def stop(request, session_id):
"""
Inform the proxy to stop a session based on session_id.
"""
if request.method != "POST":
return HttpResponse(status=405)
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(
json.dumps({
"operation": "stop_session",
"param": session_id,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
try:
response = json.loads(response)
except ValueError:
return HttpResponse(status=500)
if ('code' in response) and (response['code'] == 200):
return JsonResponse({"proxyResponse": response}, status=200)
else:
return HttpResponse(status=500)
else:
time.sleep(.1) # sleep 100ms
return HttpResponse(status=408, content='The proxy did not respond')
def stop(request, session_id):
"""
Inform the proxy to stop a session based on session_id.
"""
if request.method != "POST":
return HttpResponse(status=405)
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(json.dumps({
"operation": "stop_session",
"param": session_id,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
try:
response = json.loads(response)
except ValueError:
return HttpResponse(status=500)
if ('code' in response) and (response['code'] == 200):
return JsonResponse({"proxyResponse": response}, status=200)
else:
return HttpResponse(status=500)
else:
time.sleep(.1) # sleep 100ms
return HttpResponse(status=408, content='The proxy did not respond')
def stop(request):
"""
Stop the proxy.
"""
if request.method != "GET":
return HttpResponse(status=405)
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(json.dumps({
"operation": "stop",
"param": None,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
try:
response = json.loads(response)
except ValueError:
return HttpResponse(status=500)
if ('code' in response) and (response['code'] == 200):
return JsonResponse({"proxyResponse": response}, status=200)
else:
return HttpResponse(status=500)
else:
time.sleep(.1) # sleep 100ms
return HttpResponse(status=408)
def stop(request):
"""
Stop the proxy.
"""
if request.method != "GET":
return HttpResponse(status=405)
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(
json.dumps({
"operation": "stop",
"param": None,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
try:
response = json.loads(response)
except ValueError:
return HttpResponse(status=500)
if ('code' in response) and (response['code'] == 200):
return JsonResponse({"proxyResponse": response}, status=200)
else:
return HttpResponse(status=500)
else:
time.sleep(.1) # sleep 100ms
return HttpResponse(status=408)
def valid_token(self):
"""
Validate token in self.token_string against redis backend.
"""
from api.models import redis_wrapper
from django.conf import settings
r = redis_wrapper.init_redis()
username = r.get(self.token_string)
if username is None:
return False
else:
self.username = username
r.expire(self.token_string, settings.TOKEN_TTL) # renew the token expiration
return True
def valid_token(self):
"""
Validate token in self.token_string against redis backend.
"""
from api.models import redis_wrapper
from django.conf import settings
r = redis_wrapper.init_redis()
username = r.get(self.token_string)
if username is None:
return False
else:
self.username = username
r.expire(self.token_string,
settings.TOKEN_TTL) # renew the token expiration
return True
def login(request):
"""
Authenticates given 'username' and 'password_hash' against user in database.
"""
if request.method != 'POST':
r = HttpResponse('Invalid method. Only POST method accepted.',
status=405)
r['Allow'] = 'POST'
return r
try:
in_json = json.loads(request.body)
assert "username" in in_json
assert "password" in in_json
except AssertionError:
return HttpResponseBadRequest("argument mismatch")
except ValueError as e:
return HttpResponseBadRequest("invalid JSON")
dbc = db_model.connect()
user = dbc.hbuser.find_one({"username": in_json['username']})
if user is None:
# not returning "user not found" to avoid attackers to guess valid users
return HttpResponse(status=401)
else:
m = hashlib.sha512()
m.update(in_json['password'])
password_hash = m.hexdigest()
if user['password'] == password_hash:
m = hashlib.sha512()
m.update(os.urandom(64))
token_string = m.hexdigest()
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
r.set(token_string, user['username'],
settings.TOKEN_TTL) # Store tokens to expire in 1 hour
r = HttpResponse()
r['X-Auth-Token'] = token_string
logger.info("login success for user '%s'" % in_json['username'])
return r
else:
logger.info("login failed for user '%s'" % in_json['username'])
return HttpResponse(status=401)
def stop(request, recording_id):
"""
Stop a recording, and wait N seconds for the proxy to acknowledge."
"""
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(
json.dumps({"operation": "stop_recording", "param": recording_id, "key": response_key})
)
logger.info("recording '%s' stopped by '%s'" % (recording_id, request.user["username"]))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
return JsonResponse({"proxyResponse": response})
else:
time.sleep(0.1) # sleep 100ms
return JsonResponse({"proxyResponse": None}, status=503)
def login(request):
"""
Authenticates given 'username' and 'password_hash' against user in database.
"""
if request.method != 'POST':
r = HttpResponse('Invalid method. Only POST method accepted.', status=405)
r['Allow'] = 'POST'
return r
try:
in_json = json.loads(request.body)
assert "username" in in_json
assert "password" in in_json
except AssertionError:
return HttpResponseBadRequest("argument mismatch")
except ValueError as e:
return HttpResponseBadRequest("invalid JSON")
dbc = db_model.connect()
user = dbc.hbuser.find_one({"username": in_json['username']})
if user is None:
# not returning "user not found" to avoid attackers to guess valid users
return HttpResponse(status=401)
else:
m = hashlib.sha512()
m.update(in_json['password'])
password_hash = m.hexdigest()
if user['password'] == password_hash:
m = hashlib.sha512()
m.update(os.urandom(64))
token_string = m.hexdigest()
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
r.set(token_string, user['username'], settings.TOKEN_TTL) # Store tokens to expire in 1 hour
r = HttpResponse()
r['X-Auth-Token'] = token_string
logger.info("login success for user '%s'" % in_json['username'])
return r
else:
logger.info("login failed for user '%s'" % in_json['username'])
return HttpResponse(status=401)
def start(request, session_id):
"""
Inform the proxy to start a session based on session_id.
"""
if request.method != "POST":
return HttpResponse(status=405)
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
dbc = db_model.connect()
try:
session = dbc.session.find_one({"_id": ObjectId(session_id)})
except InvalidId:
return HttpResponseNotFound()
if session is None:
return HttpResponseNotFound()
session['executions'] += 1
dbc.session.save(session)
redis_wrapper.publish_to_proxy(
json.dumps({
"operation": "start_session",
"param": session_id,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
try:
response = json.loads(response)
except ValueError:
return HttpResponse(status=500)
if ('code' in response) and (response['code'] == 200):
return JsonResponse({"proxyResponse": response}, status=200)
else:
return HttpResponse(status=500)
else:
time.sleep(.1) # sleep 100ms
return HttpResponse(status=408, content='The proxy did not respond')
def stop(request, recording_id):
"""
Stop a recording, and wait N seconds for the proxy to acknowledge."
"""
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(
json.dumps({
"operation": "stop_recording",
"param": recording_id,
"key": response_key,
}))
logger.info("recording '%s' stopped by '%s'" %
(recording_id, request.user['username']))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
return JsonResponse({"proxyResponse": response})
else:
time.sleep(.1) # sleep 100ms
return JsonResponse({"proxyResponse": None}, status=503)
def start(request, session_id):
"""
Inform the proxy to start a session based on session_id.
"""
if request.method != "POST":
return HttpResponse(status=405)
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
dbc = db_model.connect()
try:
session = dbc.session.find_one({"_id": ObjectId(session_id)})
except InvalidId:
return HttpResponseNotFound()
if session is None:
return HttpResponseNotFound()
session['executions'] += 1
dbc.session.save(session)
redis_wrapper.publish_to_proxy(json.dumps({
"operation": "start_session",
"param": session_id,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
try:
response = json.loads(response)
except ValueError:
return HttpResponse(status=500)
if ('code' in response) and (response['code'] == 200):
return JsonResponse({"proxyResponse": response}, status=200)
else:
return HttpResponse(status=500)
else:
time.sleep(.1) # sleep 100ms
return HttpResponse(status=408, content='The proxy did not respond')
def status(request):
"""
Return status of proxy.
"""
if request.method != "GET":
return HttpResponse(status=405)
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(json.dumps({
"operation": "status",
"param": None,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
return JsonResponse({"proxyStatus": response})
else:
time.sleep(.1) # sleep 100ms
return JsonResponse({"proxyStatus": None}, status=503)
def status(request):
"""
Return status of proxy.
"""
if request.method != "GET":
return HttpResponse(status=405)
from api.models import redis_wrapper
r = redis_wrapper.init_redis()
response_key = str(ObjectId())
redis_wrapper.publish_to_proxy(
json.dumps({
"operation": "status",
"param": None,
"key": response_key,
}))
for i in range(0, 50):
response = r.get(response_key)
if response is not None:
return JsonResponse({"proxyStatus": response})
else:
time.sleep(.1) # sleep 100ms
return JsonResponse({"proxyStatus": None}, status=503)
def get(request):
"""
Retrieve traffic from redis backend.
"""
r = redis_wrapper.init_redis()
key = 'token:%s' % (request.token_string,)
last_score = r.hget(key, 'last_score')
if last_score:
last_score = int(last_score)
else:
# get the last score from Redis
traffic = r.zrevrange('heliosburn.traffic', 0, 0, withscores=True)
last_score = int(traffic[0][1])+1 if len(traffic) > 0 else 0
traffic = r.zrangebyscore('heliosburn.traffic', last_score, '+inf', withscores=True)
requests = []
for message in traffic:
request = json.loads(message[0])
requests.append(request)
score = int(message[1])
# update the last_time to obtain new traffic the next time
if score > last_score:
last_score = score + 1 # increment by 1 to avoid getting the last request again
# update last score of the user
r.hset(key, 'last_score', last_score)
r = {
"count": len(requests),
"requests": requests
}
return JsonResponse(r)
