from functools import wrapsfrom tornado.database import Connectionfrom geven

1. from functools import wraps
2. from tornado.database import Connection
3. from gevent import monkey
4. from gevent.event import Event
5. from gevent.wsgi import WSGIServer
6.  
7. import config
8.  
9. from forms import LoginForm
10. from flask import Flask, g, jsonify, render_template, request, session, redirect, \
11. url_for, flash
12.  
13. monkey.patch_socket()
14.  
15. debug = True
16.  
17. app = Flask(__name__)
18. app.config.from_object(__name__)
19. app.config.from_object(config)
20.  
21. class Room(object):
22.  
23. def __init__(self):
24. self.messages = []
25. self.event = Event()
26.  
27. def add_message(self, message):
28.  
29. self.messages.append(message)
30. self.event.set()
31. self.event.clear()
32.  
33. def wait(self):
34. self.event.wait()
35.  
36. def get_messages(self):
37. return self.messages
38.  
39. room = Room()
40.  
41.  
42. def admin_required(f):
43. @wraps(f)
44. def decorated(*args, **kwargs):
45.  
46. auth = session.get('auth', None)
47.  
48. if not auth or not auth['is_staff']:
49. return redirect(url_for('admin_login'))
50. return f(*args, **kwargs)
51. return decorated
52.  
53. @app.before_request
54. def connect_db():
55.  
56. g.db = Connection(config.DB_HOST,
57. config.DB_NAME,
58. config.DB_USER,
59. config.DB_PASSWD)
60.  
61. @app.after_request
62. def close_connection(response):
63. g.db.close()
64. return response
65.  
66. @app.route("/")
67. def index():
68. """
69. Display the page containing chat room
70. """
71. return render_template("index.html", messages=room.get_messages())
72.  
73. @app.route("/new/", methods=("POST",))
74. def new_message():
75. """
76. Create a new message
77. """
78.  
79. body = request.form['body'].strip()
80. if body:
81. room.add_message(body)
82.  
83. return jsonify(success=True)
84.  
85.  
86. @app.route("/update/", methods=("POST",))
87. def update_messages():
88. """
89. Return list of updated messages
90. """
91. room.wait()
92. return jsonify(messages=room.get_messages())
93.  
94.  
95. @app.route("/admin/", methods=("POST","GET"))
96. @admin_required
97. def admin():
98. """
99. back end main admin page
100. """
101. return render_template("admin_index.html")
102.  
103. @app.route("/admin/login", methods=("POST", "GET",))
104. def admin_login():
105. """
106. Admin login page
107. """
108. form = LoginForm(request.form)
109. error = None
110.  
111. if request.method == "POST":
112.  
113. if not form.validate():
114. error = "Enter a username or password"
115. else:
116. import pdb
117.  
118. # unsanitized data!
119. user = g.db.get("select * from live_user where username='%s' and password='%s'" % (form.username.data, form.password.data,))
120.  
121. if not user:
122. error = "Invalid username of password"
123. elif not user['is_active']:
124. error = "Account is disabled"
125. elif not user['is_staff']:
126. error = "You do not have permission to access area of the site"
127. else:
128. flash("Login successful")
129. session['auth'] = {
130. 'id':user.id,
131. 'is_staff':user.is_staff,
132. 'first_name':user.first_name
133. }
134.  
135. return redirect(url_for('admin'))
136.  
137. return render_template("login.html", error=error, form=form)
138.  
139. @app.route("/admin/logout", methods=("GET",))
140. def admin_logout():
141. """
142. Admin logout
143. """
144. session.pop('auth', None)
145. return redirect(url_for('admin_login'))
146.  
147. app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
148.  
149. if __name__ == "__main__":
150. WSGIServer(('', 8080), app.wsgi_app).serve_forever()