Commit b3b22ab8 authored by Vladislav Rykov's avatar Vladislav Rykov
Browse files

access protection added

parent 4b2748f1
...@@ -88,188 +88,215 @@ def logout(): ...@@ -88,188 +88,215 @@ def logout():
@server.route('/new-app') @server.route('/new-app')
def new_application(): def new_application():
return render_template('new-app.html') if 'name' in session:
return render_template('new-app.html')
else:
return redirect(url_for('index'))
@server.route('/app', methods=['GET', 'POST']) @server.route('/app', methods=['GET', 'POST'])
def app(): def app():
ah = ad.ApplicationDao() if 'name' in session:
if request.method == 'GET': ah = ad.ApplicationDao()
dh = dd.DeviceDao() if request.method == 'GET':
dh = dd.DeviceDao()
session['appkey'] = request.args.get('appkey') session['appkey'] = request.args.get('appkey')
app = ah.get(session['appkey']) app = ah.get(session['appkey'])
devs = dh.get_list(app[1][1]) devs = dh.get_list(app[1][1])
try: try:
filelist = [f for f in os.listdir(DATA_DOWNLOAD_DIR) if f.startswith(session['appkey'])] filelist = [f for f in os.listdir(DATA_DOWNLOAD_DIR) if f.startswith(session['appkey'])]
print(filelist) for f in filelist:
for f in filelist: os.remove(DATA_DOWNLOAD_DIR+'/'+f)
os.remove(DATA_DOWNLOAD_DIR+'/'+f) except OSError:
except OSError: pass
pass
# print('devs : ', devs)
# print('devs : ', devs) return render_template('app.html', app=app[1], devs=devs[1])
return render_template('app.html', app=app[1], devs=devs[1])
else:
if request.form['appname'] == '':
error = 'Application name cannot be empty.'
return render_template('new-app.html', feedback=error)
else: else:
appkey = misc.rand_str(APP_KEY_LEN) if request.form['appname'] == '':
res = ah.create(request.form['appname'], appkey, session['name'], request.form['appdesc']) error = 'Application name cannot be empty.'
return render_template('new-app.html', feedback=error)
else:
appkey = misc.rand_str(APP_KEY_LEN)
res = ah.create(request.form['appname'], appkey, session['name'], request.form['appdesc'])
if not res[0]: if not res[0]:
return render_template('new-app.html', feedback=res[1]) return render_template('new-app.html', feedback=res[1])
dh = dd.DeviceDao() dh = dd.DeviceDao()
res = dh.create_table(appkey) res = dh.create_table(appkey)
if not res[0]: if not res[0]:
ah.delete(appkey) ah.delete(appkey)
return render_template('new-app.html', feedback=res[1]) return render_template('new-app.html', feedback=res[1])
return redirect(url_for('index')) return redirect(url_for('index'))
else:
return redirect(url_for('index'))
@server.route('/delete-app') @server.route('/delete-app')
def delete_app(): def delete_app():
dh = dd.DeviceDao() if 'name' in session:
devs = dh.get_list(session['appkey']) dh = dd.DeviceDao()
devs = dh.get_list(session['appkey'])
for dev in devs[1]: for dev in devs[1]:
data.delete_table(session['appkey'], dev[1]) data.delete_table(session['appkey'], dev[1])
dh.delete_table(session['appkey']) dh.delete_table(session['appkey'])
ah = ad.ApplicationDao() ah = ad.ApplicationDao()
res = ah.delete(session['appkey']) res = ah.delete(session['appkey'])
if not res[0]: if not res[0]:
return redirect(url_for('app')) return redirect(url_for('app'))
else:
return redirect(url_for('index'))
else: else:
return redirect(url_for('index')) return redirect(url_for('index'))
@server.route('/add-dev') @server.route('/add-dev')
def new_dev(): def new_dev():
dh = dd.DeviceDao() if 'name' in session:
dev_list = dh.get_list(session['appkey']) dh = dd.DeviceDao()
dev_list = dh.get_list(session['appkey'])
#print('dev list : ', dev_list) #print('dev list : ', dev_list)
if not dev_list[0]: if not dev_list[0]:
return render_template('add-dev.html', feedback=dev_list[1]) return render_template('add-dev.html', feedback=dev_list[1])
else:
return render_template('add-dev.html', free_ids=misc.prep_id_range(dev_list[1]))
else: else:
return render_template('add-dev.html', free_ids=misc.prep_id_range(dev_list[1])) return redirect(url_for('index'))
@server.route('/dev', methods=['GET', 'POST']) @server.route('/dev', methods=['GET', 'POST'])
def dev(): def dev():
dh = dd.DeviceDao() if 'name' in session:
if request.method == 'GET': dh = dd.DeviceDao()
dev = dh.get(session['appkey'], request.args.get('id')) if request.method == 'GET':
dev = dh.get(session['appkey'], request.args.get('id'))
session['devid'] = dev[1][1] session['devid'] = dev[1][1]
session['devname'] = dev[1][0] session['devname'] = dev[1][0]
last = data.get_last_n(session['appkey'], session['devid'], 1) last = data.get_last_n(session['appkey'], session['devid'], 1)
ltup = 'Device have not sent data yet' ltup = 'Device have not sent data yet'
if last[0]:
ltup = last[1][0][1]
return render_template('dev.html', dev=dev[1], appkey=session['appkey'], ltup=ltup) if last[0]:
else: ltup = last[1][0][1]
res = dh.create(request.form['devname'], request.form['devid'], session['appkey'], request.form['devdesc'])
if not res[0]: return render_template('dev.html', dev=dev[1], appkey=session['appkey'], ltup=ltup)
return render_template('add-dev.html', feedback=res[1])
else: else:
res = data.create_table(session['appkey'], request.form['devid']) res = dh.create(request.form['devname'], request.form['devid'], session['appkey'], request.form['devdesc'])
if not res[0]: if not res[0]:
dh.delete(session['appkey'], request.form['devid'])
return render_template('add-dev.html', feedback=res[1]) return render_template('add-dev.html', feedback=res[1])
else: else:
return redirect(url_for('app', appkey=session['appkey'])) res = data.create_table(session['appkey'], request.form['devid'])
if not res[0]:
dh.delete(session['appkey'], request.form['devid'])
return render_template('add-dev.html', feedback=res[1])
else:
return redirect(url_for('app', appkey=session['appkey']))
else:
return redirect(url_for('index'))
@server.route('/dev-conf', methods=['GET', 'POST']) @server.route('/dev-conf', methods=['GET', 'POST'])
def dev_conf(): def dev_conf():
if request.method == 'GET': if 'name' in session and 'devid' in session:
return render_template('dev-conf.html', devname=session['devname']) if request.method == 'GET':
else: return render_template('dev-conf.html', devname=session['devname'])
else:
argslen = len(request.form['arg']) + 1 argslen = len(request.form['arg']) + 1
args = bytearray(argslen + 2) args = bytearray(argslen + 2)
args[0] = int(request.form['confid']) args[0] = int(request.form['confid'])
args[1] = argslen args[1] = argslen
bstr = bytes(request.form['arg']) bstr = bytes(request.form['arg'])
i = 0 i = 0
while i < argslen - 1: while i < argslen - 1:
args[2+i] = bstr[i] args[2+i] = bstr[i]
i += 1 i += 1
base64_args = binascii.b2a_base64(args).decode('utf-8') base64_args = binascii.b2a_base64(args).decode('utf-8')
pend.create(session['appkey'], session['devid'], base64_args) pend.create(session['appkey'], session['devid'], base64_args)
#print('msg = ', args) #print('msg = ', args)
#print('base64 = ', base64_args) #print('base64 = ', base64_args)
#print(type(request.form['arg'].encode('utf-8'))) #print(type(request.form['arg'].encode('utf-8')))
#print(request.form['arg'].encode('utf-8')) #print(request.form['arg'].encode('utf-8'))
return redirect(url_for('dev', id=session['devid'])) return redirect(url_for('dev', id=session['devid']))
else:
return redirect(url_for('index'))
@server.route('/delete-dev') @server.route('/delete-dev')
def delete_dev(): def delete_dev():
dh = dd.DeviceDao() if 'name' in session and 'devid' in session:
data.delete_table(session['appkey'], session['devid']) dh = dd.DeviceDao()
res = dh.delete(session['appkey'], session['devid']) data.delete_table(session['appkey'], session['devid'])
res = dh.delete(session['appkey'], session['devid'])
return redirect(url_for('app', appkey=session['appkey'])) return redirect(url_for('app', appkey=session['appkey']))
else:
return redirect(utl_for('index'))
@server.route('/dev-data') @server.route('/dev-data')
def dev_data(): def dev_data():
last = data.get_last_n(session['appkey'], session['devid'], 10) if 'name' in session and 'devid' in session:
count = data.get_count(session['appkey'], session['devid']) last = data.get_last_n(session['appkey'], session['devid'], 10)
count = data.get_count(session['appkey'], session['devid'])
last_ctr = 10
if count[1][0] < 10: last_ctr = 10
last_ctr = count[1][0] if count[1][0] < 10:
last_ctr = count[1][0]
#print(last)
#print(count) #print(last)
if count[1][0] > 0: #print(count)
return render_template('dev-data.html', data=last[1], total=count[1][0], lastctr=last_ctr, devname=session['devname']) if count[1][0] > 0:
return render_template('dev-data.html', data=last[1], total=count[1][0], lastctr=last_ctr, devname=session['devname'])
else:
return render_template('dev-data.html', devname=session['devname'])
else: else:
return render_template('dev-data.html', devname=session['devname']) return redirect(utl_for('index'))
@server.route('/data-csv') @server.route('/data-csv')
def data_csv(): def data_csv():
dumpd = data.get_all(session['appkey'], session['devid']) if 'name' in session and 'devid' in session:
dumpd = data.get_all(session['appkey'], session['devid'])
fn = session['appkey']+ '_' +str(session['devid'])+ '.csv' fn = session['appkey']+ '_' +str(session['devid'])+ '.csv'
with open(DATA_DOWNLOAD_DIR+'/'+fn, 'w') as f: with open(DATA_DOWNLOAD_DIR+'/'+fn, 'w') as f:
for d in dumpd[1][0][2]: for d in dumpd[1][0][2]:
f.write(d) f.write(d)
f.write(',')
f.write('\n')
for row in dumpd[1]:
for v in row[2]:
f.write(str(row[2][v]))
f.write(',') f.write(',')
f.write('\n') f.write('\n')
for row in dumpd[1]:
for v in row[2]:
f.write(str(row[2][v]))
f.write(',')
f.write('\n')
return send_from_directory(DATA_DOWNLOAD_DIR, fn, as_attachment=True) return send_from_directory(DATA_DOWNLOAD_DIR, fn, as_attachment=True)
else:
return redirect(utl_for('index'))
if __name__ == '__main__': if __name__ == '__main__':
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment