def _initResources(self):
self._feed = FeedResource(self._isAjax)
self._profile = ProfileResource(self._isAjax)
self._settings = SettingsResource(self._isAjax)
self._item = ItemResource(self._isAjax)
self._tags = TagsResource(self._isAjax)
self._people = PeopleResource(self._isAjax)
self._notifications = NotificationsResource(self._isAjax)
self._groups = GroupsResource(self._isAjax)
self._groupFeed = GroupFeedResource(self._isAjax)
self._search = SearchResource(self._isAjax)
self._admin = Admin(self._isAjax)
self._pluginResources = getPluggedResources(self._isAjax)
self._messages = MessagingResource(self._isAjax)
self._files = FilesResource(self._isAjax)
self._apps = ApplicationResource(self._isAjax)
#self._chat = ChatResource(self._isAjax)
#self._presence = PresenceResource(self._isAjax)
#self._chatArchives = ChatArchivesResource(self._isAjax)
if not self._isAjax:
self._home = HomeResource()
self._ajax = RootResource(True)
self._avatars = AvatarResource()
self._auto = AutoCompleteResource()
self._rsrcs = static.File("public/rsrcs")
self._about = static.File("public/about")
self._signup = SignupResource()
self._signin = SigninResource()
self._embed = EmbedResource()
self._contact = ContactResource()
self._oauth = OAuthResource()
self._api = APIRoot()
#self._private = PrivateResource()
else:
self._feedback = FeedbackResource(True)
class RootResource(resource.Resource):
_noCSRFReset = set(["avatar", "auto", "rsrcs", "about", "signup", "signin", "password", "api"])
def __init__(self, isAjax=False):
self._isAjax = isAjax
self._initResources()
def _initResources(self):
self._feed = FeedResource(self._isAjax)
self._profile = ProfileResource(self._isAjax)
self._settings = SettingsResource(self._isAjax)
self._item = ItemResource(self._isAjax)
self._tags = TagsResource(self._isAjax)
self._people = PeopleResource(self._isAjax)
self._notifications = NotificationsResource(self._isAjax)
self._groups = GroupsResource(self._isAjax)
self._groupFeed = GroupFeedResource(self._isAjax)
self._search = SearchResource(self._isAjax)
self._admin = Admin(self._isAjax)
self._pluginResources = getPluggedResources(self._isAjax)
self._messages = MessagingResource(self._isAjax)
self._files = FilesResource(self._isAjax)
self._apps = ApplicationResource(self._isAjax)
#self._chat = ChatResource(self._isAjax)
#self._presence = PresenceResource(self._isAjax)
#self._chatArchives = ChatArchivesResource(self._isAjax)
if not self._isAjax:
self._home = HomeResource()
self._ajax = RootResource(True)
self._avatars = AvatarResource()
self._auto = AutoCompleteResource()
self._rsrcs = static.File("public/rsrcs")
self._about = static.File("public/about")
self._signup = SignupResource()
self._signin = SigninResource()
self._embed = EmbedResource()
self._contact = ContactResource()
self._oauth = OAuthResource()
self._api = APIRoot()
#self._private = PrivateResource()
else:
self._feedback = FeedbackResource(True)
@defer.inlineCallbacks
def _clearAuth(self, request):
sessionId = request.getCookie(request.cookiename)
if sessionId:
yield request.site.clearSession(sessionId)
@defer.inlineCallbacks
def _ensureAuth(self, request, rsrc):
authinfo = yield defer.maybeDeferred(request.getSession, IAuthInfo)
if authinfo.username != None:
if request.method == "POST" or self._isAjax:
token = utils.getRequestArg(request, "_tk")
tokenFromCookie = request.getCookie('token')
if token != tokenFromCookie:
defer.returnValue(resource.ErrorPage(400,
http.RESPONSES[400], "Invalid authorization token"))
defer.returnValue(rsrc)
elif self._isAjax:
defer.returnValue(resource.ErrorPage(401, http.RESPONSES[401],
"You are not authorized to view this page"))
else:
signinPath = '/signin'
if request.path != '/':
signinPath = "/signin?_r=%s" % urllib.quote(request.uri, '*@+/')
defer.returnValue(util.Redirect(signinPath))
def getChildWithDefault(self, path, request):
match = None
# Resources that don't expose an AJAX interface
if not self._isAjax:
if path == "":
match = self._home
elif path == "auto":
match = self._auto
elif path == "ajax":
match = self._ajax
elif path == "embed":
match = self._embed
elif path == "signin":
match = self._signin
elif path == "avatar":
match = self._avatars
elif path == "about":
match = self._about
elif path == "contact":
match = self._contact
elif path == "signup":
match = self._signup
elif path == "rsrcs":
match = self._rsrcs
#elif path == "private":
# match = self._private
elif path == 'password':
match = self._signup
elif path == 'oauth':
pathElement = request.postpath.pop(0)
request.prepath.append(pathElement)
match = self._oauth.getChildWithDefault(pathElement, request)
# Resources that exist only on the AJAX interface
elif path == "feedback":
match = self._feedback
# All other resources
if path == "feed":
match = self._feed
elif path == "profile":
match = self._profile
elif path == "settings":
match = self._settings
elif path == "item":
match = self._item
elif path == "tags":
match = self._tags
elif path == "people":
match = self._people
elif path == "notifications":
match = self._notifications
elif path == "groups":
match = self._groups
elif path == 'group':
match = self._groupFeed
elif path == "search":
match = self._search
elif path == "messages":
match = self._messages
elif path == "admin":
match = self._admin
elif path == "files":
match = self._files
elif path == "apps":
match = self._apps
elif path == "api":
match = self._api
#elif path == 'chat':
# match = self._chat
#elif path == 'chats':
# match = self._chatArchives
#elif path == 'presence':
# match = self._presence
# Resources exposed by plugins
elif path in plugins and self._pluginResources.has_key(path):
match = self._pluginResources[path]
d = None
if path == "signout":
d = self._clearAuth(request)
d.addCallback(lambda x: util.Redirect('/signin'))
else:
# We have no idea how to handle the given path!
if not match:
return resource.NoResource("Page not found")
if not self._isAjax:
# By default prevent caching.
# Any resource may change these headers later during the processing
request.setHeader('Expires', formatdate(0))
request.setHeader('Cache-control', 'private,no-cache,no-store,must-revalidate')
if self._isAjax or (not self._isAjax and match != self._ajax):
if hasattr(match, 'requireAuth') and match.requireAuth:
d = self._ensureAuth(request, match)
else:
d = defer.succeed(match)
else:
d = defer.succeed(match)
#
# We update the CSRF token when it is a GET request
# and when one of the below is true
# - Ajax resource in which the full page is requested (appchange)
# - Non AJAX resource which is not in self._noCSRFReset
#
if ((self._isAjax and request.args.has_key('_fp')) or\
(not self._isAjax and match != self._ajax and\
path not in self._noCSRFReset))\
and request.method == "GET":
def addTokenCallback(rsrc):
ad = defer.maybeDeferred(request.getSession, IAuthInfo)
@defer.inlineCallbacks
def gotAuthInfo(authinfo):
if authinfo.username:
token = str(uuid.uuid4())[:8]
request.addCookie('token', token, path='/')
authinfo.token = token
yield request._saveSessionToDB()
defer.returnValue(rsrc)
ad.addCallback(gotAuthInfo)
return ad
d.addCallback(addTokenCallback)
return util.DeferredResource(d)
