def internal_request(self, path, params=None, callback=None):
if path.startswith('/'):
path = path[1:]
if isinstance(params, dict):
params = list(params.items())
if params:
path += '?' + '&'.join('%s=%s' % item
for item in params)
def response_callback(resp):
if resp.code == 200:
data = json.loads(resp.body)
if callback is None:
print(data)
else:
callback(data)
else:
log.error("Error requesting %s from internal API: (%s) %s",
path, resp.code, resp.body)
headers = {'Authorization': 'internal %s %s' % (
Portal.get_singleton().internal_api_key, self.cookie_session_id)}
tornado.httpclient.AsyncHTTPClient().fetch(
'%s/%s' % (config.INTERNAL_API_URL, path),
headers=headers,
callback=response_callback,
)
def suppressed_emails(request):
params = dict(params_from_request(request).copy())
try:
mac_verify(params)
except Exception as exc:
raise BadRequestError(str(exc))
try:
decrypted_str = decrypt(params['token'])
decrypted_json = json.loads(decrypted_str)
except Exception as exc:
log.exception(repr(exc))
raise BadRequestError()
if decrypted_json.get('key') != Portal.get_singleton().external_api_key:
raise NotFoundError()
action = decrypted_json.get('action')
if not action:
raise RequiredParameterMissingError('action')
if action == 'delete':
Notification.objects(suppressed=True).delete()
elif action == 'unsuppress':
Notification.objects.update(suppressed=False)
else:
raise BadRequestError('Action "%s" not supported' % action)
return Response("OK", 200)
def usage_survey(url="https://mist.io/api/v1/usage-survey"):
portal = Portal.get_singleton()
params = get_usage_params(portal)
log.info("Will send usage info. Url %s - Params %s", url, params)
resp = requests.get(url, params)
if not resp.ok:
log.error("Bad response while sending usage info: %s: %s",
resp.status_code, resp.text)
raise Exception("%s: %s" % (resp.status_code, resp.text))
def get_version_params(portal=None):
if portal is None:
portal = Portal.get_singleton()
params = {
'portal_id': portal.id,
'created_at': str(portal.created_at),
}
for key, value in config.VERSION.iteritems():
params['version_%s' % key] = value
return params
def session_from_request(request):
"""Get SessionToken or ApiToken instance from request"""
if 'session' in request.environ:
return request.environ['session']
session = migrate_old_api_token(request)
if session is None:
auth_value = request.headers.get('Authorization', '').lower()
if auth_value.startswith('internal'):
parts = auth_value.split(' ')
if len(parts) == 3:
internal_api_key, session_id = parts[1:]
if internal_api_key == Portal.get_singleton().internal_api_key:
try:
session_token = SessionToken.objects.get(
token=session_id)
except SessionToken.DoesNotExist:
pass
else:
if session_token.is_valid():
session_token.internal = True
session = session_token
elif auth_value:
token_from_request = auth_value
try:
api_token = ApiToken.objects.get(token=token_from_request)
except DoesNotExist:
api_token = None
try:
if not api_token and config.HAS_RBAC:
api_token = SuperToken.objects.get(
token=token_from_request)
except DoesNotExist:
pass
if api_token and api_token.is_valid():
session = api_token
else:
session = ApiToken()
session.name = 'dummy_token'
if session is None:
try:
session_token = SessionToken.objects.get(
token=request.cookies.get('session.id'))
if session_token.is_valid():
session = session_token
except DoesNotExist:
pass
if session is None:
session = SessionToken(
user_agent=request.user_agent,
ip_address=mist.api.helpers.ip_from_request(request))
session.save()
request.environ['session'] = session
return session
def get_user_data(auth_context):
"""
This function sends user's data to socket
:param auth_context:
:return: dict
"""
user = auth_context.user
orgs = []
for org in Organization.objects(members=user):
o_dict = {
'id': org.id,
'name': org.name,
'avatar': org.avatar,
'members': len(org.members),
'isOwner': user in org.get_team('Owners').members,
'super_org': org.super_org
}
if org.super_org and Organization.objects(parent=org.id):
sub_orgs = Organization.objects(parent=org.id)
for sub_org in sub_orgs:
sub = {
'id': sub_org.id,
'parent_id': sub_org.parent.id,
'name': sub_org.name,
'members': len(sub_org.members),
'isOwner': user in org.get_team('Owners').members,
}
orgs.append(sub)
orgs.append(o_dict)
ret = {
'id': user.id,
'email': user.email,
'first_name': user.first_name,
'last_name': user.last_name,
'username': user.username,
'ips': [ip.as_dict() for ip in user.ips],
'current_ip': auth_context.token.ip_address,
'has_pass': user.password is not None and user.password != '',
'orgs': orgs,
'csrf_token': auth_context.token.csrf_token,
}
if user.role == 'Admin':
upgrades = Portal.get_singleton().get_available_upgrades()
ret['available_upgrades'] = upgrades
if config.HAS_BILLING:
ret.update({
'stripe_public_apikey': config.STRIPE_PUBLIC_APIKEY,
})
return ret
def get_version_params(portal=None):
if portal is None:
portal = Portal.get_singleton()
params = {
'portal_id': portal.id,
'created_at': str(portal.created_at),
'license_key': config.LICENSE_KEY,
}
for key, value in config.VERSION.items():
params['version_%s' % key] = value
for key, value in list(get_current_portal_usage().items()):
params['usage_%s' % key] = value
return params
def get_unsuppress_link(action):
assert action in (
'unsuppress',
'delete',
)
params = {
'action': action,
'key': Portal.get_singleton().external_api_key
}
token = {'token': encrypt(json.dumps(params))}
mac_sign(token)
return '%s/suppressed-alerts?%s' % (config.CORE_URI,
urllib.parse.urlencode(token))
def check_new_versions(url="https://mist.io/api/v1/version-check"):
portal = Portal.get_singleton()
params = get_version_params(portal)
log.info("Will check for new versions. Url %s - Params %s", url, params)
resp = requests.get(url, params)
if not resp.ok:
log.error("Bad response while checking for new versions: %s: %s",
resp.status_code, resp.text)
raise Exception("%s: %s" % (resp.status_code, resp.text))
portal.available_upgrades = []
for version in resp.json():
available_upgrade = AvailableUpgrade()
for key in ('name', 'sha'):
if key not in version:
log.warning("Missing required field '%s' from version.", key)
break
available_upgrade[key] = version[key]
else:
portal.available_upgrades.append(available_upgrade)
portal.save()
def get_usage_params(portal=None):
if portal is None:
portal = Portal.get_singleton()
params = get_version_params(portal=portal)
# Inject more info into params
return params
def info_from_ApiKeyAuth(api_key, required_scopes):
"""
Check and retrieve authentication information from api_key.
Returned value will be passed in 'token_info' parameter of your operation
function, if there is one. 'sub' or 'uid' will be set in 'user' parameter
of your operation function, if there is one.
:param api_key API key provided by Authorization header
:type api_key: str
:param required_scopes Always None. Used for other authentication method
:type required_scopes: None
:return: Information attached to provided api_key or None if api_key is
invalid or does not allow access to called API
:rtype: dict | None
"""
from mist.api.auth.models import ApiToken, SessionToken
from mist.api.portal.models import Portal
from mist.api import config
if config.HAS_RBAC:
from mist.rbac.tokens import SuperToken
from mist.rbac.methods import AuthContext
else:
from mist.api.dummy.rbac import AuthContext
auth_value = api_key.lower()
auth_context = session = None
if auth_value.startswith('internal'):
parts = auth_value.split(' ')
if len(parts) == 3:
internal_api_key, session_id = parts[1:]
if internal_api_key == Portal.get_singleton().internal_api_key:
try:
session_token = SessionToken.objects.get(token=session_id)
except SessionToken.DoesNotExist:
pass
else:
if session_token.is_valid():
session_token.internal = True
session = session_token
elif auth_value:
token_from_request = auth_value
try:
api_token = ApiToken.objects.get(token=token_from_request)
except DoesNotExist:
api_token = None
try:
if not api_token and config.HAS_RBAC:
api_token = SuperToken.objects.get(token=token_from_request)
except DoesNotExist:
pass
if api_token and api_token.is_valid():
session = api_token
else:
session = ApiToken()
session.name = 'dummy_token'
if session:
user = session.get_user()
if user:
auth_context = AuthContext(user, session)
return {'uid': user.id, 'user': user, 'auth_context': auth_context}
return None