# coding=utf-8 import base64 import datetime import hashlib import json import time from django.http import Http404 from django.http import HttpResponse from django.template import RequestContext from django.views.decorators.csrf import csrf_exempt from django.shortcuts import render_to_response, redirect import simplejson from django.contrib.auth import logout from finance.models import Bill from access.models import ActionJ, User from lms.settings import DOMAIN, NAME, SUPPORT, SUPPORT_PHONE, SUPPORT_TIME, ADDRESS, COMMENT_SECRET from django.db.models import Q from lms.tools import comment_auth_data from management.models import ModalTask from management.tools import get_modals def api_decor(without_auth=False, check_request=False, method='GET', need_keys=[], check_request_values=False, need_values={}): # Обслуживание API запроса # check_request - проверяет введенные ключи. Если есть все необходимые - продолжает выполнение # check_request_values - проверяет значение ключей request. ТОЛЬКО при наличии проверок check_request и # совпадении ключей need_keys и check_request_values # context_in - поправка вывода context при ошибке def wrap(fun): @csrf_exempt def _render_json(request, *args, **kwargs): if not request.user.is_authenticated() and not without_auth: raise Http404 if request.user.is_authenticated() or without_auth: if request.user.is_authenticated(): if not request.user.last_ip: request.user.set_request_data(request) request.user.last_time = datetime.datetime.now() if request.user.status == 'OFF': request.user.status = 'ON' request.user.save() result = True if check_request: keys_in = [] if method == 'GET': keys_in = request.GET.keys() elif method == 'POST': keys_in = request.POST.keys() # Проверка существования ключей в request for i in need_keys: if i not in keys_in: result = False break # Проверка значений в request if check_request_values and result: for key, value in need_values.iteritems(): if method == 'GET' and (key not in need_keys or request.GET[key] != value): result = False break elif method == 'POST' and (key not in need_keys or request.POST[key] != value): result = False break if result: data = fun(request, {'code': '0', 'response': '', 'data': ''}, *args, **kwargs) else: context_in = {'code': '0', 'response': 'KEYS ARE NOT VALID', 'data': ''} data = context_in response = HttpResponse(simplejson.dumps(data), content_type='application/json; charset=utf-8') #response['Content-Security-Policy'] = "default-src 'self'" return response else: response = HttpResponse(simplejson.dumps({'code': '0', 'response': '', 'data': ''}), content_type='application/json; charset=utf-8') #response['Content-Security-Policy'] = "default-src 'self'" return response return _render_json return wrap def response_decor(template, without_auth=False, description=''): # Обслуживание стандартного запроса http def wrap_response(func): def _render_json(request, *args, **kwargs): if request.user.is_authenticated() and request.user.block: block_len = request.user.get_ip_len() logout(request) return redirect('/?userblocked={0}'.format(block_len)) if request.user.is_authenticated() or without_auth: parameters = func(request, *args, **kwargs) parameters['DOMAIN'] = DOMAIN parameters['NAME'] = NAME parameters['SUPPORT'] = SUPPORT parameters['SUPPORT_PHONE'] = SUPPORT_PHONE parameters['SUPPORT_TIME'] = SUPPORT_TIME parameters['ADDRESS'] = ADDRESS parameters['ONLINE'] = User.objects.filter(status='ON').count() parameters['COMMENT_USER_INFO'] = comment_auth_data(request.user) if request.user.is_authenticated() else '' if request.user.is_authenticated(): if ModalTask.objects.filter(Q(user__email=request.user.email, modal__title='aicfb3')|Q(user__email=request.user.email, modal__title='aicfb2')|Q(user__email=request.user.email, modal__title='aicfb1')).exists(): m = ModalTask.objects.filter(user__email=request.user.email).first() parameters['show_fb'] = m.modal.text m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='diplom_nameless').exists(): m = ModalTask.objects.filter(user__email=request.user.email).first() parameters['diplom_nameless'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='csh_new_year').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='csh_new_year').first() parameters['csh_new_year'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='web_html').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='web_html').first() parameters['web_html'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='web_gerasimenko').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='web_gerasimenko').first() parameters['web_gerasimenko'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='JavaScript_geras').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='JavaScript_geras').first() parameters['JavaScript_geras'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='JavaScript_yegor').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='JavaScript_yegor').first() parameters['JavaScript_yegor'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='Java_geras').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='Java_geras').first() parameters['Java_geras'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='Java_it').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='Java_it').first() parameters['Java_it'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='IOS').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='IOS').first() parameters['IOS'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='web_start').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='web_start').first() parameters['web_start'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='excel').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='excel').first() parameters['excel'] = True m.user.remove(request.user) if ModalTask.objects.filter(user__email=request.user.email, modal__title='PR').exists(): m = ModalTask.objects.filter(user__email=request.user.email, modal__title='PR').first() parameters['PR'] = True m.user.remove(request.user) if parameters and parameters.get('redirect'): return redirect(parameters['redirect']) else: if request.user.is_authenticated(): parameters['bills'] = Bill.objects.filter( Q(user=request.user, status='W') | Q(user=request.user, status='P')) parameters['actions'] = ActionJ.objects.filter(student=request.user).order_by('-id')[:5] response = render_to_response(template, parameters, context_instance=RequestContext(request)) #response['Content-Security-Policy'] = "default-src 'self'" return response else: parameters = {'AUTH': True, 'DOMAIN': DOMAIN, 'NAME': NAME, 'ONLINE': User.objects.filter(status='ON').count(), 'SUPPORT': SUPPORT, 'SUPPORT_PHONE': SUPPORT_PHONE, 'SUPPORT_TIME': SUPPORT_TIME, 'ADDRESS': ADDRESS, 'COMMENT_USER_INFO': '', 'MODALS': get_modals(request)} if parameters and parameters.get('redirect'): return redirect(parameters['redirect']) else: response = render_to_response('access_error.html', parameters, context_instance=RequestContext(request)) #response['Content-Security-Policy'] = "default-src 'self'" return response return _render_json return wrap_response def out_api_decor(without_auth=False, check_request=False, method='GET', need_keys=[], check_request_values=False, need_values={}): # Обслуживание API запроса # check_request - проверяет введенные ключи. Если есть все необходимые - продолжает выполнение # check_request_values - проверяет значение ключей request. ТОЛЬКО при наличии проверок check_request и # совпадении ключей need_keys и check_request_values # context_in - поправка вывода context при ошибке def wrap(fun): @csrf_exempt def _render_json(request, *args, **kwargs): keys_in = [] if request.user.is_authenticated() or without_auth: if request.user.is_authenticated(): request.user.last_time = datetime.datetime.now() if request.user.status == 'OFF': request.user.status = 'ON' request.user.save() result = True if check_request: if method == 'GET': keys_in = request.GET.keys() elif method == 'POST': keys_in = request.POST.keys() # Проверка существования ключей в request for i in need_keys: if i not in keys_in: result = False break # Проверка значений в request if check_request_values and result: for key, value in need_values.iteritems(): if method == 'GET' and (key not in need_keys or request.GET[key] != value): result = False break elif method == 'POST' and (key not in need_keys or request.POST[key] != value): result = False break if result: data = fun(request, {'code': '0', 'response': '', 'data': ''}, *args, **kwargs) else: context_in = {'code': '0', 'response': 'KEYS ARE NOT VALID', 'data': keys_in} data = context_in response = HttpResponse(simplejson.dumps(data), content_type='application/json; charset=utf-8') response['Access-Control-Allow-Origin'] = '*' return response else: response = HttpResponse(simplejson.dumps({'code': '0', 'response': '', 'data': ''}), content_type='application/json; charset=utf-8') response['Access-Control-Allow-Origin'] = '*' return response return _render_json return wrap