def decrypt_data():
aes_cipher = AESCipher(client.secret_key)
encrypted_uri = self.handler.request.headers.get('X-Api-Encrypted-Uri')
if encrypted_uri:
request.uri = aes_cipher.decrypt(utf8(encrypted_uri))
logger.debug('decrypted uri %s' % request.uri)
# 因为修改了 uri,需要重新生成 query_arguments
request.path, sep, request.query = request.uri.partition('?')
request.arguments = parse_qs_bytes(request.query, keep_blank_values=True)
request.query_arguments = copy.deepcopy(request.arguments)
encrypted_headers = self.handler.request.headers.get('X-Api-Encrypted-Headers')
if encrypted_headers:
headers_str = aes_cipher.decrypt(utf8(encrypted_headers))
headers = dict(json_decode(headers_str))
# logger.debug('raw headers %s' % request.headers)
for k, v in iteritems(headers):
# 要全部使用 text_type,否则会出现有的为 str,有的为 unicode
# 导致422错误
request.headers[text_type(k)] = text_type(v)
# logger.debug('decrypted headers %s' % request.headers)
if request.body and len(request.body) > 0:
logger.debug('解密 body')
logger.debug(request.body)
request.body = aes_cipher.decrypt(utf8(request.body))
# 因为修改了 body,需要重新 _parse_body
request._parse_body()
def decrypt_data():
aes_cipher = AESCipher(client.secret_key)
encrypted_uri = self.handler.request.headers.get(
'X-Api-Encrypted-Uri')
if encrypted_uri:
request.uri = aes_cipher.decrypt(utf8(encrypted_uri))
logger.debug('decrypted uri %s' % request.uri)
encrypted_headers = self.handler.request.headers.get(
'X-Api-Encrypted-Headers')
if encrypted_headers:
headers_str = aes_cipher.decrypt(utf8(encrypted_headers))
headers = dict(json.loads(headers_str))
logger.debug('raw headers %s' % request.headers)
for k, v in headers.iteritems():
# 要全部使用 text_type,否则会出现有的为 str,有的为 unicode
# 导致422错误
request.headers[text_type(k)] = text_type(v)
logger.debug('decrypted headers %s' % request.headers)
if request.body and len(request.body) > 0:
logger.debug('解密 body')
logger.debug(request.body)
request.body = aes_cipher.decrypt(utf8(request.body))
def _clean_headers(self):
"""
清理headers中不需要的部分,以及替换值
:return:
"""
headers = self.request.headers
# 更新host字段为后端访问网站的host
headers['Host'] = self.client.request['endpoint']['netloc']
new_headers = {}
# 如果 header 有的是 str,有的是 unicode
# 会出现 422 错误
for name, value in headers.iteritems():
# 过滤 x-api 开头的,这些只是发给 api-gateway
l_name = name.lower()
if l_name.startswith('x-api-') and l_name != 'x-api-user-json':
pass
# 不需要提供 Content-Length, 自动计算
# 如果 Content-Length 不正确, 请求后端网站会出错,
# 太大会出现超时问题, 太小会出现内容被截断
elif l_name == 'content-length':
pass
else:
new_headers[text_type(name)] = text_type(value)
return new_headers
def process_response(self, *args, **kwargs):
logger.debug('process_response')
auth_handler = HMACAuthHandler(self.handler.client)
headers = {
'X-Api-Timestamp': text_type(int(time.time())),
'X-Api-Nonce': text_type(random.random()),
}
for k, v in headers.iteritems():
self.handler.set_header(k, v)
response_body = b''.join(self.handler.get_write_buffer())
response_headers = self.handler.get_response_headers()
# logger.debug(response_body.decode('utf-8'))
# logger.debug(dict(self.handler.get_response_headers()))
signature = auth_handler.signature_response(
response_headers,
self.handler.request, response_body)
# 对返回结果进行签名
self.handler.set_header('X-Api-Signature', signature)
self.handler.response['headers'] = response_headers
self.handler.response['body'] = response_body
logger.debug('process_response_done')
def _clean_headers(self):
"""
清理headers中不需要的部分,以及替换值
:return:
"""
headers = self.request.headers
# 更新host字段为后端访问网站的host
headers['Host'] = self.client.request['endpoint']['netloc']
new_headers = {}
# 如果 header 有的是 str,有的是 unicode
# 会出现 422 错误
for name, value in headers.iteritems():
# 过滤 x-api 开头的,这些只是发给 api-gateway
l_name = name.lower()
if l_name.startswith('x-api-') and l_name != 'x-api-user-json':
pass
# 不需要提供 Content-Length, 自动计算
# 如果 Content-Length 不正确, 请求后端网站会出错,
# 太大会出现超时问题, 太小会出现内容被截断
elif l_name == 'content-length':
pass
else:
new_headers[text_type(name)] = text_type(value)
return new_headers
def get_auth_headers(self):
headers = {
'X-Api-Timestamp': text_type(int(time.time())),
'X-Api-Nonce': text_type(random.random()),
'X-Api-Access-Key': text_type(self.access_key),
'X-Api-Encrypt-Type': text_type(self.encrypt_type)
}
return headers
def get_auth_headers(self):
headers = {
'X-Api-Timestamp': text_type(int(time.time())),
'X-Api-Nonce': text_type(random.random()),
'X-Api-Access-Key': text_type(self.access_key),
'X-Api-Encrypt-Type': text_type(self.encrypt_type)
}
return headers
def get_auth_headers(self):
headers = {
'X-Api-Timestamp': text_type(int(time.time())),
'X-Api-Nonce': text_type(random.random()),
'X-Api-Access-Key': text_type(self.access_key),
'X-Api-Encrypt-Type': text_type(self.encrypt_type)
}
# 检查是否需要返回结果的签名
if self.require_response_sign:
headers['X-Api-Require-Response-Signature'] = 'true'
return headers
def load_middleware(self):
"""
从 settings.MIDDLEWARE_CLASSES 载入中间件
"""
for middleware_path in settings.MIDDLEWARE_CLASSES:
mw_class = import_string(middleware_path)
self.middleware_list.append(mw_class)
logger.debug('middleware_list: \n%s' %
'\n'.join([text_type(m) for m in self.middleware_list]))
def process_response(self, *args, **kwargs):
logger.debug('process_response')
auth_handler = HMACAuthHandler(self.handler.client)
headers = {
'X-Api-Timestamp': text_type(int(time.time())),
'X-Api-Nonce': text_type(random.random()),
}
for k, v in headers.iteritems():
self.handler.set_header(k, v)
response_body = b''.join(self.handler.get_write_buffer())
# logger.debug(response_body.decode('utf-8'))
# logger.debug(dict(self.handler.get_response_headers()))
signature = auth_handler.signature_response(
self.handler.get_response_headers(), self.handler.request,
response_body)
# 对返回结果进行签名
self.handler.set_header('X-Api-Signature', signature)
logger.debug('process_response_done')
def load_middleware(self):
"""
从 settings.MIDDLEWARE_CLASSES 载入中间件
"""
for middleware_path in settings.MIDDLEWARE_CLASSES:
mw_class = import_string(middleware_path)
self.middleware_list.append(mw_class)
logger.debug('middleware_list: \n%s' %
'\n'.join([text_type(m) for m in self.middleware_list]))
def load_builtin_endpoints(self):
"""
从 settings.BUILTIN_ENDPOINTS 载入内置的 endpoints
"""
handlers = []
for endpoint in settings.BUILTIN_ENDPOINTS:
c = endpoint['config']
for url, handler_path in endpoint['handlers']:
h_class = import_string(handler_path)
handlers.append((r'/%s/%s%s' % (c['name'], c['version'], url), h_class))
logger.debug('builtin_endpoints: \n%s' %
'\n'.join([text_type(h) for h in handlers]))
return handlers
def load_builtin_endpoints(self):
"""
从 settings.BUILTIN_ENDPOINTS 载入内置的 endpoints
"""
handlers = []
for endpoint in settings.BUILTIN_ENDPOINTS:
c = endpoint['config']
for url, handler_path in endpoint['handlers']:
h_class = import_string(handler_path)
handlers.append(
(r'/%s/%s%s' % (c['name'], c['version'], url), h_class))
logger.debug('builtin_endpoints: \n%s' %
'\n'.join([text_type(h) for h in handlers]))
return handlers
def encrypt_data(self):
aes_cipher = AESCipher(self.secret_key)
headers_str = json_util.dumps(self.request_data.headers)
# 加密 Headers 和 url
self.request_data.headers = {
'Content-Type': 'application/octet-stream',
'X-Api-Encrypted-Headers': aes_cipher.encrypt(utf8(headers_str)),
'X-Api-Encrypted-Uri': aes_cipher.encrypt(utf8(self.request_data.uri))
}
self.request_data.uri = '/?_t=%d&_nonce=%s' % \
(int(time.time()), text_type(random.random()))
# 设置一个新的 url
url = self.api_server.strip() + self.request_data.uri
if self.request_data.body is not None and len(self.request_data.body) > 0:
self.request_data.body = aes_cipher.encrypt(utf8(self.request_data.body))
logger.debug(self.request_data.body)
return url
def encrypt_data(self):
aes_cipher = AESCipher(self.secret_key)
headers_str = json_util.dumps(self.request_data.headers)
# 加密 Headers 和 url
self.request_data.headers = {
'Content-Type': 'application/octet-stream',
'X-Api-Encrypted-Headers': aes_cipher.encrypt(utf8(headers_str)),
'X-Api-Encrypted-Uri':
aes_cipher.encrypt(utf8(self.request_data.uri))
}
self.request_data.uri = '/?_t=%d&_nonce=%s' % \
(int(time.time()), text_type(random.random()))
# 设置一个新的 url
url = self.api_server.strip() + self.request_data.uri
if self.request_data.body is not None and len(
self.request_data.body) > 0:
self.request_data.body = aes_cipher.encrypt(
utf8(self.request_data.body))
logger.debug(self.request_data.body)
return url
def get_exc_message(e):
return e.log_message if \
hasattr(e, 'log_message') else text_type(e)
def get_exc_message(e):
return e.log_message if \
hasattr(e, 'log_message') else text_type(e)