def getAlias(self, aliasid, token, path):
"""Returns a LibraryFileAlias, or raises LookupError.
A LookupError is raised if no record with the given ID exists
or if not related LibraryFileContent exists.
:param token: The token for the file. If None no token is present.
When a token is supplied, it is looked up with path.
:param path: The path the request is for, unused unless a token
is supplied; when supplied it must match the token. The
value of path is expected to be that from a twisted request.args
e.g. /foo/bar.
"""
restricted = self.restricted
if token and path:
# with a token and a path we may be able to serve restricted files
# on the public port.
store = session_store()
token_found = store.find(TimeLimitedToken,
SQL("age(created) < interval '1 day'"),
TimeLimitedToken.token == token,
TimeLimitedToken.path==path).is_empty()
store.reset()
if token_found:
raise LookupError("Token stale/pruned/path mismatch")
else:
restricted = True
alias = LibraryFileAlias.selectOne(And(
LibraryFileAlias.id == aliasid,
LibraryFileAlias.contentID == LibraryFileContent.q.id,
LibraryFileAlias.restricted == restricted))
if alias is None:
raise LookupError("No file alias with LibraryFileContent")
return alias
def getAlias(self, aliasid, token, path):
"""Returns a LibraryFileAlias, or raises LookupError.
A LookupError is raised if no record with the given ID exists
or if not related LibraryFileContent exists.
:param aliasid: A `LibraryFileAlias` ID.
:param token: The token for the file. If None no token is present.
When a token is supplied, it is looked up with path.
:param path: The path the request is for, unused unless a token
is supplied; when supplied it must match the token. The
value of path is expected to be that from a twisted request.args
e.g. /foo/bar.
"""
restricted = self.restricted
if token and path:
# With a token and a path we may be able to serve restricted files
# on the public port.
if isinstance(token, Macaroon):
# Macaroons have enough other constraints that they don't
# need to be path-specific; it's simpler and faster to just
# check the alias ID.
token_ok = threads.blockingCallFromThread(
default_reactor, self._verifyMacaroon, token, aliasid)
else:
# The URL-encoding of the path may have changed somewhere
# along the line, so reencode it canonically. LFA.filename
# can't contain slashes, so they're safe to leave unencoded.
# And urllib.quote erroneously excludes ~ from its safe set,
# while RFC 3986 says it should be unescaped and Chromium
# forcibly decodes it in any URL that it sees.
#
# This needs to match url_path_quote.
normalised_path = urllib.quote(urllib.unquote(path),
safe='/~+')
store = session_store()
token_ok = not store.find(
TimeLimitedToken, SQL("age(created) < interval '1 day'"),
TimeLimitedToken.token
== hashlib.sha256(token).hexdigest(), TimeLimitedToken.path
== normalised_path).is_empty()
store.reset()
if token_ok:
restricted = True
else:
raise LookupError("Token stale/pruned/path mismatch")
alias = LibraryFileAlias.selectOne(
And(LibraryFileAlias.id == aliasid,
LibraryFileAlias.contentID == LibraryFileContent.q.id,
LibraryFileAlias.restricted == restricted))
if alias is None:
raise LookupError("No file alias with LibraryFileContent")
return alias
