added api secret protection, create on users post, and user resource

hackerdojo · Feb 12, 2010 · e918ec3 · e918ec3
1 parent 8d41573
commit e918ec3
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 8 deletions.
diff --git a/keymaster.py b/keymaster.py
@@ -8,7 +8,7 @@ def get(keyname):
     return memcache.get(keyname, namespace='keymaster')
 
 def request(keyname):
-    urlfetch.fetch('http://www.thekeymaster.org/%s' % _keys[keyname][0], method='POST', payload=urllib.urlencode({'secret': _keys[keyname][1]}))
+    urlfetch.fetch('http://www.thekeymaster.org/%s' % _keys[keyname][0], method='POST', payload=urllib.urlencode({'secret': _keys[keyname][1]}), deadline=10)
 
 class _Handler(webapp.RequestHandler):
     def get(self, keyname):

diff --git a/main.py b/main.py
@@ -21,19 +21,56 @@ class MainHandler(webapp.RequestHandler):
     def get(self):
         self.response.out.write("Nothing here")
 
-class UsersHandler(webapp.RequestHandler):
-    def get(self):
-        client = gdata.apps.service.AppsService(domain='hackerdojo.com')
+class BaseHandler(webapp.RequestHandler):
+    def login(self):
+        self.client = gdata.apps.service.AppsService(domain='hackerdojo.com')
         token = memcache.get('token')
         if token:
-            client.SetClientLoginToken(token)
-            self.response.out.write(simplejson.dumps(
-                [e.title.text for e in flatten([u.entry for u in client.GetGeneratorForAllUsers()])]))
+            self.client.SetClientLoginToken(token)
+            return True
         else:
             request_token()
             self.response.set_status(503)
             self.response.out.write("Refreshing token. Please try again.")
-
+            return False
+
+    def secure(self):
+        secret = keymaster.get('api-secret')
+        if secret:
+            return secret == self.request.get('secret')
+        else:
+            keymaster.request('api-secret')
+            self.response.set_status(503)
+            self.response.out.write("Refreshing secret. Please try again.")
+            return False
+
+def user_dict(user):
+    return {
+        'last_name': user.name.family_name,
+        'first_name': user.name.given_name,
+        'username': user.login.user_name,
+        'suspended': user.login.suspended == 'true',
+        'admin': user.login.admin == 'true'}
+
+class UsersHandler(BaseHandler):
+    def get(self):
+        if self.login():
+            self.response.out.write(simplejson.dumps(
+                [e.title.text for e in flatten([u.entry for u in self.client.GetGeneratorForAllUsers()])]))        
+
+    def post(self):
+        if self.login() and self.secure():
+            self.response.out.write(simplejson.dumps(user_dict(self.client.CreateUser(
+                user_name=self.request.get('username'),
+                password=self.request.get('password'),
+                given_name=self.request.get('first_name'),
+                family_name=self.request.get('last_name')))))
+
+class UserHandler(BaseHandler):
+    def get(self, username):
+        if self.login():
+            self.response.out.write(simplejson.dumps(user_dict(self.client.RetrieveUser(username))))
+
 
 class TokenFetchHandler(webapp.RequestHandler):
     def get(self):
@@ -59,9 +96,11 @@ def main():
     application = webapp.WSGIApplication([
         ('/', MainHandler),
         ('/users', UsersHandler),
+        ('/users/(.+)', UserHandler),
         ('/token/fetch', TokenFetchHandler),
         ('/key/(.+)', keymaster.Handler({
             'domain-pass': ('6f7e71752e29e6d4b4e64daceb2a7348', '1iuy010y', request_token),
+            'api-secret': ('fa9985a40110cd254c8a36e00844d0b8', '1nty764u'),
             })),
         ],debug=True)
     util.run_wsgi_app(application)