--- /dev/null
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+ An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software. This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<http://www.gnu.org/licenses/>.
--- /dev/null
+# Copyright (C) 2018 The Meme Factory, Inc. http://www.meme.com/
+
+# This file is part of PGWUI_Core.
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Affero General Public License
+# as published by the Free Software Foundation, either version 3 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+#
+
+# Karl O. Pinc <kop@meme.com>
+
+'''Python source code for pgwui_core module
+
+More general description of the module.
+'''
+
+# There are main objects, and their subclasses, here:
+# LoadedForm
+# DBHandler (generally referred to a an "upload handler", at present)
+# DBConnector (UploadEngine)
+#
+# See their documentation below.
+
+# Write python 3 compatible code.
+from __future__ import print_function
+from __future__ import unicode_literals
+from __future__ import absolute_import
+from __future__ import division
+
+from csv import reader as csv_reader
+from cgi import escape as cgi_escape
+import collections
+import ast
+import markupsafe
+import hashlib
+import io
+
+# We are not really using wtforms. We use it to (barely)
+# interact with the html and post request but really
+# we define our own classes to handle working memory
+# and interacting with the session.
+from wtforms import (
+ Form,
+ BooleanField,
+ StringField,
+ RadioField,
+ PasswordField,
+ FileField)
+
+import psycopg2
+
+from pgwui_core.form_constants import *
+
+
+# Setup default values for forms.
+
+class UserInitialPost():
+ db = LIVE_DB
+ user = ''
+ password = ''
+
+class AuthInitialPost():
+ db = ''
+ user = ''
+ password = ''
+
+class UploadFileInitialPost(AuthInitialPost):
+ upload_fmt = CSV
+ datafile = ''
+ trim_upload = True
+
+class UploadNullFileInitialPost(UploadFileInitialPost):
+ upload_null = True
+ null_rep = ''
+
+class UploadTableInitialPost(UploadNullFileInitialPost):
+ table = ''
+
+# The wtforms that suck data out of the html.
+
+class UserWTForm(Form):
+ '''The wtform used to connect to the db to authenticate .'''
+ # We don't actually use the labels, wanting the template to
+ # look (and render) like html, but I'll define them anyway
+ # just to keep my hand in.
+ user = StringField('User:')
+ password = PasswordField('Password:')
+
+ ivals = UserInitialPost
+
+
+class AuthWTForm(UserWTForm):
+ '''The wtform used to connect to any db and authenticate.'''
+ # We don't actually use the labels, wanting the template to
+ # look (and render) like html, but I'll define them anyway
+ # just to keep my hand in.
+ db = StringField('Database:')
+
+ ivals = AuthInitialPost
+
+
+class UploadFileWTForm(AuthWTForm):
+ '''The wtform used for uploading files.'''
+ # We don't actually use the labels, wanting the template to
+ # look (and render) like html, but I'll define them anyway
+ # just to keep my hand in.
+ upload_fmt = RadioField('Upload Format:',
+ choices=[('Upload CSV Data:', CSV),
+ ('Upload tab delimited Data:', TAB)])
+ datafile = FileField('File with CSV or Tab delimited Data:')
+ trim_upload = BooleanField('Trim Leading/Trailing Spaces:')
+
+ ivals = UploadFileInitialPost
+
+
+class UploadNullFileWTForm(UploadFileWTForm):
+ '''The wtform used for uploading files that may contain NULL.'''
+ # We don't actually use the labels, wanting the template to
+ # look (and render) like html, but I'll define them anyway
+ # just to keep my hand in.
+ upload_null = BooleanField('Upload NULL Values:')
+ null_rep = StringField('NULL Representation:')
+
+ ivals = UploadNullFileInitialPost
+
+
+class UploadTableWTForm(UploadNullFileWTForm):
+ '''The wtform used for uploading arbitrary data into tables.'''
+ table = StringField('Table or View:')
+
+ ivals = UploadTableInitialPost
+
+
+class LoadedForm(collections.MutableMapping):
+ '''
+ Abstract class representing an upload form.
+
+ Responsible for getting information into and out of
+ html forms.
+
+ The user API is that it acts like a dict, but with extra methods.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+
+ _store Where the real dict is kept
+ _form Instantaiated html form object (WTForms)
+ _fc Class handling html form
+ '''
+ def __init__(self, uh, fc=None, data={}, **kwargs):
+ super(LoadedForm, self).__init__()
+ self.uh = uh
+ if data == {}:
+ store = dict(kwargs)
+ else:
+ store = dict(data)
+ store.update(kwargs)
+ self._store = store
+ self._fc = fc
+
+ def __iter__(self): return next(self._store)
+ def __len__(self): return len(self._store)
+ def __getitem__(self, key): return self._store[key]
+ def __setitem__(self, key, value): self._store[key] = value
+ def __delitem__(self, key): del self._store[key]
+
+ def read(self):
+ '''
+ In the children this loads form from pyramid self.uh.request
+ object and self._form and the session.
+
+ In this case we instantiate _form and give it some defaults
+ '''
+ self._form = self._fc(self.uh.request.POST, self._fc.ivals)
+
+ def write(self, response, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+
+ Input:
+ response Dict of results from connection execution
+ errors List of errors from connection execution
+ '''
+ response['errors'] = errors
+ return response
+
+
+class CredsLoadedForm(LoadedForm):
+ '''
+ Acts like a dict, but with extra methods.
+ Manages credentials (but not db) needed to authenticate.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+ user The username used to login
+ _form Instantaiated html form object (WXForms)
+
+ Methods:
+ read() Load form from pyramid request object.
+ '''
+ def __init__(self, uh, fc=UserWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(CredsLoadedForm, self).__init__(uh, fc, data)
+
+ def session_put(self, key, value):
+ '''
+ Put data into the session.
+
+ Input:
+ key The key
+ value The value
+
+ Returns:
+
+ Side effects:
+ Modifies session
+
+ May be overridden by a subclass to keep data out
+ of the session.
+ '''
+ self.uh.session[key] = value
+
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+
+ # Read parent's data
+ super(CredsLoadedForm, self).read()
+
+ # Read our form data
+
+ # Keep password and user in the session. All the other
+ # form varaibles must be re-posted.
+ post = self.uh.request.POST
+ session = self.uh.request.session
+
+ # Defaults are now in place in self._form for password
+ # and user. Ignore these since we want to know whether
+ # to go to the session for data values.
+ if 'password' in post:
+ self['password'] = post['password']
+ self.session_put('password', self['password'])
+ elif 'password' in session:
+ self['password'] = session['password']
+
+ if 'user' in post:
+ self['user'] = post['user']
+ self.session_put('user', self['user'])
+ elif 'user' in session:
+ self['user'] = session['user']
+ else:
+ self['user'] = ''
+
+ # Other, hidden, POST variables
+ if 'action' in post:
+ self['action'] = post['action']
+ else:
+ self['action'] = ''
+
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ response = super(CredsLoadedForm, self).write(result, errors)
+ if ('havecreds' not in response
+ or ('havecreds' in response and not response['havecreds'])):
+ # We don't know if the credentials are good or
+ # we know they are bad. Keep them out of the session.
+ response['user'] = ''
+ response['password'] = ''
+ self.session_put('user', '')
+ self.session_put('password', '')
+ else:
+ response['user'] = self['user']
+ return response
+
+
+class AuthLoadedForm(CredsLoadedForm):
+ '''
+ Acts like a dict, but with extra methods.
+ Manages form data needed to authenticate, including db to authenticate
+ in.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+ user The Usernamed used to login
+ db The db to login to
+ _form Instantaiated html form object (WXForms)
+
+ '''
+ def __init__(self, uh, fc=AuthWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(AuthLoadedForm, self).__init__(uh, fc, data)
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+
+ # Read parent's data
+ super(AuthLoadedForm, self).read()
+
+ # Keep form variables handy
+ self['db'] = self._form.db.data
+
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ response = super(AuthLoadedForm, self).write(result, errors)
+ response['db'] = self['db']
+ return response
+
+
+class UploadFileForm(AuthLoadedForm):
+ '''
+ Acts like a dict, but with extra methods.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+
+ Methods:
+ read() Load form from pyramid request object.
+ '''
+ def __init__(self, uh, fc=UploadFileWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(UploadFileForm, self).__init__(uh, fc, data)
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+
+ # Read parent's data
+ super(UploadFileForm, self).read()
+
+ # Read our own data
+ self['upload_fmt'] = self._form.upload_fmt.data
+ self['trim_upload'] = self._form.trim_upload.data
+
+ # Other POST variables involving a file
+ self['filename'] = ''
+ self['localfh'] = ''
+ if 'action' in self:
+ if self._form.datafile.data != '':
+ post = self.uh.request.POST
+ if hasattr(post['datafile'], 'filename'):
+ self['filename'] = post['datafile'].filename
+ if hasattr(post['datafile'], 'file'):
+ self['localfh'] = post['datafile'].file
+
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ if self['upload_fmt'] == CSV:
+ csv_checked = CHECKED
+ tab_checked = UNCHECKED
+ else:
+ tab_checked = CHECKED
+ csv_checked = UNCHECKED
+
+ if self['trim_upload']:
+ trim_upload_checked = CHECKED
+ else:
+ trim_upload_checked = UNCHECKED
+
+ response = super(UploadFileForm, self).write(result, errors)
+ response['filename'] = self['filename']
+ response['trim_upload'] = trim_upload_checked
+ response['csv_value'] = CSV_VALUE
+ response['tab_value'] = TAB_VALUE
+ response['csv_checked'] = csv_checked
+ response['tab_checked'] = tab_checked
+ return response
+
+
+class UploadDoubleFileForm(UploadFileForm):
+ '''
+ Acts like a dict, but with extra methods.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+
+ Methods:
+ read() Load form from pyramid request object.
+ '''
+ def __init__(self, uh, fc=UploadFileWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(UploadDoubleFileForm, self).__init__(uh, fc, data)
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+ # Read parent's data
+ super(UploadDoubleFileForm, self).read()
+
+ # Read our own data
+ post = self.uh.request.POST
+ if 'last_key' in post:
+ self['last_key'] = post['last_key']
+ else:
+ self['last_key'] = ''
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ response = super(UploadDoubleFileForm, self).write(result, errors)
+ response['last_key'] = self['last_key']
+ return response
+
+
+class UploadNullFileForm(UploadFileForm):
+ '''
+ Acts like a dict, but with extra methods.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+
+ Methods:
+ read() Load form from pyramid request object.
+ '''
+ def __init__(self, uh, fc=UploadNullFileWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(UploadNullFileForm, self).__init__(uh, fc, data)
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+
+ # Read parent's data
+ super(UploadNullFileForm, self).read()
+
+ # Read our own data
+ self['upload_null'] = self._form.upload_null.data
+ self['null_rep'] = self._form.null_rep.data
+
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ if self['upload_null']:
+ upload_null_checked = CHECKED
+ else:
+ upload_null_checked = UNCHECKED
+
+ response = super(UploadNullFileForm, self).write(result, errors)
+ response['upload_null'] = upload_null_checked
+ response['null_rep'] = self['null_rep']
+ return response
+
+
+class UploadTableForm(UploadNullFileForm):
+ '''
+ Acts like a dict, but with extra methods.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+
+ Methods:
+ read() Load form from pyramid request object.
+ '''
+ def __init__(self, uh, fc=UploadTableWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(UploadTableForm, self).__init__(uh, fc, data)
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+
+ # Read parent's data
+ super(UploadTableForm, self).read()
+
+ # Read our own data
+ self['table'] = self._form.table.data
+
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ response = super(UploadTableForm, self).write(result, errors)
+ response['table'] = self['table']
+ return response
+
+
+class UploadDoubleTableForm(UploadTableForm):
+ '''
+ Acts like a dict, but with extra methods.
+
+ Attributes:
+ uh The UploadHandler instance using the form
+
+ Methods:
+ read() Load form from pyramid request object.
+ '''
+ def __init__(self, uh, fc=UploadTableWTForm, data={}, **kwargs):
+ data.update(kwargs)
+ super(UploadDoubleTableForm, self).__init__(uh, fc, data)
+
+ def read(self):
+ '''
+ Read form data from the client
+ '''
+ # Read parent's data
+ super(UploadDoubleTableForm, self).read()
+
+ # Read our own data
+ post = self.uh.request.POST
+ if 'last_key' in post:
+ self['last_key'] = post['last_key']
+ else:
+ self['last_key'] = ''
+
+ def write(self, result, errors):
+ '''
+ Produces the dict pyramid will use to render the form.
+ '''
+ response = super(UploadDoubleTableForm, self).write(result, errors)
+ response['last_key'] = self['last_key']
+ return response
+
+
+# Utility functions
+
+def textualize(st):
+ '''
+ Return pg representation of NULL for None when string st is None.
+ '''
+ return 'NULL' if st == None else st
+
+def is_checked(val):
+ '''Is the value something a html input entity recognizes as checked?'''
+ return val == CHECKED
+
+# Some functions for logging
+
+def escape_eol(string):
+ '''Change all the newlines to \n.'''
+ return string.replace('\n', r'\n')
+
+def format_exception(ex):
+ '''Return an exception formatted as suffix text for a log message.'''
+ if isinstance(ex, psycopg2.DatabaseError):
+ diag = ex.diag
+ msg = diag.message_primary
+ if hasattr(diag, 'message_detail'):
+ msg += ', detail={0}'.format(escape_eol(diag.message_detail))
+ if hasattr(diag, 'message_hint'):
+ msg += ', hint={0}'.format(escape_eol(diag.message_hint))
+ elif isinstance(ex, UploadError):
+ msg = ex.e
+ if ex.descr != '':
+ msg += ' {0}'.format(escape_eol(ex.descr))
+ if ex.detail != '':
+ msg += ' {0}'.format(escape_eol(ex.detail))
+ else:
+ msg = ''
+ if msg != '':
+ msg = ': Error is ({0})'.format(msg)
+ return msg
+
+# Error handling
+
+class UploadError(Exception):
+ '''
+ Module exceptions are derived from this class.
+
+ lineno Line number to which error pertains, if any
+ e The error message
+ descr More description of the error
+ detail Extra HTML describing the error
+ data Line of data causing problem, if any
+
+ UploadError
+ * Error
+ * NoHeadersError
+ * NoDataError
+ * DBError
+ * DBCommitError
+ * DBDataLineError
+ * DataLineError
+ * TooManyColsError
+ '''
+ def __init__(self, e, lineno = '', descr='', detail='', data = ''):
+ super(UploadError, self).__init__()
+ self.lineno = lineno
+ self.e = e
+ self.descr = descr
+ self.detail = detail
+ self.data = data
+
+ def __str__(self):
+ out = 'error ({0})'.format(self.e)
+ if self.lineno != '':
+ out = '{0}: lineno ({1})'.format(out, self.lineno)
+ if self.descr != '':
+ out = '{0}: descr ({1})'.format(out, self.descr)
+ if self.detail != '':
+ out = '{0}: detail ({1})'.format(out, self.detail)
+ if self.data != '':
+ out = '{0}: data ({1})'.format(out, self.data)
+ return out
+
+class Error(UploadError):
+ '''
+ Module exceptions rasied while setting up to read data lines
+ are derived from this class.
+
+ e The error message
+ descr More description of the error
+ detail Extra HTML describing the error
+ '''
+ def __init__(self, e, descr='', detail=''):
+ super(Error, self).__init__(e=e, descr=descr, detail=detail)
+
+class NoFileError(Error):
+ '''No file uploaded'''
+ def __init__(self, e, descr='', detail=''):
+ super(NoFileError, self).__init__(e, descr, detail)
+
+class NoDBError(Error):
+ '''No database name given'''
+ def __init__(self, e, descr='', detail=''):
+ super(NoDBError, self).__init__(e, descr, detail)
+
+class NoUserError(Error):
+ '''No user name supplied'''
+ def __init__(self, e, descr='', detail=''):
+ super(NoUserError, self).__init__(e, descr, detail)
+
+class AuthFailError(Error):
+ '''Unable to connect to the db'''
+ def __init__(self, e, descr='', detail=''):
+ super(AuthFailError, self).__init__(e, descr, detail)
+
+class DryRunError(Error):
+ '''Rollback due to dry_run config option'''
+ def __init__(self, e, descr='', detail=''):
+ super(DryRunError, self).__init__(e, descr, detail)
+
+class CSRFError(Error):
+ '''Invalid CSRF token'''
+ def __init__(self, e, descr='', detail=''):
+ super(CSRFError, self).__init__(e, descr, detail)
+
+class NoHeadersError(Error):
+ '''No column headings found'''
+ def __init__(self, e, descr='', detail=''):
+ super(NoHeadersError, self).__init__(e, descr, detail)
+
+class NoDataError(Error):
+ '''No data uploaded'''
+ def __init__(self, e, descr='', detail=''):
+ super(NoDataError, self).__init__(e, descr, detail)
+
+class DuplicateUploadError(Error):
+ '''The same filename updated twice into the same db'''
+ def __init__(self, e, descr='', detail=''):
+ super(DuplicateUploadError, self).__init__(e, descr, detail)
+
+class DataInconsistencyError(Error):
+ def __init__(self, e, descr='', detail=''):
+ super(DataInconsistencyError, self).__init__(e, descr, detail)
+
+class DBError(Error):
+ '''psycopg2 raised an error'''
+ def __init__(self, pgexc, e='process your request'):
+ '''
+ pgexc The psycopg2 exception object
+ e Description of what PG was doing
+ '''
+ super(DBError, self).__init__(
+ 'PostgreSQL is unable to ' + e + ':',
+ 'It reports:',
+ self.html_blockquote(pgexc))
+
+ def html_blockquote(self, ex):
+ '''
+ Produce an html formatted message from a psycopg2 DatabaseError
+ exception.
+ '''
+ primary = cgi_escape(ex.diag.message_primary)
+
+ if ex.diag.message_detail == None:
+ detail = ''
+ else:
+ detail = '<br />DETAIL: ' + cgi_escape(ex.diag.message_detail)
+
+ if ex.diag.message_hint == None:
+ hint = ''
+ else:
+ hint = '<br />HINT: ' + cgi_escape(ex.diag.message_hint)
+
+ return '<blockquote><p>{0}: {1}{2}{3}</p></blockquote>'.format(
+ ex.diag.severity,
+ primary,
+ detail,
+ hint)
+
+class DBCommitError(DBError):
+ def __init__(self, pgexc):
+ super(DBCommitError, self).__init__(pgexc)
+
+class DBDataLineError(DBError):
+ '''Database generated an error while the processor was running.'''
+
+ def __init__(self, udl, pgexc):
+ '''
+ udl An UploadDataLine instance
+ pgexc The psycopg2 exception object
+ '''
+ super(DBDataLineError, self).__init__(pgexc)
+ self.lineno = udl.lineno
+ self.data = udl.raw
+
+
+class DataLineError(UploadError):
+ '''
+ Module exceptions rasied while line-by-line processing the uploaded
+ data are derived from this class.
+
+ lineno The line number
+ e The error message
+ descr More description of the error
+ detail Extra HTML describing the error
+ data The uploaded data
+ '''
+ def __init__(self, lineno, e, descr='', detail='', data=''):
+ super(DataLineError, self).__init__(e, lineno, descr, detail, data)
+
+class TooManyColsError(DataLineError):
+ def __init__(self, lineno, e, descr='', detail='', data=''):
+ super(TooManyColsError, self).__init__(lineno, e, descr, detail, data)
+
+
+# Upload processing
+
+class SQLCommand(object):
+ '''
+ An SQL command that returns nothing
+
+ Attributes:
+ stmt The statement, formatted for psycopg2 substitution
+ args Tuple of arguments used to substitute when executed.
+ '''
+ def __init__(self, stmt, args, ec=None):
+ '''
+ stmt The statement, formatted for psycopg2 substitution
+ args Tuple of arguments used to substitute when executed.
+ ec(ex) Produces the exception to raise an instance of on failure
+ Input:
+ ex The exception raised by psycopg2
+ '''
+ super(SQLCommand, self).__init__()
+ self.stmt = stmt
+ self.args = args
+ self.ec = ec
+
+
+ def execute(self, cur):
+ '''
+ Execute the sql statement.
+
+ Input:
+ cur A psycopg2 cursor
+
+ Side effects:
+ Does something in the db.
+ Can raise a psycopg2 error
+ '''
+ try:
+ cur.execute(self.stmt, self.args)
+ except psycopg2.DatabaseError as ex:
+ if self.ec == None:
+ raise ex
+ else:
+ raise self.ec(ex)
+
+
+class LogSQLCommand(SQLCommand):
+ '''An SQL command that logs success or failure.'''
+ def __init__(self, stmt, args, ec=None,
+ log_success=None, log_failure=None):
+ '''
+ stmt The statement, formatted for psycopg2 substitution
+ args Tuple of arguments used to substitute when executed.
+ ec(ex) Produces the exception to raise an instance of on failure
+ Input:
+ ex The exception raised by psycopg2
+ '''
+ super(LogSQLCommand, self).__init__(stmt, args, ec)
+ self.log_success = log_success
+ self.log_failure = log_failure
+
+ def execute(self, cur):
+ '''
+ Execute the sql statement.
+
+ Input:
+ cur A psycopg2 cursor
+
+ Side effects:
+ Does something in the db.
+ Can raise a psycopg2 error
+ '''
+ try:
+ super(LogSQLCommand, self).execute(cur)
+ except (UploadError, psycopg2.DatabaseError) as ex:
+ if self.log_failure:
+ self.log_failure(ex)
+ raise
+ else:
+ if self.log_success:
+ self.log_success()
+
+
+class UploadLine(object):
+ '''
+ Representation of a generic uploaded line
+
+ Responsbile for getting data out of uploaded lines.
+
+ Once out, the following attributes provide the user API:
+ raw The "raw" line as a string
+ tuples A sequence, the line split into columns
+ '''
+ def __init__(self, line, stol, mapper):
+ '''
+ line Uploaded line
+ lineno Line number
+ stol(st) Parse string st and convert into list
+ mapper(st) Maps st onto desired python representation
+ (Used for trimming whitespace)
+ '''
+ super(UploadLine, self).__init__()
+ self.raw = line
+ self.tuples = [mapper(st) for st in stol(line)]
+
+def doublequote(st):
+ '''
+ Put string in double quotes escaping according to sql's
+ requirements for an identifier.
+
+ Note that this does not work for unicode identifiers.
+ '''
+ out = '"'
+ for ch in st:
+ if ch == '"':
+ out += '""'
+ else:
+ out += ch
+ return out + '"'
+
+class UploadHeaders(UploadLine):
+ '''Uploaded heading line
+
+ Derived from UploadLine
+
+ raw The "raw" line as a string
+ tuples As a sequence
+ sql As a sql command fragment string
+ '''
+
+ def __init__(self, line, stol, mapper):
+
+ if mapper(line) == '':
+ raise NoHeadersError('No column headings found on first line',
+ 'The first line is ({0})'.format(line))
+
+ super(UploadHeaders, self).__init__(line, stol, mapper)
+ self.sql = ', '.join(['"' + doublequote(st) + '"'
+ for st in self.tuples])
+
+
+class UploadDataLine(UploadLine):
+ '''Uploaded data line
+
+ Derived from UploadLine
+
+ raw The "raw" line as a string
+ tuples As a sequence
+ lineno The line number
+ '''
+ def __init__(self, line, lineno, stol, mapper):
+ super(UploadDataLine, self).__init__(line, stol, mapper)
+ self.lineno = lineno
+
+
+class DBData(object):
+ '''Data that is to modify the db.
+
+ It is iterable, consisting of thunks which make an UploadedLine instance.
+
+ lineno Number of lines processed (including header line)
+
+ '''
+ def __init__(self):
+ self.lineno = 0
+
+ def __iter__(self):
+ return self
+
+ def __next__(self):
+ '''
+ Iterator to return a thunk which, when called, delivers the
+ next object to be loaded into the db.'''
+ self.lineno += 1
+ return self._thunk()
+
+ def _thunk():
+ '''
+ Return a thunk which, when called, delivers the next
+ object to go into the db.
+ '''
+ raise NotImpementedError()
+
+
+class SQLData(DBData):
+ '''
+ SQL statements returning no data that execute in the db.
+
+ Attributes:
+ stmts List of SQLCommand instances
+ '''
+ def __init__(self, stmts):
+ '''
+ stmts List of SQLCommand instances
+ '''
+ super(SQLData,self).__init__()
+ self.stmts = stmts
+
+ def gen(stmts):
+ for stmt in stmts:
+ yield stmt
+
+ self.stmt_gen = gen(stmts)
+
+ def _thunk(self):
+ stmt = next(self.stmt_gen)
+ return lambda: stmt
+
+
+class UploadData(DBData):
+ '''Uploaded data file
+
+ It is iterable, consisting of thunks which make an UploadedLine instance.
+
+ headers UploadedHeaders instance
+ cols Number of columns
+ lineno Number of lines processed (including header line)
+
+ '''
+ def __init__(self, fileo, file_fmt, null_data, null_rep, trim=True):
+ '''
+ fileo Uploaded file object
+ file_fmt File format: CSV or TAB
+ null_data (boolean) Uploaded data contains nulls
+ null_rep Uploaded string representation of null
+ trim (boolean) Trim leading and trailing whitespace?
+ '''
+
+ def get_headers():
+ try:
+ line = next(self._fileo)
+ except StopIteration:
+ raise NoDataError('Uploaded file contains no data')
+ else:
+ self.lineno += 1
+ # Intuit the eol sequence
+ if line[-2:] == '\r\n':
+ eol = '\r\n';
+ line = line[:-2]
+ elif line[-1:] == '\n':
+ eol = '\n'
+ line = line[:-1]
+ elif line[-1:] == '\r':
+ eol = '\r'
+ line = line[:-1]
+ else:
+ # Give up
+ eol = ''
+
+ if file_fmt == CSV:
+ func = lambda st: next(csv_reader((st,)))
+ else:
+ func = lambda st: st.split('\t')
+ return (eol, UploadHeaders(line, func, do_trim))
+
+ super(UploadData, self).__init__()
+
+ if trim:
+ do_trim = lambda st: st.strip()
+ else:
+ do_trim = lambda st: st
+
+ # Read lines as text with line endings intact.
+ # newline='' required by csv.reader()
+ self._fileo = io.TextIOWrapper(fileo, newline='')
+
+ # Get column headings
+ eol, self.headers = get_headers()
+ neg_eollen = -len(eol)
+ self.cols = len(self.headers.tuples)
+
+ # Create parser to read raw lines into a list
+ if file_fmt == CSV:
+ self._parser = lambda st: self._extend(st,
+ next(csv_reader((st,))))
+ else: # Tab delimited format
+ def tab_parser(line):
+ if neg_eollen and line[neg_eollen:] == eol:
+ line = line[:neg_eollen]
+ return self._extend(line, line.split('\t'))
+ self._parser = tab_parser
+
+ # Create mapper to frob data elements
+ if null_data:
+ null_rep = do_trim(null_rep)
+ # psycopg2 maps None to NULL
+ def mapper(st):
+ st = do_trim(st)
+ return None if st == null_rep else st
+ self._mapper = mapper
+ else:
+ self._mapper = do_trim
+
+ def _thunk(self):
+ '''
+ Return a thunk which, when called, delivers the
+ UploadDataLine of the next line of the uploaded file..
+ '''
+ line = next(self._fileo)
+ return lambda: UploadDataLine(line,
+ self.lineno,
+ self._parser,
+ self._mapper)
+
+ def _extend(self, line, seq):
+ '''Give the list as many elements as there are in the header.
+
+ line line as string
+ seq line as sequence
+
+ If there's too many elements, raise an error.
+ '''
+ if len(seq) > self.cols:
+ raise TooManyColsError(self.lineno,
+ 'Line has too many columns',
+ 'More columns than column headings',
+ data=line)
+ return seq + [ '' for i in range(len(seq)+1, self.cols)]
+
+
+
+class DataLineProcessor(object):
+ '''
+ A processor supplied uploaded lines (UploadDataLine instances)
+ by an UploadEngine. The lines are expected to be put into a pg db.
+
+ Abstract class not expected to be instantiated.
+
+ Attributes:
+ ue UploadEngine instance
+ uh UploadHandler instance
+ cur psycopg2 cursor
+
+ Methods:
+ eat(udl) Given an UploadDataLine instance put the line in the db.
+ '''
+ def __init__(self, ue, uh):
+ '''
+ ue UploadEngine instance
+ uh UploadHandler instance
+ '''
+ super(DataLineProcessor, self).__init__()
+ self.ue = ue
+ self.uh = uh
+ self.cur = ue.cur
+
+ def eat(udl):
+ '''
+ Update the db with the content of an uploaded line
+
+ udl An UploadDataLine instance
+ '''
+ raise NotImplementedError
+
+
+class NoOpProcessor(DataLineProcessor):
+ '''A processor that discards it's input.'''
+ def __init__(self, ue, uh):
+ '''
+ ue UploadEngine instance
+ uh UploadHandler instance
+ cur psycopg2 cursor
+ '''
+ super(NoOpProcessor, self).__init__(ue, uh)
+
+
+ def eat(self, udl):
+ '''
+ Executes an sql command in the db.
+
+ udl A DataLine instance.
+ '''
+ pass
+
+
+class ExecuteSQL(DataLineProcessor):
+ def __init__(self, ue, uh):
+ '''
+ ue UploadEngine instance
+ uh UploadHandler instance
+ cur psycopg2 cursor
+ '''
+ super(ExecuteSQL, self).__init__(ue, uh)
+
+
+ def eat(self, sqlc):
+ '''
+ Executes an sql command in the db.
+
+ sqlc An SQLCommand instance (a command and it's args)
+ '''
+ sqlc.execute(self.cur)
+
+
+class DBHandler(object):
+ '''
+ Abstract class of a handler that modifies the db.
+
+ The main logic goes here, including getting the data
+ into and out of the db.
+
+ Responsible for:
+ Telling the form (LoadedForm) to get user data
+ Retrieval of data file or generation of other data to go in the db
+ (Generally involving an UploadData instance, and hence an UploadLine
+ instance.)
+ Validation of user supplied data; error raising:
+ The html form data
+ Whatever other data is uploaded or otherwise passed in
+ Pre-processing to prepare for getting data into the db
+ (Pre-processing is referred to as "setup" presently.)
+ Getting the individual bits of data into and out of the db
+ (by way of having a factory that produces a DataLineProcessor)
+ Post-processing to wrap up after the data is in the db
+ (Post-processing is referred to as "cleanup" presently.)
+ Rendering the html output
+
+ Attributes:
+ request A pyramid request instance
+ uf An UploadForm instance
+ data Something (beyond what's on the form) that goes into db
+ '''
+ def __init__(self, request):
+ '''
+ request A pyramid request instance
+ '''
+ super(DBHandler, self).__init__()
+ self.request = request
+ self.uf = self.make_form()
+
+ def make_form(self):
+ '''
+ Return an instantiation of the upload form needed
+ by the upload handler.
+ '''
+ raise NotImpliementedError
+
+ def get_data(self):
+ '''
+ Put something that will go into the db into the 'data' attribute.
+ '''
+ raise NotImplimentedError
+
+ def val_input(self):
+ '''
+ Validate input needed beyond that required to connect to the db.
+
+ Note that this occurs after read() is called.
+
+ This is expected to be replaced by it's subclass.
+ '''
+ return []
+
+ def read(self):
+ '''Read the html form into the upload form instance'''
+ self.uf.read()
+
+ def write(self, result, errors):
+ '''
+ Return dict needed to render an html form
+
+ Input:
+ errors List of Error instances
+
+ Returns:
+ Dict pyramid will use to render the resulting form
+ Reserved keys:
+ errors A list of UploadError exceptions.
+ '''
+ return self.uf.write(result, errors)
+
+ def cleanup(self):
+ '''
+ Called after all lines are processed to do any final
+ updates to the db.
+ '''
+ pass
+
+ def render(self, errors, response):
+ '''
+ Return to pyramid what's needed to render the appropriate html
+ page.
+
+ Input:
+ errors List of Error instances
+ response Db connection result dict
+
+ Returns:
+ Dict pyramid will use to render the resulting form
+ '''
+ response = self.write(response, errors)
+ return response
+
+
+class SessionDBHandler(DBHandler):
+ '''
+ A DBHandler that supports sessions.
+
+ Attributes:
+ uf An UploadForm instance
+ session A pyramid session instance
+ '''
+ def __init__(self, request):
+ '''
+ request A pyramid request instance
+ '''
+ super(SessionDBHandler, self).__init__(request)
+ self.session = self.request.session
+
+ def write(self, result, errors):
+ '''
+ Add csrf token into html form to protect sessions.
+
+ Input:
+ errors List of Error instances
+
+ Returns:
+ Dict pyramid will use to render the resulting form
+ Reserved keys:
+ errors A list of UploadError exceptions.
+ csrf_token Token for detecting CSRF.
+ '''
+ response = super(SessionDBHandler, self).write(result, errors)
+ response['csrf_token'] = self.session.new_csrf_token()
+ return response
+
+
+class UploadHandler(SessionDBHandler):
+ '''
+ Handler for uploading a file.
+
+ Attributes:
+ request A pyramid request instance
+ uf An UploadForm instance
+ data (optional) A DBData instance
+ '''
+ def __init__(self, request):
+ '''
+ request A pyramid request instance
+ '''
+ super(UploadHandler, self).__init__(request)
+
+ def factory(self, ue):
+ '''
+ Takes an UploadEngine instance
+ Returns a DataLineProcessor instance
+ '''
+ raise NotImplementedError
+
+ def val_input(self):
+ '''
+ Validate input needed beyond that required to connect to the db.
+
+ Returns:
+ A list of Error instances
+ '''
+ uf = self.uf
+ errors = super(UploadHandler, self).val_input()
+
+ if uf['filename'] == '':
+ errors.append(NoFileError('No file supplied'))
+
+ return errors
+
+ def double_validator(self, errors):
+ '''Utility function that can optionally be called by
+ a val_input() function. It checks that the same file
+ has not been uploaded twice in succession to the same
+ db.
+
+ `errors`
+ List of errors. Appended to.
+ '''
+ uf = self.uf
+ if self.make_double_key() == uf['last_key']:
+ errors.append(DuplicateUploadError(
+ 'File just uploaded to this db',
+ ('File named ({0}) just uploaded'
+ .format(markupsafe.escape(uf['filename']))),
+ '<p>Try again to force upload.</p>'))
+
+ def hash_sequence(self, seq):
+ '''Produce a hash of the elements of a sequence.'''
+ hash = hashlib.md5()
+ for item in seq:
+ hash.update((hash.hexdigest() + item).encode('utf-8'))
+ return hash.hexdigest()
+
+ def make_double_key(self):
+ '''Generate unique value which identifies a double upload.'''
+ uf = self.uf
+ return self.hash_sequence((uf['db'], uf['filename']))
+
+ def write_double_key(self, response):
+ '''Utility function. Optionally called from within write()
+ to save a key which is later tested for to determine if
+ the same file is being uploaded twice in a row.
+
+ This function keys by filename and db.
+
+ The key is stored in the form and submitted in POST.
+ This way if the session times out due to inactivity
+ the double upload is still detected.
+
+ Since the data is delivered to the client and the
+ client will likely see it anyway we use a hash not
+ for security but just to provide a convenient single
+ value that can be tested.
+
+ Input:
+ response Dict used by pyramid to render html form.
+
+ Side effects:
+ Modifies response. Adds 'last_key' entry used by form to store key.
+ '''
+ response['last_key'] = self.make_double_key()
+
+ def write(self, result, errors):
+ '''
+ Add lines processed and number of errors into html form
+ shown the user.
+
+ Input:
+ errors List of Error instances
+
+ Returns:
+ Dict pyramid will use to render the resulting form
+ Reserved keys:
+ errors A list of UploadError exceptions.
+ csrf_token Token for detecting CSRF.
+ e_cnt Number of errors.
+ db_changed Boolean. Whether the db was changed.
+ '''
+ response = super(UploadHandler, self).write(result, errors)
+ if hasattr(self, 'data'):
+ response['lines'] = self.data.lineno - 1
+ response['e_cnt'] = len(errors)
+ response['db_changed'] = (not response['errors']
+ and self.uf['action'] != '')
+ return response
+
+
+class TabularFileUploadHandler(UploadHandler):
+ '''
+ Handler for uploading a file with rows and columns and column headings.
+
+ Attributes:
+ request A pyramid request instance
+ uf An UploadForm instance
+ data An UploadData instance
+ '''
+ def __init__(self, request):
+ '''
+ request A pyramid request instance
+ '''
+ super(TabularFileUploadHandler, self).__init__(request)
+
+ def cleanup(self):
+ '''Finish after processing all lines.'''
+ lines = self.ue.data.lineno
+ if lines == 1:
+ raise DataLineError(
+ 1,
+ 'File contains no data',
+ ('No lines found after '
+ 'initial line of column headings'))
+
+
+class DBConnector(object):
+ '''Abstract class supporting db connection and execution of a
+ processor function that alters the db content.
+
+ Responsible for connecting to the db, transaction management,
+ and running the DataLineProcessor instances produced by the
+ DBConnector's (the UploadHandler's) factory.
+ Collects all errors raised during the processing.
+ Telling the uploadhandler to cleanup. This is done after
+ all upload processing and before commit or rollback
+ (and before the connection is closed).
+
+ Attributes:
+ uh An UploadHandler instance.
+ cur A psycopg2 cursor instance
+ db Name of db to connect to
+ user User to connect to db
+ password Password to connect to db
+ action Upload form's hidden action variable
+ '' means not submitted, anything else means take action
+
+ Methods:
+ run() Get a DataLineProcessor instance from the upload handler's
+ factory and feed it by iterating over data.
+ '''
+
+ def __init__(self, uh):
+ '''
+ uh An UploadHandler instance
+ '''
+ super(DBConnector, self).__init__()
+
+ # Configuration and response management.
+ self.uh = uh
+
+ def alter_db(self, conn):
+ '''
+ Alter the contents of the db.
+
+ Input:
+ conn A database connection
+
+ Returns:
+ A list of Error instances
+
+ Side Effects:
+ Alter's db
+ '''
+
+ raise NotImplementedError
+
+
+ def no_connection_response(self):
+ '''
+ The result dict to use when call_with_connection is not called.
+ Matches with the result dict of call_with_connection
+
+ Returns:
+ Dict pyramid will use to render the resulting form.
+ Reserved keys:
+ havecreds Boolean. Supplied credentials can connect to db.
+ '''
+ return {'havecreds' : False}
+
+ def nodberror_factory(self):
+ return NoDBError('No database name supplied')
+
+ def nousererror_factory(self):
+ return NoUserError('No user name supplied as login credentials')
+
+ def authfailerror_factory(self):
+ return AuthFailError('Unable to login',
+ 'Is the database, user, and password correct?')
+
+ def dryrunerror_factory(self):
+ return DryRunError('Configured for "dry_run":'
+ ' Transaction deliberately rolled back')
+
+ def upload_data(self, data, errors):
+ '''Put a DBData object into the db.
+
+ Input:
+ data A DBData object.
+ errors A list of errors
+
+ Side Effects:
+ Alters db content
+ Add errors to `errors`.
+ '''
+ raise NotImplementedError
+
+ def alter_db(self, conn):
+ '''
+ Alter the contents of the db.
+
+ Input:
+ conn A database connection
+
+ Returns:
+ A list of Error instances
+
+ Side Effects:
+ Alter's db
+ '''
+
+ errors = []
+ try:
+ self.uh.get_data()
+ self.data = self.uh.data
+ self.cur = conn.cursor()
+ # (Cannot call uh until after self is fully
+ # initalized, including self.cur.)
+ processor = self.uh.factory(self)
+ except Error as ex:
+ errors.append(ex)
+ else:
+ try:
+ self.upload_data(processor, self.data, errors)
+ # Let upload handler finish
+ try:
+ self.uh.cleanup()
+ except UploadError as ex:
+ errors.append(ex)
+ finally:
+ self.cur.close()
+ return errors
+
+ def call_with_connection(self, func):
+ '''
+ Validate input, connect to the db, and do something with
+ the connection.
+
+ func(conn) Call this function with the connection.
+ func(conn) must return a list of Error instances
+
+ Returns:
+ (errors, response)
+ errors List of Error instances
+ response Dict pyramid will use to render the resulting form.
+ The dict returned by func(conn) plus reserved keys.
+ Reserved keys:
+ havecreds Boolean. Supplied credentials can
+ connect to db.
+ Side effects:
+ Raises errors, calls func(conn)
+ '''
+ errors = []
+ havecreds = False
+ response = {}
+
+ uf = self.uh.uf
+
+ if self.db == '':
+ errors.append(self.nodberror_factory())
+
+ if self.user == '':
+ errors.append(self.nousererror_factory())
+
+ newes = self.uh.val_input()
+ if newes:
+ if not errors:
+ havecreds = True
+ errors.extend(newes)
+
+ if not errors:
+ registry = self.uh.request.registry
+ try:
+ conn = psycopg2.connect(
+ database = self.db,
+ user = self.user,
+ password = self.password,
+ host = registry.settings['pg_host'],
+ port = registry.settings['pg_port'])
+ except psycopg2.OperationalError:
+ errors = [self.authfailerror_factory()]
+ havecreds = False
+ else:
+ havecreds = True
+ errors = self.call_alter_db(func, conn)
+
+ response.update({'havecreds' : havecreds
+ })
+ return (errors, response)
+
+ def read_uh(self):
+ '''Read data into the upload handler.'''
+ self.uh.read()
+
+ def read_db(self):
+ '''Read the db from the upload handler.'''
+ self.db = self.uh.uf['db']
+
+ def read_user(self):
+ '''Read the username from the upload handler.'''
+ self.user = self.uh.uf['user']
+
+ def read_password(self):
+ '''Read the password from the upload handler.'''
+ if 'password' in self.uh.uf:
+ self.password = self.uh.uf['password']
+ else:
+ self.password = ''
+
+ def read_action(self):
+ '''Read the action from the upload handler.'''
+ self.action = self.uh.uf['action']
+
+ def read(self):
+ '''Allows for custom engines to map what the handler
+ has to what they need.
+ '''
+ self.read_uh()
+ self.read_db()
+ self.read_user()
+ self.read_password()
+ self.read_action()
+
+ def run(self):
+ '''Call the alter_db function with the connection to alter the db,
+ render form and return Response
+
+ Input:
+
+ Returns:
+ (errors, response)
+ errors List of Error instantiations
+ response Dict containing connection result info
+
+ Side effects:
+ Maintains session
+ (Whatever the processor() call does)
+ Outputs html
+ '''
+ self.read()
+
+ if self.action == 'u':
+ errors, response = self.call_with_connection(self.alter_db)
+ else:
+ errors = []
+ response = self.no_connection_response()
+
+ return self.uh.render(errors, response)
+
+
+class NoTransactionEngine(DBConnector):
+ '''An engine that does not run things in a transaction.
+
+ It also does not do CSRF checking.
+
+ Attributes:
+ uh An UploadHandler instance.
+ data An UploadData instance of the uploaded data
+ cur A psycopg2 cursor instance
+ db Name of db to connect to
+ user User to connect to db
+ password Password to connect to db
+ action Upload form's hidden action variable
+ '' means not submitted, anything else means take action
+
+ Methods:
+ run() Get a DataLineProcessor instance from the upload handler's
+ factory and feed it by iterating over data.
+ '''
+ def __init__(self, uh):
+ '''
+ uh An UploadHandler instance
+ '''
+ super(NoTransactionEngine, self).__init__(uh)
+
+ def call_alter_db(self, func, conn):
+ '''
+ Call a database modification function with a db connection,
+ turning off the automatic wrapping of the activity in
+ a transaction.
+
+ func(conn) Call this function with the connection.
+ func(conn) must return a list of Error instances
+
+ Returns:
+ errors List of Error instances
+ Side effects:
+ Calls func(conn)
+ '''
+ conn.set_session(autocommit=True)
+ errors = func(conn)
+ conn.close()
+ return errors
+
+ def upload_data(self, processor, data, errors):
+ '''Put a DBData object into the db, without a wrapping transaction.
+
+ Input:
+ processor A DataLineProcessor object.
+ data A DBData object.
+ errors A list of errors
+
+ Side Effects:
+ Alters db content
+ Add errors to `errors`.
+ '''
+ for thunk in data:
+ try:
+ udl = thunk()
+ except DataLineError as ex:
+ errors.append(ex)
+ else:
+ try:
+ processor.eat(udl)
+ except psycopg2.DatabaseError as ex:
+ errors.append(DBDataLineError(udl, ex))
+ except DataLineError as ex:
+ errors.append(ex)
+ except DBError as ex:
+ errors.append(ex)
+
+
+class UnsafeUploadEngine(DBConnector):
+ '''Abstract class supporting repeatedly running a processer to put
+ uploaded data into db.
+
+ Attributes:
+ uh An UploadHandler instance.
+ data An UploadData instance of the uploaded data
+ cur A psycopg2 cursor instance
+ db Name of db to connect to
+ user User to connect to db
+ password Password to connect to db
+ action Upload form's hidden action variable
+ '' means not submitted, anything else means take action
+
+ Methods:
+ run() Get a DataLineProcessor instance from the upload handler's
+ factory and feed it by iterating over data.
+ eat_old_line(udl, thunk)
+ Trap errors raised by the db while running thunk.
+ Report any errors as due to the udl UploadDataLine
+ instance.
+ '''
+ def __init__(self, uh):
+ '''
+ uh An UploadHandler instance
+ '''
+ super(UnsafeUploadEngine, self).__init__(uh)
+
+ def call_alter_db(self, func, conn):
+ '''
+ Call a database modification function with a connection.
+
+ func(conn) Call this function with the connection.
+ func(conn) must return a list of Error instances
+
+ Returns:
+ errors List of Error instances
+ Side effects:
+ Calls func(conn)
+ '''
+ errors = func(conn)
+
+ if errors:
+ conn.rollback()
+ else:
+ if ast.literal_eval(self.uh.request.registry.settings['dry_run']):
+ conn.rollback()
+ errors.append(self.dryrunerror_factory())
+ else:
+ try:
+ conn.commit()
+ except psycopg2.DatabaseError as ex:
+ errors.append(DBCommitError(ex))
+ conn.close()
+ return errors
+
+ def eat_old_line(self, udl, thunk):
+ '''
+ Run thunk and report any errors raised by the db as due to
+ the UploadDataLine instance udl.
+
+ Returns:
+ The result of running thunk.
+ '''
+ try:
+ result = thunk()
+ except psycopg2.DatabaseError as ex:
+ raise DBDataLineError(udl, ex)
+ else:
+ return result
+
+ def upload_data(self, processor, data, errors):
+ '''Put a DBData object into the db.
+
+ Input:
+ processor A DataLineProcessor object.
+ data A DBData object.
+ errors A list of errors
+
+ Side Effects:
+ Alters db content
+ Add errors to `errors`.
+ '''
+ for thunk in data:
+ try:
+ udl = thunk()
+ except DataLineError as ex:
+ errors.append(ex)
+ else:
+ self.cur.execute(
+ 'SAVEPOINT line_savepoint;')
+ try:
+ processor.eat(udl)
+ except psycopg2.DatabaseError as ex:
+ self.cur.execute(
+ 'ROLLBACK TO line_savepoint;')
+ errors.append(DBDataLineError(udl, ex))
+ except DataLineError as ex:
+ self.cur.execute(
+ 'ROLLBACK TO line_savepoint;')
+ errors.append(ex)
+ except DBError as ex:
+ self.cur.execute(
+ 'ROLLBACK TO line_savepoint;')
+ errors.append(ex)
+ else:
+ self.cur.execute(
+ 'RELEASE line_savepoint;')
+
+
+class UploadEngine(UnsafeUploadEngine):
+ '''Abstract class supporting repeatedly running a processor
+ to alter db content. Adds cross-site request forgery checking
+ to the UnsafeUploadEngine class.
+
+ Attributes:
+ uh An UploadHandler instance.
+ cur A psycopg2 cursor instance
+ db Name of db to connect to
+ user User to connect to db
+ password Password to connect to db
+ action Upload form's hidden action variable
+ '' means not submitted, anything else means take action
+ csrf_token The client's csrf_token
+
+ Methods:
+ run() Get a DataLineProcessor instance from the upload handler's
+ factory and feed it by iterating over data.
+ '''
+
+ def __init__(self, uh):
+ '''
+ uh An UploadHandler instance
+ '''
+ super(UploadEngine, self).__init__(uh)
+
+ def csrferror_factory(self):
+ return CSRFError(
+ 'Your request failed and you are now logged out',
+ ('This is a security measure. '
+ 'Some possible causes are:'),
+ ('<ul>'
+ '<li>Cookies are off in the browser</li> '
+ '<li>Reload of an expired page</li> '
+ ' <ul>'
+ ' <li>Use of the Back button to (re)submit'
+ ' an old page</li>'
+ ' <li>An attacker has crafted a page which resubmits'
+ ' one of your old page submissions</li>'
+ ' </ul> '
+ '<li>Server restart</li> '
+ '<li>Login session expired due to inactivity</li>'
+ '</ul>'))
+
+ def read_csrf_token(self):
+ '''Save the csrf token.'''
+ post = self.uh.request.POST
+ if 'csrf_token' in post:
+ self.csrf_token = post['csrf_token']
+ else:
+ self.csrf_token = None
+
+ def read(self):
+ '''Add a csrf_token.'''
+ super(UploadEngine, self).read()
+ self.read_csrf_token()
+
+ def call_with_connection(self, func):
+ '''
+ Connect to the db.
+
+ func(conn) Call this function with the connection.
+ f(conn) must return a (errors, dict) tuple result,
+ errors list of Error instances
+ dict other results
+
+ Returns:
+ (errors, response)
+ errors List of Error instances
+ response Dict pyramid will use to render the resulting form.
+ The dict returned by func(conn) plus reserved keys.
+ Reserved keys:
+ havecreds Boolean. Supplied credentials can
+ connect to db.
+ session_expired Boolean. Session expired.
+ Side effects:
+ Raises errors, calls func(conn)
+ '''
+ session = self.uh.session
+
+ token = session.get_csrf_token()
+ if token != self.csrf_token:
+ session.invalidate()
+ response = self.no_connection_response()
+ response['session_expired'] = True
+ return([self.csrferror_factory()]
+ , response)
+ else:
+ (errors, response) = (super(UploadEngine, self)
+ .call_with_connection(func))
+ response['session_expired'] = False
+ return (errors, response)
projects / pgwui_core / commitdiff