def create_app(secret_key, token, tracker_manager, clients_manager, notifier_manager, settings_manager,
engine_runner, log_manager):
AuthMiddleware.init(secret_key, token, lambda: settings_manager.get_is_authentication_enabled())
app = create_api()
add_static_route(app, 'webapp')
app.add_route('/api/login', Login(settings_manager))
app.add_route('/api/logout', Logout())
app.add_route('/api/topics', TopicCollection(tracker_manager))
app.add_route('/api/topics/{id}', Topic(tracker_manager))
app.add_route('/api/topics/{id}/reset_status', TopicResetStatus(tracker_manager))
app.add_route('/api/topics/parse', TopicParse(tracker_manager))
app.add_route('/api/trackers', TrackerCollection(tracker_manager))
app.add_route('/api/trackers/{tracker}', Tracker(tracker_manager))
app.add_route('/api/trackers/{tracker}/check', TrackerCheck(tracker_manager))
app.add_route('/api/clients', ClientCollection(clients_manager))
app.add_route('/api/clients/{client}', Client(clients_manager))
app.add_route('/api/clients/{client}/check', ClientCheck(clients_manager))
app.add_route('/api/clients/{client}/default', ClientDefault(clients_manager))
app.add_route('/api/notifiers', NotifierCollection(notifier_manager))
app.add_route('/api/notifiers/{notifier}', Notifier(notifier_manager))
app.add_route('/api/notifiers/{notifier}/check', NotifierCheck(notifier_manager))
app.add_route('/api/notifiers/{notifier}/enabled', NotifierEnabled(notifier_manager))
app.add_route('/api/settings/authentication', SettingsAuthentication(settings_manager))
app.add_route('/api/settings/password', SettingsPassword(settings_manager))
app.add_route('/api/settings/developer', SettingsDeveloper(settings_manager))
app.add_route('/api/settings/logs', SettingsLogs(settings_manager))
app.add_route('/api/settings/execute', SettingsExecute(engine_runner))
app.add_route('/api/execute/logs', ExecuteLogs(log_manager))
app.add_route('/api/execute/logs/{execute_id}/details', ExecuteLogsDetails(log_manager))
app.add_route('/api/execute/logs/current', ExecuteLogCurrent(log_manager))
app.add_route('/api/execute/call', ExecuteCall(engine_runner))
return app
def test_disabled_auth(self):
self.api.add_route(self.test_route, ResourceMock())
AuthMiddleware.init('secret!', 'monitorrent', is_auth_enabled)
self.simulate_request(
self.test_route,
headers={'Cookie': 'jwt=random; HttpOnly; Path=/'})
self.assertEqual(falcon.HTTP_OK, self.srmock.status)
def test_authenticate(self):
resp = falcon.Response()
AuthMiddleware.authenticate(resp)
self.assertIsNotNone(resp._cookies)
jwt = resp._cookies[AuthMiddleware.cookie_name]
self.assertEqual(jwt.key, AuthMiddleware.cookie_name)
self.assertEqual(jwt.value, self.auth_token_verified)
self.assertEqual(jwt['path'], '/')
def test_authenticate(self):
resp = falcon.Response()
AuthMiddleware.authenticate(resp)
self.assertIsNotNone(resp._cookies)
jwt = resp._cookies[AuthMiddleware.cookie_name]
self.assertEqual(jwt.key, AuthMiddleware.cookie_name)
self.assertEqual(jwt.value, self.auth_token_verified)
self.assertEqual(jwt['path'], '/')
def setUpClass(cls):
super(RestTestBase, cls).setUpClass()
AuthMiddleware.init('secret!', 'monitorrent', None)
cls.auth_token_verified = '.'.join([
'eyJhbGciOiJIUzUxMiJ9', 'Im1vbml0b3JyZW50Ig',
'So4ED3ZokC6EqLKSnN9DqJVU5b4bZ2pLO_uUyS4jayhhkVkO4Z7YYCRYsenP_kvJFteAgk_fGsYF6lsj0UCshA'
])
cls.auth_token_tampared = '.'.join([
'eyJhbGciOiJIUzUxMiJ9', 'Im1vbml0b3JyZW50Ic',
'So4ED3ZokC6EqLKSnN9DqJVU5b4bZ2pLO_uUyS4jayhhkVkO4Z7YYCRYsenP_kvJFteAgk_fGsYF6lsj0UCshA'
])
def on_post(self, req, resp):
"""
:type req: MonitorrentRequest
:type resp: MonitorrentResponse
"""
body = req.json
if body is None or 'password' not in body:
raise falcon.HTTPBadRequest('WrongPassword', 'password is not specified')
password = body['password']
if password != self.settings_manager.get_password():
raise falcon.HTTPUnauthorized('WrongPassword', 'password is not correct', None)
AuthMiddleware.authenticate(resp)
def on_post(self, req, resp):
"""
:type req: MonitorrentRequest
:type resp: MonitorrentResponse
"""
body = req.json
if body is None or 'password' not in body:
raise falcon.HTTPBadRequest('WrongPassword',
'password is not specified')
password = body['password']
if password != self.settings_manager.get_password():
raise falcon.HTTPUnauthorized('WrongPassword',
'password is not correct', None)
AuthMiddleware.authenticate(resp)
def on_get(self, req, resp, filename=None):
"""
:type req: falcon.Request
:type resp: falcon.Response
"""
if self.redirect_to_login and not AuthMiddleware.validate_auth(req):
resp.status = falcon.HTTP_FOUND
# noinspection PyUnresolvedReferences
resp.location = '/login'
return
file_path = filename or self.filename
if self.folder:
file_path = os.path.join(self.folder, file_path)
if not os.path.isfile(file_path):
raise falcon.HTTPNotFound(description='Requested page not found')
mime_type, encoding = mimetypes.guess_type(file_path)
etag, last_modified = self._get_static_info(file_path)
# noinspection PyUnresolvedReferences
resp.content_type = mime_type or 'text/plain'
headers = {
'Date': formatdate(time.time(), usegmt=True),
'ETag': etag,
'Last-Modified': last_modified,
'Cache-Control': 'max-age=86400'
}
resp.set_headers(headers)
if_modified_since = req.get_header('if-modified-since', None)
if if_modified_since and (parsedate(if_modified_since) >=
parsedate(last_modified)):
resp.status = falcon.HTTP_NOT_MODIFIED
return
if_none_match = req.get_header('if-none-match', None)
if if_none_match and (if_none_match == '*' or etag in if_none_match):
resp.status = falcon.HTTP_NOT_MODIFIED
return
resp.stream_len = os.path.getsize(file_path)
resp.stream = open(file_path, mode='rb')
def on_get(self, req, resp, filename=None):
"""
:type req: falcon.Request
:type resp: falcon.Response
"""
if self.redirect_to_login and not AuthMiddleware.validate_auth(req):
resp.status = falcon.HTTP_FOUND
# noinspection PyUnresolvedReferences
resp.location = '/login'
return
file_path = filename or self.filename
if self.folder:
file_path = os.path.join(self.folder, file_path)
if not os.path.isfile(file_path):
raise falcon.HTTPNotFound(description='Requested page not found')
mime_type, encoding = mimetypes.guess_type(file_path)
etag, last_modified = self._get_static_info(file_path)
# noinspection PyUnresolvedReferences
resp.content_type = mime_type or 'text/plain'
headers = {'Date': formatdate(time.time(), usegmt=True),
'ETag': etag,
'Last-Modified': last_modified,
'Cache-Control': 'max-age=86400'}
resp.set_headers(headers)
if_modified_since = req.get_header('if-modified-since', None)
if if_modified_since and (parsedate(if_modified_since) >= parsedate(last_modified)):
resp.status = falcon.HTTP_NOT_MODIFIED
return
if_none_match = req.get_header('if-none-match', None)
if if_none_match and (if_none_match == '*' or etag in if_none_match):
resp.status = falcon.HTTP_NOT_MODIFIED
return
resp.stream_len = os.path.getsize(file_path)
resp.stream = open(file_path, mode='rb')
def setUpClass(cls):
super(RestTestBase, cls).setUpClass()
AuthMiddleware.init('secret!', 'monitorrent', None)
cls.auth_token_verified = 'eyJhbGciOiJIUzI1NiJ9.Im1vbml0b3JyZW50Ig.95p-fZYKe6CjaUbf7-gw2JKXifsocYf0w52rj-U7vHw'
cls.auth_token_tampared = 'eyJhbGciOiJIUzI1NiJ9.Im1vbml0b3JyZW5UIg.95p-fZYKe6CjaUbf7-gw2JKXifsocYf0w52rj-U7vHw'
def on_post(self, req, resp):
AuthMiddleware.logout(resp)
resp.status = falcon.HTTP_NO_CONTENT
def on_post(self, req, resp):
AuthMiddleware.logout(resp)
resp.status = falcon.HTTP_NO_CONTENT
def setUpClass(cls):
super(RestTestBase, cls).setUpClass()
AuthMiddleware.init('secret!', 'monitorrent', None)
cls.auth_token_verified = 'eyJhbGciOiJIUzI1NiJ9.Im1vbml0b3JyZW50Ig.95p-fZYKe6CjaUbf7-gw2JKXifsocYf0w52rj-U7vHw'
cls.auth_token_tampared = 'eyJhbGciOiJIUzI1NiJ9.Im1vbml0b3JyZW5UIg.95p-fZYKe6CjaUbf7-gw2JKXifsocYf0w52rj-U7vHw'
def test_disabled_auth(self):
self.api.add_route(self.test_route, TestResource())
AuthMiddleware.init('secret!', 'monitorrent', is_auth_enabled)
self.simulate_request(self.test_route, headers={'Cookie': 'jwt=random; HttpOnly; Path=/'})
self.assertEqual(falcon.HTTP_OK, self.srmock.status)