def wrapped(*, _impersonate=None, _sudo_token=None, **kwargs):
if _sudo_token:
return func(**kwargs, _impersonate=_impersonate, _sudo_token=_sudo_token)
elif not get_master_secret() and _impersonate and not _sudo_token:
from common.rpc.secrets import (
get_secret_from_server,
) # placed here to avoid circular imports
print(f"Attempting to impersonate {_impersonate}")
try:
sudo_secret = get_secret_from_server(
secret_name="MASTER",
_impersonate=_impersonate,
_sudo_token=get_token(),
)
except PermissionError:
refresh_token()
try: # second attempt, in case the first was just an expired token
sudo_secret = get_secret_from_server(
secret_name="MASTER",
_impersonate=_impersonate,
_sudo_token=get_token(),
)
except PermissionError:
raise PermissionError(
"You must be logged in as an admin to do that."
)
master_secret = sudo_secret
else:
master_secret = get_master_secret()
return func(**kwargs, master_secret=master_secret)
def wrapped(**kwargs):
try:
return func(**kwargs, access_token=get_token())
except PermissionError:
refresh_token()
return func(**kwargs, access_token=get_token())
def login(browser):
"""
Log into Ok and get an access token.
"""
refresh_token(no_browser=not browser)
def login():
"""
Log into Ok and get an access token.
"""
refresh_token()
def wrapped(**kwargs):
noreply = kwargs.pop("noreply", False)
endpoints = []
if has_request_context() and not noreply:
proxied_host = request.headers.get("X-Forwarded-For-Host")
if proxied_host:
parts = proxied_host.split(".")
if "pr" in parts:
pr = parts[0]
endpoints.append(
f"https://{pr}.{app}.pr.cs61a.org{path}")
endpoints.append(f"https://{app}.cs61a.org{path}")
if (not get_master_secret() and "_impersonate" in kwargs
and not "_sudo_token" in kwargs):
from common.rpc.secrets import (
get_secret_from_server,
) # placed here to avoid circular imports
print(
f"Attempting to impersonate {kwargs.get('_impersonate')}"
)
try:
sudo_secret = get_secret_from_server(
secret_name="MASTER",
_impersonate=kwargs.pop("_impersonate"),
_sudo_token=get_token(),
)
except PermissionError:
refresh_token()
try: # second attempt, in case the first was just an expired token
sudo_secret = get_secret_from_server(
secret_name="MASTER",
_impersonate=kwargs.pop("_impersonate"),
_sudo_token=get_token(),
)
except PermissionError:
raise PermissionError(
"You must be logged in as an admin to do that."
)
return
kwargs["master_secret"] = sudo_secret
for i, endpoint in enumerate(endpoints):
if noreply:
try:
requests.post(endpoint, json=kwargs, timeout=1)
except requests.exceptions.ReadTimeout:
pass
else:
try:
resp = requests.post(endpoint,
json=kwargs,
stream=streaming)
if i != len(endpoints) - 1:
# if a PR build reports failure, try the prod build
resp.raise_for_status()
except:
if i != len(endpoints) - 1:
# on a PR build, try the main endpoint next
continue
else:
raise
if resp.status_code == 401:
raise PermissionError(resp.text)
elif resp.status_code == 500:
raise Exception(resp.text)
resp.raise_for_status()
if streaming:
def generator():
buffer = []
ok = True
for x in resp.iter_content():
buffer.append(x.decode("ascii"))
buff_string = "".join(buffer)
if STATUS_MARKER in buff_string:
# We are now reading in the error message
# Stop flushing the buffer
ok = False
if ok and len(buff_string) > len(
STATUS_MARKER):
yield buff_string[:-len(STATUS_MARKER)]
buffer = [
buff_string[-len(STATUS_MARKER):]
]
buff_string = "".join(buffer)
if not buff_string.endswith(STATUS_MARKER):
# some error occurred
pos = buff_string.index(STATUS_MARKER)
raise Exception(
buff_string[pos + len(STATUS_MARKER):])
yield from buffer[:-len(STATUS_MARKER)]
return generator()
else:
return resp.json()
