def do_proxy(self, func):
try:
url = self.proxy_url
except:
return self.failed(404, "not found proxy url")
timeout = settings.get("proxy_timeout", 20)
if hasattr(self, 'timeout'):
timeout = self.timeout
try:
query_args = self.parse_query_arguments()
if self.request.body:
res = func(url=url,
data=self.request.body,
headers=self.request.headers,
timeout=timeout,
params=query_args)
else:
res = func(url=url,
headers=self.request.headers,
timeout=timeout,
params=query_args)
for k in res.headers:
if k.lower() == "transfer-encoding" and res.headers[k].find(
"chunked") != -1:
continue
self.set_header(k, res.headers[k])
# send raw data with status_code, maybe rename func
return self.failed(res.status_code, res.content)
except Exception as e:
logging.exception(e)
self.clear()
return self.failed(502, "proxy error: {}".format(e))
def get_env_settings(self):
DEV = settings.get('firebase').get('DEV')
QA = settings.get('firebase').get('QA')
PROD = settings.get('firebase').get('PROD')
if os.environ.get(
'SERVER_SOFTWARE',
'').startswith('Dev'): # local environment falls here
return settings['firebase']['local']
else:
if str(app_identity.get_application_id()
) == 'cs-becktaxi-omda-dev':
return DEV
elif str(app_identity.get_application_id()
) == 'cs-becktaxi-omda-qa':
return QA
return PROD
def set_login_cookie(self, uid):
now = get_current_time_ms()
login_cookie = settings.get("login_cookie")
ut_object = userticket.Data.get_by_user_id(user_id=uid)
if not ut_object:
data = {
"user_id": uid,
"ticket": calc_ticket(uid, now),
"timestamp": now,
}
ack, ut_id = userticket.Data.create_one(data)
if ack:
ut_object = userticket.Data.get_by_user_id(user_id=uid)
ticket = ut_object.ticket
else:
ticket = data.get("ticket")
else:
ticket = ut_object.ticket
self.set_cookie(
"jiangxing_login_ticket",
"BzuMEBf5ypjPwinvwGtngMKZyDvK2C+3ww1+jAgr7WzNA0EnDy2HqOTZG/eUVF9ESjst8cfDrM4uu/YUlzVQxg==",
expires_days=3) # HACK
self.set_cookie(login_cookie, base64.b64encode(ticket), expires_days=3)
def user_authorization(controller):
from_mobile = False
is_admin = False
user = None
public_routes = ('refresh_token', 'register', 'vehicle_refresh_token',
'web_order', 'get_all_orders', 'auth_refresh_token_cron')
# filter route with no credentials needed
if controller.route.action in public_routes:
return True
# Special testing override for the automated performance tests.
# Enabled only on localhost and the QA server.
# Hardcoded testing only token.
testing_token = controller.request.headers.get('testing_token')
if (app_identity.get_application_id() == 'cs-becktaxi-omda-dev' \
or app_identity.get_application_id() == 'cs-becktaxi-omda-qa') \
and testing_token \
and testing_token == settings['testing_override']['token']:
user = BeckUser.get_by_email_address(
settings['testing_override']['email'])
# Create a new testing override user
if not user:
user = BeckUser()
user.first_name = 'testing'
user.last_name = 'override'
user.email = settings['testing_override']['email']
user.role = "SYSTEM_ADMINISTRATOR"
user.put()
controller.context['user_role'] = 'SYSTEM_ADMINISTRATOR'
logging.info("Test token authentication successful")
# return True
# # route with temporary access
# if controller.route.action in ('validate_sms', 'request_sms'):
# from_mobile = True
# temp_code = controller.request.headers.get('temporary_code')
# user = Auth.validate_temp(temp_code)
# get user by token
token = controller.request.headers.get('token')
logging.info("TOKEN ===> %s" % token)
if token:
from_mobile = True
user = Auth.validate(token)
if user:
# user exist but check if pending or locked
if user.status == 'PENDING' or user.status == 'SUSPENDED' or user.locked:
user = None
# if no token, check if has google credentials logged in
if user is None:
# get user by google credentials
try:
user_email = str(users.get_current_user().email())
user = BeckUser.get_by_id(user_email)
if not user:
# allow admin and create profile
if users.is_current_user_admin():
user = BeckUser(id=user_email)
user.first_name = user_email
user.last_name = user_email
user.email = user_email
user.role = "SYSTEM_ADMINISTRATOR"
user.put()
except:
pass
if user:
# check IP address if allowed
ip = controller.request.remote_addr
allowed_ip = settings.get('allowed_ip')
if ip in allowed_ip or user.role in ('SYSTEM_ADMINISTRATOR',
'ADMINISTRATOR'):
pass
else:
return False
if user is None:
""" Unauthorized """
return False
else:
logging.info('=== USER IS %s ===' % str(user))
""" valid users """
if not from_mobile:
""" users from google """
if user.locked:
return False
controller.context['user_role'] = user.role
if user.email == settings['testing_override']['email']:
controller.context['user_object'] = None
controller.context['logout_url'] = None
else:
controller.context['user_object'] = users.get_current_user()
controller.context['logout_url'] = users.create_logout_url(
controller.request.uri)
controller.session['logged_in_user'] = user
f = FirebaseRest('foo')
firebase_setting = f.get_env_settings()
controller.context['FIREBASE_URL'] = firebase_setting['url']
if user.role == 'SYSTEM_ADMINISTRATOR' or user.role == 'ADMINISTRATOR' or user.role == 'SUPERVISOR' or user.role == 'SHIFT_LEADER':
is_admin = True
""" default user details """
# customers and drivers
controller.context['user_email'] = user.email if isinstance(
user, BeckUser) else None
controller.context['auth_user'] = user
controller.context['auth_user_dict'] = user.to_dict()
controller.context['is_admin'] = is_admin
controller.context['from_mobile'] = from_mobile
logging.info('auth allowed!')
return True
def clear_login_cookies(self):
self.clear_cookie(settings.get("login_cookie"))
def calc_ticket(uid, timestamp):
key = settings.get("cookie_secret")
return encrypt(key, uid, timestamp)