def annotation(self, req): email, path = self.split_path(req, 'annotation') filename = self.make_filename('annotation', email, path) if not os.path.exists(filename): data = {'annotations': []} else: with open(filename, 'rb') as fp: data = json.loads(fp.read()) if req.method == 'GET': return Response(json=data) elif req.method == 'POST': req_data = req.json if req_data.get('annotations'): data['annotations'].extend(req_data['annotations']) if req_data.get('deletes'): for delete in req_data['deletes']: for ann in list(data['annotations']): if ann['id'] == delete['id']: data['annotations'].remove(ann) if not os.path.exists(os.path.dirname(filename)): os.makedirs(os.path.dirname(filename)) with open(filename, 'wb') as fp: fp.write(json.dumps(data)) return Response(json=data) else: return exc.HTTPMethodNotAllowed(allow='GET,POST')
def save(self, req): if not req.email: return Response(status=403, content_type='text/plain', body='Not logged in') email, path = self.split_path(req, 'save') if email != req.email: return Response(status=403, content_type='text/plain', body='Email not correct (%r, not %r)' % (req.email, email)) if req.method != 'PUT': return exc.HTTPMethodNotAllowed(allow='PUT') data = req.json filename = self.make_filename('page', email, path) write_file(filename, json.dumps(data)) location = req.application_url + '/page/' + urllib.quote( email) + '/' + urllib.quote(path, '') return Response(json={'location': location})
def save(self, req): if not req.email: return Response( status=403, content_type='text/plain', body='Not logged in') email, path = self.split_path(req, 'save') if email != req.email: return Response( status=403, content_type='text/plain', body='Email not correct (%r, not %r)' % (req.email, email)) if req.method != 'PUT': return exc.HTTPMethodNotAllowed(allow='PUT') data = req.json filename = self.make_filename('page', email, path) write_file(filename, json.dumps(data)) location = req.application_url + '/page/' + urllib.quote(email) + '/' + urllib.quote(path, '') return Response( json={'location': location})
class DispatcherApp(object): def __init__(self, secret_filename='/tmp/seeit-services/secret.txt', config_file='mapper.ini', **vars): self._secret_filename = secret_filename self.static_app = ServeStatic(__name__, 'static-auth', '/static-auth') self.config_file = os.path.join( os.path.dirname(os.path.abspath(__file__)), config_file) self.mapper = Mapper(vars=vars) self.mapper.add_configs(self.config_file) @wsgify def __call__(self, req): ## Another hack for Petri (https://bugzilla.mozilla.org/show_bug.cgi?id=807796) file_wrapper = None if 'wsgi.file_wrapper' in req.environ: file_wrapper = req.environ.pop('wsgi.file_wrapper') if not file_wrapper: return self.respond else: resp = req.send(self.respond) req.environ['wsgi.file_wrapper'] = file_wrapper return resp @wsgify def respond(self, req): ## Hack for Petri if req.headers.get('X-SSL', '').lower() == 'on': req.scheme = 'https' self.set_auth(req) req.root = (req.application_url, self) if req.path_info == '/auth': return self.auth(req) if req.path_info == '/setup': return self.setup(req) if self.static_app.matches(req): return self.static_app return self.mapper ############################################################ ## Auth stuff def set_auth(self, req): req.add_sub('auth', '</body>', ('<script src="https://browserid.org/include.js"></script>' '<script src="%s/static-auth/auth.js"></script>' '<script>Auth.authUrl=%r</script>') % (req.application_url, req.application_url + '/auth'), replace=False) auth = req.GET.get('auth') if not auth: return if '.' in auth: sig, auth = auth.split('.', 1) if self.signature(auth) == sig: req.auth = json.loads(auth) @property def secret(self): secret = read_file(self._secret_filename) if not secret: secret = make_random(10) write_file(self._secret_filename, secret) return secret def signature(self, text): return sign(self.secret, text) @wsgify def auth(self, req): try: assertion = req.params['assertion'] audience = req.params['audience'] except KeyError, e: return exc.HTTPBadRequest('Missing key: %s' % e) r = urllib.urlopen( "https://browserid.org/verify", urllib.urlencode(dict(assertion=assertion, audience=audience))) r = json.loads(r.read()) if r['status'] == 'okay': r['audience'] = audience static = json.dumps(r) static = self.signature(static) + '.' + static r['auth'] = {'query': {'auth': static}} return Response(json=r)