def __connect(): try: get_token() except: logger.debug('disconnecting connection') return False return True
def __listen_console(job_id): logger.debug('listen:console for %s', job_id) token = get_token() if not job_id: logger.debug('job_id not set') return flask_socketio.disconnect() try: uuid.UUID(job_id) except: logger.debug('job_id not a uuid') return flask_socketio.disconnect() conn = dbpool.get() try: if token['type'] not in ('project', 'project-token'): logger.debug('only project token allowed') return flask_socketio.disconnect() project_id = token['project']['id'] build = conn.execute_one(''' SELECT id FROM job WHERE project_id = %s AND id = %s ''', [project_id, job_id]) if not build: logger.debug('job does not belong to project') return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(job_id)
def __listen_dashboard_console(job_id): logger.debug('listen:console for %s', job_id) if not job_id: logger.debug('job_id not set') return flask_socketio.disconnect() try: uuid.UUID(job_id) except: logger.debug('job_id not a uuid') return flask_socketio.disconnect() conn = dbpool.get() try: u = conn.execute_one_dict( ''' SELECT p.public, j.project_id FROM project p INNER JOIN job j ON j.project_id = p.id AND j.id = %s ''', [job_id]) if not u: logger.warn('job not found') return flask_socketio.disconnect() if not u['public']: token = get_token() if token['type'] == 'user': user_id = token['user']['id'] collaborator = is_collaborator(user_id, u['project_id'], db=conn) if not collaborator: logger.warn('not a collaborator') return flask_socketio.disconnect() else: logger.debug('only user token allowed') return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(job_id)
def __listen_jobs(project_id): logger.debug('listen:jobs for %s', project_id) if not project_id: logger.debug('project_id not set') return flask_socketio.disconnect() try: uuid.UUID(project_id) except: logger.debug('project_id not a uuid') return flask_socketio.disconnect() conn = dbpool.get() try: p = conn.execute_one_dict( ''' SELECT public FROM project WHERE id = %s ''', [project_id]) if not p['public']: token = get_token() if token['type'] == 'user': user_id = token['user']['id'] collaborator = is_collaborator(user_id, project_id, db=conn) if not collaborator: logger.warn('not a collaborator') return flask_socketio.disconnect() else: logger.debug('only user token allowed') return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(project_id)
def __listen_build(build_id): logger.debug('listen:build for %s', build_id) if not build_id: logger.debug('build_id not set') return flask_socketio.disconnect() try: uuid.UUID(build_id) except: logger.debug('build_id not a uuid') return flask_socketio.disconnect() if not sio_is_authorized(['listen:build', build_id]): return flask_socketio.disconnect() conn = dbpool.get() try: token = normalize_token(get_token()) project_id = token['project']['id'] build = conn.execute_one( ''' SELECT id FROM build WHERE project_id = %s AND id = %s ''', [project_id, build_id]) if not build: logger.debug('build does not belong to project') return flask_socketio.disconnect() except: logger.exception("Exception occured") return flask_socketio.disconnect() finally: dbpool.put(conn) flask_socketio.join_room(build_id)
def sio_is_authorized(path): g.db = dbpool.get() try: # Assemble Input Data for Open Policy Agent opa_input = { "input": { "method": "WS", "path": path, "token": normalize_token(get_token()) } } authorized = opa_do_auth(opa_input) if not authorized: logger.warn("Unauthorized socket.io access attempt") return False return True except RequestException as e: logger.error(e) return False finally: dbpool.put(g.db) g.db = None