def __start_process__(self, env, **kwargs): # get & decode Authorization header: try: self.log.debug("Starting HTTP basic authentication.") header = env["HTTP_AUTHORIZATION"] self.log.debug("Found Authorization header: '%s'", header) m = re.match("^Basic ([a-zA-Z0-9=/_\-]+)$", header) auth = b64decode(m.group(1)) index = auth.find(":") if index == -1: raise exception.HTTPException( 400, "Bad request. Authorization header is malformed.") self.username, password = auth[:index], auth[index + 1:] self.log.debug("Parsed Authorization header: '%s:%s'", self.username, password) except KeyError: raise exception.AuthenticationFailedException() except: raise exception.HTTPException( 400, "Bad request: Authorization header is malformed.") # validate password: authenticated = False try: authenticated = self.app.validate_password(self.username, password) except exception.UserNotFoundException: pass except exception.UserIsBlockedException: pass except: raise sys.exc_info()[1] if not authenticated: raise exception.NotAuthorizedException()
def __put__(self, env, guid, tags): tags = list(util.split_strip_set(tags, ",")) if len(tags) == 0: raise exception.HTTPException(400, "tag list cannot be empty.") self.app.add_tags(guid, self.username, tags) return self.__get_tags__(guid)
def __check_rate_limit__(self, env): self.log.debug("Checking rate limit.") if not config.LIMIT_REQUESTS_BY_IP and not config.LIMIT_REQUESTS_BY_USER: return address = env["REMOTE_ADDR"] with factory.create_db_connection() as conn: with conn.enter_scope() as scope: request_db = factory.create_request_db() user_db = factory.create_user_db() if config.LIMIT_REQUESTS_BY_IP: count = request_db.count_requests_by_ip( scope, address, 3600) self.log.debug("'%s' has made %d of %d allowed requests.", address, count, config.IP_REQUESTS_PER_HOUR) if count > config.IP_REQUESTS_PER_HOUR: raise exception.HTTPException( 402, "IP request limit reached.") user_id = user_db.map_username(scope, self.username) if config.LIMIT_REQUESTS_BY_USER: count = request_db.count_requests_by_user_id( scope, user_id, 3600) self.log.debug( "'%s' (%d) has made %d of %d allowed requests.", self.username, user_id, count, config.USER_REQUESTS_PER_HOUR) if count > config.USER_REQUESTS_PER_HOUR: raise exception.HTTPException( 402, "User request limit reached.") request_db.add_request(scope, address, user_id) scope.complete()
def avatar_form_handler(method, env): params = {} try: content_type = env.get("CONTENT_TYPE", "multipart/form-data") if not content_type.startswith("multipart/form-data"): raise exception.HTTPException(400, "Bad Request") form = FieldStorage(fp=env['wsgi.input'], environ=env) params["file"] = form["file"].file params["filename"] = form.getvalue("filename") return params except exception.HTTPException as e: raise e except Exception as e: raise exception.HTTPException(400, "Bad Request")
def __put__(self, env, guid, receivers): receivers = list(util.split_strip_set(receivers, ",")) if len(receivers) == 0: raise exception.HTTPException(400, "receiver list cannot be empty.") self.app.recommend(self.username, receivers, guid) m = {"guid": guid, "receivers": receivers} v = view.JSONView(200) v.bind(m) return v
def default_form_handler(method, env): qs = urlparse.parse_qs(env.get("QUERY_STRING", "")) params = {k: urllib.unquote(v[0]) for k, v in qs.items()} size = int(env.get('CONTENT_LENGTH', 0)) if method in ["POST", "PUT"]: content_type = env.get("CONTENT_TYPE", "application/x-www-form-urlencoded") if content_type.startswith("application/x-www-form-urlencoded"): qs = urlparse.parse_qs(env['wsgi.input'].read(size)) params.update({k: urllib.unquote(v[0]) for k, v in qs.items()}) else: raise exception.HTTPException( 400, "Bad Request: Content-Type '%s' not supported" % content_type) return params
def __check_rate_limit__(self, env): self.log.debug("Checking rate limit.") if not config.LIMIT_REQUESTS_BY_IP: return address = env["REMOTE_ADDR"] with factory.create_db_connection() as conn: with conn.enter_scope() as scope: db = factory.create_request_db() count = db.count_requests_by_ip(scope, address, 3600) self.log.debug("'%s' has made %d of %d allowed requests.", address, count, config.IP_REQUESTS_PER_HOUR) if count > config.IP_REQUESTS_PER_HOUR: raise exception.HTTPException(402, "IP request limit reached.") db.add_request(scope, address) scope.complete()