def __call__(self, environ, start_response):
"""Handle WSGI request."""
request = Request(environ)
try:
with context.push(context="wsgi", environ=_environ(environ)):
operation = self._get_operation(request)
def handle(request):
try:
params = _params(request, operation)
except Exception: # authorization trumps input validation
authorize(operation.security)
raise
return _response(operation, operation.call(**params))
filters = self.filters.copy()
filters.extend(_security_filters(operation.security))
response = _Chain(filters, handle).next(request)
except exc.HTTPException as he:
response = _ErrorResponse(he.code, he.detail)
except ResourceError as re:
response = _ErrorResponse(re.code, re.detail)
except SchemaError as se:
response = _ErrorResponse(exc.HTTPBadRequest.code, str(se))
except Exception as e:
logging.exception(str(e))
response = _ErrorResponse(exc.HTTPInternalServerError.code, str(e))
return response(environ, start_response)
def process(self, line, inp=sys.stdin, out=sys.stdout):
"""
Process a single command line.
:param line: Command line string to process.
:returns: True if command line was processed successfully.
"""
args = shlex.split(line)
if not args:
return True
with context.push(context_type="cli", cli_command=line):
name = args.pop(0)
if name in self.resources:
try:
return self._process_resource(name, args, inp, out)
except Exception as e:
self._print("ERROR: {}".format(e))
if self.debug:
traceback.print_exc()
return False
elif name in self.commands:
return self.commands[name][0](args)
else:
self._print("Invalid command or resource: {}.".format(name))
return False
def wrapper(wrapped, instance, args, kwargs):
tags = {"resource": wrapped.__self__.name, "operation": _name}
with context.push({**tags, "context": "operation"}):
monitor.record({
**tags, "name": "operation_calls_total"
}, _now(), "absolute", 1)
with timer({**tags, "name": "operation_duration_seconds"}):
authorize(security)
return wrapped(*args, **kwargs)
def filter(self, request, chain):
"""
Filters the incoming HTTP request. If the request contains credentials in the
HTTP Basic authentication scheme, they are passed to the authenticate method.
If authentication is successful, a context is added to the context stack.
"""
auth = None
if request.authorization and request.authorization[0].lower() == "basic":
try:
user_id, password = b64decode(request.authorization[1]).decode().split(":", 1)
except (binascii.Error, UnicodeDecodeError):
pass
auth = self.authenticate(user_id, password)
if auth:
with context.push({**auth, **self.context}):
return chain.next(request)
return chain.next(request)
def wrapper(wrapped, instance, args, kwargs):
operation = wrapped.__self__.operations[wrapped.__name__]
tags = {
"operation": operation.name,
"resource": operation.resource.name
}
with context.push({"context": "roax.operation", **tags}):
with roax.monitor.timer({
"name": "operation_duration_seconds",
**tags
}):
with roax.monitor.counter({
"name": "operation_calls_total",
**tags
}):
authorize(operation.security)
return wrapped(*args, **kwargs)
def test_resource_security_success():
r2 = R2()
with context.push(req1=True):
assert r2.foo() == "foo_success"
def test_security_req_success():
r1 = R1()
with context.push(req1=True):
assert r1.foo() == "foo_success"
def wrapper(wrapped, instance, args, kwargs):
with context.push(context_type="operation",
operation_resource=wrapped.__self__.name,
operation_name=_name):
authorize(security)
return wrapped(*args, **kwargs)
def test_security_req_success(self):
r1 = R1()
with context.push(req1=True):
self.assertEqual(r1.foo(), "foo_success")
