-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathapi.cgi
More file actions
executable file
·217 lines (185 loc) · 5.26 KB
/
Copy pathapi.cgi
File metadata and controls
executable file
·217 lines (185 loc) · 5.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#!/usr/bin/python
from py.Queries import Queries # Interacting w/ database
from py.Gonewild import Gonewild
from json import dumps
from traceback import format_exc # Stack traces
from cgi import FieldStorage # Query keys
from cgitb import enable as cgi_enable; cgi_enable() # for debugging
''' Where the magic happens '''
def main():
keys = get_keys()
# Input sanitization
if not 'method' in keys:
return {'error':'unspecified method'}
if 'start' in keys and not keys['start'].isdigit():
return {'error':'start parameter must be numeric'}
if 'count' in keys and not keys['count'].isdigit():
return {'error':'count parameter must be numeric'}
method = keys['method']
if method == 'get_users': return get_users(keys)
elif method == 'get_user': return get_user(keys)
elif method == 'get_posts': return get_posts(keys)
elif method == 'search': return search(keys)
elif method == 'add_user': return add_user(keys)
elif method == 'get_zip': return get_zip(keys)
elif method == 'get_rip': return get_rip(keys)
elif method == 'search_user': return search_user(keys)
else: return {'error':'unexpected method'}
'''
Get list of users
'''
def get_users(keys):
return Queries.get_users(
sortby = keys.get('sort', ''),
orderby = keys.get('order', ''),
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
'''
Get posts/images for a specific user
'''
def get_user(keys):
if not 'user' in keys:
return {'error' : 'user required for get_user API'}
if keys.get('feed', 'posts') != 'posts':
return Queries.get_user_comments(
keys['user'],
sortby = keys.get('sort', ''),
orderby = keys.get('order', ''),
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
else:
return Queries.get_user_posts(
keys['user'],
sortby = keys.get('sort', ''),
orderby = keys.get('order', ''),
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
'''
Get list of posts
'''
def get_posts(keys):
return Queries.get_posts(
user = keys.get('user', None),
sortby = keys.get('sort', ''),
orderby = keys.get('order', ''),
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
'''
Search for user/post/comment
'''
def search(keys):
if not 'search' in keys:
return {'error':'search parameter required for search method'}
if not 'type' in keys:
# Default search
return Queries.search(
keys['search'],
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
elif keys['type'] == 'post':
return Queries.search_posts(
keys['search'],
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
elif keys['type'] == 'user':
return Queries.search_users(
keys['search'],
start = int(keys.get('start', 0)),
count = int(keys.get('count', 10))
)
'''
Search by user
'''
def search_user(keys):
if not 'user' in keys:
return {'error':'user required'}
from py.DB import DB
db = DB()
cursor = db.conn.cursor()
try:
user = db.select_one('username', 'users', 'UPPER(username) like UPPER(?)', [keys['user']])
if user != None:
return {'users' : [user]}
except:
pass
q = '''
select username
from users
where UPPER(username) like UPPER(?)
limit %d
offset %d
''' % (keys.get('count', 10), keys.get('start', 0))
curexec = cursor.execute(q, ['%%%s%%' % keys['user'] ])
result = []
for (username,) in curexec:
result.append(username)
cursor.close()
return {
'users' : result
}
'''
Add user to list
'''
def add_user(keys):
if not 'user' in keys:
return {'error':'user not entered'}
user = sanitize_user(keys['user'])
if len(user) < 3:
return {'error':'invalid username: "%s" -- too short' % user}
if Queries.user_already_added(user):
return {'error':'user already added'}
gonewild = Gonewild()
if not gonewild.user_has_gone_wild(keys['user']):
return {'error':'user "%s" has not recently gone wild' % user}
gonewild.db.add_user(user, new=True)
return {'error':'added user "%s"' % user}
def get_zip(keys):
user = keys.get('user')
album = keys.get('album', None)
videos = keys.get('include_videos', 'false')
include_videos = videos in ['true', 'True']
return Queries.get_zip(
user,
include_videos = include_videos,
album = album
)
def get_rip(keys):
if not 'user' in keys:
return {'error':'user not entered'}
return Queries.get_rip(keys['user'])
#####################
# HELPER METHODS
def get_cookies(): # Get client cookies
d = {}
if not 'HTTP_COOKIE' in os.environ: return d
cookies = os.environ['HTTP_COOKIE'].split(";")
for cookie in cookies:
cookie = cookie.strip()
(key, value) = cookie.split('=')
d[key] = value
return d
def get_keys(): # Get query keys
form = FieldStorage()
keys = {}
for key in form.keys():
keys[key] = form[key].value
return keys
def sanitize_user(user): # lower() and strip() non-valid characters from user
return ''.join([c if c.lower() in 'abcdefghijklmnopqrstuvwxyz1234567890_-' else '' for c in user])
########################
# ENTRY POINT
if __name__ == '__main__':
print "Content-Type: application/json"
print ""
try:
print dumps(main(), indent=2)
except Exception, e:
# Return stacktrace
print dumps({'error': str(format_exc())})
print "\n\n"