def forbidden_view(context, request): msg = context.message result = context.result message = msg + "\n" + str(result) resp = HTTPForbidden() resp.body = bytes_(message) return resp
def forbidden_view(context, request): msg = context.message result = context.result message = msg + '\n' + str(result) resp = HTTPForbidden() resp.body = message return resp
def forbidden_view(context, request): msg = context.message result = context.result message = msg + '\n' + str(result) resp = HTTPForbidden() resp.body = bytes_(message) return resp
def closure(request, *args, **kwargs): api_key = request.GET.get('key', None) heka_client = get_heka_client() stats_client = request.registry.stats_client if api_key is None: stats_client.incr('%s.no_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() session = request.db_slave_session try: result = session.execute(API_CHECK.bindparams(api_key=api_key)) found_key = result.fetchone() except Exception: # pragma: no cover # if we cannot connect to backend DB, skip api key check heka_client.raven(RAVEN_ERROR) stats_client.incr('%s.dbfailure_skip_api_key' % func_name) return func(request, *args, **kwargs) if found_key is not None: maxreq, api_key_log, shortname = found_key if not shortname: # pragma: no cover shortname = api_key # remember api key and shortname on the request request.api_key_log = bool(api_key_log) request.api_key_name = shortname stats_client.incr('%s.api_key.%s' % (func_name, shortname)) should_limit = rate_limit(request.registry.redis_client, api_key, maxreq=maxreq) if should_limit: result = HTTPForbidden() result.content_type = 'application/json' result.body = DAILY_LIMIT return result elif should_limit is None: # pragma: no cover # We couldn't connect to Redis stats_client.incr('%s.redisfailure_skip_limit' % func_name) else: stats_client.incr('%s.unknown_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() # provide the same api log/name attributes request.api_key_log = False request.api_key_name = None return func(request, *args, **kwargs)
def closure(request, *args, **kwargs): api_key = request.GET.get('key', None) raven_client = request.registry.raven_client stats_client = request.registry.stats_client if api_key is None: stats_client.incr('%s.no_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() session = request.db_ro_session try: result = session.execute(API_CHECK.bindparams(api_key=api_key)) found_key = result.fetchone() except Exception: # pragma: no cover # if we cannot connect to backend DB, skip api key check raven_client.captureException() stats_client.incr('%s.dbfailure_skip_api_key' % func_name) return func(request, *args, **kwargs) if found_key is not None: maxreq, api_key_log, shortname = found_key if not shortname: # pragma: no cover shortname = api_key # remember api key and shortname on the request request.api_key_log = bool(api_key_log) request.api_key_name = shortname stats_client.incr('%s.api_key.%s' % (func_name, shortname)) should_limit = rate_limit(request.registry.redis_client, api_key, maxreq=maxreq) if should_limit: result = HTTPForbidden() result.content_type = 'application/json' result.body = DAILY_LIMIT return result elif should_limit is None: # pragma: no cover # We couldn't connect to Redis stats_client.incr('%s.redisfailure_skip_limit' % func_name) else: stats_client.incr('%s.unknown_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() # provide the same api log/name attributes request.api_key_log = False request.api_key_name = None return func(request, *args, **kwargs)
def closure(request, *args, **kwargs): raven_client = request.registry.raven_client stats_client = request.registry.stats_client api_key = None api_key_text = request.GET.get('key', None) if api_key_text is None: stats_client.incr('%s.no_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() try: api_key = ApiKey.getkey(request.db_ro_session, api_key_text) except Exception: # pragma: no cover # if we cannot connect to backend DB, skip api key check raven_client.captureException() stats_client.incr('%s.dbfailure_skip_api_key' % func_name) if api_key is not None: stats_client.incr('%s.api_key.%s' % (func_name, api_key.name)) should_limit = rate_limit(request.registry.redis_client, api_key_text, maxreq=api_key.maxreq) if should_limit: response = HTTPForbidden() response.content_type = 'application/json' response.body = DAILY_LIMIT return response elif should_limit is None: # pragma: no cover # We couldn't connect to Redis stats_client.incr('%s.redisfailure_skip_limit' % func_name) else: stats_client.incr('%s.unknown_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() # If we failed to look up an ApiKey, create an empty one # rather than passing None through api_key = api_key or ApiKey() return func(request, api_key, *args, **kwargs)
def closure(request, *args, **kwargs): api_key = request.GET.get('key', None) heka_client = get_heka_client() stats_client = request.registry.stats_client if api_key is None: stats_client.incr('%s.no_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() session = request.db_slave_session try: result = session.execute(API_CHECK.bindparams(api_key=api_key)) found_key = result.fetchone() except Exception: # if we cannot connect to backend DB, skip api key check heka_client.raven(RAVEN_ERROR) stats_client.incr('%s.dbfailure_skip_api_key' % func_name) return func(request, *args, **kwargs) if found_key is not None: maxreq, shortname = found_key if not shortname: shortname = api_key stats_client.incr('%s.api_key.%s' % (func_name, shortname)) should_limit = rate_limit(request.registry.redis_client, api_key, maxreq=maxreq) if should_limit: result = HTTPForbidden() result.content_type = 'application/json' result.body = DAILY_LIMIT return result elif should_limit is None: # We couldn't connect to Redis stats_client.incr('%s.redisfailure_skip_limit' % func_name) else: stats_client.incr('%s.unknown_api_key' % func_name) if error_on_invalidkey: return invalid_api_key_response() return func(request, *args, **kwargs)
def forbidden(self): response = HTTPForbidden() response.content_type = 'application/json' response.body = DAILY_LIMIT return response