def process_api_object(self, obj, project): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return(response) method = obj.get("method") params = obj.get("params") response.method = method schema = server_api_schema if method not in schema: response.error = self.METHOD_NOT_FOUND else: try: validate(params, schema[method]) except ValidationError as e: response.error = str(e) else: result, error = yield self.process_call( project, method, params) response.body = result response.error = error raise Return(response)
def process_api_object(self, obj, project): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return(response) method = obj.get("method") params = obj.get("params") response.method = method schema = server_api_schema if method not in schema: response.error = self.METHOD_NOT_FOUND else: try: validate(params, schema[method]) except ValidationError as e: response.error = str(e) else: result, error = yield self.process_call( project, method, params ) response.body = result response.error = error raise Return(response)
def message_received(self, message): """ Called when message from client received. """ response = Response() try: data = json_decode(message) except ValueError: response.error = 'malformed JSON data' self.send(response.as_message()) yield self.sock.close() raise Return((True, None)) try: validate(data, req_schema) except ValidationError as e: response.error = str(e) self.send(response.as_message()) yield self.sock.close() raise Return((True, None)) uid = data.get('uid', None) method = data.get('method') params = data.get('params') response.uid = uid response.method = method response.params = params if method != 'connect' and not self.is_authenticated: response.error = self.application.UNAUTHORIZED self.send(response.as_message()) yield self.sock.close() raise Return((True, None)) func = getattr(self, 'handle_%s' % method, None) if not func: response.error = "unknown method %s" % method self.send(response.as_message()) yield self.sock.close() raise Return((True, None)) if method not in client_api_schema: raise Return((None, 'unknown method %s' % method)) try: validate(params, client_api_schema[method]) except ValidationError as e: response = Response(uid=uid, method=method, error=str(e)) self.send(response.as_message()) yield self.sock.close() raise Return((True, None)) response.body, response.error = yield func(params) self.send(response.as_message()) raise Return((True, None))
def process_obj(self, obj): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return((response, response.error)) uid = obj.get('uid', None) method = obj.get('method') params = obj.get('params') response.uid = uid response.method = method if method not in ['connect'] and not self.is_authenticated: response.error = self.application.UNAUTHORIZED raise Return((response, response.error)) func = getattr(self, 'handle_%s' % method, None) if not func or method not in client_api_schema: response.error = "unknown method %s" % method raise Return((response, response.error)) try: schema_name = method if self.application.INSECURE and schema_name == 'connect': # if Centrifuge run in insecure mode we use simplified connection # schema to allow clients connect without timestamp and token schema_name = "connect_insecure" validate(params, client_api_schema[schema_name]) except ValidationError as e: response.error = str(e) raise Return((response, response.error)) response.body, response.error = yield func(params) raise Return((response, None))
def process_object(self, obj, project, is_owner_request): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return(response) req_id = obj.get("uid", None) method = obj.get("method") params = obj.get("params") response.uid = req_id response.method = method schema = server_api_schema if is_owner_request and self.application.OWNER_API_PROJECT_PARAM in params: project_id = params[self.application.OWNER_API_PROJECT_PARAM] project, error = yield self.application.structure.get_project_by_id( project_id ) if error: logger.error(error) response.error = self.application.INTERNAL_SERVER_ERROR if not project: response.error = self.application.PROJECT_NOT_FOUND try: params.pop(self.application.OWNER_API_PROJECT_PARAM) except KeyError: pass if not is_owner_request and method in owner_api_methods: response.error = self.application.PERMISSION_DENIED if not response.error: if method not in schema: response.error = self.application.METHOD_NOT_FOUND else: try: validate(params, schema[method]) except ValidationError as e: response.error = str(e) else: result, error = yield self.application.process_call( project, method, params ) response.body = result response.error = error raise Return(response)
def process_api_object(self, obj, project, is_owner_request): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return(response) req_id = obj.get("uid", None) method = obj.get("method") params = obj.get("params") response.uid = req_id response.method = method schema = server_api_schema if is_owner_request and self.OWNER_API_PROJECT_PARAM in params: project_id = params[self.OWNER_API_PROJECT_PARAM] project, error = yield self.structure.get_project_by_id( project_id ) if error: logger.error(error) response.error = self.INTERNAL_SERVER_ERROR if not project: response.error = self.PROJECT_NOT_FOUND try: params.pop(self.OWNER_API_PROJECT_PARAM) except KeyError: pass if not is_owner_request and method in owner_api_methods: response.error = self.PERMISSION_DENIED if not response.error: if method not in schema: response.error = self.METHOD_NOT_FOUND else: try: validate(params, schema[method]) except ValidationError as e: response.error = str(e) else: result, error = yield self.process_call( project, method, params ) response.body = result response.error = error raise Return(response)
def process_obj(self, obj): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return((response, response.error)) uid = obj.get('uid', None) method = obj.get('method') params = obj.get('params') response.uid = uid response.method = method if method != 'connect' and not self.is_authenticated: response.error = self.application.UNAUTHORIZED raise Return((response, response.error)) func = getattr(self, 'handle_%s' % method, None) if not func or method not in client_api_schema: response.error = "unknown method %s" % method raise Return((response, response.error)) try: validate(params, client_api_schema[method]) except ValidationError as e: response.error = str(e) raise Return((response, response.error)) response.body, response.error = yield func(params) raise Return((response, None))
def process_obj(self, obj): response = Response() try: validate(obj, req_schema) except ValidationError as e: response.error = str(e) raise Return((response, response.error)) uid = obj.get('uid', None) method = obj.get('method') params = obj.get('params') response.uid = uid response.method = method if method != 'connect' and not self.is_authenticated: response.error = self.application.UNAUTHORIZED raise Return((response, response.error)) func = getattr(self, 'handle_%s' % method, None) if not func or not method in client_api_schema: response.error = "unknown method %s" % method raise Return((response, response.error)) try: validate(params, client_api_schema[method]) except ValidationError as e: response.error = str(e) raise Return((response, response.error)) response.body, response.error = yield func(params) raise Return((response, None))
def post(self, project_id): """ Handle API HTTP requests. """ if not self.request.body: raise tornado.web.HTTPError(400, log_message="empty request") sign = self.get_argument('sign', None) if not sign: raise tornado.web.HTTPError(400, log_message="no data sign") encoded_data = self.get_argument('data', None) if not encoded_data: raise tornado.web.HTTPError(400, log_message="no data") is_owner_request = False if project_id == self.application.MAGIC_PROJECT_ID: # API request aims to be from superuser is_owner_request = True if is_owner_request: # use api secret key from configuration to check sign secret = self.application.settings["config"].get("api_secret") if not secret: raise tornado.web.HTTPError(501, log_message="no api_secret in configuration file") project = None else: project, error = yield self.application.structure.get_project_by_id(project_id) if error: raise tornado.web.HTTPError(500, log_message=str(error)) if not project: raise tornado.web.HTTPError(404, log_message="project not found") # use project secret key to validate sign secret = project['secret_key'] is_valid = auth.check_sign( secret, project_id, encoded_data, sign ) if not is_valid: raise tornado.web.HTTPError(401, log_message="unauthorized") data = auth.decode_data(encoded_data) if not data: raise tornado.web.HTTPError(400, log_message="malformed data") response = Response() try: validate(data, req_schema) except ValidationError as e: response.error = str(e) else: req_id = data.get("uid", None) method = data.get("method") params = data.get("params") response.uid = req_id response.method = method schema = server_api_schema if is_owner_request and self.application.MAGIC_PROJECT_PARAM in params: project_id = params[self.application.MAGIC_PROJECT_PARAM] project, error = yield self.application.structure.get_project_by_id( project_id ) if error: logger.error(error) response.error = self.application.INTERNAL_SERVER_ERROR if not project: response.error = self.application.PROJECT_NOT_FOUND try: params.pop(self.application.MAGIC_PROJECT_PARAM) except KeyError: pass if not is_owner_request and method in owner_api_methods: response.error = self.application.PERMISSION_DENIED if not response.error: if method not in schema: response.error = self.application.METHOD_NOT_FOUND else: try: validate(params, schema[method]) except ValidationError as e: response.error = str(e) else: result, error = yield self.application.process_call( project, method, params ) response.body = result response.error = error self.json_response(response.as_message())
def post(self, project_id): """ Handle API HTTP requests. """ if not self.request.body: raise tornado.web.HTTPError(400, log_message="empty request") sign = self.get_argument('sign', None) if not sign: raise tornado.web.HTTPError(400, log_message="no data sign") encoded_data = self.get_argument('data', None) if not encoded_data: raise tornado.web.HTTPError(400, log_message="no data") is_owner_request = False if project_id == self.application.MAGIC_PROJECT_ID: # API request aims to be from superuser is_owner_request = True if is_owner_request: # use api secret key from configuration to check sign secret = self.application.settings["config"].get("api_secret") if not secret: raise tornado.web.HTTPError( 501, log_message="no api_secret in configuration file") project = None else: project, error = yield self.application.structure.get_project_by_id( project_id) if error: raise tornado.web.HTTPError(500, log_message=str(error)) if not project: raise tornado.web.HTTPError(404, log_message="project not found") # use project secret key to validate sign secret = project['secret_key'] is_valid = auth.check_sign(secret, project_id, encoded_data, sign) if not is_valid: raise tornado.web.HTTPError(401, log_message="unauthorized") data = auth.decode_data(encoded_data) if not data: raise tornado.web.HTTPError(400, log_message="malformed data") response = Response() try: validate(data, req_schema) except ValidationError as e: response.error = str(e) else: req_id = data.get("uid", None) method = data.get("method") params = data.get("params") response.uid = req_id response.method = method schema = server_api_schema if is_owner_request and self.application.MAGIC_PROJECT_PARAM in params: project_id = params[self.application.MAGIC_PROJECT_PARAM] project, error = yield self.application.structure.get_project_by_id( project_id) if error: logger.error(error) response.error = self.application.INTERNAL_SERVER_ERROR if not project: response.error = self.application.PROJECT_NOT_FOUND try: params.pop(self.application.MAGIC_PROJECT_PARAM) except KeyError: pass if not is_owner_request and method in owner_api_methods: response.error = self.application.PERMISSION_DENIED if not response.error: if method not in schema: response.error = self.application.METHOD_NOT_FOUND else: try: validate(params, schema[method]) except ValidationError as e: response.error = str(e) else: result, error = yield self.application.process_call( project, method, params) response.body = result response.error = error self.json_response(response.as_message())