def configure_auth(config):
def get_current_user(request):
# NOTE: we have to use unauthenticated_userid below. This just cracks open
# the auth cookie and returns the id therein without further verification.
# Specifically, we cannot use authenticated_userid because this will call
# get_principals, defined below. This would cause infinite recursion.
uid = unauthenticated_userid(request)
user = logic.user.try_get(uid) if uid is not None else None
return user
def get_impersonator_user(request):
uid = request.session.get('impersonator_id')
user = logic.user.try_get(uid) if uid is not None else None
return user
def get_principals(user_id, request):
""" Return the set of security principals for this request. None means
unauthenticated, empty list means authenticated but has no principals
associated.
"""
user = request.current_user
impersonator = request.impersonator_user
if user:
principals = [str(user.id)] # at minimum, user is his own principal
principals.extend(user.groups or [])
if impersonator:
principals.extend(impersonator.groups or [])
principals = list(set(principals))
else:
principals = None
return principals
the_settings = config.registry.settings
policy = AuthTktAuthenticationPolicy(
the_settings['giza.authn_secret'],
hashalg='sha512',
callback=get_principals,
cookie_name=str(the_settings['giza.auth_cookie']) # can't be unicode
)
config.set_authentication_policy(policy)
config.set_authorization_policy(ACLAuthorizationPolicy())
config.add_request_method(get_current_user, str('current_user'), reify=True)
config.add_request_method(get_impersonator_user, str('impersonator_user'), reify=True)
session_cookie_name = str(the_settings['giza.session_cookie']) # can't be unicode
session_secret = str(the_settings['giza.session_secret'])
factory = UnencryptedCookieSessionFactoryConfig(
session_secret,
timeout=86400*365,
cookie_max_age=86400*365,
cookie_name=session_cookie_name,
)
config.set_session_factory(factory)
def main(global_config, **settings):
logging.config.fileConfig(settings['logging.config'], disable_existing_loggers=False)
""" This function returns a Pyramid WSGI application.
"""
config = Configurator(settings=settings, root_factory='jungo.model.RootFactory')
config.include('pyramid_chameleon')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/old-home')
config.add_route('search', '/')
config.add_route('common_interests', '/common-interests')
config.add_route('profile', '/me')
config.add_route('user', '/user/{username}')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('interest_match', '/interest-match/{username}/{interest_id}')
config.add_route('api_add_user', '/api/user', request_method='POST')
config.add_route('api_user', '/api/user/{username}', request_method='GET')
config.add_route('api_add_interests', '/api/user/{username}/interests', request_method='POST')
config.add_route('api_common_interests', '/api/common-interests', request_method='GET')
authn_policy = AuthTktAuthenticationPolicy('super secret magic', callback=groupfinder, hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.set_session_factory(session_factory)
db_url = settings['mongo_uri']
config.registry.client = pymongo.MongoClient(db_url)
def add_db(request):
uri = urlparse.urlparse(db_url)
db = config.registry.client[uri.path[1:]]
if uri.username and uri.password:
db.authenticate(uri.username, uri.password)
return DataStore(db)
add_db(None).create_indices()
config.add_request_method(add_db, 'db', reify=True)
config.scan()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
config = Configurator(settings=settings)
config.include('pyramid_chameleon')
config.add_subscriber(add_cors_headers_response_callback, NewRequest)
social_providers = config.registry.settings['allow_auth'].split(',')
if 'google' in social_providers:
config.include('velruse.providers.google_oauth2')
config.add_google_oauth2_login_from_settings()
if 'github' in social_providers:
config.include('velruse.providers.github')
config.add_github_login_from_settings()
config.add_subscriber(before_render, BeforeRender)
my_session_factory = session_factory_from_settings(settings)
config.set_session_factory(my_session_factory)
yaml_config = None
try:
with open(config.registry.settings['config'], 'r') as ymlfile:
yaml_config = yaml.load(ymlfile)
if yaml_config['log_config'] is not None:
for handler in list(
yaml_config['log_config']['handlers'].keys()):
yaml_config['log_config']['handlers'][handler] = dict(
yaml_config['log_config']['handlers'][handler])
logging.config.dictConfig(yaml_config['log_config'])
except Exception as e:
logging.error('No config file found or declared: ' + str(e))
logging.warn('Start bioshadock web server')
config.registry.config = yaml_config
mongo = MongoClient(yaml_config['services']['mongo']['url'])
dbmongo = mongo[yaml_config['services']['mongo']['db']]
config.registry.db_mongo = dbmongo
r = redis.StrictRedis(host=yaml_config['services']['redis']['host'],
port=yaml_config['services']['redis']['port'],
db=yaml_config['services']['redis']['db'])
config.registry.db_redis = r
config.registry.admin = yaml_config['general']['admin'].split(',')
config.registry.es = Elasticsearch(
yaml_config['services']['elastic']['host'].split(','))
config.registry.ldap_server = None
config.registry.con = None
if yaml_config['ldap']['use'] == 1:
# Check if in ldap
#import ldap
from ldap3 import Server, Connection, AUTH_SIMPLE, STRATEGY_SYNC, STRATEGY_ASYNC_THREADED, SEARCH_SCOPE_WHOLE_SUBTREE, GET_ALL_INFO
try:
ldap_host = yaml_config['ldap']['host']
ldap_port = yaml_config['ldap']['port']
config.registry.ldap_server = Server(ldap_host,
port=ldap_port,
get_info=GET_ALL_INFO)
except Exception as err:
logging.error(str(err))
sys.exit(1)
config.add_static_view('static', 'static', cache_max_age=3600)
runenv = "dist"
if "BIOSHADOCK_ENV" in os.environ and os.environ["BIOSHADOCK_ENV"] == "dev":
runenv = "app"
config.registry.runenv = runenv
config.add_static_view('app', 'shadock:webapp/' + runenv + '/')
config.add_route('home', '/')
config.add_route('config', '/config')
config.add_route('search', '/search')
config.add_route('user_is_logged', '/user/logged')
config.add_route('users', '/user')
config.add_route('user_logout', '/user/logout')
config.add_route('user_bind', '/user/bind')
config.add_route('user', '/user/{id}')
config.add_route('containers', '/container')
config.add_route('containers_all', '/container/all')
config.add_route('containers_latest', '/container/latest')
config.add_route('containers_search', '/container/search')
config.add_route('containers_new', '/container/new')
config.add_route('container_manifest', '/container/manifest/*id')
config.add_route('container_tags', '/container/tags/*id')
config.add_route('container_dockerfile', '/container/dockerfile/*id')
config.add_route('container_git', '/container/git/*id')
config.add_route('container_tag', '/container/tag/*id')
config.add_route('container_elixir', '/container/elixir/*id')
config.add_route('container_metaelixir', '/container/metaelixir/*id')
config.add_route('container_vulnerabilities',
'/container/vulnerabilities/*id')
config.add_route('container', '/container/*id')
config.add_route('clair_notification', '/clair/notify')
config.add_route('builds', '/builds/*id')
config.add_route('build', '/build/{id}')
config.add_route('api_users', '/v1/users/')
config.add_route('api_library', '/v1/repositories/{image}/')
config.add_route('api_library_auth', '/v1/repositories/{image}/auth')
config.add_route('api_library_images', '/v1/repositories/{image}/images')
config.add_route('api_repositories_images_get',
'/v1/repositories/{namespace}/{image}/images')
config.add_route('api_repositories_images_put',
'/v1/repositories/{namespace}/{image}/images')
config.add_route('api_repositories_images_layer_access',
'/v1/repositories/{namespace}/{image}/layer/{id}/access')
config.add_route('api_repositories',
'/v1/repositories/{namespace}/{image}/')
config.add_route('api_repositories_auth',
'/v1/repositories/{namespace}/{image}/auth')
config.add_route('api_ping', '/v1/_ping')
config.add_route('api2_ping', '/v2/_ping')
config.add_route('api2_token', '/v2/token/')
config.add_route('api2_other', '/v2/*api')
config.add_route('api_other', '/v1/*api')
# GA4GH API
config.add_route('ga4gh_tools', '/api/ga4gh/v1/tools')
config.add_route('ga4gh_tools_id', '/api/ga4gh/v1/tools/{id}')
config.add_route('ga4gh_tools_id_versions',
'/api/ga4gh/v1/tools/{id}/versions')
config.add_route('ga4gh_tools_id_version',
'/api/ga4gh/v1/tools/{id}/versions/{versionid}')
config.add_route(
'ga4gh_tools_id_version_descriptor',
'/api/ga4gh/v1/tools/{id}/versions/{versionid}/{type}/descriptor')
config.add_route(
'ga4gh_tools_id_version_descriptor_file_relative_path',
'/api/ga4gh/v1/tools/{id}/versions/{versionid}/{type}/descriptor/{relativepath}'
)
config.add_route(
'ga4gh_tools_id_version_dockerfile',
'/api/ga4gh/v1/tools/{id}/versions/{versionid}/dockerfile')
config.add_route('ga4gh_metadata', '/api/ga4gh/v1/metadata')
config.add_route('ga4gh_tool_classes', '/api/ga4gh/v1/tool-classes')
# Deprecated
config.add_route('ga4gh_tools_query', '/api/ga4gh/v1/tools/query')
config.add_route('ga4gh_tool_descriptor',
'/api/ga4gh/v1/tools/{id}/descriptor')
config.add_route('ga4gh_tool_dockerfile',
'/api/ga4gh/v1/tools/{id}/dockerfile')
config.scan()
json_renderer = JSON()
def pymongo_adapter(obj, request):
return json_util.default(obj)
json_renderer.add_adapter(ObjectId, pymongo_adapter)
json_renderer.add_adapter(datetime.datetime, pymongo_adapter)
config.add_renderer('json', json_renderer)
return config.make_wsgi_app()
