def check_authorization(): if 'remote_oauth' in session and 'client_id' in session: # resp = app.remote_oauth.get('me') bidder_data = get_bidder_id(app, session) if bidder_data: grant_timeout = iso8601.parse_date( bidder_data[u'expires']) - datetime.now(tzlocal()) if grant_timeout > INVALIDATE_GRANT: app.logger.info( "Bidder {} with client_id {} pass check_authorization". format( bidder_data['bidder_id'], session['client_id'], ), extra=prepare_extra_journal_fields(request.headers)) return jsonify({'status': 'ok'}) else: app.logger.info( "Grant will end in a short time. Activate re-login functionality", extra=prepare_extra_journal_fields(request.headers)) else: app.logger.warning( "Client_id {} didn't passed check_authorization".format( session['client_id']), extra=prepare_extra_journal_fields(request.headers)) abort(401)
def authorized(): if not ('error' in request.args and request.args['error'] == 'access_denied'): resp = app.remote_oauth.authorized_response() if resp is None or hasattr(resp, 'data'): app.logger.info("Error Response from Oauth: {}".format(resp)) return abort(403, 'Access denied') app.logger.info("Get response from Oauth: {}".format(repr(resp))) session['remote_oauth'] = (resp['access_token'], '') session['client_id'] = os.urandom(16).encode('hex') bidder_data = get_bidder_id(app, session) app.logger.info("Bidder {} with client_id {} authorized".format( bidder_data['bidder_id'], session['client_id'], ), extra=prepare_extra_journal_fields(request.headers)) app.logger.debug("Session: {}".format(repr(session))) response = redirect( urljoin(request.headers['X-Forwarded-Path'], '.').rstrip('/')) response.set_cookie('auctions_loggedin', '1', path=app.config['SESSION_COOKIE_PATH'], secure=False, httponly=False, max_age=36000) return response
def post_bid(): if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(app, session) if bidder_data and bidder_data['bidder_id'] == request.json[ 'bidder_id']: return jsonify(app.form_handler()) else: app.logger.warning( "Client with client id: {} and bidder_id {} wants post bid but response status from Oauth" .format(session.get('client_id', 'None'), request.json.get('bidder_id', 'None'))) abort(401)
def logout(): if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(app, session) if bidder_data: remove_client(bidder_data['bidder_id'], session['client_id']) send_event( bidder_data['bidder_id'], app.auction_bidders[bidder_data['bidder_id']]["clients"], "ClientsList") session.clear() return redirect( urljoin(request.headers['X-Forwarded-Path'], '.').rstrip('/'))
def post_bid(): auction = app.config['auction'] if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(app, session) if bidder_data and bidder_data['bidder_id'] == request.json[ 'bidder_id']: with auction.bids_actions: form = BidsForm.from_json(request.json) form.auction = auction form.document = auction.db.get(auction.auction_doc_id) current_time = datetime.now(timezone('Europe/Kiev')) if form.validate(): # write data auction.add_bid( form.document['current_stage'], { 'amount': form.data['bid'], 'bidder_id': form.data['bidder_id'], 'time': current_time.isoformat() }) if form.data['bid'] == -1.0: app.logger.info( "Bidder {} with client_id {} canceled bids in stage {} in {}" .format(form.data['bidder_id'], session['client_id'], form.document['current_stage'], current_time.isoformat()), extra=prepare_extra_journal_fields( request.headers)) else: app.logger.info( "Bidder {} with client_id {} placed bid {} in {}". format(form.data['bidder_id'], session['client_id'], form.data['bid'], current_time.isoformat()), extra=prepare_extra_journal_fields( request.headers)) response = {'status': 'ok', 'data': form.data} else: response = {'status': 'failed', 'errors': form.errors} app.logger.info( "Bidder {} with client_id {} wants place bid {} in {} with errors {}" .format(request.json.get('bidder_id', 'None'), session['client_id'], request.json.get('bid', 'None'), current_time.isoformat(), repr(form.errors)), extra=prepare_extra_journal_fields(request.headers)) return jsonify(response) else: app.logger.warning( "Client with client id: {} and bidder_id {} wants post bid but response status from Oauth" .format(session.get('client_id', 'None'), request.json.get('bidder_id', 'None'))) abort(401)
def kickclient(): if 'remote_oauth' in session and 'client_id' in session: with app.context['server_actions']: data = request.json bidder_data = get_bidder_id(app, session) if bidder_data: data['bidder_id'] = bidder_data['bidder_id'] if 'client_id' in data: send_event_to_client(data['bidder_id'], data['client_id'], {"from": session['client_id']}, "KickClient") return jsonify({"status": "ok"}) abort(401)
def logout(): if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(app, session) if bidder_data: remove_client(bidder_data['bidder_id'], session['client_id']) send_event( bidder_data['bidder_id'], app.auction_bidders[bidder_data['bidder_id']]["clients"], "ClientsList" ) session.clear() return redirect( urljoin(request.headers['X-Forwarded-Path'], '.').rstrip('/') )
def kickclient(): if 'remote_oauth' in session and 'client_id' in session: auction = app.config['auction'] with auction.bids_actions: data = request.json bidder_data = get_bidder_id(app, session) if bidder_data: data['bidder_id'] = bidder_data['bidder_id'] if 'client_id' in data: send_event_to_client( data['bidder_id'], data['client_id'], { "from": session['client_id'] }, "KickClient" ) return jsonify({"status": "ok"}) abort(401)
def check_authorization(): if 'remote_oauth' in session and 'client_id' in session: # resp = app.remote_oauth.get('me') bidder_data = get_bidder_id(app, session) if bidder_data: grant_timeout = iso8601.parse_date(bidder_data[u'expires']) - datetime.now(tzlocal()) if grant_timeout > INVALIDATE_GRANT: app.logger.info("Bidder {} with client_id {} pass check_authorization".format( bidder_data['bidder_id'], session['client_id'], ), extra=prepare_extra_journal_fields(request.headers)) return jsonify({'status': 'ok'}) else: app.logger.info( "Grant will end in a short time. Activate re-login functionality", extra=prepare_extra_journal_fields(request.headers) ) else: app.logger.warning("Client_id {} didn't passed check_authorization".format(session['client_id']), extra=prepare_extra_journal_fields(request.headers)) abort(401)
def set_sse_timeout(): current_app.logger.info( 'Handle set_sse_timeout request with session {}'.format(repr(dict(session))), extra=prepare_extra_journal_fields(request.headers) ) if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(current_app, session) if bidder_data: current_app.logger.info("Bidder {} with client_id {} set sse_timeout".format( bidder_data['bidder_id'], session['client_id'], ), extra=prepare_extra_journal_fields(request.headers)) bidder = bidder_data['bidder_id'] if 'timeout' in request.json: session["sse_timeout"] = int(request.json['timeout']) send_event_to_client( bidder, session['client_id'], '', event='StopSSE' ) return jsonify({'timeout': session["sse_timeout"]}) return abort(401)
def post_bid(): auction = app.config['auction'] if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(app, session) if bidder_data and bidder_data['bidder_id'] == request.json['bidder_id']: with auction.bids_actions: form = BidsForm.from_json(request.json) form.auction = auction form.document = auction.db.get(auction.auction_doc_id) current_time = datetime.now(timezone('Europe/Kiev')) if form.validate(): # write data auction.add_bid(form.document['current_stage'], {'amount': form.data['bid'], 'bidder_id': form.data['bidder_id'], 'time': current_time.isoformat()}) if form.data['bid'] == -1.0: app.logger.info("Bidder {} with client_id {} canceled bids in stage {} in {}".format( form.data['bidder_id'], session['client_id'], form.document['current_stage'], current_time.isoformat() ), extra=prepare_extra_journal_fields(request.headers)) else: app.logger.info("Bidder {} with client_id {} placed bid {} in {}".format( form.data['bidder_id'], session['client_id'], form.data['bid'], current_time.isoformat() ), extra=prepare_extra_journal_fields(request.headers)) response = {'status': 'ok', 'data': form.data} else: response = {'status': 'failed', 'errors': form.errors} app.logger.info("Bidder {} with client_id {} wants place bid {} in {} with errors {}".format( request.json.get('bidder_id', 'None'), session['client_id'], request.json.get('bid', 'None'), current_time.isoformat(), repr(form.errors) ), extra=prepare_extra_journal_fields(request.headers)) return jsonify(response) else: app.logger.warning("Client with client id: {} and bidder_id {} wants post bid but response status from Oauth".format( session.get('client_id', 'None'), request.json.get('bidder_id', 'None') )) abort(401)
def set_sse_timeout(): current_app.logger.info( 'Handle set_sse_timeout request with session {}'.format( repr(dict(session))), extra=prepare_extra_journal_fields(request.headers)) if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(current_app, session) if bidder_data: current_app.logger.info( "Bidder {} with client_id {} set sse_timeout".format( bidder_data['bidder_id'], session['client_id'], ), extra=prepare_extra_journal_fields(request.headers)) bidder = bidder_data['bidder_id'] if 'timeout' in request.json: session["sse_timeout"] = int(request.json['timeout']) send_event_to_client(bidder, session['client_id'], '', event='StopSSE') return jsonify({'timeout': session["sse_timeout"]}) return abort(401)
def authorized(): if not('error' in request.args and request.args['error'] == 'access_denied'): resp = app.remote_oauth.authorized_response() if resp is None or hasattr(resp, 'data'): app.logger.info("Error Response from Oauth: {}".format(resp)) return abort(403, 'Access denied') app.logger.info("Get response from Oauth: {}".format(repr(resp))) session['remote_oauth'] = (resp['access_token'], '') session['client_id'] = os.urandom(16).encode('hex') bidder_data = get_bidder_id(app, session) app.logger.info("Bidder {} with client_id {} authorized".format( bidder_data['bidder_id'], session['client_id'], ), extra=prepare_extra_journal_fields(request.headers)) app.logger.debug("Session: {}".format(repr(session))) response = redirect( urljoin(request.headers['X-Forwarded-Path'], '.').rstrip('/') ) response.set_cookie('auctions_loggedin', '1', path=app.config['SESSION_COOKIE_PATH'], secure=False, httponly=False, max_age=36000 ) return response
def event_source(): current_app.logger.debug( 'Handle event_source request with session {}'.format( repr(dict(session))), extra=prepare_extra_journal_fields(request.headers)) if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(current_app, session) if bidder_data: valid_bidder = False client_hash = session['client_id'] bidder = bidder_data['bidder_id'] for bidder_info in current_app.config['auction'].bidders_data: if bidder_info['id'] == bidder: valid_bidder = True break if current_app.config['auction'].auction_document.get( 'current_phase', '') in ['dutch', 'pre-started', 'pre-sealedbid']: valid_bidder = True if valid_bidder: if bidder not in current_app.auction_bidders: current_app.auction_bidders[bidder] = { "clients": {}, "channels": {} } if client_hash not in current_app.auction_bidders[bidder]: real_ip = request.environ.get('HTTP_X_REAL_IP', '') if real_ip.startswith('172.'): real_ip = '' current_app.auction_bidders[bidder]["clients"][ client_hash] = { 'ip': ','.join([ request.headers.get('X-Forwarded-For', ''), real_ip ]), 'User-Agent': request.headers.get('User-Agent'), } current_app.auction_bidders[bidder]["channels"][ client_hash] = Queue() current_app.logger.info( 'Send identification for bidder: {} with client_hash {}'. format(bidder, client_hash), extra=prepare_extra_journal_fields(request.headers)) identification_data = { "bidder_id": bidder, "client_id": client_hash, "return_url": session.get('return_url', '') } if current_app.config['auction'].features: identification_data["coeficient"] = str( current_app.config['auction']. bidders_coeficient[bidder]) send_event_to_client(bidder, client_hash, identification_data, "Identification") if 'amount' in session: send_event_to_client(bidder, client_hash, {"last_amount": session['amount']}, "RestoreBidAmount") current_app.logger.debug('Send RestoreBidAmount') del session['amount'] if not session.get("sse_timeout", 0): current_app.logger.debug('Send ClientsList') send_event(bidder, current_app.auction_bidders[bidder]["clients"], "ClientsList") response = Response( SseStream(current_app.auction_bidders[bidder]["channels"] [client_hash], bidder_id=bidder, client_id=client_hash, timeout=session.get("sse_timeout", 0)), direct_passthrough=True, mimetype='text/event-stream', content_type='text/event-stream') response.headers['Cache-Control'] = 'no-cache' response.headers['X-Accel-Buffering'] = 'no' return response else: current_app.logger.info( 'Not valid bidder: bidder_id {} with client_hash {}'. format(bidder, client_hash), extra=prepare_extra_journal_fields(request.headers)) current_app.logger.debug('Disable event_source for unauthorized user.', extra=prepare_extra_journal_fields( request.headers)) events_close = PySse() events_close.add_message("Close", "Disable") response = Response(iter( [bytearray(''.join([x for x in events_close]), 'UTF-8')]), direct_passthrough=True, mimetype='text/event-stream', content_type='text/event-stream') response.headers['Cache-Control'] = 'no-cache' response.headers['X-Accel-Buffering'] = 'no' return response
def event_source(): current_app.logger.debug( 'Handle event_source request with session {}'.format(repr(dict(session))), extra=prepare_extra_journal_fields(request.headers) ) if 'remote_oauth' in session and 'client_id' in session: bidder_data = get_bidder_id(current_app, session) if bidder_data: valid_bidder = False client_hash = session['client_id'] bidder = bidder_data['bidder_id'] for bidder_info in current_app.config['auction'].bidders_data: if bidder_info['id'] == bidder: valid_bidder = True break if valid_bidder: if bidder not in current_app.auction_bidders: current_app.auction_bidders[bidder] = { "clients": {}, "channels": {} } if client_hash not in current_app.auction_bidders[bidder]: real_ip = request.environ.get('HTTP_X_REAL_IP', '') if real_ip.startswith('172.'): real_ip = '' current_app.auction_bidders[bidder]["clients"][client_hash] = { 'ip': ','.join( [request.headers.get('X-Forwarded-For', ''), real_ip] ), 'User-Agent': request.headers.get('User-Agent'), } current_app.auction_bidders[bidder]["channels"][client_hash] = Queue() current_app.logger.info( 'Send identification for bidder: {} with client_hash {}'.format(bidder, client_hash), extra=prepare_extra_journal_fields(request.headers) ) identification_data = {"bidder_id": bidder, "client_id": client_hash, "return_url": session.get('return_url', '')} if current_app.config['auction'].features: identification_data["coeficient"] = str(current_app.config['auction'].bidders_coeficient[bidder]) send_event_to_client(bidder, client_hash, identification_data, "Identification") if 'amount' in session: send_event_to_client(bidder, client_hash, {"last_amount": session['amount']}, "RestoreBidAmount") current_app.logger.debug('Send RestoreBidAmount') del session['amount'] if not session.get("sse_timeout", 0): current_app.logger.debug('Send ClientsList') send_event( bidder, current_app.auction_bidders[bidder]["clients"], "ClientsList" ) response = Response( SseStream( current_app.auction_bidders[bidder]["channels"][client_hash], bidder_id=bidder, client_id=client_hash, timeout=session.get("sse_timeout", 0) ), direct_passthrough=True, mimetype='text/event-stream', content_type='text/event-stream' ) response.headers['Cache-Control'] = 'no-cache' response.headers['X-Accel-Buffering'] = 'no' return response else: current_app.logger.info( 'Not valid bidder: bidder_id {} with client_hash {}'.format(bidder, client_hash), extra=prepare_extra_journal_fields(request.headers) ) current_app.logger.debug( 'Disable event_source for unauthorized user.', extra=prepare_extra_journal_fields(request.headers) ) events_close = PySse() events_close.add_message("Close", "Disable") response = Response( iter([bytearray(''.join([x for x in events_close]), 'UTF-8')]), direct_passthrough=True, mimetype='text/event-stream', content_type='text/event-stream' ) response.headers['Cache-Control'] = 'no-cache' response.headers['X-Accel-Buffering'] = 'no' return response