def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# List of services in this Env/Project
self.services = {}
# Save pointer to EnvManager
self.manager = srv_or_die("envmanager")
# Save pointer to ApiManager
self.api_manager = srv_or_die("apimanager")
def start(self):
"""Start api manager."""
super().start()
self.accounts_manager = srv_or_die("accountsmanager")
self.projects_manager = srv_or_die("projectsmanager")
self.http_server.listen(self.port)
self.log.info("Listening on port %u", self.port)
self.http_server.start()
def start(self):
"""Start projects manager."""
super().start()
self.accounts_manager = srv_or_die("accountsmanager")
for project in Project.objects.all():
self.projects[project.project_id] = project
self.projects[project.project_id].start_services()
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# Save pointer to ProjectManager
self.manager = srv_or_die("projectsmanager")
def prepare(self):
"""Prepare to handler reply."""
self.set_header('Content-Type', 'application/json')
return # temporary solution
# get requests do not require authentication
if self.request.method == "GET":
return
accounts_manager = srv_or_die("accountsmanager")
projects_manager = srv_or_die("projectsmanager")
auth_header = self.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
self.set_header('WWW-Authenticate', 'Basic realm=Restricted')
self.send_error(401, message="Missing authorization header")
return
auth_bytes = bytes(auth_header[6:], 'utf-8')
auth_decoded = base64.b64decode(auth_bytes).decode()
username, password = auth_decoded.split(':', 2)
# account does not exists
if not accounts_manager.check_permission(username, password):
self.send_error(401,
message="Invalid username/password combination")
return
account = accounts_manager.accounts[username]
# root can do everything
if account.username == "root":
return
# check if logged user is accessing his/her own account
if self.request.uri.startswith("/api/v1/accounts"):
pattern = re.compile("/api/v1/accounts/([a-zA-Z0-9:-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
username = match.group(1)
if username == account.username:
return
# check if logged user is accessing one of his/her projects
if self.request.uri.startswith("/api/v1/projects"):
pattern = re.compile("/api/v1/projects/([a-zA-Z0-9-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
project_id = UUID(match.group(1))
if project_id in projects_manager.projects:
project = projects_manager.projects[project_id]
if account.username == project.owner:
return
self.send_error(401, message="URI not authorized")