OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
zopalv1
/
opalv1
Server IP: 10.0.0.4
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
09/25/2021 03:02:46 AM
rwxr-xr-x
📄
0__init__.py
5.13 KB
09/20/2021 06:07:13 AM
rw-r--r--
📄
__init__.py
18.61 KB
09/20/2021 06:07:13 AM
rw-r--r--
📁
__pycache__
-
09/20/2021 06:07:09 AM
rwxr-xr-x
📁
documents
-
09/20/2021 06:07:07 AM
rwxr-xr-x
📄
o2__init__.py
8.26 KB
09/20/2021 06:07:14 AM
rw-r--r--
📄
o__init__.py
11.75 KB
09/20/2021 06:07:14 AM
rw-r--r--
Editing: __init__.py
Close
#!/bin/usr/python3 import flask from flask import Flask, flash, request, redirect, url_for, jsonify, Response from flask import send_file, send_from_directory, safe_join, abort from werkzeug.utils import secure_filename import pymongo from pymongo import MongoClient from bson import json_util, ObjectId, Binary, Code from bson.json_util import dumps import json from flask_mail import Mail, Message from datetime import datetime import os PDF_FOLDER = '/var/www/html/pdf' IMG_FOLDER = '/var/www/html/img' ALLOWED_EXTENSIONS = {'txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif'} app = flask.Flask(__name__) app.config['DEBUG'] = True app.config["PDF_FOLDER"] = PDF_FOLDER app.config["IMG_FOLDER"] = IMG_FOLDER app.config.update( #DEBUG=True, #EMAIL SETTINGS MAIL_SERVER='smtp.gmail.com', MAIL_PORT=465, MAIL_USE_SSL=True, MAIL_USERNAME = 'hebbarp@gmail.com', MAIL_PASSWORD = 'newstart@2014' ) mail = Mail(app) #@app.route('/v1/resources/send-mail/') def send_mail(r, v): my_url = "http://opal.accsindia.org/verify.htm?" + v try: msg = Message("Login credentials", sender="hebbar@gmail.com", recipients=[r]) msg.body = "Thank you for registering with OPAL. Please click the link below to verify and complete your login\n" + my_url mail.send(msg) return 'Mail sent!' except Exception as e: return(str(e)) @app.route('/v1/resources/articlesbyuser', methods=['GET']) def api_editor(): art_results = [] client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test if 'session' in request.args: my_session = request.args['session'] else: return Response(dumps({'status': 500, 'message': 'User not logged in'}), mimetype='application/json') #select email from table users where lastlogin=my_session my_user = db.users.find_one({"lastlogin" : my_session}, {"email": 1, '_id' : 0}) if my_user: my_editor = my_user['email'] else: return Response(dumps({'status': 500, 'message': 'User not logged in'}), mimetype='application/json') # return my_editor #query = {'email' : { "" : my_user, "$options": "i" }} articles = collection.find({'editor' : my_editor}, {"id": 1, "title": 1, "author" : 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "fileurl": 1, "published" : 1, "imgurl" : 1, "_id": 0}) art_results = [] for art in articles: art_results.append(art) return Response(dumps({'status': 200, 'data': art_results}), mimetype='application/json') @app.route('/v1/resources/paperstatus', methods=['GET']) def published(): if 'session' in request.args: my_session = request.args['session'] else: return Response(dumps({'status': 500, 'message': 'User not logged in'}), mimetype='application/json') if 'status' in request.args: my_status = request.args['status'] if 'id' in request.args: my_id = int(request.args['id']) else: return Response(dumps({'status': 500, 'message': 'Invalid Article id'}), mimetype='application/json') client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test #query = {"lastlogin" : my_session} result = db.users.find_one({"lastlogin" : my_session}, {"email": 1, '_id' : 0}) # return result['email'] if result: collection.update({"id" : my_id}, { "$set" :{ 'published' : my_status}}) #update_result = collection.find_one({"id" : my_id}) # return update_result return jsonify({'status': 200, 'message': "Article status is updated"}) else: return Response(dumps({'status': 500, 'message': 'User count not found'}), mimetype='application/json') @app.route('/v1/resources/articlesbyauthor', methods=['GET']) def api_author(): if 'author' in request.args: my_author = request.args['author'] if not my_author: return Response(dumps({'status': 500, 'error': 'Error: author not specified. Please provide an author'}), mimetype='application/json') #return my_author else: return Response(dumps({'status': 500, 'error': 'Error: author not specified. Please provide an author'}), mimetype='application/json') if 'session' in request.args: my_session = request.args['session'] else: my_session = "" #return Response(dumps({'status': 500, 'error': 'User not logged in'}), mimetype='application/json') art_results = [] client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test #query = {'author.author_first_name' : { "$regex" : my_author, "$options": "i" }, "published" : "1"} query = {"$or" : [{"author.first_name" : {"$regex" : my_author, "$options" : "i"}}, {"author.last_name" : {"$regex" : my_author, "$options" : "i"}}]} if my_session == "": articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "imgurl" : 1, "_id": 0}) else: chk_session = db.users.find({"lastlogin" : my_session}) if chk_session.count() is 1: articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "fileurl": 1, "imgurl" : 1, "_id": 0}) elif chk_session.count() is 0: articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "imgurl" : 1, "_id": 0}) for art in articles: art_results.append(art) return Response(dumps({'status': 200, 'data': art_results}), mimetype='application/json') # return jsonify({'status': 200, 'data': art_results}) @app.route('/v1/resources/articlesbytitle', methods=['GET']) def api_title(): if 'title' in request.args: keyword = request.args['title'] if not keyword: return "Error: keyword not specified. Please provide a keyword" else: return "Error: keyword not specified. Please provide a keyword" if 'session' in request.args: my_session = request.args['session'] else: my_session = "" art_results = [] client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test # #build_fragment = "author:" + "/" + my_author "/" query = {'title' : { "$regex" : keyword, "$options": "i" }, "published" : "1"} #come back here if my_session == "": articles = collection.find(query, {"id": 1, "title": 1, "author" : 1, "category": 1, "doi":1, "year_published": 1, "published" : 1, "summary": 1, "imgurl" : 1, "_id": 0}) else: chk_session = db.users.find({"lastlogin" : request.args['session']}) if chk_session.count() is 0: articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "published" : 1, "summary": 1, "imgurl" : 1, "_id": 0}) else: articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "published" : 1, "summary": 1, "fileurl": 1, "imgurl" : 1, "_id": 0}) #articles = collection.find(query) for art in articles: if "published" in art.keys(): if art["published"] is "1": art_results.append(art) return Response(dumps({'status': 200, 'data': art_results}), mimetype='application/json') #return jsonify({'status': 200, 'data': art_results}) @app.route('/v1/resources/articlesbycategory', methods=['GET']) def api_category(): if 'category' in request.args: cat_key = request.args['category'] if not cat_key: return "Error: keyword not specified. Please provide a keyword" else: return "Error: keyword not specified. Please provide a keyword" if 'session' in request.args: my_session = request.args['session'] else: my_session = "" art_results = [] client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test query = {'category' : { "$regex" : cat_key, "$options": "i" }, "published" : "1"} if my_session == "": articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "imgurl" : 1, "_id": 0}) else: chk_session = db.users.find({"lastlogin" : request.args['session']}) #articles = collection.find(query) if chk_session.count() is 1: articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "fileurl": 1, "imgurl" : 1, "_id": 0}) elif chk_session.count() is 0: articles = collection.find(query, {"id": 1, "title": 1, "author": 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "imgurl" : 1, "_id": 0}) for art in articles: art_results.append(art) return Response(dumps({'status': 200, 'data': art_results}), mimetype='application/json') @app.route('/v1/resources/cms/upload', methods=['POST']) def api_upload(): my_title = request.form['title'] # my_author_sal = request.form['author_salutation'] # my_author_fname = request.form['author_first_name'] # my_author_lname = request.form['author_last_name'] my_author = json.loads(request.form['author']) my_category = request.form['category'] my_year_published = request.form['year_published'] my_summary = request.form['summary'] #this is called summary in the db if 'session' in request.form: my_session = request.form['session'] else: Response(dumps({'status': 400, 'message': "User not in Session"}), mimetype='application/json') client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test my_id = collection.count() + 1 id_check = collection.find_one({"id" : my_id}) if id_check: checked_id = my_id else: checked_id = my_id + 1 if len(request.form['doi']) == 0: my_doi = "10.34048/OPAL/" + str(my_year_published) + "/"+ str(my_id) else: my_doi = request.form['doi'] #pdf_fileurl = str(my_id) + "_" + filename result = db.users.find_one({"lastlogin" : my_session}, {"email": 1, '_id' : 0}) if result: my_user = result['email'] if 'file_pdf' in request.files: my_pdf = request.files['file_pdf'] pdf_filename = secure_filename(my_pdf.filename) pdf_filename = str(my_id) + "_" + pdf_filename my_pdf.save(os.path.join(app.config['PDF_FOLDER'], pdf_filename)) else: pdf_filename = "" if 'file_img' in request.files: my_img = request.files['file_img'] img_filename = secure_filename(my_img.filename) img_filename = str(my_id) + "_" + img_filename my_img.save(os.path.join(app.config['IMG_FOLDER'], img_filename)) else: img_filename = "" query = {"id" : checked_id, "title": my_title, "author" : my_author, "category": my_category, "year_published" : my_year_published, "doi": my_doi, "summary" : my_summary, "fileurl" : pdf_filename, "imgurl" : img_filename, "published" : "0", "editor": my_user} result = collection.insert_one(query) if result: return Response(dumps({'status': 200, 'message': "Article uploaded successfully"}), mimetype='application/json') else: return jsonify({'status': 404, 'message': "Could upload the article"}) else: return Response(dumps({'status': 200, 'message': "User not logged in"}), mimetype='application/json') @app.route('/v1/resources/cms/updatepaper', methods=['POST']) def api_updatepaper(): my_id = int(request.form['id']) my_title = request.form['title'] # my_author_sal = request.form['author_salutation'] # my_author_fname = request.form['author_first_name'] # my_author_lname = request.form['author_last_name'] my_author = json.loads(request.form['author']) my_category = request.form['category'] my_year_published = request.form['year_published'] my_summary = request.form['summary'] #this is called summary in the db if 'session' in request.form: my_session = request.form['session'] if my_session == "": return Response(dumps({'status': 400, 'message': "User not in Session"}), mimetype='application/json') else: return Response(dumps({'status': 400, 'message': "User not in Session"}), mimetype='application/json') client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test #pdf_fileurl = str(my_id) + "_" + filename result = db.users.find_one({"lastlogin" : my_session}, {"email": 1, '_id' : 0}) if result: #my_user = result['email'] if 'file_img' in request.files: my_img = request.files['file_img'] img_filename = secure_filename(my_img.filename) img_filename = str(my_id) + "_" + img_filename my_img.save(os.path.join(app.config['IMG_FOLDER'], img_filename)) else: img_filename = "" result = collection.update({"id" : my_id}, {"$set" :{"title": my_title, "summary" : my_summary, "author" : my_author, "category": my_category, "imgurl" : img_filename, "year_published" : my_year_published}}) if result: # return result['email'] return Response(dumps({'status': 200, 'message': "Article Updated successfully"}), mimetype='application/json') else: return jsonify({'status': 404, 'message': "Could update the article"}) else: return Response(dumps({'status': 400, 'message': "User not logged in"}), mimetype='application/json') @app.route('/v1/resources/articles/featured', methods=['GET']) def api_featured(): client = MongoClient("localhost", 27017) if not client: return jsonify({'status': 404, 'error': "Could not connect to resource"}) db = client.opalv1 collection = db.test random_result = collection.find({"published" : "1"}, { "id" : 1, "title" : 1 , "summary" : 1, "imgurl" : 1, "_id" : 0 }).sort("id", -1).limit(3) featured_articles = [] for art in random_result: featured_articles.append(art) return jsonify({'status': 200, 'data': featured_articles}) @app.route('/v1/resources/article', methods=['GET']) def api_featured_article(): if 'id' in request.args: my_id = request.args['id'] if not my_id: return "Error: id not found. Please provide a valid id" else: return "Error: id not found. Please provide a valid id" if 'session' in request.args: my_session = request.args['session'] else: my_session = "" client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.test query = {"id" : int(my_id)} #id_count = collection.count() # if int(my_id) > id_count: # return jsonify({'status': 400, 'message': 'Please check your article id'}) if my_session == "": articles = collection.find(query, {"id": 1, "title": 1, "author" : 1, "category": 1, "doi":1, "year_published": 1, "published" : 1, "summary": 1, "imgurl" : 1, "_id": 0}) if articles.count() is 0: return jsonify({'status': 500, 'message': "Article not found"}) else: chk_session = db.users.find({"lastlogin" : request.args['session']}) #articles = collection.find(query) if chk_session.count() is 1: articles = collection.find(query, {"id": 1, "title": 1, "author" : 1, "category": 1, "doi":1, "year_published": 1, "summary": 1, "published" : 1, "fileurl": 1, "imgurl" : 1, "_id": 0}) elif chk_session.count() is 0: articles = collection.find(query, {"id": 1, "title": 1, "author" : 1, "summary": 1, "published" : 1, "imgurl" : 1, "_id": 0}) for art in articles: return jsonify({'status': 200, 'data': art}) @app.route('/v1/resources/userregistration', methods=['GET']) def api_user_registration(): my_fname = request.args['fname'] my_lname = request.args['lname'] #my_username = request.args['username'] my_email = request.args['email'] my_pw = request.args['password'] my_type = request.args['type'] my_affil = request.args['affiliation'] my_city = request.args['city'] my_country = request.args['country'] my_verify_code = datetime.utcnow().strftime("%Y%m%d%H%M%S") #my_session = "opal" + datetime.utcnow().strftime("%Y%m%d%H%M%S") client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.users check_email = collection.find({"email" : my_email}) check_email_list = list(check_email) if check_email_list: return jsonify({'status': 500, 'message': "A user by that email already exists"}) query = {"fname" : my_fname, "lname": my_lname, "email": my_email, "password": my_pw, "type" : my_type, "affiliation" : my_affil, "city" : my_city, "country" : my_country, "verify_code": my_verify_code, "user_status": 0} collection.insert_one(query) #result = collection.find({"email" : my_email, "password" : my_pw}, { "type" : 1, "fname" : 1, "lname" : 1, "_id" : 0 }) send_mail(my_email, my_verify_code) return jsonify({'status': 200}) @app.route('/v1/resources/verify', methods=['GET']) def api_user_verify(): if 'data' in request.args: my_data = request.args['data'] else: return jsonify({'status': 500, 'message': "Verification code wasn't sent"}) client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.users check_email = collection.find({"verify_code" : my_data}) check_email_list = list(check_email) if check_email_list: collection.update({"verify_code" : my_data}, { "$set" :{ 'user_status' : 1}}) return jsonify({'status': 200}) else: return jsonify({'status': 500, 'message': "Account could not be verified"}) @app.route('/v1/resources/logout', methods=['GET']) def api_logout(): my_session = request.args['session'] if my_session == "": return jsonify({'status': 400, 'message': "The user has not logged in"}) client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.users result = collection.find_one({"lastlogin" : my_session},{"email" : 1, "_id" : 0}) if result: update_session = collection.update({'lastlogin' : my_session}, { "$set" :{"lastlogin" : ""}}) if update_session: return jsonify({'status': 200, 'message': "You have successfully logged out from OPAL."}) else: return jsonify({'status': 500, 'message': "This user has not logged in"}) @app.route('/v1/resources/userauth', methods=['GET']) def api_user_auth(): my_email = request.args['email'] my_pw = request.args['password'] my_type = request.args['utype'] my_lastlogin = datetime.utcnow().strftime("%Y%m%d%H%M%S") my_session = "opal-" + my_lastlogin client = MongoClient("localhost", 27017) db = client.opalv1 collection = db.users #query = collection.find({"username" : my_username, "password" : my_pw, "type" : my_type}) #result = collection.find({"username" : my_username, "password" : my_pw}, { "type" : 1, "fname" : 1, "lname" : 1, "_id" : 0 }) result = collection.find({"email" : my_email, "password" : my_pw, "type" : my_type}, { "type" : 1, "fname" : 1, "lname" : 1, "_id" : 0 }) result_list = list(result) if result_list: verified_p = collection.find({"email" : my_email, "user_status" : 1}, { "type" : 1, "fname" : 1, "lname" : 1, "_id" : 0 }) verified_p_list = list(verified_p) if verified_p_list: collection.update({'email' : my_email}, { "$set" :{ 'lastlogin' : my_session}}) result_dict = verified_p_list[0] else: return jsonify({'status': 500, 'message': "Sorry, user account is not verified"}) else: return jsonify({'status': 500, 'message': "Sorry could not find the user"}) my_data = {'session' : my_session} my_data.update(result_dict) #return jsonify({'status': 200, 'type' : json.dumps(art_results), 'data': my_session}) return jsonify({'status': 200, 'data': my_data}) @app.route('/v1/resources/test', methods=['POST']) def api_test(): my_author = request.form['author'] my_author = list(my_author) return type(my_author).__name__ if __name__ == "__main__": app.run()