paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes

Browse source
This commit is contained in:
Antonio de la Rosa 2025-02-28 02:03:51 +01:00
parent ed23a19044
commit c42128b4a7
6 changed files with 93 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

10
paramecio/libraries/db/formsutils.py
View file

@ -3,7 +3,7 @@
from paramecio.libraries.db import corefields from paramecio.libraries.db import corefields
from paramecio.libraries.db.coreforms import PasswordForm from paramecio.libraries.db.coreforms import PasswordForm
from paramecio.libraries.i18n import I18n from paramecio.libraries.i18n import I18n
from paramecio.libraries.sessions import get_session from paramecio.libraries.sessionplugin import get_session
from paramecio.libraries.keyutils import create_key_encrypt from paramecio.libraries.keyutils import create_key_encrypt
from bottle import request from bottle import request
@ -123,9 +123,9 @@ def csrf_token(token_id='csrf_token'):
s=get_session() s=get_session()
if not 'csrf_token' in s: #if not 'csrf_token' in s:
s['csrf_token']=create_key_encrypt() s['csrf_token']=create_key_encrypt()
s.save() #s.save()
return '<input type="hidden" name="csrf_token" class="csrf_token" id="'+token_id+'" value="'+s['csrf_token']+'" />' return '<input type="hidden" name="csrf_token" class="csrf_token" id="'+token_id+'" value="'+s['csrf_token']+'" />'
@ -135,7 +135,7 @@ def generate_csrf():
if not 'csrf_token' in s: if not 'csrf_token' in s:
s['csrf_token']=create_key_encrypt() s['csrf_token']=create_key_encrypt()
s.save() #s.save()
return s['csrf_token'] return s['csrf_token']

44
paramecio/libraries/db/simplequery.py Normal file
View file

@ -0,0 +1,44 @@
# A more simple set for make queries
def insert(model, db, dict_values):
final_values={}
for k in model.fields.keys():
final_values[k]=model.fields[k].check(dict_values.get(k, ''))
del final_values[model.name_field_id]
str_fields="`"+"`, `".join(final_values.keys())+"`"
str_query='insert into {} ({}) VALUES ({})'.format(model.name, str_fields, ", ".join(['%s']*len(final_values)))
success=False
with db.query(str_query, list(final_values.values())) as cursor:
if cursor.rowcount>0:
model.last_id=cursor.lastrowid
success=True
return success
def select(model, db, dict_fields=[], where_sql='', limit='', dict_values=[]):
if len(dict_fields)==0:
dict_fields=['`'+field+'`' for field in model.fields.keys()]
str_fields=", ".join(dict_fields)
str_query='select {} from {} {} limit 1'.format(str_fields, model.name, where_sql)
arr_result=[]
with db.query(str_query, dict_values) as cursor:
arr_result=cursor.fetchall()
return arr_result

12
paramecio/libraries/httputils.py
View file

@ -2,7 +2,7 @@
import json, re import json, re
from bottle import request, response from bottle import request, response
from paramecio.libraries.sessions import get_session from paramecio.libraries.sessionplugin import get_session
from paramecio.libraries.keyutils import create_key_encrypt from paramecio.libraries.keyutils import create_key_encrypt
from bottle import HTTPResponse from bottle import HTTPResponse
@ -100,7 +100,7 @@ class GetPostFiles:
self.post[post]=self.post.get(post, '') self.post[post]=self.post.get(post, '')
s=get_session() s=get_session()
#print('s', s)
if ignore_csrf_token==False and no_csrf==False: if ignore_csrf_token==False and no_csrf==False:
if 'csrf_token' in s: if 'csrf_token' in s:
@ -113,7 +113,7 @@ class GetPostFiles:
del s['csrf_token'] del s['csrf_token']
s.save() #s.save()
#raise NameError('Error: you need a valid csrf_token') #raise NameError('Error: you need a valid csrf_token')
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'}) raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 1}), status=200, headers={'Content-type': 'application/json'})
@ -124,7 +124,7 @@ class GetPostFiles:
del s['csrf_token'] del s['csrf_token']
s.save() #s.save()
else: else:
@ -160,8 +160,8 @@ def check_csrf(post):
del s['csrf_token'] del s['csrf_token']
s.save() #s.save()
else: else:
#raise NameError('Error: you don\'t send any valid csrf_token') #raise NameError('Error: you don\'t send any valid csrf_token')
raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'token_invalid': 0}), status=200, headers={'Content-type': 'application/json'}) raise HTTPResponse(body=json.dumps({'error_csrf': 1, 'error': 1, 'message': 'Error: csrf token invalid', 'token_invalid': 0}), status=200, headers={'Content-type': 'application/json'})

2
paramecio/libraries/i18n.py
View file

@ -20,7 +20,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.
""" """
from importlib import import_module from importlib import import_module
from paramecio.libraries.sessions import get_session from paramecio.libraries.sessionplugin import get_session
import json import json
from bottle import request from bottle import request
import gettext import gettext

15
paramecio/libraries/mtemplates.py
View file

@ -31,6 +31,7 @@ from paramecio.libraries.js import make_js_url
from settings import config from settings import config
from os import path from os import path
from collections import OrderedDict from collections import OrderedDict
from paramecio.wsgiapp import app
# Preparing envs for views of modules, and views of # Preparing envs for views of modules, and views of
@ -85,13 +86,17 @@ def preload_templates(template_files, env):
return templates return templates
def url_for(name):
return app.get_url(name)
class PTemplate: class PTemplate:
"""A class used how shortcuts for Mako template functions. """A class used how shortcuts for Mako template functions.
""" """
templates_loaded={} templates_loaded={}
def __init__(self, environment, app=None): def __init__(self, environment):
"""A class used how shortcuts for Mako template functions. """A class used how shortcuts for Mako template functions.
@ -188,7 +193,7 @@ class PTemplate:
module_env=self.env.directories[1].replace('/templates', '') module_env=self.env.directories[1].replace('/templates', '')
self.l=PGetText(module_env+'/index.py') self.l=PGetText(module_env+'/app.py')
self.add_filter(self._) self.add_filter(self._)
@ -198,6 +203,12 @@ class PTemplate:
self.add_filter(self.i18n.tlang) self.add_filter(self.i18n.tlang)
#self.url_for=lambda name: app.get_url(name)
#x = lambda a : a + 10
#print(self.url_for)
self.add_filter(url_for)
def _(self, text): def _(self, text):
return self.l.gettext(text) return self.l.gettext(text)

33
paramecio/libraries/sessionplugin.py
View file

@ -16,6 +16,10 @@ class Session(dict):
super(Session, self).__setitem__(item, value) super(Session, self).__setitem__(item, value)
self.changed=True self.changed=True
def get_session():
return request.environ.get('session', {})
class SessionPlugin(object): class SessionPlugin(object):
name = 'session' name = 'session'
@ -52,32 +56,37 @@ class SessionPlugin(object):
cookie=request.get_cookie(config.cookie_name) cookie=request.get_cookie(config.cookie_name)
s=None safe=None
if not cookie: if not cookie:
session=Session() session=Session()
else: else:
s=URLSafeTimedSerializer(config.key_encrypt) safe=URLSafeTimedSerializer(config.key_encrypt)
try:
session=Session(safe.loads(cookie))
session=Session(s.loads(cookie)) if type(session).__name__!='Session':
session=Session()
if type(session).__name__!='Session': except:
session=Session() session=Session()
#except:
# session=Session()
kwargs['session']=session kwargs['session']=session
#For compatibility with old sessions server-side style.
request.environ['session']=session
rv=callback(*args, **kwargs) rv=callback(*args, **kwargs)
if session.changed: if session.changed:
#print('changed') print('changed')
if not s: if not safe:
s=URLSafeTimedSerializer(config.key_encrypt) safe=URLSafeTimedSerializer(config.key_encrypt)
#print(session)
response.set_cookie(config.cookie_name, s.dumps(session)) #if not max_age:
response.set_cookie(config.cookie_name, safe.dumps(session), path=config.session_opts['session.path'], httponly=True)
return rv return rv