def make_api_response(data, err="", status_code=200, cookies=None) -> Response:
quota_user = flsk_session.pop("quota_user", None)
quota_set = flsk_session.pop("quota_set", False)
if quota_user and quota_set:
QUOTA_TRACKER.end(quota_user)
if type(err) is Exception:
trace = exc_info()[2]
err = ''.join(['\n'] + format_tb(trace) +
['%s: %s\n' %
(err.__class__.__name__, str(err))]).rstrip('\n')
log_with_traceback(LOGGER, trace, "Exception", is_exception=True)
resp = make_response(
jsonify({
"api_response": data,
"api_error_message": err,
"api_server_version": VERSION,
"api_status_code": status_code
}), status_code)
if isinstance(cookies, dict):
for k, v in cookies.items():
resp.set_cookie(k, v)
return resp
def make_api_response(data, err="", status_code=200, cookies=None) -> Response:
quota_user = flsk_session.pop("quota_user", None)
quota_id = flsk_session.pop("quota_id", None)
quota_set = flsk_session.pop("quota_set", False)
if quota_user and quota_set:
RATE_LIMITER.dec(quota_user, track_id=quota_id)
RATE_LIMITER.dec("__global__", track_id=quota_id)
if type(err) is Exception:
trace = exc_info()[2]
err = ''.join(['\n'] + format_tb(trace) +
['%s: %s\n' %
(err.__class__.__name__, str(err))]).rstrip('\n')
log_with_traceback(LOGGER, trace, "Exception", is_exception=True)
resp = make_response(
jsonify({
"api_response":
data,
"api_error_message":
err,
"api_server_version":
"%s.%s.%s" % (BUILD_MASTER, BUILD_LOWER, BUILD_NO),
"api_status_code":
status_code
}), status_code)
if isinstance(cookies, dict):
for k, v in cookies.items():
resp.set_cookie(k, v)
return resp
def handle_403(e):
if isinstance(e, Forbidden):
error_message = e.description
else:
error_message = str(e)
trace = exc_info()[2]
if AUDIT:
uname = "(None)"
ip = request.remote_addr
session_id = flsk_session.get("session_id", None)
if session_id:
session = KV_SESSION.get(session_id)
if session:
uname = session.get("username", uname)
ip = session.get("ip", ip)
log_with_traceback(
AUDIT_LOG, trace,
f"Access Denied. (U:{uname} - IP:{ip}) [{error_message}]")
if request.path.startswith("/api/"):
config_block = {
"auth": {
"allow_2fa": config.auth.allow_2fa,
"allow_apikeys": config.auth.allow_apikeys,
"allow_security_tokens": config.auth.allow_security_tokens,
},
"ui": {
"allow_url_submissions":
config.ui.allow_url_submissions,
"read_only":
config.ui.read_only,
"tos":
config.ui.tos not in [None, ""],
"tos_lockout":
config.ui.tos_lockout,
"tos_lockout_notify":
config.ui.tos_lockout_notify not in [None, []]
}
}
return make_api_response(
config_block,
"Access Denied (%s) [%s]" % (request.path, error_message), 403)
else:
if error_message.startswith("User") and str(e).endswith("is disabled"):
return render_template('403e.html',
exception=error_message,
email=config.ui.email or "",
notified=config.ui.tos_lockout
and config.ui.tos_lockout_notify), 403
else:
return render_template('403.html', exception=error_message), 403
def handle_500(e):
if isinstance(e.original_exception, AccessDeniedException):
return handle_403(e.original_exception)
if isinstance(e.original_exception, AuthenticationException):
return handle_401(e.original_exception)
oe = e.original_exception or e
trace = exc_info()[2]
log_with_traceback(LOGGER, trace, "Exception", is_exception=True)
message = ''.join(['\n'] + format_tb(exc_info()[2]) +
['%s: %s\n' %
(oe.__class__.__name__, str(oe))]).rstrip('\n')
return make_api_response("", message, 500)
def handle_500(e):
if isinstance(e.original_exception, AccessDeniedException):
return handle_403(e.original_exception)
if isinstance(e.original_exception, AuthenticationException):
return handle_401(e.original_exception)
oe = e.original_exception or e
trace = exc_info()[2]
log_with_traceback(LOGGER, trace, "Exception", is_exception=True)
message = ''.join(['\n'] + format_tb(exc_info()[2]) +
['%s: %s\n' %
(oe.__class__.__name__, str(oe))]).rstrip('\n')
if request.path.startswith("/api/"):
return make_api_response("", message, 500)
else:
return render_template('500.html', exception=message), 500