def _setup_initialize(self, conf):
#Set the site specific settings in config (Most params don't update the
#base config dict)
for k,v in conf.items():
if k.startswith('site_'):
config[k] = v
log.enabled = conf['site_debug']
#Set up cherrypy.session? We do this even if we're not overriding
#sessions, since it plays nice with the builtin sessions module.
if not hasattr(cherrypy, 'session'):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
#Set up cherrypy.user
if not hasattr(cherrypy, 'user'):
cherrypy.user = cherrypy._ThreadLocalProxy('user')
#Setup slate storage medium
self.storage_type = conf['site_storage']
self.storage_class = storage.get_storage_class(self.storage_type)
config.storage_class = self.storage_class
log('Found: ' + str(config.storage_class))
config.storage_class.setup(conf['site_storage_conf'])
#Setup monitor thread...
if getattr(config, 'storage_cleanup_thread', None) is not None:
config.storage_cleanup_thread.stop()
config.storage_cleanup_thread.unsubscribe()
config.storage_cleanup_thread = None
clean_freq = conf['site_storage_clean_freq']
if clean_freq:
def cleanup():
config.storage_class.clean_up()
#Start with a bang!
cleanup()
config.storage_cleanup_thread = cherrypy.process.plugins.Monitor(
cherrypy.engine, cleanup, clean_freq * 60
,name = 'Slate Storage Cleanup'
)
config.storage_cleanup_thread.subscribe()
config.storage_cleanup_thread.start()
#Set up the authentication system interface
config.auth = AuthInterface()
#Add config groups/users
for name,data in config['site_group_list'].items():
try:
config.auth.group_create(name, data)
except AuthError, e:
log("Failed to add group {0}: {1}".format(name, str(e)))
def init(storage_type = 'ram', path = None, path_header = None, name = 'session_id', timeout = 60, domain = None, secure = False, clean_freq = 5, persistent = True, debug = False, **kwargs):
request = cherrypy.serving.request
if hasattr(request, '_session_init_flag'):
return
request._session_init_flag = True
id = None
if name in request.cookie:
id = request.cookie[name].value
if debug:
cherrypy.log('ID obtained from request.cookie: %r' % id, 'TOOLS.SESSIONS')
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
if not hasattr(cherrypy, 'session'):
if hasattr(storage_class, 'setup'):
storage_class.setup(**kwargs)
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
sess.debug = debug
def update_cookie(id):
cherrypy.serving.response.cookie[name] = id
sess.id_observers.append(update_cookie)
if not hasattr(cherrypy, 'session'):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
if persistent:
cookie_timeout = timeout
else:
cookie_timeout = None
set_response_cookie(path=path, path_header=path_header, name=name, timeout=cookie_timeout, domain=domain, secure=secure)
def _setup(self):
"""Hook this tool into cherrypy.request.
Used to start slate cleanup and hook in slates.init_session
The standard CherryPy request object will automatically call this
method when the tool is "turned on" in config.
"""
hooks = cherrypy.serving.request.hooks
conf = self._merged_args()
# Check for new storage_type mostly for unit testing (as opposed
# to the session variable's presence)
new_storage_type = conf.get("storage_type", "ram")
if self.storage_type != new_storage_type:
if not hasattr(cherrypy, "session"):
cherrypy.session = cherrypy._ThreadLocalProxy("session")
# Find the storage class
self.storage_type = new_storage_type
self.storage_class = getattr(slates, self.storage_type.title() + "Slate")
# Setup slates and slate storage
conf["storage_class"] = self.storage_class
slates.Slate.setup(**conf)
p = conf.pop("priority", None)
if p is None:
p = getattr(self.callable, "priority", self._priority)
hooks.attach(self._point, self.callable, priority=p, **conf)
def init(storage_type='ram', path=None, path_header=None, name='session_id',
timeout=60, domain=None, secure=False, clean_freq=5, **kwargs):
"""Initialize session object (using cookies).
storage_type: one of 'ram', 'file', 'postgresql'. This will be used
to look up the corresponding class in cherrypy.lib.sessions
globals. For example, 'file' will use the FileSession class.
path: the 'path' value to stick in the response cookie metadata.
path_header: if 'path' is None (the default), then the response
cookie 'path' will be pulled from request.headers[path_header].
name: the name of the cookie.
timeout: the expiration timeout (in minutes) for both the cookie and
stored session data.
domain: the cookie domain.
secure: if False (the default) the cookie 'secure' value will not
be set. If True, the cookie 'secure' value will be set (to 1).
clean_freq (minutes): the poll rate for expired session cleanup.
Any additional kwargs will be bound to the new Session instance,
and may be specific to the storage type. See the subclass of Session
you're using for more information.
"""
request = cherrypy.request
# Guard against running twice
if hasattr(request, "_session_init_flag"):
return
request._session_init_flag = True
# Check if request came with a session ID
id = None
if name in request.cookie:
id = request.cookie[name].value
# Find the storage class and call setup (first time only).
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
if not hasattr(cherrypy, "session"):
if hasattr(storage_class, "setup"):
storage_class.setup(**kwargs)
# Create and attach a new Session instance to cherrypy.serving.
# It will possess a reference to (and lock, and lazily load)
# the requested session data.
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
def update_cookie(id):
"""Update the cookie every time the session id changes."""
cherrypy.response.cookie[name] = id
sess.id_observers.append(update_cookie)
# Create cherrypy.session which will proxy to cherrypy.serving.session
if not hasattr(cherrypy, "session"):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
set_response_cookie(path=path, path_header=path_header, name=name,
timeout=timeout, domain=domain, secure=secure)
def init(storage_type='ram',
path=None,
path_header=None,
name='session_id',
timeout=60,
domain=None,
secure=False,
clean_freq=5,
persistent=True,
debug=False,
**kwargs):
request = cherrypy.serving.request
if hasattr(request, '_session_init_flag'):
return
request._session_init_flag = True
id = None
if name in request.cookie:
id = request.cookie[name].value
if debug:
cherrypy.log('ID obtained from request.cookie: %r' % id,
'TOOLS.SESSIONS')
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
if not hasattr(cherrypy, 'session'):
if hasattr(storage_class, 'setup'):
storage_class.setup(**kwargs)
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
sess.debug = debug
def update_cookie(id):
cherrypy.serving.response.cookie[name] = id
sess.id_observers.append(update_cookie)
if not hasattr(cherrypy, 'session'):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
if persistent:
cookie_timeout = timeout
else:
cookie_timeout = None
set_response_cookie(path=path,
path_header=path_header,
name=name,
timeout=cookie_timeout,
domain=domain,
secure=secure)
def init(storage_type='ram', path=None, path_header=None, name='session_id',
timeout=60, domain=None, secure=False, clean_freq=5,
persistent=True, debug=False, **kwargs):
"""Initialize session object (using cookies).
storage_type
One of 'ram', 'file', 'postgresql'. This will be used
to look up the corresponding class in cherrypy.lib.sessions
globals. For example, 'file' will use the FileSession class.
path
The 'path' value to stick in the response cookie metadata.
path_header
If 'path' is None (the default), then the response
cookie 'path' will be pulled from request.headers[path_header].
name
The name of the cookie.
timeout
The expiration timeout (in minutes) for the stored session data.
If 'persistent' is True (the default), this is also the timeout
for the cookie.
domain
The cookie domain.
secure
If False (the default) the cookie 'secure' value will not
be set. If True, the cookie 'secure' value will be set (to 1).
clean_freq (minutes)
The poll rate for expired session cleanup.
persistent
If True (the default), the 'timeout' argument will be used
to expire the cookie. If False, the cookie will not have an expiry,
and the cookie will be a "session cookie" which expires when the
browser is closed.
Any additional kwargs will be bound to the new Session instance,
and may be specific to the storage type. See the subclass of Session
you're using for more information.
"""
request = cherrypy.serving.request
# Guard against running twice
if hasattr(request, "_session_init_flag"):
return
request._session_init_flag = True
# Check if request came with a session ID
id = None
if name in request.cookie:
id = request.cookie[name].value
if debug:
cherrypy.log('ID obtained from request.cookie: %r' % id,
'TOOLS.SESSIONS')
# Find the storage class and call setup (first time only).
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
if not hasattr(cherrypy, "session"):
if hasattr(storage_class, "setup"):
storage_class.setup(**kwargs)
# Create and attach a new Session instance to cherrypy.serving.
# It will possess a reference to (and lock, and lazily load)
# the requested session data.
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
sess.debug = debug
def update_cookie(id):
"""Update the cookie every time the session id changes."""
cherrypy.serving.response.cookie[name] = id
sess.id_observers.append(update_cookie)
# Create cherrypy.session which will proxy to cherrypy.serving.session
if not hasattr(cherrypy, "session"):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
if persistent:
cookie_timeout = timeout
else:
# See http://support.microsoft.com/kb/223799/EN-US/
# and http://support.mozilla.com/en-US/kb/Cookies
cookie_timeout = None
set_response_cookie(path=path, path_header=path_header, name=name,
timeout=cookie_timeout, domain=domain, secure=secure)
def limit (self, **dummy_kwargs):
""" Do accounting for ip and return 403 if ip exceeded quota. """
ipsession = self._get_ip_session ()
cherrypy.serving.ipsession = ipsession
if not hasattr (cherrypy, "ipsession"):
cherrypy.ipsession = cherrypy._ThreadLocalProxy ('ipsession') # pylint: disable=W0212
ipsession.sessions.add (cherrypy.session.id)
headers = cherrypy.request.headers
ua = headers.get ('User-Agent')
signature = self._get_http_signature (headers)
whitelisted = (ipsession.ips.whitelisted or
self.whitelisted_paths.match (cherrypy.request.path_info))
with self.lock:
ipsession['active'] = True
ipsession.extend_expiration (self.expiration)
ipsession.append_trace (self, ua, signature)
ipsession['css_ok'] = self.check_challenge () # store value for stats page
if not whitelisted:
ipsession.calc_block (self, ua)
ipsession['last_hit'] = datetime.datetime.now () # set this after calc_block
ipsession.log_state ()
# allow hit
if whitelisted:
ipsession.log ('whitelisted')
cherrypy.response.headers['X-Whitelisted'] = 'ratelimiter'
ipsession['hits'] += 1
self.whitelist_hit_accumulator += 1
return
if ipsession['blocked'] == 0:
ipsession['hits'] += 1
self.hit_accumulator += 1
return
# soft or hard deny
self.denied_hit_accumulator += 1
cherrypy.lib.caching.expires (0, True)
if ipsession['blocked'] == 1:
ipsession['captchas'] += 1
ipsession.extend_expiration (10 * self.expiration) # watch 'em longer
ipsession.log ('Redirected to captcha')
cherrypy.response.headers['X-Ratelimiter-Denied'] = "503"
raise cherrypy.HTTPRedirect ('//www.gutenberg.org/w/captcha/question/')
else:
ipsession['dhits'] += 1
ipsession.set_expiration (self.expiration)
if not ipsession['headers']:
ipsession['headers'] = self._get_headers_array (headers)
ipsession.log ('Blocked 403')
cherrypy.response.headers['X-Ratelimiter-Denied'] = "403"
raise cherrypy.HTTPError (403, 'Forbidden')
def init(
storage_type=None,
path=None,
path_header=None,
name='session_id',
timeout=60,
domain=None,
secure=False,
clean_freq=5,
persistent=True,
httponly=False,
debug=False,
# Py27 compat
# *, storage_class=RamSession,
**kwargs):
"""Initialize session object (using cookies).
storage_class
The Session subclass to use. Defaults to RamSession.
storage_type
(deprecated)
One of 'ram', 'file', memcached'. This will be
used to look up the corresponding class in cherrypy.lib.sessions
globals. For example, 'file' will use the FileSession class.
path
The 'path' value to stick in the response cookie metadata.
path_header
If 'path' is None (the default), then the response
cookie 'path' will be pulled from request.headers[path_header].
name
The name of the cookie.
timeout
The expiration timeout (in minutes) for the stored session data.
If 'persistent' is True (the default), this is also the timeout
for the cookie.
domain
The cookie domain.
secure
If False (the default) the cookie 'secure' value will not
be set. If True, the cookie 'secure' value will be set (to 1).
clean_freq (minutes)
The poll rate for expired session cleanup.
persistent
If True (the default), the 'timeout' argument will be used
to expire the cookie. If False, the cookie will not have an expiry,
and the cookie will be a "session cookie" which expires when the
browser is closed.
httponly
If False (the default) the cookie 'httponly' value will not be set.
If True, the cookie 'httponly' value will be set (to 1).
Any additional kwargs will be bound to the new Session instance,
and may be specific to the storage type. See the subclass of Session
you're using for more information.
"""
# Py27 compat
storage_class = kwargs.pop('storage_class', RamSession)
request = cherrypy.serving.request
# Guard against running twice
if hasattr(request, '_session_init_flag'):
return
request._session_init_flag = True
# Check if request came with a session ID
id = None
if name in request.cookie:
id = request.cookie[name].value
if debug:
cherrypy.log('ID obtained from request.cookie: %r' % id,
'TOOLS.SESSIONS')
first_time = not hasattr(cherrypy, 'session')
if storage_type:
if first_time:
msg = 'storage_type is deprecated. Supply storage_class instead'
cherrypy.log(msg)
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
# call setup first time only
if first_time:
if hasattr(storage_class, 'setup'):
storage_class.setup(**kwargs)
# Create and attach a new Session instance to cherrypy.serving.
# It will possess a reference to (and lock, and lazily load)
# the requested session data.
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
sess.debug = debug
def update_cookie(id):
"""Update the cookie every time the session id changes."""
cherrypy.serving.response.cookie[name] = id
sess.id_observers.append(update_cookie)
# Create cherrypy.session which will proxy to cherrypy.serving.session
if not hasattr(cherrypy, 'session'):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
if persistent:
cookie_timeout = timeout
else:
# See http://support.microsoft.com/kb/223799/EN-US/
# and http://support.mozilla.com/en-US/kb/Cookies
cookie_timeout = None
set_response_cookie(path=path,
path_header=path_header,
name=name,
timeout=cookie_timeout,
domain=domain,
secure=secure,
httponly=httponly)
def init(storage_type = 'ram', path = None, path_header = None, name = 'session_id', timeout = 60, domain = None, secure = False, clean_freq = 5, persistent = True, debug = False, **kwargs):
"""Initialize session object (using cookies).
storage_type
One of 'ram', 'file', 'postgresql'. This will be used
to look up the corresponding class in cherrypy.lib.sessions
globals. For example, 'file' will use the FileSession class.
path
The 'path' value to stick in the response cookie metadata.
path_header
If 'path' is None (the default), then the response
cookie 'path' will be pulled from request.headers[path_header].
name
The name of the cookie.
timeout
The expiration timeout (in minutes) for the stored session data.
If 'persistent' is True (the default), this is also the timeout
for the cookie.
domain
The cookie domain.
secure
If False (the default) the cookie 'secure' value will not
be set. If True, the cookie 'secure' value will be set (to 1).
clean_freq (minutes)
The poll rate for expired session cleanup.
persistent
If True (the default), the 'timeout' argument will be used
to expire the cookie. If False, the cookie will not have an expiry,
and the cookie will be a "session cookie" which expires when the
browser is closed.
Any additional kwargs will be bound to the new Session instance,
and may be specific to the storage type. See the subclass of Session
you're using for more information.
"""
request = cherrypy.serving.request
if hasattr(request, '_session_init_flag'):
return
request._session_init_flag = True
id = None
if name in request.cookie:
id = request.cookie[name].value
if debug:
cherrypy.log('ID obtained from request.cookie: %r' % id, 'TOOLS.SESSIONS')
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
if not hasattr(cherrypy, 'session'):
if hasattr(storage_class, 'setup'):
storage_class.setup(**kwargs)
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
sess.debug = debug
def update_cookie(id):
"""Update the cookie every time the session id changes."""
cherrypy.serving.response.cookie[name] = id
sess.id_observers.append(update_cookie)
if not hasattr(cherrypy, 'session'):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
if persistent:
cookie_timeout = timeout
else:
cookie_timeout = None
set_response_cookie(path=path, path_header=path_header, name=name, timeout=cookie_timeout, domain=domain, secure=secure)
def init(storage_type='ram',
path=None,
path_header=None,
name='session_id',
timeout=60,
domain=None,
secure=False,
clean_freq=5,
**kwargs):
"""Initialize session object (using cookies).
storage_type: one of 'ram', 'file', 'postgresql'. This will be used
to look up the corresponding class in cherrypy.lib.sessions
globals. For example, 'file' will use the FileSession class.
path: the 'path' value to stick in the response cookie metadata.
path_header: if 'path' is None (the default), then the response
cookie 'path' will be pulled from request.headers[path_header].
name: the name of the cookie.
timeout: the expiration timeout (in minutes) for both the cookie and
stored session data.
domain: the cookie domain.
secure: if False (the default) the cookie 'secure' value will not
be set. If True, the cookie 'secure' value will be set (to 1).
clean_freq (minutes): the poll rate for expired session cleanup.
Any additional kwargs will be bound to the new Session instance,
and may be specific to the storage type. See the subclass of Session
you're using for more information.
"""
request = cherrypy.request
# Guard against running twice
if hasattr(request, "_session_init_flag"):
return
request._session_init_flag = True
# Check if request came with a session ID
id = None
if name in request.cookie:
id = request.cookie[name].value
# Find the storage class and call setup (first time only).
storage_class = storage_type.title() + 'Session'
storage_class = globals()[storage_class]
if not hasattr(cherrypy, "session"):
if hasattr(storage_class, "setup"):
storage_class.setup(**kwargs)
# Create and attach a new Session instance to cherrypy.serving.
# It will possess a reference to (and lock, and lazily load)
# the requested session data.
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy.serving.session = sess = storage_class(id, **kwargs)
def update_cookie(id):
"""Update the cookie every time the session id changes."""
cherrypy.response.cookie[name] = id
sess.id_observers.append(update_cookie)
# Create cherrypy.session which will proxy to cherrypy.serving.session
if not hasattr(cherrypy, "session"):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
set_response_cookie(path=path,
path_header=path_header,
name=name,
timeout=timeout,
domain=domain,
secure=secure)
def init(storage_type='ram', path=None, path_header=None, name='session_id',
timeout=60, domain=None, secure=False, clean_freq=5, **kwargs):
"""Initialize session object (using cookies).
storage_type: one of 'ram', 'file', 'postgresql'. This will be used
to look up the corresponding class in cherrypy.lib.sessions
globals. For example, 'file' will use the FileSession class.
path: the 'path' value to stick in the response cookie metadata.
path_header: if 'path' is None (the default), then the response
cookie 'path' will be pulled from request.headers[path_header].
name: the name of the cookie.
timeout: the expiration timeout for the cookie.
domain: the cookie domain.
secure: if False (the default) the cookie 'secure' value will not
be set. If True, the cookie 'secure' value will be set (to 1).
clean_freq (minutes): the poll rate for expired session cleanup.
Any additional kwargs will be bound to the new Session instance,
and may be specific to the storage type. See the subclass of Session
you're using for more information.
"""
request = cherrypy.request
# Guard against running twice
if hasattr(request, "_session_init_flag"):
return
request._session_init_flag = True
# Check if request came with a session ID
id = None
if name in request.cookie:
id = request.cookie[name].value
# Create and attach a new Session instance to cherrypy._serving.
# It will possess a reference to (and lock, and lazily load)
# the requested session data.
storage_class = storage_type.title() + 'Session'
kwargs['timeout'] = timeout
kwargs['clean_freq'] = clean_freq
cherrypy._serving.session = sess = globals()[storage_class](id, **kwargs)
if not hasattr(cherrypy, "session"):
cherrypy.session = cherrypy._ThreadLocalProxy('session')
if hasattr(sess, "setup"):
sess.setup()
# Set response cookie
cookie = cherrypy.response.cookie
cookie[name] = sess.id
cookie[name]['path'] = path or request.headers.get(path_header) or '/'
# We'd like to use the "max-age" param as indicated in
# http://www.faqs.org/rfcs/rfc2109.html but IE doesn't
# save it to disk and the session is lost if people close
# the browser. So we have to use the old "expires" ... sigh ...
## cookie[name]['max-age'] = timeout * 60
if timeout:
cookie[name]['expires'] = http.HTTPDate(time.time() + (timeout * 60))
if domain is not None:
cookie[name]['domain'] = domain
if secure:
cookie[name]['secure'] = 1
