def set_dbclient(self, environ, config): logger = cc_logger.dblogger # --------------------------------------------------------------------- # Read from the environment # --------------------------------------------------------------------- self.remote_addr = environ.get("REMOTE_ADDR") self.remote_port = environ.get("REMOTE_PORT") # --------------------------------------------------------------------- # Read from the config file: # --------------------------------------------------------------------- section = CONFIG_FILE_MAIN_SECTION self.ALLOW_MOBILEWEB = get_config_parameter_boolean(config, section, "ALLOW_MOBILEWEB", False) self.DBCLIENT_LOGLEVEL = get_config_parameter_loglevel(config, section, "DBCLIENT_LOGLEVEL", logging.INFO) logger.setLevel(self.DBCLIENT_LOGLEVEL) # --------------------------------------------------------------------- # Read from the database # --------------------------------------------------------------------- self.VALID_TABLE_NAMES = self.db.get_all_table_names()
def set_webview(self, environ, config): # --------------------------------------------------------------------- # Delayed imports # --------------------------------------------------------------------- import cgi import operator import os import urllib import cc_filename import cc_html # caution, circular import import cc_policy import cc_namedtuples import cc_recipdef import cc_version logger = cc_logger.logger # --------------------------------------------------------------------- # Read from the environment # --------------------------------------------------------------------- # http://www.zytrax.com/tech/web/env_var.htm # Apache standard CGI variables: self.SCRIPT_NAME = environ.get("SCRIPT_NAME", "") self.SERVER_NAME = environ.get("SERVER_NAME") # Reconstruct URL: # http://www.python.org/dev/peps/pep-0333/#url-reconstruction url = environ.get("wsgi.url_scheme", "") + "://" if environ.get("HTTP_HOST"): url += environ.get("HTTP_HOST") else: url += environ.get("SERVER_NAME", "") if environ.get("wsgi.url_scheme") == "https": if environ.get("SERVER_PORT") != "443": url += ":" + environ.get("SERVER_PORT", "") else: if environ.get("SERVER_PORT") != "80": url += ":" + environ.get("SERVER_PORT", "") url += urllib.quote(environ.get("SCRIPT_NAME", "")) url += urllib.quote(environ.get("PATH_INFO", "")) # But not the query string: # if environ.get("QUERY_STRING"): # url += "?" + environ.get("QUERY_STRING") self.SCRIPT_PUBLIC_URL_ESCAPED = cgi.escape(url) # --------------------------------------------------------------------- # Read from the config file: # --------------------------------------------------------------------- section = CONFIG_FILE_MAIN_SECTION self.MYSQL = get_config_parameter(config, section, "MYSQL", str, DEFAULT_MYSQL) self.MYSQLDUMP = get_config_parameter(config, section, "MYSQLDUMP", str, DEFAULT_MYSQLDUMP) self.LOCAL_INSTITUTION_URL = get_config_parameter( config, section, "LOCAL_INSTITUTION_URL", str, DEFAULT_LOCAL_INSTITUTION_URL ) # note order dependency: RESOURCES_DIRECTORY, LOCAL_LOGO_FILE_ABSOLUTE self.RESOURCES_DIRECTORY = get_config_parameter( config, section, "RESOURCES_DIRECTORY", str, DEFAULT_RESOURCES_DIRECTORY ) self.LOCAL_LOGO_FILE_ABSOLUTE = get_config_parameter( config, section, "LOCAL_LOGO_FILE_ABSOLUTE", str, os.path.join(self.RESOURCES_DIRECTORY, LOCAL_LOGO_FILE_WEBREF), ) self.INTROSPECTION_DIRECTORY = get_config_parameter( config, section, "INTROSPECTION_DIRECTORY", str, DEFAULT_INTROSPECTION_DIRECTORY ) self.INTROSPECTION = get_config_parameter_boolean(config, section, "INTROSPECTION", True) self.HL7_LOCKFILE = get_config_parameter(config, section, "HL7_LOCKFILE", str, None) self.SUMMARY_TABLES_LOCKFILE = get_config_parameter(config, section, "SUMMARY_TABLES_LOCKFILE", str, None) self.PASSWORD_CHANGE_FREQUENCY_DAYS = get_config_parameter( config, section, "PASSWORD_CHANGE_FREQUENCY_DAYS", int, DEFAULT_PASSWORD_CHANGE_FREQUENCY_DAYS ) self.LOCKOUT_THRESHOLD = get_config_parameter( config, section, "LOCKOUT_THRESHOLD", int, DEFAULT_LOCKOUT_THRESHOLD ) self.LOCKOUT_DURATION_INCREMENT_MINUTES = get_config_parameter( config, section, "LOCKOUT_DURATION_INCREMENT_MINUTES", int, DEFAULT_LOCKOUT_DURATION_INCREMENT_MINUTES ) self.DISABLE_PASSWORD_AUTOCOMPLETE = get_config_parameter_boolean( config, section, "DISABLE_PASSWORD_AUTOCOMPLETE", True ) self.PATIENT_SPEC_IF_ANONYMOUS = get_config_parameter( config, section, "PATIENT_SPEC_IF_ANONYMOUS", str, "anonymous" ) self.PATIENT_SPEC = get_config_parameter(config, section, "PATIENT_SPEC", str, None) self.TASK_FILENAME_SPEC = get_config_parameter(config, section, "TASK_FILENAME_SPEC", str, None) self.TRACKER_FILENAME_SPEC = get_config_parameter(config, section, "TRACKER_FILENAME_SPEC", str, None) self.CTV_FILENAME_SPEC = get_config_parameter(config, section, "CTV_FILENAME_SPEC", str, None) self.WEBVIEW_LOGLEVEL = get_config_parameter_loglevel(config, section, "WEBVIEW_LOGLEVEL", logging.INFO) logger.setLevel(self.WEBVIEW_LOGLEVEL) self.SEND_ANALYTICS = get_config_parameter_boolean(config, section, "SEND_ANALYTICS", True) self.EXPORT_CRIS_DATA_DICTIONARY_TSV_FILE = get_config_parameter( config, section, "EXPORT_CRIS_DATA_DICTIONARY_TSV_FILE", str, None ) # http://stackoverflow.com/questions/335695/lists-in-configparser try: hl7_items = config.items(CONFIG_FILE_RECIPIENTLIST_SECTION) for key, recipientdef_name in hl7_items: logger.debug(u"HL7 config: key={}, recipientdef_name=" "{}".format(key, recipientdef_name)) h = cc_recipdef.RecipientDefinition(config, recipientdef_name) if h.valid: self.HL7_RECIPIENT_DEFS.append(h) except ConfigParser.NoSectionError: logger.info("No config file section [{}]".format(CONFIG_FILE_RECIPIENTLIST_SECTION)) # --------------------------------------------------------------------- # Built from the preceding: # --------------------------------------------------------------------- self.INTROSPECTION_FILES = [] if self.INTROSPECTION: rootdir = self.INTROSPECTION_DIRECTORY for d in INTROSPECTABLE_DIRECTORIES: searchdir = os.sep.join([rootdir, d]) if d else rootdir for fname in os.listdir(searchdir): junk, ext = os.path.splitext(fname) if ext not in INTROSPECTABLE_EXTENSIONS: continue fullpath = os.sep.join([searchdir, fname]) prettypath = os.sep.join([d, fname]) if d else fname self.INTROSPECTION_FILES.append( cc_namedtuples.IntrospectionFileDetails( fullpath=fullpath, prettypath=prettypath, searchterm=fname, ext=ext ) ) self.INTROSPECTION_FILES = sorted(self.INTROSPECTION_FILES, key=operator.attrgetter("prettypath")) # Cache tokenized ID policies cc_policy.tokenize_upload_id_policy(self.ID_POLICY_UPLOAD_STRING) cc_policy.tokenize_finalize_id_policy(self.ID_POLICY_FINALIZE_STRING) # Valid? if not cc_policy.upload_id_policy_valid(): raise RuntimeError("UPLOAD_POLICY invalid in config") if not cc_policy.finalize_id_policy_valid(): raise RuntimeError("FINALIZE_POLICY invalid in config") if self.RESOURCES_DIRECTORY is not None: self.CAMCOPS_STRINGS_FILE_ABSOLUTE = os.path.join(self.RESOURCES_DIRECTORY, CAMCOPS_STRINGS_FILE) self.CAMCOPS_LOGO_FILE_ABSOLUTE = os.path.join(self.RESOURCES_DIRECTORY, CAMCOPS_LOGO_FILE_WEBREF) # Note: HTML4 uses <img ...>; XHTML uses <img ... />; # HTML5 is happy with <img ... /> # IE float-right problems: http://stackoverflow.com/questions/1820007 # Tables are a nightmare in IE (table max-width not working unless you # also specify it for image size, etc.) self.WEB_LOGO = u""" <div class="web_logo_header"> <a href="{}"><img class="logo_left" src="{}" alt="" /></a> <a href="{}"><img class="logo_right" src="{}" alt="" /></a> </div> """.format( self.SCRIPT_NAME, CAMCOPS_LOGO_FILE_WEBREF, self.LOCAL_INSTITUTION_URL, LOCAL_LOGO_FILE_WEBREF ) self.WEBSTART = cc_html.WEB_HEAD + self.WEB_LOGO if cc_version.PDF_ENGINE in ["weasyprint", "pdfkit"]: # weasyprint: div with floating img does not work properly self.PDF_LOGO_LINE = u""" <div class="pdf_logo_header"> <table> <tr> <td class="image_td"> <img class="logo_left" src="file://{}" /> </td> <td class="centregap_td"></td> <td class="image_td"> <img class="logo_right" src="file://{}" /> </td> </tr> </table> </div> """.format( self.CAMCOPS_LOGO_FILE_ABSOLUTE, self.LOCAL_LOGO_FILE_ABSOLUTE ) elif cc_version.PDF_ENGINE in ["pdfkit"]: self.PDF_LOGO_LINE = u""" <div class="pdf_logo_header"> <table> <tr> <td class="image_td"> <img class="logo_left" src="file://{}" /> </td> <td class="centregap_td"></td> <td class="image_td"> <img class="logo_right" src="file://{}" /> </td> </tr> </table> </div> """.format( self.CAMCOPS_LOGO_FILE_ABSOLUTE, self.LOCAL_LOGO_FILE_ABSOLUTE ) # self.PDF_LOGO_LINE = u""" # <div class="pdf_logo_header"> # <img class="logo_left" src="file://{}" /> # <img class="logo_right" src="file://{}" /> # </div> # """.format( # self.CAMCOPS_LOGO_FILE_ABSOLUTE, # self.LOCAL_LOGO_FILE_ABSOLUTE, # ) elif cc_version.PDF_ENGINE in ["xhtml2pdf"]: # xhtml2pdf # hard to get logos positioned any other way than within a table self.PDF_LOGO_LINE = u""" <div class="header"> <table class="noborder"> <tr class="noborder"> <td class="noborderphoto" width="45%"> <img src="file://{}" height="{}" align="left" /> </td> <td class="noborderphoto" width="10%"></td> <td class="noborderphoto" width="45%"> <img src="file://{}" height="{}" align="right" /> </td> </tr> </table> </div> """.format( self.CAMCOPS_LOGO_FILE_ABSOLUTE, cc_html.PDF_LOGO_HEIGHT, self.LOCAL_LOGO_FILE_ABSOLUTE, cc_html.PDF_LOGO_HEIGHT, ) else: raise AssertionError("Invalid PDF engine") if not self.PATIENT_SPEC_IF_ANONYMOUS: raise RuntimeError("Blank PATIENT_SPEC_IF_ANONYMOUS in [server] " "section of config file") if not self.PATIENT_SPEC: raise RuntimeError("Missing/blank PATIENT_SPEC in [server] section" " of config file") if not cc_filename.patient_spec_for_filename_is_valid(self.PATIENT_SPEC): raise RuntimeError("Invalid PATIENT_SPEC in [server] section of " "config file") if not self.TASK_FILENAME_SPEC: raise RuntimeError("Missing/blank TASK_FILENAME_SPEC in " "[server] section of config file") if not cc_filename.filename_spec_is_valid(self.TASK_FILENAME_SPEC): raise RuntimeError("Invalid TASK_FILENAME_SPEC in " "[server] section of config file") if not self.TRACKER_FILENAME_SPEC: raise RuntimeError("Missing/blank TRACKER_FILENAME_SPEC in " "[server] section of config file") if not cc_filename.filename_spec_is_valid(self.TRACKER_FILENAME_SPEC): raise RuntimeError("Invalid TRACKER_FILENAME_SPEC in " "[server] section of config file") if not self.CTV_FILENAME_SPEC: raise RuntimeError("Missing/blank CTV_FILENAME_SPEC in " "[server] section of config file") if not cc_filename.filename_spec_is_valid(self.CTV_FILENAME_SPEC): raise RuntimeError("Invalid CTV_FILENAME_SPEC in " "[server] section of config file")
def set_common(self, environ, config, as_client_db): # logger = cc_logger.dblogger if as_client_db else cc_logger.logger # --------------------------------------------------------------------- # Read from the config file: # --------------------------------------------------------------------- section = CONFIG_FILE_MAIN_SECTION SESSION_TIMEOUT_MINUTES = get_config_parameter( config, section, "SESSION_TIMEOUT_MINUTES", int, DEFAULT_TIMEOUT_MINUTES ) self.SESSION_TIMEOUT = datetime.timedelta(minutes=SESSION_TIMEOUT_MINUTES) self.EXTRA_STRING_FILES = get_config_parameter_multiline(config, section, "EXTRA_STRING_FILES", []) self.DB_NAME = config.get(section, "DB_NAME") # ... no default: will fail if not provided self.DB_USER = config.get(section, "DB_USER") # ... no default: will fail if not provided # DB_PASSWORD: handled later, for security reasons (see below) self.DB_SERVER = get_config_parameter(config, section, "DB_SERVER", str, DEFAULT_DB_SERVER) self.DB_PORT = get_config_parameter(config, section, "DB_PORT", int, DEFAULT_DB_PORT) self.DATABASE_TITLE = get_config_parameter(config, section, "DATABASE_TITLE", unicode, DEFAULT_DATABASE_TITLE) for n in range(1, NUMBER_OF_IDNUMS + 1): i = n - 1 nstr = str(n) self.IDDESC[i] = get_config_parameter(config, section, "IDDESC_" + nstr, unicode, u"") self.IDSHORTDESC[i] = get_config_parameter(config, section, "IDSHORTDESC_" + nstr, unicode, u"") self.ID_POLICY_UPLOAD_STRING = get_config_parameter(config, section, "UPLOAD_POLICY", str, "") self.ID_POLICY_FINALIZE_STRING = get_config_parameter(config, section, "FINALIZE_POLICY", str, "") self.DBENGINE_LOGLEVEL = get_config_parameter_loglevel(config, section, "DBENGINE_LOGLEVEL", logging.INFO) rnc_db.set_loglevel(self.DBENGINE_LOGLEVEL) self.WKHTMLTOPDF_FILENAME = get_config_parameter(config, section, "WKHTMLTOPDF_FILENAME", str, None) rnc_pdf.set_processor(cc_version.PDF_ENGINE, wkhtmltopdf_filename=self.WKHTMLTOPDF_FILENAME) # --------------------------------------------------------------------- # SECURITY: in this section (reading the database password from the # config file and connecting to the database), consider the possibility # of a password leaking via a debugging exception handler. This # includes the possibility that the database code will raise an # exception that reveals the password, so we must replace all # exceptions with our own, bland one. In addition, we must obscure the # variable that actually contains the password, in all circumstances. # --------------------------------------------------------------------- try: db_password = config.get(section, "DB_PASSWORD") except: # deliberately conceal details for security db_password = None raise RuntimeError("Problem reading DB_PASSWORD from config") if db_password is None: raise RuntimeError("No database password specified") # OK from a security perspective: if there's no password, there's # no password to leak via a debugging exception handler # Now connect to the database: try: self.db = rnc_db.DatabaseSupporter() # To generate a password-leak situation, e.g. mis-spell "password" # in the call below. If the exception is not caught, # wsgi_errorreporter.py will announce the password. # So we catch it! self.db.connect_to_database_mysql( server=self.DB_SERVER, port=self.DB_PORT, database=self.DB_NAME, user=self.DB_USER, password=db_password, autocommit=False # NB therefore need to commit # ... done in camcops.py at the end of a session ) except: # deliberately conceal details for security raise rnc_db.NoDatabaseError( "Problem opening or reading from database; details concealed " "for security reasons" ) finally: # Executed whether an exception is raised or not. db_password = None