Merge pull request #7 from slaporte/master

yarl · web-flow · commit 6e6da0da3dde · 2017-01-03T23:02:35.000+01:00
add backend
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,8 @@ node_modules
 app
 
 .vscode
-jsconfig.json
+jsconfig.json
+
+config.local.yaml
+config.labs.yaml
+*.*~
diff --git a/README.md b/README.md
@@ -1 +1,65 @@
-### monumental
+# Monumental
+
+Reasonator for monuments
+
+## Server
+
+A small python server providing authorization for edit actions on Wikidata.
+
+### Local setup
+
+1. Install python requirements
+
+```bash
+pip install -r requirements.txt
+```
+
+2. Setup config.yaml
+
+Copy config.default.yaml to config.local.yaml. You may need to add oauth consumer info, which you can apply for [here](https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose). If you need a set of keys for testing purposes (running on localhost:5000), you can email me at <stephen.laporte@gmail.com>.
+
+3. Run the dev server
+
+```bash
+python monumental/server.py
+```
+
+Test it out:
+
+ - Login: http://localhost:5000/login
+ - A simple Wikidata API query: http://localhost:5000/api?action=query&list=random&rnnamespace=0&rnlimit=10 
+ - Get an edit token (with authorization): http://localhost:5000/api?action=query&meta=tokens&use_auth=true
+
+See [here](https://www.wikidata.org/w/api.php) for full Wikidata API docs.
+
+### Licnese
+
+Copyright (c) 2017, Stephen LaPorte
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+    * The names of the contributors may not be used to endorse or
+      promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/config.default.yaml b/config.default.yaml
@@ -0,0 +1,5 @@
+---
+oauth_secret_token: "see README"
+oauth_consumer_token: "see README"
+cookie_secret: "ReplaceThisWithSomethingSomewhatSecret"
+...
diff --git a/monumental/server.py b/monumental/server.py
@@ -0,0 +1,194 @@
+# -*- coding: utf-8 -*-
+
+import os
+import json
+import urllib2
+
+from urllib import urlencode
+
+import yaml
+import clastic
+import requests
+
+from clastic import Application, redirect
+from clastic.render import render_basic
+from clastic.middleware.cookie import SignedCookieMiddleware, NEVER
+
+from mwoauth import Handshaker, RequestToken, ConsumerToken
+from requests_oauthlib import OAuth1
+
+
+DEFAULT_WIKI_API_URL = 'https://www.wikidata.org/w/api.php'
+WIKI_OAUTH_URL = 'https://meta.wikimedia.org/w/index.php'
+CUR_PATH = os.path.dirname(os.path.abspath(__file__))
+
+
+def home(cookie, request):
+    headers = dict([(k, v) for k, v in
+                    request.environ.items() if k.startswith('HTTP_')])
+
+    return {'cookies': dict(cookie),  # For debugging
+            'headers': headers}
+
+
+def login(request, consumer_token, cookie, root_path):
+    handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token)
+
+    redirect_url, request_token = handshaker.initiate()
+
+    cookie['request_token_key'] = request_token.key
+    cookie['request_token_secret'] = request_token.secret
+
+    cookie['return_to_url'] = request.args.get('next', root_path)
+
+    return redirect(redirect_url)
+
+
+def logout(request, cookie, root_path):
+    cookie.pop('userid', None)
+    cookie.pop('username', None)
+    cookie.pop('oauth_access_key', None)
+    cookie.pop('oauth_access_secret', None)
+    cookie.pop('request_token_secret', None)
+    cookie.pop('request_token_key', None)
+
+    return_to_url = request.args.get('next', root_path)
+
+    return redirect(return_to_url)
+
+
+def complete_login(request, consumer_token, cookie):
+    handshaker = Handshaker(WIKI_OAUTH_URL, consumer_token)
+
+    req_token = RequestToken(cookie['request_token_key'],
+                             cookie['request_token_secret'])
+    
+    access_token = handshaker.complete(req_token,
+                                       request.query_string)
+
+    identity = handshaker.identify(access_token)
+    
+    userid = identity['sub']
+    username = identity['username']
+    
+    cookie['userid'] = userid
+    cookie['username'] = username
+    # Is this OK to put in a cookie?
+    cookie['oauth_access_key'] = access_token.key
+    cookie['oauth_access_secret'] = access_token.secret
+
+    return_to_url = cookie.get('return_to_url', '/')
+
+    return redirect(return_to_url)
+
+
+def get_wd_token(request, cookie, consumer_token, token_type=None):
+    params = {'action': 'query',
+              'meta': 'tokens',
+              'format': 'json'}
+
+    auth = OAuth1(consumer_token.key,
+                  client_secret=consumer_token.secret,
+                  resource_owner_key=cookie['oauth_access_key'],
+                  resource_owner_secret=cookie['oauth_access_secret'])
+
+    if token_type:
+        # by default, gets a csrf token (for editing)
+        params['type'] = token_type
+    else:
+        params['type'] = 'csrf'
+
+    raw_resp = requests.get(DEFAULT_WIKI_API_URL,
+                            params=params,
+                            auth=auth)
+
+    resp = raw_resp.json()
+    token_name = params['type'] + 'token'
+    token = resp['query']['tokens'][token_name]
+
+    return token
+
+
+def send_to_wd_api(request, cookie, consumer_token):
+    """Sends GET or POST variables to the Wikidata API at
+    http://wikidata.org/w/api.php.
+
+    Add ?use_auth=true for actions that require logging in and an edit
+    token.
+    """
+
+    auth = False
+    api_args = {k: v for k, v in request.values.items()}
+
+    if api_args.get('use_auth'):
+
+        if not cookie.get('oauth_access_key'):
+            resp_dict = {'status': 'exception',
+                         'exception': 'not logged in'}
+            return resp_dict
+
+        api_args.pop('use_auth')
+        token = get_wd_token(request, cookie, consumer_token)
+        api_args['token'] = token
+        auth = OAuth1(consumer_token.key,
+                      client_secret=consumer_token.secret,
+                      resource_owner_key=cookie['oauth_access_key'],
+                      resource_owner_secret=cookie['oauth_access_secret'])
+
+    if not api_args.get('format'):
+        api_args['format'] = 'json'
+
+    method = request.method
+
+    if method == 'GET':
+        resp = requests.get(DEFAULT_WIKI_API_URL, api_args, auth=auth)
+    elif method == 'POST':
+        resp = requests.post(DEFAULT_WIKI_API_URL, api_args, auth=auth)
+
+    try:
+        resp_dict = resp.json()
+    except ValueError:
+        # For debugging
+        resp_dict = {'status': 'exception',
+                     'exception': resp.text,
+                     'api_args': api_args}
+    return resp_dict
+
+
+def create_app():
+    routes = [('/', home, render_basic),
+              ('/login', login),
+              ('/logout', logout),
+              ('/complete_login', complete_login),
+              ('/api', send_to_wd_api, render_basic)]
+
+    config_file_name = 'config.local.yaml'
+    config_file_path = os.path.join(os.path.dirname(CUR_PATH), config_file_name)
+
+    config = yaml.load(open(config_file_path))
+
+    cookie_secret = config['cookie_secret']
+
+    root_path = config.get('root_path', '/')
+
+    scm_mw = SignedCookieMiddleware(secret_key=cookie_secret,
+                                    path=root_path)
+    scm_mw.data_expiry = NEVER
+
+    consumer_token = ConsumerToken(config['oauth_consumer_token'],
+                                   config['oauth_secret_token'])
+
+    resources = {'config': config,
+                 'consumer_token': consumer_token,
+                 'root_path': root_path}
+
+    app = Application(routes, resources, middlewares=[scm_mw])
+
+    return app
+
+
+app = create_app()
+
+
+if __name__ == '__main__':
+    app.serve()
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,11 @@
+PyJWT==1.4.2
+PyYAML==3.12
+Werkzeug==0.9.4
+argparse==1.4.0
+clastic==0.4.3
+mwoauth==0.2.8
+oauthlib==2.0.1
+requests==2.12.4
+requests-oauthlib==0.7.0
+six==1.10.0
+wsgiref==0.1.2
