def __connect():
try:
get_token()
except:
logger.debug('disconnecting connection')
return False
return True
def __listen_console(job_id):
logger.debug('listen:console for %s', job_id)
token = get_token()
if not job_id:
logger.debug('job_id not set')
return flask_socketio.disconnect()
try:
uuid.UUID(job_id)
except:
logger.debug('job_id not a uuid')
return flask_socketio.disconnect()
conn = dbpool.get()
try:
if token['type'] not in ('project', 'project-token'):
logger.debug('only project token allowed')
return flask_socketio.disconnect()
project_id = token['project']['id']
build = conn.execute_one('''
SELECT id
FROM job
WHERE project_id = %s AND id = %s
''', [project_id, job_id])
if not build:
logger.debug('job does not belong to project')
return flask_socketio.disconnect()
finally:
dbpool.put(conn)
flask_socketio.join_room(job_id)
def __listen_dashboard_console(job_id):
logger.debug('listen:console for %s', job_id)
if not job_id:
logger.debug('job_id not set')
return flask_socketio.disconnect()
try:
uuid.UUID(job_id)
except:
logger.debug('job_id not a uuid')
return flask_socketio.disconnect()
conn = dbpool.get()
try:
u = conn.execute_one_dict(
'''
SELECT p.public, j.project_id
FROM project p
INNER JOIN job j
ON j.project_id = p.id
AND j.id = %s
''', [job_id])
if not u:
logger.warn('job not found')
return flask_socketio.disconnect()
if not u['public']:
token = get_token()
if token['type'] == 'user':
user_id = token['user']['id']
collaborator = is_collaborator(user_id,
u['project_id'],
db=conn)
if not collaborator:
logger.warn('not a collaborator')
return flask_socketio.disconnect()
else:
logger.debug('only user token allowed')
return flask_socketio.disconnect()
finally:
dbpool.put(conn)
flask_socketio.join_room(job_id)
def __listen_jobs(project_id):
logger.debug('listen:jobs for %s', project_id)
if not project_id:
logger.debug('project_id not set')
return flask_socketio.disconnect()
try:
uuid.UUID(project_id)
except:
logger.debug('project_id not a uuid')
return flask_socketio.disconnect()
conn = dbpool.get()
try:
p = conn.execute_one_dict(
'''
SELECT public
FROM project
WHERE id = %s
''', [project_id])
if not p['public']:
token = get_token()
if token['type'] == 'user':
user_id = token['user']['id']
collaborator = is_collaborator(user_id,
project_id,
db=conn)
if not collaborator:
logger.warn('not a collaborator')
return flask_socketio.disconnect()
else:
logger.debug('only user token allowed')
return flask_socketio.disconnect()
finally:
dbpool.put(conn)
flask_socketio.join_room(project_id)
def __listen_build(build_id):
logger.debug('listen:build for %s', build_id)
if not build_id:
logger.debug('build_id not set')
return flask_socketio.disconnect()
try:
uuid.UUID(build_id)
except:
logger.debug('build_id not a uuid')
return flask_socketio.disconnect()
if not sio_is_authorized(['listen:build', build_id]):
return flask_socketio.disconnect()
conn = dbpool.get()
try:
token = normalize_token(get_token())
project_id = token['project']['id']
build = conn.execute_one(
'''
SELECT id
FROM build
WHERE project_id = %s AND id = %s
''', [project_id, build_id])
if not build:
logger.debug('build does not belong to project')
return flask_socketio.disconnect()
except:
logger.exception("Exception occured")
return flask_socketio.disconnect()
finally:
dbpool.put(conn)
flask_socketio.join_room(build_id)
def sio_is_authorized(path):
g.db = dbpool.get()
try:
# Assemble Input Data for Open Policy Agent
opa_input = {
"input": {
"method": "WS",
"path": path,
"token": normalize_token(get_token())
}
}
authorized = opa_do_auth(opa_input)
if not authorized:
logger.warn("Unauthorized socket.io access attempt")
return False
return True
except RequestException as e:
logger.error(e)
return False
finally:
dbpool.put(g.db)
g.db = None
