def getAlias(self, aliasid, token, path): """Returns a LibraryFileAlias, or raises LookupError. A LookupError is raised if no record with the given ID exists or if not related LibraryFileContent exists. :param token: The token for the file. If None no token is present. When a token is supplied, it is looked up with path. :param path: The path the request is for, unused unless a token is supplied; when supplied it must match the token. The value of path is expected to be that from a twisted request.args e.g. /foo/bar. """ restricted = self.restricted if token and path: # with a token and a path we may be able to serve restricted files # on the public port. store = session_store() token_found = store.find(TimeLimitedToken, SQL("age(created) < interval '1 day'"), TimeLimitedToken.token == token, TimeLimitedToken.path==path).is_empty() store.reset() if token_found: raise LookupError("Token stale/pruned/path mismatch") else: restricted = True alias = LibraryFileAlias.selectOne(And( LibraryFileAlias.id == aliasid, LibraryFileAlias.contentID == LibraryFileContent.q.id, LibraryFileAlias.restricted == restricted)) if alias is None: raise LookupError("No file alias with LibraryFileContent") return alias
def getAlias(self, aliasid, token, path): """Returns a LibraryFileAlias, or raises LookupError. A LookupError is raised if no record with the given ID exists or if not related LibraryFileContent exists. :param aliasid: A `LibraryFileAlias` ID. :param token: The token for the file. If None no token is present. When a token is supplied, it is looked up with path. :param path: The path the request is for, unused unless a token is supplied; when supplied it must match the token. The value of path is expected to be that from a twisted request.args e.g. /foo/bar. """ restricted = self.restricted if token and path: # With a token and a path we may be able to serve restricted files # on the public port. if isinstance(token, Macaroon): # Macaroons have enough other constraints that they don't # need to be path-specific; it's simpler and faster to just # check the alias ID. token_ok = threads.blockingCallFromThread( default_reactor, self._verifyMacaroon, token, aliasid) else: # The URL-encoding of the path may have changed somewhere # along the line, so reencode it canonically. LFA.filename # can't contain slashes, so they're safe to leave unencoded. # And urllib.quote erroneously excludes ~ from its safe set, # while RFC 3986 says it should be unescaped and Chromium # forcibly decodes it in any URL that it sees. # # This needs to match url_path_quote. normalised_path = urllib.quote(urllib.unquote(path), safe='/~+') store = session_store() token_ok = not store.find( TimeLimitedToken, SQL("age(created) < interval '1 day'"), TimeLimitedToken.token == hashlib.sha256(token).hexdigest(), TimeLimitedToken.path == normalised_path).is_empty() store.reset() if token_ok: restricted = True else: raise LookupError("Token stale/pruned/path mismatch") alias = LibraryFileAlias.selectOne( And(LibraryFileAlias.id == aliasid, LibraryFileAlias.contentID == LibraryFileContent.q.id, LibraryFileAlias.restricted == restricted)) if alias is None: raise LookupError("No file alias with LibraryFileContent") return alias