def downloadHandler(req): """otec protection for, and customization of, file downloads, i.e. dynamic non-html content""" #--- BEGIN TEMPLATE CODE... try: from mod_python import apache, util, Session session = Session.Session(req) form = util.FieldStorage(req, keep_blank_values=1) req.add_common_vars() base_url_dir = os.path.dirname( req.subprocess_env['SCRIPT_URI']) #e.g. 'https://SERVER/PATH/' base_fs_dir = os.path.dirname(req.subprocess_env['SCRIPT_FILENAME']) msg = "request from ip [%s] from user [%s]" % ( req.subprocess_env['REMOTE_ADDR'], core.getUsername(session, req)) core.log(msg, session, req) core.sessionCheck(session, req) #--- ...END TEMPLATE CODE import otec #reset otec defaults; make sure this is in sync with index.psp, else import order will matter otec.OTEC_DIR = os.path.join(config2.ROOT_DIR, 'otec') otec.DEBUG = config.DEBUG username = core.getUsername(session, req) if username is None: raise Exception( "internal error: openauth must be behind some compatible authentication wall" ) #check the otec code = None try: code = form['otec'] except KeyError: pass if code is None or not otec.isValid(code) or not code.startswith( username): msg = "expired, invalid, or unprovided otec for user [%s]: %s" % ( username, code) core.log(msg, session, req) req.internal_redirect(os.path.join(base_url_dir, 'fail_otec.psp')) return apache.OK msg = "accepted otec [%s] for user [%s]" % (code, username) core.log(msg, session, req) #detemine what file to serve up try: f = os.path.basename(req.uri) if f not in ('qrcode.png', '%s-openauth.zip' % username): raise BreakOut except (KeyError, BreakOut): msg = "unexpected download [%s] by user [%s]" % (f, username) core.log(msg, session, req) req.internal_redirect( os.path.join(base_url_dir, 'fail_general.psp')) return apache.OK #handle feeding out the bytes if f == 'qrcode.png': bytes = getQRCodeBytes(username) req.headers_out.add('Pragma', 'no-cache') req.headers_out.add('Content-Type', 'image/png') req.write(bytes) elif f == ('%s-openauth.zip' % username): bytes = getZipBytes(username) req.headers_out.add('Content-Disposition', 'attachment; filename="%s"' % f) req.headers_out.add('Content-Type', 'application/zip') req.write(bytes) #delete the otec try: otec.delete(code) msg = "deleted otec [%s] for user [%s]" % (code, username) core.log(msg, session, req) except Exception, e: msg = "ERROR: failed to delete otec [%s] for user [%s]: %s" % ( code, username, e) core.log(msg, session, req, e) pass #everything else worked, and the user is good to go; the otec will expire anyways #--- BEGIN TEMPLATE CODE... return apache.OK
try: otec.delete(code) msg = "deleted otec [%s] for user [%s]" % (code, username) core.log(msg, session, req) except Exception, e: msg = "ERROR: failed to delete otec [%s] for user [%s]: %s" % ( code, username, e) core.log(msg, session, req, e) pass #everything else worked, and the user is good to go; the otec will expire anyways #--- BEGIN TEMPLATE CODE... return apache.OK except apache.SERVER_RETURN: ##if it's re-raised, sessions start over; passing seems wrong but it's the only way I know of to make sessions persist across redirect #raise pass except Exception, e: if not ('core' in globals() and 'session' in locals() and 'base_url_dir' in locals()): raise #just bailout and let the server handle it (if configured with PythonDebug On, the traceback will be shown to the user) else: msg = "ERROR: uncaught exception when handling user [%s]: %s" % ( core.getUsername(session, req), e) core.log(msg, session, req, e) req.internal_redirect( os.path.join(base_url_dir, 'fail_general.psp')) return apache.OK #(not sure if this does anything) #--- ...END TEMPLATE CODE
req.write(bytes) #delete the otec try: otec.delete(code) msg = "deleted otec [%s] for user [%s]" % (code, username) core.log(msg, session, req) except Exception, e: msg = "ERROR: failed to delete otec [%s] for user [%s]: %s" % (code, username, e) core.log(msg, session, req, e) pass #everything else worked, and the user is good to go; the otec will expire anyways #--- BEGIN TEMPLATE CODE... return apache.OK except apache.SERVER_RETURN: ##if it's re-raised, sessions start over; passing seems wrong but it's the only way I know of to make sessions persist across redirect #raise pass except Exception, e: if not ( 'core' in globals() and 'session' in locals() and 'base_url_dir' in locals() ): raise #just bailout and let the server handle it (if configured with PythonDebug On, the traceback will be shown to the user) else: msg = "ERROR: uncaught exception when handling user [%s]: %s" % (core.getUsername(session, req), e) core.log(msg, session, req, e) req.internal_redirect(os.path.join(base_url_dir, 'fail_general.psp')) return apache.OK #(not sure if this does anything) #--- ...END TEMPLATE CODE
def downloadHandler(req): """otec protection for, and customization of, file downloads, i.e. dynamic non-html content""" #--- BEGIN TEMPLATE CODE... try: from mod_python import apache, util, Session session = Session.Session(req) form = util.FieldStorage(req, keep_blank_values=1) req.add_common_vars() base_url_dir = os.path.dirname(req.subprocess_env['SCRIPT_URI']) #e.g. 'https://SERVER/PATH/' base_fs_dir = os.path.dirname(req.subprocess_env['SCRIPT_FILENAME']) msg = "request from ip [%s] from user [%s]" % (req.subprocess_env['REMOTE_ADDR'], core.getUsername(session, req)) core.log(msg, session, req) core.sessionCheck(session, req) #--- ...END TEMPLATE CODE import otec #reset otec defaults; make sure this is in sync with index.psp, else import order will matter otec.OTEC_DIR = os.path.join(config2.ROOT_DIR, 'otec') otec.DEBUG = config.DEBUG username = core.getUsername(session, req) if username is None: raise Exception("internal error: openauth must be behind some compatible authentication wall") #check the otec code = None try: code = form['otec'] except KeyError: pass if code is None or not otec.isValid(code) or not code.startswith(username): msg = "expired, invalid, or unprovided otec for user [%s]: %s" % (username, code) core.log(msg, session, req) req.internal_redirect(os.path.join(base_url_dir, 'fail_otec.psp')) return apache.OK msg = "accepted otec [%s] for user [%s]" % (code, username) core.log(msg, session, req) #detemine what file to serve up try: f = os.path.basename(req.uri) if f not in ('qrcode.png', '%s-openauth.zip' % username): raise BreakOut except (KeyError, BreakOut): msg = "unexpected download [%s] by user [%s]" % (f, username) core.log(msg, session, req) req.internal_redirect(os.path.join(base_url_dir, 'fail_general.psp')) return apache.OK #handle feeding out the bytes if f=='qrcode.png': bytes = getQRCodeBytes(username) req.headers_out.add('Pragma', 'no-cache') req.headers_out.add('Content-Type', 'image/png') req.write(bytes) elif f==('%s-openauth.zip' % username): bytes = getZipBytes(username) req.headers_out.add('Content-Disposition', 'attachment; filename="%s"' % f) req.headers_out.add('Content-Type' , 'application/zip') req.write(bytes) #delete the otec try: otec.delete(code) msg = "deleted otec [%s] for user [%s]" % (code, username) core.log(msg, session, req) except Exception, e: msg = "ERROR: failed to delete otec [%s] for user [%s]: %s" % (code, username, e) core.log(msg, session, req, e) pass #everything else worked, and the user is good to go; the otec will expire anyways #--- BEGIN TEMPLATE CODE... return apache.OK
def img(req): """serve a png image""" #--- BEGIN TEMPLATE CODE... try: from mod_python import apache, util, Session session = Session.Session(req) form = util.FieldStorage(req, keep_blank_values=1) req.add_common_vars() base_url_path = req.subprocess_env['REQUEST_URI'].split('?',1)[0] #e.g. /PATH/FILENAME.psp, of 'https://SERVER/PATH/FILENAME.psp?FOO=BAR' base_url_dir = os.path.dirname(base_url_path) #e.g. /PATH, of 'https://SERVER/PATH/FILENAME.psp?FOO=BAR' base_fs_dir = os.path.dirname(req.subprocess_env['SCRIPT_FILENAME']) msg = "request from ip [%s] from user [%s]" % (req.subprocess_env['REMOTE_ADDR'], core.getUsername(session, req)) core.log(msg, session, req) core.sessionCheck(session, req) #--- ...END TEMPLATE CODE import urllib, urllib2 if form.has_key('job') and form.has_key('path'): #(these will be the un-quoted values (i.e. '/' instead of '%2F') path = str(form['path']).strip() job = str(form['job']).strip() if req.is_https(): protocol = 'https' else: protocol = 'http' imgurl = '%s://localhost/%s/data/%s/philesight/?cmd=img&path=%s' % (protocol, base_url_dir.lstrip('/'), job, urllib.quote(path)) msg = 'image request for job [%s], path [%s]; serving [%s]' % (job, path, imgurl) core.log(msg, session, req) bytes = urllib2.urlopen(imgurl).read() req.headers_out.add('Content-Type', 'image/png') req.write(bytes) else: #FIXME raise Exception("internal error: handling of incomplete img query string not yet implemented") #--- BEGIN TEMPLATE CODE... return apache.OK except apache.SERVER_RETURN: ##if it's re-raised, sessions start over; passing seems wrong but it's the only way I know of to make sessions persist across redirect #raise raise except Exception, e: if not ( 'core' in globals() and 'session' in locals() and 'base_url_dir' in locals() ): raise #just bailout and let the server handle it (if configured with PythonDebug On, the traceback will be shown to the user) else: msg = "ERROR: exception when handling user [%s]: %s" % (core.getUsername(session, req), e) core.log(msg, session, req, e) ##FIXME -- this causes server to hang #req.internal_redirect(os.path.join(base_url_dir,'imgfail.psp')) return apache.OK #(not sure if this does anything)