async def permissions_required(request,
permissions: t.List[str],
context=None) -> bool:
if not permissions:
return True
identity = await _extract_identity(request)
if await request.app["acl_provider"].is_user_authorized(
identity, permissions):
return True
else:
server_logger.info(
"AUTH:Failed to authorize %s for endpoint [%s]%s . Required permissions :%s"
% (identity, request.method, request.path, str(permissions)))
raise HTTPForbidden()
def main(bind, filename):
'''Start a JSON server.
FILENAME refers to the JSON file where your data is stored.
`db.json` will be used if not specified.
'''
logging.basicConfig(level=logging.INFO)
server_logger.info('JSON Server v%s/%s %s - by Gerald', __version__,
platform.python_implementation(),
platform.python_version())
handle = Handler(filename)
run_forever(start_server_aiohttp(handle, bind))
return 0
async def _validate_cert_date(request) -> bool:
peercert = request.transport.get_extra_info("peercert")
if not peercert:
server_logger.info(
"AUTH:Client did not send client certificates for request [%s]%s" %
(request.method, request.path))
return False
cert_valid = (datetime.datetime.strptime(peercert["notAfter"],
"%b %d %H:%M:%S %Y %Z") >
datetime.datetime.now())
if not cert_valid:
server_logger.info(
"AUTH:Client sent client certificates for request [%s]%s, but it expired at: %s"
% (request.method, request.path, peercert["notAfter"]))
return False
return True
async def middleware_handler(request):
acls = []
with suppress(KeyError):
acls = RULES[request.path][request.method]
# We only allow GET endpoints without authorization.
# Anything else will be forbidden.
if not acls and request.method != "GET":
server_logger.info(
"AUTH:Missing acl config for non-get[%s] endpoint %s. Blocking access"
% (request.method, request.path)
)
raise HTTPForbidden()
if acls:
identity = await common_auth.auth_required(request)
await common_auth.permissions_required(request, acls)
server_logger.info(
"AUTH:Authorized %s for [%s]%s"
% (identity, request.method, request.path)
)
resp = await handler(request)
return resp
},
"aioswitcher.api": {
"level": "WARNING"
},
access_logger.name: {
"level": args.log_level
},
client_logger.name: {
"level": args.log_level
},
server_logger.name: {
"level": args.log_level
},
web_logger.name: {
"level": args.log_level
},
ws_logger.name: {
"level": args.log_level
},
},
}
config.dictConfig(loggingConfig)
app = web.Application(middlewares=[error_middleware])
app.add_routes(routes)
server_logger.info("starting server")
web.run_app(app, port=args.port, access_log_class=CustomAccessLogger)
server_logger.info("server stopped")
def dump(self):
self.timer = None
self.data.dump()
server_logger.info('data dumped')
def load_acl_cache(cpath: str) -> t.Dict[str, t.List[str]]:
with gzip.open(cpath, "rt", encoding="utf-8") as compressed:
aclcache = json.loads(compressed.read())
server_logger.info("Loaded acl cache with %d entries" % len(aclcache))
return aclcache