def oauth_complete(self, request: Request):
if (request.get_data()):
app.logger.info(f'data:\n{request.get_data()}')
auth_code = str(request.get_data(), encoding='utf-8')
else:
app.logger.error('No code sent!')
return 'AUTH FAIL: No authentication code received.'
project_credentials = json.loads(OAuth.fetch_file(
self.bucket, 'client_secrets.json'),
encoding='utf-8')
credentials = client.credentials_from_code(
client_id=project_credentials['web']['client_id'],
client_secret=project_credentials['web']['client_secret'],
scope=self.SCOPES,
code=auth_code)
email = credentials.id_token['email']
token_details = {
'access_token': credentials.access_token,
'refresh_token': credentials.refresh_token
}
OAuth.write_file(self.bucket, f'{email}_user_token.json',
json.dumps(token_details).encode('utf-8'))
return 'Authenticated!'
def validate_queue_task(request: flask.Request) -> dict:
"""Check that the incoming request is a legitimate queue task.
Calls flask.abort(401) if it's not valid.
The documentation assures us that this should just be a matter of checking for the
presence of one of a number of headers (https://cloud.google.com/tasks/docs/creating-appengine-handlers#reading_app_engine_task_request_headers),
but to be extra safe we're going to pass and check a secret.
(The concern is that an attacker will make requests to our queue tasks directly.)
"""
logging.info(
f'gapps.validate_queue_task: validating request to {request.base_url}')
if not request.headers.get('X-AppEngine-QueueName'):
logging.error(
'gapps.validate_queue_task: queue task request missing X-AppEngine-QueueName'
)
flask.abort(401)
if request.args.get(_TASK_QUEUE_SECRET_PARAM) != config.FLASK_SECRET_KEY:
logging.error(
'gapps.validate_queue_task: queue task request missing correct secret'
)
flask.abort(401)
logging.info(
f'gapps.validate_queue_task: request is valid to {request.base_url}')
params = flask.json.loads(request.get_data(as_text=True))
return params
def _process_request(request: flask.Request, method: str,
encrypt_request: bool,
require_verified_email: bool) -> dict[str, typing.Any]:
"""Handle authentication and encryption."""
if method in ('GET', 'DELETE'):
data = dict(request.args)
elif method in ('POST', 'PATCH'):
if encrypt_request:
data = _decrypt_request(request.get_data())
else:
data = request.get_json(force=True, silent=True)
if not isinstance(data, dict):
raise utils.RequestError(3113)
session_id = None
session_token = None
if 'session_id' in data:
session_id = data.pop('session_id')
if 'session_token' in data:
session_token = data.pop('session_token')
if bool(session_id) ^ bool(session_token):
raise utils.RequestError(1303)
if session_id and session_token:
session = models.Session.validate_session_key(session_id,
session_token)
request.session = session
user = session.user
if require_verified_email and not user.email_verified:
raise utils.RequestError(1307)
data['user'] = user
else:
request.session = None
return data
def verify(slack_signing_secret: str, request: flask.Request) -> bool:
"""Return if the request is verified.
slack_signing_secret: Signing Secret from Slack.
request: flask.Request object from flask.
"""
# Retrive request body.
# And transform bytes to string inorder to be used with format string.
request_body = request.get_data().decode("utf-8")
# Retrive the X-Slack-Request-Timestamp header on the HTTP request, and the body of the request.
timestamp = request.headers['X-Slack-Request-Timestamp']
# Calculate our signature.
sig_basestring = f"v0:{timestamp}:{request_body}".encode('utf-8')
hashed = hmac.new(
slack_signing_secret.encode('utf-8'),
sig_basestring,
digestmod=hashlib.sha256
).hexdigest()
my_signature = f"v0={hashed}"
# Signature from incoming request headers.
slack_signature = request.headers['X-Slack-Signature']
return hmac.compare_digest(my_signature, slack_signature)
def contacto():
mensaje = Request.get_data()
if not mensaje:
abort(400, description="Debe enviar su mensaje en el body del POST. ")
print("MENSAJE DE CONTACTO: " + str(mensaje))
return "Gracias por su mensaje"
def handle_batch_request(self, request: flask.Request):
requests = DataLoader.split_requests(request.get_data())
with trace(
ZIPKIN_API_URL,
service_name=self.__class__.__name__,
span_name=f"call `{self.handler.__class__.__name__}`",
):
responses = self.handler.handle_batch_request(requests, self.func)
return DataLoader.merge_responses(responses)
def handle_request(self, request: flask.Request, func):
if request.content_type.lower() == "application/json":
parsed_json = json.loads(request.get_data(as_text=True))
else:
raise BadInput(
"Request content-type must be 'application/json' for this "
"BentoService API lambda endpoint")
result = func(parsed_json)
return self.output_adapter.to_response(result, request)
def index(app: Flask, request: FlaskRequest, auth: AuthContext):
req = request.get_data(as_text=True)
req_json = json.loads(req)
if app.debug:
pprint(req_json)
user = auth.current_user
if user and not user.is_authenticated:
raise Unauthorized()
return run(req, app)
def handle_request(self, request: flask.Request, func):
if request.content_type == "text/csv":
csv_string = StringIO(request.get_data(as_text=True))
df = pd.read_csv(csv_string)
else:
# Optimistically assuming Content-Type to be "application/json"
try:
df = pd.read_json(
request.get_data(as_text=True), orient=self.orient, typ=self.typ,
)
except ValueError:
raise BadInput(
"Failed parsing request data, only Content-Type application/json "
"and text/csv are supported in BentoML DataframeInput"
)
if self.typ == "frame" and self.input_dtypes is not None:
check_dataframe_column_contains(self.input_dtypes, df)
result = func(df)
return self.output_adapter.to_response(result, request)
def handle_batch_request(self, request: flask.Request):
from bentoml.marshal.utils import DataLoader
requests = DataLoader.split_requests(request.get_data())
with trace(
service_name=self.__class__.__name__,
span_name=f"call `{self.handler.__class__.__name__}`",
):
responses = self.handler.handle_batch_request(requests, self.func)
return DataLoader.merge_responses(responses)
def _is_valid_request(request: flask.Request) -> bool:
"""Verifies the timestamp and signature of an incoming Slack request."""
timestamp = request.headers.get('X-Slack-Request-Timestamp')
if not _is_valid_timestamp(timestamp):
# This could be a replay attack, so let's ignore it.
print('Invalid timestamp', file=stderr)
return False
signature = request.headers.get('X-Slack-Signature')
if not _is_valid_request_body(request.get_data(), timestamp, signature):
print('Invalid signature', file=stderr)
return False
return True
def to_response(self, result, request: flask.Request) -> flask.Response:
"""Converts corresponding data into an HTTP response
:param result: result of user API function
:param request: request object
"""
simple_req = SimpleRequest(headers=request.headers,
data=request.get_data())
simple_resp = self.to_batch_response((result, ),
requests=(simple_req, ))[0]
return flask.Response(
response=simple_resp.data,
status=simple_resp.status,
headers=simple_resp.headers,
)
def handle(req: Request):
"""handle a request to the function.
Your response is immediately passed to the caller, unmodified.
This allows you full control of the response, e.g. you can set
the status code by returning a tuple (str, int). A detailed
description of how responses are handled is found here:
http://flask.pocoo.org/docs/1.0/quickstart/#about-responses
Args:
req (Request): Flask request object
"""
return json.dumps({"echo": req.get_data().decode('utf-8')})
def oauth_complete(self, request: Request):
if(request.get_data()):
app.logger.info(f'data:\n{request.get_data()}')
auth_code = str(request.get_data(), encoding='utf-8')
else:
app.logger.error('No code sent!')
return 'AUTH FAIL: No authentication code received.'
project_credentials = Credentials(project=self.project,
email=None).project_credentials
credentials = client.credentials_from_code(
client_id=project_credentials.client_id,
client_secret=project_credentials.client_secret,
scope=self.SCOPES,
code=auth_code
)
email = credentials.id_token['email']
cm = Credentials(project=self.project, email=email)
cm.store_credentials(creds=credentials)
return 'Authenticated!'
def _is_valid_github_request(self, request: flask.Request) -> bool:
header_signature = request.headers['X-Hub-Signature']
sig_type, signature = header_signature.split('=', 1)
if sig_type != 'sha1':
logger.error('Got a unknown signature type from GitHub',
signature_type=signature)
return False
assert self.secret
mac = hmac.new(
key=self.secret.encode(),
msg=request.get_data(),
digestmod=sig_type,
)
if hmac.compare_digest(mac.hexdigest(), signature):
return True
logger.info('Got wrong signature', received_signature=signature)
return False
def commit(self, session_request: FlaskRequest, session_response: FlaskResponse):
method = session_request.method
session_request_data = {
"date": self.create_time,
"method": method,
"url": session_request.path,
"headers": dict(session_request.headers),
"query": session_request.args,
}
session_response_data = {
"date": datetime.utcnow().isoformat()+'Z',
"status": session_response.status_code,
"headers": dict(session_response.headers),
}
if method == "GET":
if len(session_response.data) > self.LOG_LIMIT:
data = "<content too large for logging>"
# Webship images are unnecessary and large
elif session_request.path.startswith("/webshop/image/"):
data = "<skipping image content>"
else:
data = byte_decode(session_response.data)
session_response_data["data"] = data
if method != "GET":
if (session_request.content_length or 0) > self.LOG_LIMIT:
data = "<content too large for logging>"
else:
data = session_request.get_data(as_text=True)
session_request_data["data"] = data
traffic_data = {
"ip": session_request.remote_addr,
"host": session_request.host,
"request": session_request_data,
"service_traffic": self.service_traffic,
"response": session_response_data
}
with open(f"/work/logs/{self.create_time}_{session_request.remote_addr}_{method}.json", "w") as file:
json.dump(traffic_data, file, ensure_ascii=False)
def process_proxy(request: Request) -> Response:
url = request.url.replace(request.host_url, HABRA_HOST)
headers = {
k: v
for k, v in request.headers if k.lower() not in REQUEST_HEADERS_EXCLUDE
}
habra_resp = requests.request(method=request.method,
url=url,
headers=headers,
data=request.get_data(),
cookies=request.cookies)
headers = [(key, habra_resp.raw.headers[key])
for key in habra_resp.raw.headers
if key.lower() not in RESPONSE_HEADERS_EXCLUDE]
# modify content only for text/html response
if habra_resp.raw.headers.get('Content-Type', '').startswith('text/html'):
processed_content = _modify_habra_content(habra_resp.text,
request.host_url)
return Response(processed_content, habra_resp.status_code, headers)
else:
return Response(habra_resp.content, habra_resp.status_code, headers)
def is_valid_request(req: Request):
verifier = SignatureVerifier(os.environ['SLACK_API_SIGNING_SECRET'])
return verifier.is_valid_request(req.get_data(), req.headers)
def to_bolt_request(req: Request) -> BoltRequest:
return BoltRequest( # type: ignore
body=req.get_data(as_text=True),
query=req.query_string.decode("utf-8"),
headers=req.headers, # type: ignore
) # type: ignore
