Esempio n. 1
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]
            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")
            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                    "Malformed HTTP version in HTTP Request-Line")
            headers = httputil.HTTPHeaders.parse(data[eol:])
            self._request = HTTPRequest(
                connection=self,
                method=method,
                uri=uri,
                version=version,
                headers=headers,
                remote_ip=self.transport.getPeer().host)

            content_length = int(headers.get("Content-Length", 0))
            if content_length:
                if headers.get("Expect") == "100-continue":
                    self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")
                self.content_length = content_length
                self.setRawMode()
                return

            self.request_callback(self._request)
        except _BadRequestException, e:
            log.msg("Malformed HTTP request from %s: %s",
                    self.transport.getPeer().host, e)
            self.transport.loseConnection()
Esempio n. 2
0
    def __init__(self,
                 template_string,
                 name="<string>",
                 loader=None,
                 compress_whitespace=None,
                 autoescape=_UNSET):
        self.name = name
        if compress_whitespace is None:
            compress_whitespace = name.endswith(".html") or \
                name.endswith(".js")
        if autoescape is not _UNSET:
            self.autoescape = autoescape
        elif loader:
            self.autoescape = loader.autoescape
        else:
            self.autoescape = _DEFAULT_AUTOESCAPE
        self.namespace = loader.namespace if loader else {}
        reader = _TemplateReader(name, escape.native_str(template_string))
        try:
            self.file = _File(self, _parse(reader, self))
            self.code = self._generate_python(loader, compress_whitespace)
        except ParseError as e:
            raise TemplateError("Error parsing template %s, line %d: %s" %
                                (name, reader.line, str(e)))

        self.loader = loader
        try:
            # Under python2.5, the fake filename used here must match
            # the module name used in __name__ below.
            self.compiled = compile(
                escape.to_unicode(self.code),
                "%s.generated.py" % self.name.replace('.', '_'), "exec")
        except Exception:
            raise TemplateError("Error compiling template " + name + ":\n" +
                                _format_code(self.code).rstrip())
Esempio n. 3
0
File: auth.py Progetto: powo/cyclone
 def _oauth_get_user(self, access_token, callback):
     callback = self.async_callback(self._parse_user_response, callback)
     self.twitter_request(
         "/users/show/" + escape.native_str(access_token["screen_name"]),
         access_token=access_token,
         callback=callback,
     )
Esempio n. 4
0
 def __init__(self, template_string, name="<string>", loader=None,
              compress_whitespace=None, autoescape=_UNSET):
     self.name = name
     if compress_whitespace is None:
         compress_whitespace = name.endswith(".html") or \
             name.endswith(".js")
     if autoescape is not _UNSET:
         self.autoescape = autoescape
     elif loader:
         self.autoescape = loader.autoescape
     else:
         self.autoescape = _DEFAULT_AUTOESCAPE
     self.namespace = loader.namespace if loader else {}
     reader = _TemplateReader(name, escape.native_str(template_string))
     self.file = _File(self, _parse(reader, self))
     self.code = self._generate_python(loader, compress_whitespace)
     self.loader = loader
     try:
         # Under python2.5, the fake filename used here must match
         # the module name used in __name__ below.
         self.compiled = compile(
             escape.to_unicode(self.code),
             "%s.generated.py" % self.name.replace('.', '_'),
             "exec")
     except Exception:
         log.err("%s code:" % self.name)
         for line in _format_code(self.code).rstrip().split("\n"):
             log.err(line)
         raise
Esempio n. 5
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]
            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")
            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                        "Malformed HTTP version in HTTP Request-Line")
            headers = httputil.HTTPHeaders.parse(data[eol:])
            self._request = HTTPRequest(
                connection=self, method=method, uri=uri, version=version,
                headers=headers, remote_ip=self._remote_ip)

            content_length = int(headers.get("Content-Length", 0))
            if content_length:
                if headers.get("Expect") == "100-continue":
                    self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")

                if content_length < 100000:
                    self._contentbuffer = StringIO()
                else:
                    self._contentbuffer = TemporaryFile()

                self.content_length = content_length
                self.setRawMode()
                return

            self.request_callback(self._request)
        except _BadRequestException, e:
            log.msg("Malformed HTTP request from %s: %s", self._remote_ip, e)
            self.transport.loseConnection()
Esempio n. 6
0
 def __init__(self,
              template_string,
              name="<string>",
              loader=None,
              compress_whitespace=None,
              autoescape=_UNSET):
     self.name = name
     if compress_whitespace is None:
         compress_whitespace = name.endswith(".html") or \
             name.endswith(".js")
     if autoescape is not _UNSET:
         self.autoescape = autoescape
     elif loader:
         self.autoescape = loader.autoescape
     else:
         self.autoescape = _DEFAULT_AUTOESCAPE
     self.namespace = loader.namespace if loader else {}
     reader = _TemplateReader(name, escape.native_str(template_string))
     self.file = _File(self, _parse(reader, self))
     self.code = self._generate_python(loader, compress_whitespace)
     self.loader = loader
     try:
         # Under python2.5, the fake filename used here must match
         # the module name used in __name__ below.
         self.compiled = compile(
             escape.to_unicode(self.code),
             "%s.generated.py" % self.name.replace('.', '_'), "exec")
     except Exception:
         formatted_code = _format_code(self.code).rstrip()
         log.msg("%s code:" % self.name)
         for line in formatted_code.split("\n"):
             log.msg(line)
         raise
Esempio n. 7
0
 def _on_request_body(self, data):
     try:
         self._request.body = data
         content_type = self._request.headers.get("Content-Type", "")
         if self._request.method in ("POST", "PATCH", "PUT"):
             if content_type.startswith(
                     "application/x-www-form-urlencoded"
             ) and self.content_length < GLSetting.www_form_urlencoded_maximum_size:
                 arguments = parse_qs_bytes(native_str(self._request.body))
                 for name, values in arguments.iteritems():
                     values = [v for v in values if v]
                     if values:
                         self._request.arguments.setdefault(
                             name, []).extend(values)
             elif content_type.startswith(
                     "application/x-www-form-urlencoded"):
                 raise errors.InvalidInputFormat(
                     "content type application/x-www-form-urlencoded not supported"
                 )
             elif content_type.startswith("multipart/form-data"):
                 raise errors.InvalidInputFormat(
                     "content type multipart/form-data not supported")
         self.request_callback(self._request)
     except Exception as exception:
         log.msg("Malformed HTTP request from %s: %s" %
                 (self._remote_ip, exception))
         log.exception(exception)
         if self._request:
             self._request.finish()
         if self.transport:
             self.transport.loseConnection()
Esempio n. 8
0
 def cookies(self):
     """A dictionary of Cookie.Morsel objects."""
     if not hasattr(self, "_cookies"):
         self._cookies = Cookie.SimpleCookie()
         if "Cookie" in self.headers:
             try:
                 self._cookies.load(native_str(self.headers["Cookie"]))
             except Exception:
                 self._cookies = {}
     return self._cookies
Esempio n. 9
0
 def cookies(self):
     """A dictionary of Cookie.Morsel objects."""
     if not hasattr(self, "_cookies"):
         self._cookies = Cookie.SimpleCookie()
         if "Cookie" in self.headers:
             try:
                 self._cookies.load(
                     native_str(self.headers["Cookie"]))
             except Exception:
                 self._cookies = {}
     return self._cookies
Esempio n. 10
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]

            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")

            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                    "Malformed HTTP version in HTTP Request-Line")

            try:
                headers = httputil.HTTPHeaders.parse(data[eol:])
                content_length = int(headers.get("Content-Length", 0))
            except ValueError:
                raise _BadRequestException("Malformed Content-Length header")

            self._request = HTTPRequest(connection=self,
                                        method=method,
                                        uri=uri,
                                        version=version,
                                        headers=headers,
                                        remote_ip=self._remote_ip)

            if content_length:
                megabytes = int(content_length) / (1024 * 1024)
                if megabytes > GLSettings.memory_copy.maximum_filesize:
                    raise _BadRequestException(
                        "Request exceeded size limit %d" %
                        GLSettings.memory_copy.maximum_filesize)

                if headers.get("Expect") == "100-continue":
                    self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")

                if content_length < 100000:
                    self._contentbuffer = StringIO()
                else:
                    self._contentbuffer = GLSecureTemporaryFile(
                        GLSettings.tmp_upload_path)

                self.content_length = content_length
                self.setRawMode()
                return

            self.request_callback(self._request)
        except _BadRequestException as e:
            log.msg("Exception while handling HTTP request from %s: %s" %
                    (self._remote_ip, e))
            self.transport.loseConnection()
Esempio n. 11
0
    def _on_get_user_info(self, callback, session, fields, response):
        if response is None:
            callback(None)
            return
        fieldmap = {}
        args = escape.parse_qs_bytes(escape.native_str(response.body))
        for field in fields:
            fieldmap[field] = args.get(field, None)

        fieldmap.update({"access_token": session["access_token"],
                         "token_type": session.get("token_type")})
        callback(fieldmap)
Esempio n. 12
0
    def _on_get_user_info(self, callback, session, fields, response):
        if response is None:
            callback(None)
            return
        fieldmap = {}
        args = escape.parse_qs_bytes(escape.native_str(response.body))
        for field in fields:
            fieldmap[field] = args.get(field, None)

        fieldmap.update({
            "access_token": session["access_token"],
            "token_type": session.get("token_type")
        })
        callback(fieldmap)
Esempio n. 13
0
    def __init__(self,
                 method,
                 uri,
                 version="HTTP/1.0",
                 headers=None,
                 body=None,
                 remote_ip=None,
                 protocol=None,
                 host=None,
                 files=None,
                 connection=None):
        self.method = method
        self.uri = uri
        self.version = version
        self.headers = headers or httputil.HTTPHeaders()
        self.body = body or ""
        if connection and connection.xheaders:
            # Squid uses X-Forwarded-For, others use X-Real-Ip
            self.remote_ip = self.headers.get(
                "X-Real-Ip", self.headers.get("X-Forwarded-For", remote_ip))
            if not self._valid_ip(self.remote_ip):
                self.remote_ip = remote_ip
            # AWS uses X-Forwarded-Proto
            self.protocol = self.headers.get(
                "X-Scheme", self.headers.get("X-Forwarded-Proto", protocol))
            if self.protocol not in ("http", "https"):
                self.protocol = "http"
        else:
            self.remote_ip = remote_ip
            if connection and interfaces.ISSLTransport.providedBy(
                    connection.transport):
                self.protocol = "https"
            else:
                self.protocol = "http"
        self.host = host or self.headers.get("Host") or "127.0.0.1"
        self.files = files or {}
        self.connection = connection
        self._start_time = time.time()
        self._finish_time = None

        scheme, netloc, path, query, fragment = \
            urlparse.urlsplit(native_str(uri))
        self.path = path
        self.query = query
        arguments = parse_qs_bytes(query)
        self.arguments = {}
        for name, values in arguments.iteritems():
            values = [v for v in values if v]
            if values:
                self.arguments[name] = values
Esempio n. 14
0
File: auth.py Progetto: powo/cyclone
    def _on_access_token(self, redirect_uri, client_id, client_secret, callback, fields, response):
        if response.error:
            log.warning("Facebook auth error: %s" % str(response))
            callback(None)
            return

        args = escape.parse_qs_bytes(escape.native_str(response.body))
        session = {"access_token": args["access_token"][-1], "expires": args.get("expires")}

        self.facebook_request(
            path="/me",
            callback=self.async_callback(self._on_get_user_info, callback, session, fields),
            access_token=session["access_token"],
            fields=",".join(fields),
        )
Esempio n. 15
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]

            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")

            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                    "Malformed HTTP version in HTTP Request-Line")

            try:
                headers = httputil.HTTPHeaders.parse(data[eol:])
                content_length = int(headers.get("Content-Length", 0))
            except ValueError:
                raise _BadRequestException(
                    "Malformed Content-Length header")

            self._request = HTTPRequest(
                connection=self, method=method, uri=uri, version=version,
                headers=headers, remote_ip=self._remote_ip)

            if content_length:
                megabytes = int(content_length) / (1024 * 1024)
                if megabytes > GLSettings.memory_copy.maximum_filesize:
                    raise _BadRequestException("Request exceeded size limit %d" %
                                               GLSettings.memory_copy.maximum_filesize)

                if headers.get("Expect") == "100-continue":
                    self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")

                if content_length < 100000:
                    self._contentbuffer = StringIO()
                else:
                    self._contentbuffer = GLSecureTemporaryFile(GLSettings.tmp_upload_path)

                self.content_length = content_length
                self.setRawMode()
                return

            self.request_callback(self._request)
        except _BadRequestException as e:
            log.msg("Exception while handling HTTP request from %s: %s" % (self._remote_ip, e))
            self.transport.loseConnection()
Esempio n. 16
0
    def parse_line(self, line):
        """Updates the dictionary with a single header line.

        >>> h = HTTPHeaders()
        >>> h.parse_line("Content-Type: text/html")
        >>> h.get('content-type')
        'text/html'
        """
        temp = native_str(line)
        if temp[0].isspace():
            # continuation of a multi-line header
            new_part = ' ' + temp.lstrip()
            self._as_list[self._last_key][-1] += new_part
            dict.__setitem__(self, self._last_key,
                             self[self._last_key] + new_part)
        else:
            name, value = temp.split(":", 1)
            self.add(name, value.strip())
Esempio n. 17
0
    def _on_access_token(self, redirect_uri, client_id, client_secret,
                         callback, fields, response):
        if response.error:
            log.warning('Facebook auth error: %s' % str(response))
            callback(None)
            return

        args = escape.parse_qs_bytes(escape.native_str(response.body))
        session = {
            "access_token": args["access_token"][-1],
            "expires": args.get("expires")
        }

        self.facebook_request(path="/me",
                              callback=self.async_callback(
                                  self._on_get_user_info, callback, session,
                                  fields),
                              access_token=session["access_token"],
                              fields=",".join(fields))
Esempio n. 18
0
    def __init__(self, method, uri, version="HTTP/1.0", headers=None,
                 body=None, remote_ip=None, protocol=None, host=None,
                 files=None, connection=None):
        self.method = method
        self.uri = uri
        self.version = version
        self.headers = headers or httputil.HTTPHeaders()
        self.body = body or ""
        if connection and connection.xheaders:
            # Squid uses X-Forwarded-For, others use X-Real-Ip
            self.remote_ip = self.headers.get(
                "X-Real-Ip", self.headers.get("X-Forwarded-For", remote_ip))
            if not self._valid_ip(self.remote_ip):
                self.remote_ip = remote_ip
            # AWS uses X-Forwarded-Proto
            self.protocol = self.headers.get("X-Scheme",
                            self.headers.get("X-Forwarded-Proto", protocol))
            if self.protocol not in ("http", "https"):
                self.protocol = "http"
        else:
            self.remote_ip = remote_ip
            if connection and interfaces.ISSLTransport.providedBy(
                                                        connection.transport):
                self.protocol = "https"
            else:
                self.protocol = "http"
        self.host = host or self.headers.get("Host") or "127.0.0.1"
        self.files = files or {}
        self.connection = connection
        self._start_time = time.time()
        self._finish_time = None

        scheme, netloc, path, query, fragment = \
            urlparse.urlsplit(native_str(uri))
        self.path = path
        self.query = query
        arguments = parse_qs_bytes(query)
        self.arguments = {}
        for name, values in arguments.iteritems():
            values = [v for v in values if v]
            if values:
                self.arguments[name] = values
Esempio n. 19
0
 def __init__(self, template_string, name="<string>", loader=None,
              compress_whitespace=None, autoescape=_UNSET):
     self.name = name
     if compress_whitespace is None:
         compress_whitespace = name.endswith(".html") or \
             name.endswith(".js")
     if autoescape is not _UNSET:
         self.autoescape = autoescape
     elif loader:
         self.autoescape = loader.autoescape
     else:
         self.autoescape = _DEFAULT_AUTOESCAPE
     self.namespace = loader.namespace if loader else {}
     reader = _TemplateReader(name, escape.native_str(template_string))
     try:
         self.file = _File(self, _parse(reader, self))
         self.code = self._generate_python(loader, compress_whitespace)
     except ParseError, e:
         raise TemplateError("Error parsing template %s, line %d: %s" %
                                             (name, reader.line, str(e)))
Esempio n. 20
0
    def _on_access_token(self, redirect_uri, client_id, client_secret,
                         callback, fields, response):

        if response.error:
            log.warning('GitHub auth error: %s' % str(response))
            callback(None)
            return

        args = escape.parse_qs_bytes(escape.native_str(response.body))
        session = {
            "access_token": args["access_token"][-1],
            "token_type": args["token_type"][-1],
        }

        self.github_request(
            path="/user",
            callback=self.async_callback(
                self._on_get_user_info, callback, session, fields),
            access_token=session["access_token"],
            fields=",".join(fields)
        )
Esempio n. 21
0
 def _on_request_body(self, data):
     self._request.body = data
     content_type = self._request.headers.get("Content-Type", "")
     if self._request.method in ("POST", "PATCH", "PUT"):
         if content_type.startswith("application/x-www-form-urlencoded"):
             arguments = parse_qs_bytes(native_str(self._request.body))
             for name, values in arguments.iteritems():
                 values = [v for v in values if v]
                 if values:
                     self._request.arguments.setdefault(name,
                                                        []).extend(values)
         elif content_type.startswith("multipart/form-data"):
             fields = content_type.split(";")
             for field in fields:
                 k, sep, v, = field.strip().partition("=")
                 if k == "boundary" and v:
                     httputil.parse_multipart_form_data(
                         utf8(v), data, self._request.arguments,
                         self._request.files)
                     break
             else:
                 log.msg("Invalid multipart/form-data")
     self.request_callback(self._request)
Esempio n. 22
0
def parse_body_arguments(content_type, body, arguments, files):
    """Parses a form request body.

    Supports "application/x-www-form-urlencoded" and "multipart/form-data".
    The content_type parameter should be a string and body should be
    a byte string.  The arguments and files parameters are dictionaries
    that will be updated with the parsed contents.
    """
    if content_type.startswith("application/x-www-form-urlencoded"):
        uri_arguments = parse_qs_bytes(native_str(body))
        for name, values in uri_arguments.items():
            values = [v for v in values if v]
            if values:
                arguments.setdefault(name, []).extend(values)
    elif content_type.startswith("multipart/form-data"):
        fields = content_type.split(";")
        for field in fields:
            k, sep, v = field.strip().partition("=")
            if k == "boundary" and v:
                parse_multipart_form_data(utf8(v), body, arguments, files)
                break
        else:
            log.msg("Invalid multipart/form-data")
Esempio n. 23
0
def parse_body_arguments(content_type, body, arguments, files):
    """Parses a form request body.

    Supports "application/x-www-form-urlencoded" and "multipart/form-data".
    The content_type parameter should be a string and body should be
    a byte string.  The arguments and files parameters are dictionaries
    that will be updated with the parsed contents.
    """
    if content_type.startswith("application/x-www-form-urlencoded"):
        uri_arguments = parse_qs_bytes(native_str(body))
        for name, values in uri_arguments.items():
            values = [v for v in values if v]
            if values:
                arguments.setdefault(name, []).extend(values)
    elif content_type.startswith("multipart/form-data"):
        fields = content_type.split(";")
        for field in fields:
            k, sep, v = field.strip().partition("=")
            if k == "boundary" and v:
                parse_multipart_form_data(utf8(v), body, arguments, files)
                break
        else:
            log.msg("Invalid multipart/form-data")
Esempio n. 24
0
 def _on_request_body(self, data):
     try:
         self._request.body = data
         content_type = self._request.headers.get("Content-Type", "")
         if self._request.method in ("POST", "PATCH", "PUT"):
             if content_type.startswith("application/x-www-form-urlencoded") and self.content_length < GLSetting.www_form_urlencoded_maximum_size:
                 arguments = parse_qs_bytes(native_str(self._request.body))
                 for name, values in arguments.iteritems():
                     values = [v for v in values if v]
                     if values:
                         self._request.arguments.setdefault(name,
                                                            []).extend(values)
             elif content_type.startswith("application/x-www-form-urlencoded"):
                 raise errors.InvalidInputFormat("content type application/x-www-form-urlencoded not supported")
             elif content_type.startswith("multipart/form-data"):
                 raise errors.InvalidInputFormat("content type multipart/form-data not supported")
         self.request_callback(self._request)
     except Exception as exception:
         log.msg("Malformed HTTP request from %s: %s" % (self._remote_ip, exception))
         log.exception(exception)
         if self._request:
             self._request.finish()
         if self.transport:
             self.transport.loseConnection()
Esempio n. 25
0
 def _on_request_body(self, data):
     self._request.body = data
     content_type = self._request.headers.get("Content-Type", "")
     if self._request.method in ("POST", "PATCH", "PUT"):
         if content_type.startswith("application/x-www-form-urlencoded"):
             arguments = parse_qs_bytes(native_str(self._request.body))
             for name, values in arguments.iteritems():
                 values = [v for v in values if v]
                 if values:
                     self._request.arguments.setdefault(name,
                                                        []).extend(values)
         elif content_type.startswith("multipart/form-data"):
             fields = content_type.split(";")
             for field in fields:
                 k, sep, v, = field.strip().partition("=")
                 if k == "boundary" and v:
                     httputil.parse_multipart_form_data(
                         utf8(v), data,
                         self._request.arguments,
                         self._request.files)
                     break
             else:
                 log.msg("Invalid multipart/form-data")
     self.request_callback(self._request)
Esempio n. 26
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]
            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")
            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                        "Malformed HTTP version in HTTP Request-Line")
            headers = httputil.HTTPHeaders.parse(data[eol:])
            peer = self.transport.getPeer()
            if isinstance(peer, address.UNIXAddress):
                remote_ip = "unix:%s" % self.transport.getHost().name
            else:
                remote_ip = self.transport.getPeer().host

            self._request = HTTPRequest(
                connection=self, method=method, uri=uri, version=version,
                headers=headers, remote_ip=remote_ip)

            content_length = int(headers.get("Content-Length", 0))
            if content_length:
                if headers.get("Expect") == "100-continue":
                    self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")
                self.content_length = content_length
                self.setRawMode()
                return

            self.request_callback(self._request)
        except _BadRequestException, e:
            log.msg("Malformed HTTP request from %s: %s",
                    self.transport.getPeer().host, e)
            self.transport.loseConnection()
Esempio n. 27
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]
            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")
            if not version.startswith("HTTP/"):
                raise _BadRequestException("Malformed HTTP version in HTTP Request-Line")
            headers = httputil.HTTPHeaders.parse(data[eol:])
            self._request = HTTPRequest(
                connection=self, method=method, uri=uri, version=version, headers=headers, remote_ip=self._remote_ip
            )

            content_length = int(headers.get("Content-Length", 0))
            self.content_length = content_length

            if content_length:
                if headers.get("Expect") == "100-continue":
                    self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")

                if content_length < 100000:
                    self._contentbuffer = StringIO("")
                else:
                    self._contentbuffer = TemporaryFile()

                c_d_header = self._request.headers.get("Content-Disposition")
                if c_d_header is not None:
                    c_d_header = c_d_header.lower()
                    m = content_disposition_re.match(c_d_header)
                    if m is None:
                        raise Exception
                    self.file_upload = True
                    self.uploaded_file["filename"] = m.group(1)
                    self.uploaded_file["content_type"] = self._request.headers.get(
                        "Content-Type", "application/octet-stream"
                    )
                    self.uploaded_file["body"] = self._contentbuffer
                    self.uploaded_file["body_len"] = int(content_length)

                megabytes = int(content_length) / (1024 * 1024)

                if self.file_upload:
                    limit_type = "upload"
                    limit = GLSetting.memory_copy.maximum_filesize
                else:
                    limit_type = "json"
                    limit = 1000000  # 1MB fixme: add GLSetting.memory_copy.maximum_jsonsize
                    # is 1MB probably too high. probably this variable must be
                    # in kB

                # less than 1 megabytes is always accepted
                if megabytes > limit:

                    log.err("Tried %s request larger than expected (%dMb > %dMb)" % (limit_type, megabytes, limit))

                    # In HTTP Protocol errors need to be managed differently than handlers
                    raise errors.HTTPRawLimitReach

                self.setRawMode()
                return

            self.request_callback(self._request)
        except Exception as exception:
            log.msg("Malformed HTTP request from %s: %s" % (self._remote_ip, exception))
            log.exception(exception)
            if self._request:
                self._request.finish()
            if self.transport:
                self.transport.loseConnection()
Esempio n. 28
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]
            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")
            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                    "Malformed HTTP version in HTTP Request-Line")
            headers = httputil.HTTPHeaders.parse(data[eol:])
            self._request = HTTPRequest(
                connection=self, method=method, uri=uri, version=version,
                headers=headers, remote_ip=self._remote_ip)

            try:
                self.content_length = int(headers.get("Content-Length", 0))
            except ValueError:
                raise _BadRequestException("Malformed Content-Length header")

            # we always use secure temporary files in case of large json or file uploads
            if self.content_length < 100000 and self._request.headers.get("Content-Disposition") is None:
                self._contentbuffer = StringIO('')
            else:
                self._contentbuffer = GLSecureTemporaryFile(GLSetting.tmp_upload_path)

            if headers.get("Expect") == "100-continue":
                self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")

            c_d_header = self._request.headers.get("Content-Disposition")
            if c_d_header is not None:
                key, pdict = parse_header(c_d_header)
                if key != 'attachment' or 'filename' not in pdict:
                    raise _BadRequestException("Malformed Content-Disposition header")

                self.file_upload = True
                self.uploaded_file['filename'] = pdict['filename']
                self.uploaded_file['content_type'] = self._request.headers.get("Content-Type",
                                                                               'application/octet-stream')

                self.uploaded_file['body'] = self._contentbuffer
                self.uploaded_file['body_len'] = int(self.content_length)
                self.uploaded_file['body_filepath'] = self._contentbuffer.filepath

            megabytes = int(self.content_length) / (1024 * 1024)

            if self.file_upload:
                limit_type = "upload"
                limit = GLSetting.memory_copy.maximum_filesize
            else:
                limit_type = "json"
                limit = 1000000 # 1MB fixme: add GLSetting.memory_copy.maximum_jsonsize
                # is 1MB probably too high. probably this variable must be in kB

            # less than 1 megabytes is always accepted
            if megabytes > limit:
                log.err("Tried %s request larger than expected (%dMb > %dMb)" %
                        (limit_type,
                         megabytes,
                         limit))

                # In HTTP Protocol errors need to be managed differently than handlers
                raise errors.HTTPRawLimitReach

            if self.content_length > 0:
                self.setRawMode()
                return
            elif self.file_upload:
                self._on_request_body(self.uploaded_file)
                self.file_upload = False
                self.uploaded_file = {}
                return

            self.request_callback(self._request)
        except Exception as exception:
            log.msg("Malformed HTTP request from %s: %s" % (self._remote_ip, exception))
            log.exception(exception)
            if self._request:
                self._request.finish()
            if self.transport:
                self.transport.loseConnection()
Esempio n. 29
0
 def _oauth_get_user(self, access_token, callback):
     callback = self.async_callback(self._parse_user_response, callback)
     self.twitter_request("/users/show/" +
                          escape.native_str(access_token["screen_name"]),
                          access_token=access_token,
                          callback=callback)
Esempio n. 30
0
    def _on_headers(self, data):
        try:
            data = native_str(data.decode("latin1"))
            eol = data.find("\r\n")
            start_line = data[:eol]
            try:
                method, uri, version = start_line.split(" ")
            except ValueError:
                raise _BadRequestException("Malformed HTTP request line")
            if not version.startswith("HTTP/"):
                raise _BadRequestException(
                    "Malformed HTTP version in HTTP Request-Line")
            headers = httputil.HTTPHeaders.parse(data[eol:])
            self._request = HTTPRequest(
                connection=self, method=method, uri=uri, version=version,
                headers=headers, remote_ip=self._remote_ip)

            try:
                self.content_length = int(headers.get("Content-Length", 0))
            except ValueError:
                raise _BadRequestException("Malformed Content-Length header")

            # we always use secure temporary files in case of large json or file uploads
            if self.content_length < 100000 and self._request.headers.get("Content-Disposition") is None:
                self._contentbuffer = StringIO('')
            else:
                self._contentbuffer = GLSecureTemporaryFile(GLSetting.tmp_upload_path)

            if headers.get("Expect") == "100-continue":
                self.transport.write("HTTP/1.1 100 (Continue)\r\n\r\n")

            c_d_header = self._request.headers.get("Content-Disposition")
            if c_d_header is not None:
                key, pdict = parse_header(c_d_header)
                if key != 'attachment' or 'filename' not in pdict:
                    raise _BadRequestException("Malformed Content-Disposition header")

                self.file_upload = True
                self.uploaded_file['filename'] = pdict['filename']
                self.uploaded_file['content_type'] = self._request.headers.get("Content-Type",
                                                                               'application/octet-stream')

                self.uploaded_file['body'] = self._contentbuffer
                self.uploaded_file['body_len'] = int(self.content_length)
                self.uploaded_file['body_filepath'] = self._contentbuffer.filepath

            megabytes = int(self.content_length) / (1024 * 1024)

            if self.file_upload:
                limit_type = "upload"
                limit = GLSetting.memory_copy.maximum_filesize
            else:
                limit_type = "json"
                limit = 1000000 # 1MB fixme: add GLSetting.memory_copy.maximum_jsonsize
                # is 1MB probably too high. probably this variable must be in kB

            # less than 1 megabytes is always accepted
            if megabytes > limit:
                log.err("Tried %s request larger than expected (%dMb > %dMb)" %
                        (limit_type,
                         megabytes,
                         limit))

                # In HTTP Protocol errors need to be managed differently than handlers
                raise errors.HTTPRawLimitReach

            if self.content_length > 0:
                self.setRawMode()
                return
            elif self.file_upload:
                self._on_request_body(self.uploaded_file)
                self.file_upload = False
                self.uploaded_file = {}
                return

            self.request_callback(self._request)
        except Exception as exception:
            log.msg("Malformed HTTP request from %s: %s" % (self._remote_ip, exception))
            log.exception(exception)
            if self._request:
                self._request.finish()
            if self.transport:
                self.transport.loseConnection()