def __start_process__(self, env, **kwargs):
# get & decode Authorization header:
try:
self.log.debug("Starting HTTP basic authentication.")
header = env["HTTP_AUTHORIZATION"]
self.log.debug("Found Authorization header: '%s'", header)
m = re.match("^Basic ([a-zA-Z0-9=/_\-]+)$", header)
auth = b64decode(m.group(1))
index = auth.find(":")
if index == -1:
raise exception.HTTPException(
400, "Bad request. Authorization header is malformed.")
self.username, password = auth[:index], auth[index + 1:]
self.log.debug("Parsed Authorization header: '%s:%s'",
self.username, password)
except KeyError:
raise exception.AuthenticationFailedException()
except:
raise exception.HTTPException(
400, "Bad request: Authorization header is malformed.")
# validate password:
authenticated = False
try:
authenticated = self.app.validate_password(self.username, password)
except exception.UserNotFoundException:
pass
except exception.UserIsBlockedException:
pass
except:
raise sys.exc_info()[1]
if not authenticated:
raise exception.NotAuthorizedException()
def __put__(self, env, guid, tags):
tags = list(util.split_strip_set(tags, ","))
if len(tags) == 0:
raise exception.HTTPException(400, "tag list cannot be empty.")
self.app.add_tags(guid, self.username, tags)
return self.__get_tags__(guid)
def __check_rate_limit__(self, env):
self.log.debug("Checking rate limit.")
if not config.LIMIT_REQUESTS_BY_IP and not config.LIMIT_REQUESTS_BY_USER:
return
address = env["REMOTE_ADDR"]
with factory.create_db_connection() as conn:
with conn.enter_scope() as scope:
request_db = factory.create_request_db()
user_db = factory.create_user_db()
if config.LIMIT_REQUESTS_BY_IP:
count = request_db.count_requests_by_ip(
scope, address, 3600)
self.log.debug("'%s' has made %d of %d allowed requests.",
address, count, config.IP_REQUESTS_PER_HOUR)
if count > config.IP_REQUESTS_PER_HOUR:
raise exception.HTTPException(
402, "IP request limit reached.")
user_id = user_db.map_username(scope, self.username)
if config.LIMIT_REQUESTS_BY_USER:
count = request_db.count_requests_by_user_id(
scope, user_id, 3600)
self.log.debug(
"'%s' (%d) has made %d of %d allowed requests.",
self.username, user_id, count,
config.USER_REQUESTS_PER_HOUR)
if count > config.USER_REQUESTS_PER_HOUR:
raise exception.HTTPException(
402, "User request limit reached.")
request_db.add_request(scope, address, user_id)
scope.complete()
def avatar_form_handler(method, env):
params = {}
try:
content_type = env.get("CONTENT_TYPE", "multipart/form-data")
if not content_type.startswith("multipart/form-data"):
raise exception.HTTPException(400, "Bad Request")
form = FieldStorage(fp=env['wsgi.input'], environ=env)
params["file"] = form["file"].file
params["filename"] = form.getvalue("filename")
return params
except exception.HTTPException as e:
raise e
except Exception as e:
raise exception.HTTPException(400, "Bad Request")
def __put__(self, env, guid, receivers):
receivers = list(util.split_strip_set(receivers, ","))
if len(receivers) == 0:
raise exception.HTTPException(400,
"receiver list cannot be empty.")
self.app.recommend(self.username, receivers, guid)
m = {"guid": guid, "receivers": receivers}
v = view.JSONView(200)
v.bind(m)
return v
def default_form_handler(method, env):
qs = urlparse.parse_qs(env.get("QUERY_STRING", ""))
params = {k: urllib.unquote(v[0]) for k, v in qs.items()}
size = int(env.get('CONTENT_LENGTH', 0))
if method in ["POST", "PUT"]:
content_type = env.get("CONTENT_TYPE",
"application/x-www-form-urlencoded")
if content_type.startswith("application/x-www-form-urlencoded"):
qs = urlparse.parse_qs(env['wsgi.input'].read(size))
params.update({k: urllib.unquote(v[0]) for k, v in qs.items()})
else:
raise exception.HTTPException(
400,
"Bad Request: Content-Type '%s' not supported" % content_type)
return params
def __check_rate_limit__(self, env):
self.log.debug("Checking rate limit.")
if not config.LIMIT_REQUESTS_BY_IP:
return
address = env["REMOTE_ADDR"]
with factory.create_db_connection() as conn:
with conn.enter_scope() as scope:
db = factory.create_request_db()
count = db.count_requests_by_ip(scope, address, 3600)
self.log.debug("'%s' has made %d of %d allowed requests.",
address, count, config.IP_REQUESTS_PER_HOUR)
if count > config.IP_REQUESTS_PER_HOUR:
raise exception.HTTPException(402,
"IP request limit reached.")
db.add_request(scope, address)
scope.complete()