コード例 #1
0
def make_api_response(data, err="", status_code=200, cookies=None) -> Response:
    quota_user = flsk_session.pop("quota_user", None)
    quota_set = flsk_session.pop("quota_set", False)
    if quota_user and quota_set:
        QUOTA_TRACKER.end(quota_user)

    if type(err) is Exception:
        trace = exc_info()[2]
        err = ''.join(['\n'] + format_tb(trace) +
                      ['%s: %s\n' %
                       (err.__class__.__name__, str(err))]).rstrip('\n')
        log_with_traceback(LOGGER, trace, "Exception", is_exception=True)

    resp = make_response(
        jsonify({
            "api_response": data,
            "api_error_message": err,
            "api_server_version": VERSION,
            "api_status_code": status_code
        }), status_code)

    if isinstance(cookies, dict):
        for k, v in cookies.items():
            resp.set_cookie(k, v)

    return resp
コード例 #2
0
def make_api_response(data, err="", status_code=200, cookies=None) -> Response:
    quota_user = flsk_session.pop("quota_user", None)
    quota_id = flsk_session.pop("quota_id", None)
    quota_set = flsk_session.pop("quota_set", False)
    if quota_user and quota_set:
        RATE_LIMITER.dec(quota_user, track_id=quota_id)
        RATE_LIMITER.dec("__global__", track_id=quota_id)

    if type(err) is Exception:
        trace = exc_info()[2]
        err = ''.join(['\n'] + format_tb(trace) +
                      ['%s: %s\n' %
                       (err.__class__.__name__, str(err))]).rstrip('\n')
        log_with_traceback(LOGGER, trace, "Exception", is_exception=True)

    resp = make_response(
        jsonify({
            "api_response":
            data,
            "api_error_message":
            err,
            "api_server_version":
            "%s.%s.%s" % (BUILD_MASTER, BUILD_LOWER, BUILD_NO),
            "api_status_code":
            status_code
        }), status_code)

    if isinstance(cookies, dict):
        for k, v in cookies.items():
            resp.set_cookie(k, v)

    return resp
コード例 #3
0
def handle_403(e):
    if isinstance(e, Forbidden):
        error_message = e.description
    else:
        error_message = str(e)

    trace = exc_info()[2]
    if AUDIT:
        uname = "(None)"
        ip = request.remote_addr
        session_id = flsk_session.get("session_id", None)
        if session_id:
            session = KV_SESSION.get(session_id)
            if session:
                uname = session.get("username", uname)
                ip = session.get("ip", ip)

        log_with_traceback(
            AUDIT_LOG, trace,
            f"Access Denied. (U:{uname} - IP:{ip}) [{error_message}]")

    if request.path.startswith("/api/"):
        config_block = {
            "auth": {
                "allow_2fa": config.auth.allow_2fa,
                "allow_apikeys": config.auth.allow_apikeys,
                "allow_security_tokens": config.auth.allow_security_tokens,
            },
            "ui": {
                "allow_url_submissions":
                config.ui.allow_url_submissions,
                "read_only":
                config.ui.read_only,
                "tos":
                config.ui.tos not in [None, ""],
                "tos_lockout":
                config.ui.tos_lockout,
                "tos_lockout_notify":
                config.ui.tos_lockout_notify not in [None, []]
            }
        }
        return make_api_response(
            config_block,
            "Access Denied (%s) [%s]" % (request.path, error_message), 403)
    else:
        if error_message.startswith("User") and str(e).endswith("is disabled"):
            return render_template('403e.html',
                                   exception=error_message,
                                   email=config.ui.email or "",
                                   notified=config.ui.tos_lockout
                                   and config.ui.tos_lockout_notify), 403
        else:
            return render_template('403.html', exception=error_message), 403
コード例 #4
0
def handle_500(e):
    if isinstance(e.original_exception, AccessDeniedException):
        return handle_403(e.original_exception)

    if isinstance(e.original_exception, AuthenticationException):
        return handle_401(e.original_exception)

    oe = e.original_exception or e

    trace = exc_info()[2]
    log_with_traceback(LOGGER, trace, "Exception", is_exception=True)

    message = ''.join(['\n'] + format_tb(exc_info()[2]) +
                      ['%s: %s\n' %
                       (oe.__class__.__name__, str(oe))]).rstrip('\n')
    return make_api_response("", message, 500)
コード例 #5
0
def handle_500(e):
    if isinstance(e.original_exception, AccessDeniedException):
        return handle_403(e.original_exception)

    if isinstance(e.original_exception, AuthenticationException):
        return handle_401(e.original_exception)

    oe = e.original_exception or e

    trace = exc_info()[2]
    log_with_traceback(LOGGER, trace, "Exception", is_exception=True)

    message = ''.join(['\n'] + format_tb(exc_info()[2]) +
                      ['%s: %s\n' %
                       (oe.__class__.__name__, str(oe))]).rstrip('\n')
    if request.path.startswith("/api/"):
        return make_api_response("", message, 500)
    else:
        return render_template('500.html', exception=message), 500