1103
 return jsonrpc.JSONRPC.render(self, request)
-def jsonrpc_getProfileJid(self):
-"""Return the jid of the profile"""
-sat_session = ISATSession(self.session)
-profile = sat_session.profile
-sat_session.jid = JID(self.sat_host.bridge.getParamA("JabberID", "Connection", profile_key=profile))
-return sat_session.jid.full()
 def jsonrpc_disconnect(self):
 """Disconnect the profile"""
 sat_session = ISATSession(self.session)
 profile = sat_session.profile
 self.sat_host.bridge.disconnect(profile)
 def jsonrpc_updateContact(self, entity, name, groups):
 """Update contact's roster item"""
 profile = ISATSession(self.session).profile
 self.sat_host.bridge.updateContact(entity, name, groups, profile)
-def jsonrpc_subscription(self, sub_type, entity, name, groups):
+def jsonrpc_subscription(self, sub_type, entity):
 """Confirm (or infirm) subscription,
 and setup user roster in case of subscription"""
 profile = ISATSession(self.session).profile
 self.sat_host.bridge.subscription(sub_type, entity, profile)
-if sub_type == 'subscribed':
-self.sat_host.bridge.updateContact(entity, name, groups, profile)
 def jsonrpc_getWaitingSub(self):
 """Return list of room already joined by user"""
 profile = ISATSession(self.session).profile
 return self.sat_host.bridge.getWaitingSub(profile)
+def jsonrpc_getWaitingConf(self):
+"""Return list of waiting confirmations"""
+profile = ISATSession(self.session).profile
+return self.sat_host.bridge.getWaitingConf(profile)
 def jsonrpc_setStatus(self, presence, status):
 """Change the presence and/or status
 @param presence: value from ("", "chat", "away", "dnd", "xa")
 @param status: any string to describe your status
 profile = ISATSession(self.session).profile
 return self.asyncBridgeCall("sendMessage", to_jid, msg, subject, type_, options, profile)
 def jsonrpc_sendMblog(self, type_, dest, text, extra={}):
 """ Send microblog message
-@param type_: one of "PUBLIC", "GROUP"
+@param type_ (unicode): one of "PUBLIC", "GROUP"
-@param dest: destinees (list of groups, ignored for "PUBLIC")
+@param dest (tuple(unicode)): recipient groups (ignored for "PUBLIC")
-@param text: microblog's text
+@param text (unicode): microblog's text
 """
 profile = ISATSession(self.session).profile
 extra['allow_comments'] = 'True'
 if not type_:  # auto-detect
 if type_ in ("PUBLIC", "GROUP") and text:
 if type_ == "PUBLIC":
 #This text if for the public microblog
 log.debug("sending public blog")
-return self.sat_host.bridge.sendGroupBlog("PUBLIC", [], text, extra, profile)
+return self.sat_host.bridge.sendGroupBlog("PUBLIC", (), text, extra, profile)
 else:
 log.debug("sending group blog")
 dest = dest if isinstance(dest, list) else [dest]
 return self.sat_host.bridge.sendGroupBlog("GROUP", dest, text, extra, profile)
 else:
 @return list of couple (microblog data, list of microblog data)"""
 profile = ISATSession(self.session).profile
 d = self.asyncBridgeCall("getGroupBlogsWithComments", publisher_jid, item_ids, {}, max_comments, profile)
 return d
-def jsonrpc_getMassiveMblogs(self, publishers_type, publishers_list, rsm=None):
+def jsonrpc_getMassiveMblogs(self, publishers_type, publishers, rsm=None):
 """Get lasts microblogs posted by several contacts at once
-@param publishers_type: one of "ALL", "GROUP", "JID"
-@param publishers_list: list of publishers type (empty list of all, list of groups or list of jids)
+@param publishers_type (unicode): one of "ALL", "GROUP", "JID"
-@param max_item: number of items to ask
+@param publishers (tuple(unicode)): tuple of publishers (empty list for all, list of groups or list of jids)
-@return: dictionary key=publisher's jid, value=list of microblog data (dict)"""
+@param rsm (dict): TODO
+@return: dict{unicode: list[dict])
+key: publisher's jid
+value: list of microblog data (dict)
+"""
 profile = ISATSession(self.session).profile
 if rsm is None:
 rsm = {'max': unicode(C.RSM_MAX_ITEMS)}
-d = self.asyncBridgeCall("getMassiveGroupBlogs", publishers_type, publishers_list, rsm, profile)
+d = self.asyncBridgeCall("getMassiveGroupBlogs", publishers_type, publishers, rsm, profile)
-self.sat_host.bridge.massiveSubscribeGroupBlogs(publishers_type, publishers_list, profile)
+self.sat_host.bridge.massiveSubscribeGroupBlogs(publishers_type, publishers, profile)
 return d
 def jsonrpc_getMblogComments(self, service, node, rsm=None):
 """Get all comments of given node
 @param service: jid of the service hosting the node
 """Return history for the from_jid/to_jid couple"""
 sat_session = ISATSession(self.session)
 profile = sat_session.profile
 sat_jid = sat_session.jid
 if not sat_jid:
-log.error("No jid saved for this profile")
+# we keep a session cache for jid to avoir jid spoofing
-return {}
+sat_jid = sat_session.jid = JID(self.sat_host.bridge.getParamA("JabberID", "Connection", profile_key=profile))
 if JID(from_jid).userhost() != sat_jid.userhost() and JID(to_jid).userhost() != sat_jid.userhost():
-log.error("Trying to get history from a different jid, maybe a hack attempt ?")
+log.error("Trying to get history from a different jid (given (browser): {}, real (backend): {}), maybe a hack attempt ?".format(from_jid, sat_jid))
 return {}
 d = self.asyncBridgeCall("getHistory", from_jid, to_jid, size, between, search, profile)
 def show(result_dbus):
 result = []
 def jsonrpc_joinMUC(self, room_jid, nick):
 """Join a Multi-User Chat room
 @room_jid: leave empty string to generate a unique name
 """
 profile = ISATSession(self.session).profile
-try:
-if room_jid != "":
-room_jid = JID(room_jid).userhost()
-except:
-log.warning('Invalid room jid')
-return
 d = self.asyncBridgeCall("joinMUC", room_jid, nick, {}, profile)
 return d
 def jsonrpc_inviteMUC(self, contact_jid, room_jid):
 """Invite a user to a Multi-User Chat room"""
 def jsonrpc_getRoomsJoined(self):
 """Return list of room already joined by user"""
 profile = ISATSession(self.session).profile
 return self.sat_host.bridge.getRoomsJoined(profile)
+def jsonrpc_getRoomsSubjects(self):
+"""Return list of room subjects"""
+profile = ISATSession(self.session).profile
+return self.sat_host.bridge.getRoomsSubjects(profile)
 def jsonrpc_launchTarotGame(self, other_players, room_jid=""):
 """Create a room, invite the other players and start a Tarot game
 @param room_jid: leave empty string to generate a unique room name
 """
 profile = ISATSession(self.session).profile
 except:
 log.warning('Invalid room jid')
 return
 self.sat_host.bridge.radiocolLaunch(invited, room_jid, profile)
+def jsonrpc_getEntitiesData(self, jids, keys):
+"""Get cached data for several entities at once
+@param jids: list jids from who we wants data, or empty list for all jids in cache
+@param keys: name of data we want (list)
+@return: requested data"""
+if not C.ALLOWED_ENTITY_DATA.issuperset(keys):
+raise exceptions.PermissionError("Trying to access unallowed data (hack attempt ?)")
+profile = ISATSession(self.session).profile
+try:
+return self.sat_host.bridge.getEntitiesData(jids, keys, profile)
+except Exception as e:
+raise Failure(jsonrpclib.Fault(C.ERRNUM_BRIDGE_ERRBACK, unicode(e)))
 def jsonrpc_getEntityData(self, jid, keys):
-"""Get cached data for an entit
+"""Get cached data for an entity
 @param jid: jid of contact from who we want data
 @param keys: name of data we want (list)
 @return: requested data"""
-profile = ISATSession(self.session).profile
+if not C.ALLOWED_ENTITY_DATA.issuperset(keys):
-return self.sat_host.bridge.getEntityData(jid, keys, profile)
+raise exceptions.PermissionError("Trying to access unallowed data (hack attempt ?)")
+profile = ISATSession(self.session).profile
-def jsonrpc_getCard(self, jid):
+try:
+return self.sat_host.bridge.getEntityData(jid, keys, profile)
+except Exception as e:
+raise Failure(jsonrpclib.Fault(C.ERRNUM_BRIDGE_ERRBACK, unicode(e)))
+def jsonrpc_getCard(self, jid_):
 """Get VCard for entiry
-@param jid: jid of contact from who we want data
+@param jid_: jid of contact from who we want data
 @return: id to retrieve the profile"""
 profile = ISATSession(self.session).profile
-return self.sat_host.bridge.getCard(jid, profile)
+return self.sat_host.bridge.getCard(jid_, profile)
 def jsonrpc_getAccountDialogUI(self):
 """Get the dialog for managing user account
 @return: XML string of the XMLUI"""
 profile = ISATSession(self.session).profile
 if sat_session.profile:
 log.error(('/!\\ Session has already a profile, this should NEVER happen!'))
 request.write(C.SESSION_ACTIVE)
 request.finish()
 return
+# we manage profile server side to avoid profile spoofing
 sat_session.profile = profile
 self.sat_host.prof_connected.add(profile)
 def onExpire():
 log.info("Session expired (profile=%s)" % (profile,))
 def putChild(path, resource):
 """Add a child to the root resource"""
 root.putChild(path, EncodingResourceWrapper(resource, [server.GzipEncoderFactory()]))
-putChild('', Redirect('libervia.html'))
+putChild('', Redirect(C.LIBERVIA_MAIN_PAGE))
+putChild('test', Redirect('libervia_test.html'))
 putChild('json_signal_api', self.signal_handler)
 putChild('json_api', MethodHandler(self))
 putChild('register_api', _register)
 putChild('upload_radiocol', _upload_radiocol)
 putChild('upload_avatar', _upload_avatar)

Mercurial > libervia-web

comparison src/server/server.py @ 679:a90cc8fc9605