api.py

# Copyright 2014, Ian Gulliver
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging
import webapp2

from google.appengine.api import channel
from google.appengine.ext import db

from cosmopolite.lib import auth
from cosmopolite.lib import models
from cosmopolite.lib import security
from cosmopolite.lib import session
from cosmopolite.lib import utils

import config


def CreateChannel(google_user, client, instance_id, args):
  models.Instance.FindOrCreate(instance_id)

  token = channel.create_channel(
      client_id=instance_id,
      duration_minutes=config.CHANNEL_DURATION_SECONDS / 60)
  events = []
  if google_user:
    events.append({
      'event_type':   'login',
      'profile':      str(client.parent_key()),
      'google_user':  google_user.email(),
    })
  else:
    events.append({
      'event_type': 'logout',
      'profile':      str(client.parent_key()),
    })

  return {
    'token': token,
    'events': events,
  }


def Pin(google_user, client, instance_id, args):
  instance = models.Instance.FromID(instance_id)

  subject = args['subject']
  message = args['message']
  sender_message_id = args['sender_message_id']

  try:
    models.Subject.FindOrCreate(subject).Pin(
        message, client.parent_key(), sender_message_id, instance)
  except models.DuplicateMessage:
    logging.warning('Duplicate pin: %s', sender_message_id)
    return {
      'result': 'duplicate_message',
    }
  except models.AccessDenied:
    logging.warning('Pin access denied')
    return {
      'result': 'access_denied',
    }

  return {
    'result': 'ok',
  }


def SendMessage(google_user, client, instance_id, args):
  subject = args['subject']
  message = args['message']
  sender_message_id = args['sender_message_id']

  try:
    models.Subject.FindOrCreate(subject).SendMessage(
        message, client.parent_key(), sender_message_id)
  except models.DuplicateMessage:
    logging.warning('Duplicate message: %s', sender_message_id)
    return {
      'result': 'duplicate_message',
    }
  except models.AccessDenied:
    logging.warning('SendMessage access denied')
    return {
      'result': 'access_denied',
    }

  return {
    'result': 'ok',
  }


def Subscribe(google_user, client, instance_id, args):
  instance = models.Instance.FromID(instance_id)
  if not instance or not instance.active:
    # Probably a race with the channel opening
    return {
      'result': 'retry',
    }

  subject = models.Subject.FindOrCreate(args['subject'])
  messages = args.get('messages', 0)
  last_id = args.get('last_id', None)

  try:
    return {
      'result': 'ok',
      'events': models.Subscription.FindOrCreate(
          subject, client, instance, messages, last_id),
    }
  except models.AccessDenied:
    logging.warning('Subscribe access denied')
    return {
      'result': 'access_denied',
    }


def Unpin(google_user, client, instance_id, args):
  instance = models.Instance.FromID(instance_id)
  subject = args['subject']
  sender_message_id = args['sender_message_id']

  try:
    models.Subject.FindOrCreate(subject).Unpin(
        client.parent_key(), sender_message_id, instance.key())
  except models.AccessDenied:
    logging.warning('Pin access denied')
    return {
      'result': 'access_denied',
    }

  return {
    'result': 'ok',
  }


def Unsubscribe(google_user, client, instance_id, args):
  instance = models.Instance.FromID(instance_id)
  subject = models.Subject.FindOrCreate(args['subject'])
  models.Subscription.Remove(subject, instance)

  return {}


class APIWrapper(webapp2.RequestHandler):

  _COMMANDS = {
      'createChannel': CreateChannel,
      'pin': Pin,
      'sendMessage': SendMessage,
      'subscribe': Subscribe,
      'unpin': Unpin,
      'unsubscribe': Unsubscribe,
  }

  @utils.chaos_monkey
  @utils.expects_json
  @utils.returns_json
  @utils.local_namespace
  @security.google_user_xsrf_protection
  @security.weak_security_checks
  @session.session_required
  def post(self):
    ret = {
        'status': 'ok',
        'responses': [],
        'events': [],
    }
    for command in self.request_json['commands']:
      callback = self._COMMANDS[command['command']]
      result = callback(
          self.verified_google_user,
          self.client,
          self.request_json['instance_id'],
          command.get('arguments', {}))
      # Magic: if result contains "events", haul them up a level so the
      # client can see them as a single stream.
      ret['events'].extend(result.pop('events', []))
      ret['responses'].append(result)
    return ret


app = webapp2.WSGIApplication([
  (config.URL_PREFIX + '/api', APIWrapper),
])
Initial snapshot. 2014-03-25 13:43:11 -07:00			`# Copyright 2014, Ian Gulliver`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

Move onReady callback to after channel response from server, so we have a client_id before we start sending other RPCs. 2014-05-14 23:28:56 +03:00			`import logging`
Initial snapshot. 2014-03-25 13:43:11 -07:00			`import webapp2`

			`from google.appengine.api import channel`
			`from google.appengine.ext import db`

			`from cosmopolite.lib import auth`
			`from cosmopolite.lib import models`
			`from cosmopolite.lib import security`
			`from cosmopolite.lib import session`
			`from cosmopolite.lib import utils`

			`import config`


Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`def CreateChannel(google_user, client, instance_id, args):`
Make Instance actually stand alone. 2014-05-23 15:00:28 -07:00			`models.Instance.FindOrCreate(instance_id)`
Switch to using Instance key as the channel_id, since there seems to be an undocumented length limit. 2014-05-23 11:23:30 -07:00
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`token = channel.create_channel(`
Remove Instance from the Profile hierarchy to allow key_name queries. 2014-05-23 14:29:11 -07:00			`client_id=instance_id,`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`duration_minutes=config.CHANNEL_DURATION_SECONDS / 60)`
Remove SetValue/GetValue. Add debug console support for keeping track of streaming key values. 2014-05-11 19:34:42 +03:00			`events = []`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`if google_user:`
Make the structure that we pass over the channel or pseudo-channel called an "event". Make the string that we pass through pubsub called a "message". 2014-05-09 15:00:48 -07:00			`events.append({`
			`'event_type': 'login',`
Add a way to fetch our current profile ID. 2014-05-16 19:03:33 +03:00			`'profile': str(client.parent_key()),`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`'google_user': google_user.email(),`
			`})`
			`else:`
Make the structure that we pass over the channel or pseudo-channel called an "event". Make the string that we pass through pubsub called a "message". 2014-05-09 15:00:48 -07:00			`events.append({`
			`'event_type': 'logout',`
Add a way to fetch our current profile ID. 2014-05-16 19:03:33 +03:00			`'profile': str(client.parent_key()),`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`})`

			`return {`
			`'token': token,`
Make the structure that we pass over the channel or pseudo-channel called an "event". Make the string that we pass through pubsub called a "message". 2014-05-09 15:00:48 -07:00			`'events': events,`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`}`


Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`def Pin(google_user, client, instance_id, args):`
			`instance = models.Instance.FromID(instance_id)`

			`subject = args['subject']`
			`message = args['message']`
			`sender_message_id = args['sender_message_id']`

			`try:`
			`models.Subject.FindOrCreate(subject).Pin(`
			`message, client.parent_key(), sender_message_id, instance)`
			`except models.DuplicateMessage:`
Move exception logging to warn level, so real errors stick out. 2014-05-27 14:32:15 -07:00			`logging.warning('Duplicate pin: %s', sender_message_id)`
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`return {`
			`'result': 'duplicate_message',`
			`}`
			`except models.AccessDenied:`
Move exception logging to warn level, so real errors stick out. 2014-05-27 14:32:15 -07:00			`logging.warning('Pin access denied')`
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`return {`
			`'result': 'access_denied',`
			`}`

			`return {`
			`'result': 'ok',`
			`}`


Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`def SendMessage(google_user, client, instance_id, args):`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`subject = args['subject']`
			`message = args['message']`
Suppress duplicate messages from a client (e.g. when network failure causes retries for RPCs that actually went through). 2014-05-16 23:07:38 +03:00			`sender_message_id = args['sender_message_id']`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00
Suppress duplicate messages from a client (e.g. when network failure causes retries for RPCs that actually went through). 2014-05-16 23:07:38 +03:00			`try:`
			`models.Subject.FindOrCreate(subject).SendMessage(`
Remove the concept of keys; they can just be encoded into subject names. 2014-05-25 23:50:53 -07:00			`message, client.parent_key(), sender_message_id)`
Suppress duplicate messages from a client (e.g. when network failure causes retries for RPCs that actually went through). 2014-05-16 23:07:38 +03:00			`except models.DuplicateMessage:`
Move exception logging to warn level, so real errors stick out. 2014-05-27 14:32:15 -07:00			`logging.warning('Duplicate message: %s', sender_message_id)`
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`return {`
			`'result': 'duplicate_message',`
			`}`
			`except models.AccessDenied:`
Move exception logging to warn level, so real errors stick out. 2014-05-27 14:32:15 -07:00			`logging.warning('SendMessage access denied')`
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`return {`
			`'result': 'access_denied',`
			`}`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`return {`
			`'result': 'ok',`
			`}`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00

Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`def Subscribe(google_user, client, instance_id, args):`
Remove Instance from the Profile hierarchy to allow key_name queries. 2014-05-23 14:29:11 -07:00			`instance = models.Instance.FromID(instance_id)`
			`if not instance or not instance.active:`
Per-RPC retry support, used when subscribe() can't find an active instance. 2014-05-23 15:32:31 -07:00			`# Probably a race with the channel opening`
			`return {`
			`'result': 'retry',`
			`}`
Remove Instance from the Profile hierarchy to allow key_name queries. 2014-05-23 14:29:11 -07:00
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`subject = models.Subject.FindOrCreate(args['subject'])`
			`messages = args.get('messages', 0)`
When rebuilding the channel, subscribe via last seen ID, so we don't miss messages from the time we were disconnected. 2014-05-18 11:20:44 +03:00			`last_id = args.get('last_id', None)`
Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`try:`
Remove the concept of keys; they can just be encoded into subject names. 2014-05-25 23:50:53 -07:00			`return {`
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`'result': 'ok',`
Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`'events': models.Subscription.FindOrCreate(`
Make Instance actually stand alone. 2014-05-23 15:00:28 -07:00			`subject, client, instance, messages, last_id),`
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`}`
			`except models.AccessDenied:`
Move exception logging to warn level, so real errors stick out. 2014-05-27 14:32:15 -07:00			`logging.warning('Subscribe access denied')`
Add real subject ACL support and tests. 2014-05-19 20:52:57 +03:00			`return {`
			`'result': 'access_denied',`
			`}`

Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`def Unpin(google_user, client, instance_id, args):`
			`instance = models.Instance.FromID(instance_id)`
			`subject = args['subject']`
			`sender_message_id = args['sender_message_id']`

			`try:`
			`models.Subject.FindOrCreate(subject).Unpin(`
Quiet some of the logspam around instances 2014-05-26 17:28:59 -07:00			`client.parent_key(), sender_message_id, instance.key())`
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`except models.AccessDenied:`
Move exception logging to warn level, so real errors stick out. 2014-05-27 14:32:15 -07:00			`logging.warning('Pin access denied')`
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`return {`
			`'result': 'access_denied',`
			`}`

			`return {`
			`'result': 'ok',`
			`}`


Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`def Unsubscribe(google_user, client, instance_id, args):`
Remove Instance from the Profile hierarchy to allow key_name queries. 2014-05-23 14:29:11 -07:00			`instance = models.Instance.FromID(instance_id)`
Checkpoint: working subscribe/unsubscribe and message transit, through the debug page 2014-05-10 15:47:33 +02:00			`subject = models.Subject.FindOrCreate(args['subject'])`
Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`models.Subscription.Remove(subject, instance)`
Checkpoint: working subscribe/unsubscribe and message transit, through the debug page 2014-05-10 15:47:33 +02:00
			`return {}`


Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00			`class APIWrapper(webapp2.RequestHandler):`

			`_COMMANDS = {`
			`'createChannel': CreateChannel,`
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`'pin': Pin,`
Add pubsub server API, without client API or UI yet. 2014-05-06 22:46:07 -07:00			`'sendMessage': SendMessage,`
			`'subscribe': Subscribe,`
Add support for ephemeral messages that are tied to an open channel, aka "pins". 2014-05-25 23:40:56 -07:00			`'unpin': Unpin,`
Checkpoint: working subscribe/unsubscribe and message transit, through the debug page 2014-05-10 15:47:33 +02:00			`'unsubscribe': Unsubscribe,`
Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00			`}`

Initial snapshot. 2014-03-25 13:43:11 -07:00			`@utils.chaos_monkey`
Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00			`@utils.expects_json`
Initial snapshot. 2014-03-25 13:43:11 -07:00			`@utils.returns_json`
			`@utils.local_namespace`
			`@security.google_user_xsrf_protection`
			`@security.weak_security_checks`
			`@session.session_required`
			`def post(self):`
Move message handling in RPC responses out of individual commands and to a general property of the response. 2014-05-06 13:47:57 -07:00			`ret = {`
			`'status': 'ok',`
			`'responses': [],`
Make the structure that we pass over the channel or pseudo-channel called an "event". Make the string that we pass through pubsub called a "message". 2014-05-09 15:00:48 -07:00			`'events': [],`
Move message handling in RPC responses out of individual commands and to a general property of the response. 2014-05-06 13:47:57 -07:00			`}`
Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00			`for command in self.request_json['commands']:`
			`callback = self._COMMANDS[command['command']]`
Move message handling in RPC responses out of individual commands and to a general property of the response. 2014-05-06 13:47:57 -07:00			`result = callback(`
			`self.verified_google_user,`
			`self.client,`
Add a third level construct under Profile and Client, Instance. This allows more than one connected object with the same client credentials. 2014-05-23 10:31:52 -07:00			`self.request_json['instance_id'],`
Move message handling in RPC responses out of individual commands and to a general property of the response. 2014-05-06 13:47:57 -07:00			`command.get('arguments', {}))`
Make the structure that we pass over the channel or pseudo-channel called an "event". Make the string that we pass through pubsub called a "message". 2014-05-09 15:00:48 -07:00			`# Magic: if result contains "events", haul them up a level so the`
Move message handling in RPC responses out of individual commands and to a general property of the response. 2014-05-06 13:47:57 -07:00			`# client can see them as a single stream.`
Make the structure that we pass over the channel or pseudo-channel called an "event". Make the string that we pass through pubsub called a "message". 2014-05-09 15:00:48 -07:00			`ret['events'].extend(result.pop('events', []))`
Move message handling in RPC responses out of individual commands and to a general property of the response. 2014-05-06 13:47:57 -07:00			`ret['responses'].append(result)`
Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00			`return ret`
Initial snapshot. 2014-03-25 13:43:11 -07:00

			`app = webapp2.WSGIApplication([`
Switch to a multi-request/response API to make batching possible. 2014-05-06 13:38:40 -07:00			`(config.URL_PREFIX + '/api', APIWrapper),`
Initial snapshot. 2014-03-25 13:43:11 -07:00			`])`