Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
async def handle_request(self, req: request) -> str:
header_signature = req.headers.get('X-Hub-Signature')
if header_signature is None:
logger.warning(f'Request for GitHub repo \'{self.repo.name}\' did not have X-Hub-Signature header!')
abort(403)
sha_name, signature = header_signature.split('=')
if sha_name != 'sha1':
logger.warning(f'Request for GitHub repo \'{self.repo.name}\' was not signed with SHA1 function!')
abort(501)
if not self.is_data_signed_correctly(await req.data, signature):
logger.warning(f'Request for GitHub repo \'{self.repo.name}\' did not have valid signature!')
abort(403)
# Ping-Pong messages
event = req.headers.get('X-GitHub-Event', 'ping')
if event == 'ping':
return dumps({'msg': 'pong'})
if event != 'push':
logger.warning(f'Request for GitHub repo \'{self.repo.name}\' was not result of push event!')
abort(501)
if self.repo.branch:
if request.is_json:
data = await request.get_json()
else:
data = await request.form
async def sun(zip_code: str, country: str):
lat, long = await location_service.get_lat_long(zip_code, country)
sun_data = await sun_service.for_today(lat, long)
if not sun_data:
quart.abort(404)
return quart.jsonify(sun_data)
def _validate_access_token(self):
if not self._access_token:
return
if websocket:
auth = websocket.headers.get('Authorization', '')
if not auth.startswith('Token ') and not auth.startswith('token '):
abort(401)
token_given = auth[len('Token '):].strip()
if not token_given:
abort(401)
if token_given != self._access_token:
abort(403)
def get_descriptors_raw(flavor):
try:
app.clerk.wait_for_consensus()
desc = app.clerk.mic_descriptors_raw
if flavor == 'unflavored':
desc = app.clerk.descriptors_raw
return desc, 200
except Exception as e:
logging.exception(e)
quart.abort(503)
def pull_server_id(endpoint, values):
_servers = dict()
for i, server in enumerate(current_app.config['HTTPKOM_LYSKOM_SERVERS']):
_servers[server[0]] = Server(server[0], i, server[1], server[2], server[3])
server_id = values.pop('server_id')
if server_id in _servers:
g.server = _servers[server_id]
else:
# No such server
abort(404)
async def weather(zip_code: str, country: str):
weather_data = await weather_service.get_current(zip_code, country)
if not weather_data:
quart.abort(404)
return quart.jsonify(weather_data)
async def tile(tile_number):
"""
Handles GET requests for a tile number.
:param int tile_number: Number of the tile between 0 and `max_tiles`^2.
:raises HTTPError: 404 if tile exceeds `max_tiles`^2.
"""
try:
tile = get_tile(tile_number)
except TileOutOfBoundsError:
abort(404)
buf = BytesIO(tile.tobytes())
tile.save(buf, 'JPEG')
content = buf.getvalue()
response = await make_response(content)
response.headers['Content-Type'] = 'image/jpg'
response.headers['Accept-Ranges'] = 'bytes'
response.headers['Content-Length'] = str(len(content))
return response
async def _handle_http_event(self):
if self._secret:
if 'X-Signature' not in request.headers:
abort(401)
sec = self._secret
sec = sec.encode('utf-8') if isinstance(sec, str) else sec
sig = hmac.new(sec, await request.get_data(), 'sha1').hexdigest()
if request.headers['X-Signature'] != 'sha1=' + sig:
abort(403)
payload = await request.json
if not isinstance(payload, dict):
abort(400)
response = await self._handle_event_payload(payload)
return jsonify(response) if isinstance(response, dict) else ''
def _validate_ws_reverse_access_token(self):
if not self._access_token:
return
if websocket:
auth = websocket.headers.get('Authorization', '')
if not auth.startswith('Token ') and not auth.startswith('token '):
abort(401)
token_given = auth[len('Token '):].strip()
if not token_given:
abort(401)
if token_given != self._access_token:
abort(403)
"""
Delete a channel.
:param uid: channel identifier
"""
try:
channel = app.clerk.channel_manager.get_channel_by_token(uid)
except Exception as e:
logging.exception(e)
quart.abort(404)
try:
await app.clerk.channel_manager.destroy_circuit_from_client(channel)
await app.clerk.channel_manager.destroy_circuit_from_link(channel)
except Exception as e:
logging.exception(e)
quart.abort(500)
return quart.jsonify({}), 202 # Deleted