def set_secure_cookie(self, name, value, key=None, timestamp=True, **kwargs): if key is None: key = config.get('cookie_secret') value = str(value) if timestamp: value += struct.pack('<I', int(time.time())) return self.set_cookie(name, crypto.encrypt_string(value, key=key), **kwargs)
def initialize(self): super(RequestHandler, self).initialize() self._force_rollback = False self._session = None self._force_redirect = None flash_cookie = self.get_cookie('flash') if flash_cookie: self.flash = Flash.load(url_unescape(flash_cookie)) else: self.flash = Flash() host = self.request.host.lower() self.production = (host == 'graffspotting.com' or host.endswith('.graffspotting.com')) mobile = None mobile_cookie = self.get_cookie('m', None) if mobile_cookie is None: if detect_mobile(self.request.headers.get('User-Agent')): self.set_cookie('m', '1') mobile = True if host == 'graffspotting.com': self._force_redirect = 'm.graffspotting.com' return else: mobile = False self.set_cookie('m', '0') elif host == 'm.graffspotting.com' and mobile_cookie == '0': self._force_redirect = 'graffspotting.com' return elif host == 'graffspotting.com' and mobile_cookie == '1': self._force_redirect = 'm.graffspotting.com' return if mobile is None: mobile = mobile_cookie == '1' user_id = self.get_secure_cookie('s') if user_id: user_id, = struct.unpack('<I', user_id) self.user = db.User.by_id(self.session, user_id) else: self.user = None # ensure the user has a unique visitor cookie if self.get_secure_cookie('v', None) is None: self.set_secure_cookie('v', os.urandom(10)) self.env = { 'config': config, 'debug': self.settings['debug'], 'esc': url_escape, 'flash': self.flash, 'gmaps_api_key': config.get('gmaps_api_key', 'AIzaSyCTd_7j6ZeXATLOfTvpAqaqCkxM0zFP5Oc'), 'is_error': False, 'mobile': mobile, 'today': datetime.date.today(), 'user': self.user }
def get_secure_cookie(self, name, default=None, key=None, timestamp=True): if key is None: key = config.get('cookie_secret') val = self.get_cookie(name, default) if val == default: return val try: val = crypto.decrypt_string(val, key=key) if timestamp: val = val[:-struct.calcsize('<I')] # chop off the timestamp return val except ValueError: self.clear_cookie(name) return default
import base64 import binascii import hashlib import os import struct from Crypto.Cipher import DES3 from graff import config crypto_secret = config.get('crypto_secret', None) if crypto_secret is not None: crypto_secret = crypto_secret.decode('hex') elif config.get('memory', False): default_secret = os.urandom(16) else: crypto_secret = '?' * 16 ## # from "tempest" ## PADDING_CHAR = '\0' BLOCK_SIZE = DES3.block_size HASH_SIZE = 8 HALF_HASH_SIZE = 4 # hash size to use for 'half-aligned' buffers IV_SIZE = 8 BASE64_BLOCK_SIZE = 8 BASE64_PADDING_CHAR = '=' BLOB_LEN_SIZE = 4
import datetime import hashlib import os from sqlalchemy import create_engine, func, Column, ForeignKey from sqlalchemy.types import Integer, String, Float, DateTime, Boolean from sqlalchemy.orm import sessionmaker, relationship, backref from sqlalchemy.ext.declarative import declarative_base import warnings from graff import config from graff import crypto from graff import geo if config.get('memory', True): engine = create_engine('sqlite:///:memory:') now = func.datetime() else: engine = create_engine('mysql+mysqldb://' + config.get('db_user', 'graff') + ':' + config.get('db_pass', 'gr4ff') + '@' + config.get('db_host', '127.0.0.1') + '/' + config.get('db_schema', 'graff'), pool_recycle=3600) now = func.now() Session = sessionmaker(bind=engine) class _Base(object): @property def encid(self): if hasattr(self, 'secret_key'):
settings = {} if os.isatty(sys.stdin.fileno()): import optparse parser = optparse.OptionParser() parser.add_option('-c', '--config', help='Path to the config file') parser.add_option('-d', '--debug', action='store_true', default=False) parser.add_option('-p', '--port', type='int', default=9000) parser.add_option('-n', '--num-procs', type='int', default=0) parser.add_option('--memory', default=False, action='store_true', help='use a sqlite:///:memory: table for the database') opts, args = parser.parse_args() config.load_config(opts.config, memory=opts.memory) config.setdefault('cookie_secret', os.urandom(16) if opts.memory else '----------------') settings['debug'] = opts.debug else: config.load_config(None, memory=False) assert config.get('cookie_secret') is not None settings['cookie_secret'] = config.get('cookie_secret') import tornado.httpserver import tornado.ioloop import tornado.web from graff.handlers import handlers from graff.ui import modules def p(name): return os.path.realpath(os.path.join(os.path.dirname(__file__), '..', name)) settings['static_path'] = p('static') settings['template_path'] = p('templates') settings['ui_modules'] = modules del p