forked from platypush/platypush
273 lines
8.4 KiB
Python
273 lines
8.4 KiB
Python
import importlib
|
|
import logging
|
|
import os
|
|
|
|
from functools import wraps
|
|
from flask import abort, request, redirect, Response, current_app
|
|
from redis import Redis
|
|
|
|
# NOTE: The HTTP service will *only* work on top of a Redis bus. The default
|
|
# internal bus service won't work as the web server will run in a different process.
|
|
from platypush.bus.redis import RedisBus
|
|
|
|
from platypush.config import Config
|
|
from platypush.message import Message
|
|
from platypush.message.request import Request
|
|
from platypush.user import UserManager
|
|
from platypush.utils import get_redis_queue_name_by_message, get_ip_or_hostname
|
|
|
|
_bus = None
|
|
_logger = None
|
|
|
|
|
|
def bus():
|
|
global _bus
|
|
if _bus is None:
|
|
_bus = RedisBus(redis_queue=current_app.config.get('redis_queue'))
|
|
return _bus
|
|
|
|
|
|
def logger():
|
|
global _logger
|
|
if not _logger:
|
|
log_args = {
|
|
'level': logging.INFO,
|
|
'format': '%(asctime)-15s|%(levelname)5s|%(name)s|%(message)s',
|
|
}
|
|
|
|
level = (Config.get('backend.http') or {}).get('logging') or \
|
|
(Config.get('logging') or {}).get('level')
|
|
filename = (Config.get('backend.http') or {}).get('filename')
|
|
|
|
if level:
|
|
log_args['level'] = getattr(logging, level.upper()) \
|
|
if isinstance(level, str) else level
|
|
if filename:
|
|
log_args['filename'] = filename
|
|
|
|
logging.basicConfig(**log_args)
|
|
_logger = logging.getLogger('platypush:web')
|
|
|
|
return _logger
|
|
|
|
|
|
def get_message_response(msg):
|
|
redis = Redis(**bus().redis_args)
|
|
response = redis.blpop(get_redis_queue_name_by_message(msg), timeout=60)
|
|
if response and len(response) > 1:
|
|
response = Message.build(response[1])
|
|
else:
|
|
response = None
|
|
|
|
return response
|
|
|
|
|
|
# noinspection PyProtectedMember
|
|
def get_http_port():
|
|
from platypush.backend.http import HttpBackend
|
|
http_conf = Config.get('backend.http')
|
|
return http_conf.get('port', HttpBackend._DEFAULT_HTTP_PORT)
|
|
|
|
|
|
# noinspection PyProtectedMember
|
|
def get_websocket_port():
|
|
from platypush.backend.http import HttpBackend
|
|
http_conf = Config.get('backend.http')
|
|
return http_conf.get('websocket_port', HttpBackend._DEFAULT_WEBSOCKET_PORT)
|
|
|
|
|
|
def send_message(msg, wait_for_response=True):
|
|
msg = Message.build(msg)
|
|
|
|
if isinstance(msg, Request):
|
|
msg.origin = 'http'
|
|
|
|
if Config.get('token'):
|
|
msg.token = Config.get('token')
|
|
|
|
bus().post(msg)
|
|
|
|
if isinstance(msg, Request) and wait_for_response:
|
|
response = get_message_response(msg)
|
|
logger().debug('Processing response on the HTTP backend: {}'.
|
|
format(response))
|
|
|
|
return response
|
|
|
|
|
|
def send_request(action, wait_for_response=True, **kwargs):
|
|
msg = {
|
|
'type': 'request',
|
|
'action': action
|
|
}
|
|
|
|
if kwargs:
|
|
msg['args'] = kwargs
|
|
|
|
return send_message(msg, wait_for_response=wait_for_response)
|
|
|
|
|
|
def _authenticate_token():
|
|
token = Config.get('token')
|
|
user_manager = UserManager()
|
|
|
|
if 'X-Token' in request.headers:
|
|
user_token = request.headers['X-Token']
|
|
elif 'Authorization' in request.headers and request.headers['Authorization'].startswith('Bearer '):
|
|
user_token = request.headers['Authorization'][len('Bearer '):]
|
|
elif 'token' in request.args:
|
|
user_token = request.args.get('token')
|
|
else:
|
|
return False
|
|
|
|
try:
|
|
user_manager.validate_jwt_token(user_token)
|
|
return True
|
|
except:
|
|
return token and user_token == token
|
|
|
|
|
|
def _authenticate_http():
|
|
user_manager = UserManager()
|
|
|
|
if not request.authorization:
|
|
return False
|
|
|
|
username = request.authorization.username
|
|
password = request.authorization.password
|
|
return user_manager.authenticate_user(username, password)
|
|
|
|
|
|
def _authenticate_session():
|
|
user_manager = UserManager()
|
|
user_session_token = None
|
|
user = None
|
|
|
|
if 'X-Session-Token' in request.headers:
|
|
user_session_token = request.headers['X-Session-Token']
|
|
elif 'session_token' in request.args:
|
|
user_session_token = request.args.get('session_token')
|
|
elif 'session_token' in request.cookies:
|
|
user_session_token = request.cookies.get('session_token')
|
|
|
|
if user_session_token:
|
|
user, session = user_manager.authenticate_user_session(user_session_token)
|
|
|
|
return user is not None
|
|
|
|
|
|
def _authenticate_csrf_token():
|
|
user_manager = UserManager()
|
|
user_session_token = None
|
|
|
|
if 'X-Session-Token' in request.headers:
|
|
user_session_token = request.headers['X-Session-Token']
|
|
elif 'session_token' in request.args:
|
|
user_session_token = request.args.get('session_token')
|
|
elif 'session_token' in request.cookies:
|
|
user_session_token = request.cookies.get('session_token')
|
|
|
|
if user_session_token:
|
|
user, session = user_manager.authenticate_user_session(user_session_token)
|
|
else:
|
|
return False
|
|
|
|
if user is None:
|
|
return False
|
|
|
|
return session.csrf_token is None or request.form.get('csrf_token') == session.csrf_token
|
|
|
|
|
|
def authenticate(redirect_page='', skip_auth_methods=None, check_csrf_token=False):
|
|
def decorator(f):
|
|
@wraps(f)
|
|
def wrapper(*args, **kwargs):
|
|
user_manager = UserManager()
|
|
n_users = user_manager.get_user_count()
|
|
skip_methods = skip_auth_methods or []
|
|
|
|
# User/pass HTTP authentication
|
|
http_auth_ok = True
|
|
if n_users > 0 and 'http' not in skip_methods:
|
|
http_auth_ok = _authenticate_http()
|
|
if http_auth_ok:
|
|
return f(*args, **kwargs)
|
|
|
|
# Token-based authentication
|
|
token_auth_ok = True
|
|
if 'token' not in skip_methods:
|
|
token_auth_ok = _authenticate_token()
|
|
if token_auth_ok:
|
|
return f(*args, **kwargs)
|
|
|
|
# Session token based authentication
|
|
session_auth_ok = True
|
|
if n_users > 0 and 'session' not in skip_methods:
|
|
session_auth_ok = _authenticate_session()
|
|
if session_auth_ok:
|
|
return f(*args, **kwargs)
|
|
|
|
return redirect('/login?redirect=' + (redirect_page or request.url), 307)
|
|
|
|
# CSRF token check
|
|
if check_csrf_token:
|
|
csrf_check_ok = _authenticate_csrf_token()
|
|
if not csrf_check_ok:
|
|
return abort(403, 'Invalid or missing csrf_token')
|
|
|
|
if n_users == 0 and 'session' not in skip_methods:
|
|
return redirect('/register?redirect=' + (redirect_page or request.url), 307)
|
|
|
|
if ('http' not in skip_methods and http_auth_ok) or \
|
|
('token' not in skip_methods and token_auth_ok) or \
|
|
('session' not in skip_methods and session_auth_ok):
|
|
return f(*args, **kwargs)
|
|
|
|
return Response('Authentication required', 401,
|
|
{'WWW-Authenticate': 'Basic realm="Login required"'})
|
|
|
|
return wrapper
|
|
|
|
return decorator
|
|
|
|
|
|
def get_routes():
|
|
routes_dir = os.path.join(
|
|
os.path.dirname(os.path.abspath(__file__)), 'routes')
|
|
routes = []
|
|
base_module = '.'.join(__name__.split('.')[:-1])
|
|
|
|
for path, dirs, files in os.walk(routes_dir):
|
|
for f in files:
|
|
if f.endswith('.py'):
|
|
mod_name = '.'.join(
|
|
(base_module + '.' + os.path.join(path, f).replace(
|
|
os.path.dirname(__file__), '')[1:].replace(os.sep, '.')).split('.')
|
|
[:(-2 if f == '__init__.py' else -1)])
|
|
|
|
try:
|
|
mod = importlib.import_module(mod_name)
|
|
if hasattr(mod, '__routes__'):
|
|
routes.extend(mod.__routes__)
|
|
except Exception as e:
|
|
logger().warning('Could not import routes from {}/{}: {}: {}'.
|
|
format(path, f, type(e), str(e)))
|
|
|
|
return routes
|
|
|
|
|
|
def get_local_base_url():
|
|
http_conf = Config.get('backend.http') or {}
|
|
return '{proto}://localhost:{port}'.format(
|
|
proto=('https' if http_conf.get('ssl_cert') else 'http'),
|
|
port=get_http_port())
|
|
|
|
|
|
def get_remote_base_url():
|
|
http_conf = Config.get('backend.http') or {}
|
|
return '{proto}://{host}:{port}'.format(
|
|
proto=('https' if http_conf.get('ssl_cert') else 'http'),
|
|
host=get_ip_or_hostname(), port=get_http_port())
|
|
|
|
|
|
# vim:sw=4:ts=4:et:
|