#!/usr/bin/env python # Copyright (c) 2009, Charles Hooper # All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above copyright notice, this # list of conditions and the following disclaimer in the documentation and/or # other materials provided with the distribution. # # * Neither the name of Plumata LLC nor the names of its contributors may be # used to endorse or promote products derived from this software without specific prior # written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT # SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH # DAMAGE. import tornado.httpserver import tornado.ioloop import tornado.web import tornado.auth from sqlite3 import connect import settings def list_databases(): """List all databases""" from os import listdir return listdir(settings.data_path) def list_tables(database): """List all tables""" from os import path # TODO: Sanitize 'database' var for directory traversal conn = connect(path.join(settings.data_path,database)) cursor = conn.cursor() cursor.execute("""SELECT name FROM sqlite_master WHERE type='table' ORDER BY name""") tables = [table for table in cursor] cursor.close() conn.close() return tables def dump_data(database,table): """Dump all records in a table""" from os import path conn = connect(path.join(settings.data_path,database)) cursor = conn.cursor() # TODO: santize 'table' for SQL injection cursor.execute("SELECT * FROM `%s`" % table) data = [row for row in cursor] cursor.close() conn.close() return data class MainHandler(tornado.web.RequestHandler): """Main Handler... list all databases""" def get(self): self.write(repr(list_databases())) class ListTableHandler(tornado.web.RequestHandler): """List tables in specified database""" def get(self,database): self.write(repr(list_tables(database))) class DataHandler(tornado.web.RequestHandler): """Dump all records from a table""" def get(self,database,table): self.write(repr(dump_data(database,table))) application = tornado.web.Application([ (r"/", MainHandler), (r"/([\w]+)/", ListTableHandler), (r"/([\w]+)/([\w]+)/", DataHandler), ], cookie_secret=settings.cookie_secret, ) if __name__ == "__main__": http_server = tornado.httpserver.HTTPServer(application) http_server.listen(settings.port) tornado.ioloop.IOLoop.instance().start()