def make_middleware(wrapped, **args):
"""
Make middleware wsgi app
"""
_LOG.debug('Middleware function arguments is %r', args)
local_manager = LocalManager([NoAuth.LOCALS])
app = NoAuth(wrapped)
return local_manager.make_middleware(app)
def create_application(from_file):
if from_file:
work_dir = os.path.dirname(os.path.abspath(from_file))
else:
work_dir = os.getcwd()
os.chdir(work_dir)
static_files = {'/static': os.path.join(work_dir, 'static')}
jam.context = Local()
local_manager = LocalManager([jam.context])
application = App(work_dir)
application = SharedDataMiddleware(application, static_files)
application = local_manager.make_middleware(application)
return application
def create_application(from_file=None, load_task=False, testing=False):
if from_file:
if os.path.isfile(from_file):
work_dir = os.path.dirname(from_file)
else:
work_dir = from_file
else:
work_dir = os.getcwd()
work_dir = os.path.realpath(work_dir)
os.chdir(work_dir)
static_files = {'/static': os.path.join(work_dir, 'static')}
jam.context = Local()
local_manager = LocalManager([jam.context])
application = App(work_dir, load_task)
if not testing:
application = SharedDataMiddleware(application, static_files)
application = local_manager.make_middleware(application)
return application
def create_application(from_file=None):
if from_file:
if os.path.isfile(from_file):
work_dir = os.path.dirname(from_file)
else:
work_dir = from_file
else:
work_dir = os.getcwd()
work_dir = os.path.realpath(work_dir)
os.chdir(work_dir)
static_files = {
'/static': os.path.join(work_dir, 'static')
}
jam.context = Local()
local_manager = LocalManager([jam.context])
application = App(work_dir)
application = SharedDataMiddleware(application, static_files)
application = local_manager.make_middleware(application)
return application
frappe.db.commit()
rollback = False
# update session
if getattr(frappe.local, "session_obj", None):
updated_in_db = frappe.local.session_obj.update()
if updated_in_db:
frappe.db.commit()
rollback = False
update_comments_in_parent_after_request()
return rollback
application = local_manager.make_middleware(application)
def serve(port=8000,
profile=False,
no_reload=False,
no_threading=False,
site=None,
sites_path='.'):
global application, _site, _sites_path
_site = site
_sites_path = sites_path
from werkzeug.serving import run_simple
if profile:
site = _site or request.headers.get('X-Frappe-Site-Name') or get_site_name(request.host)
frappe.init(site=site, sites_path=_sites_path)
if not (frappe.local.conf and frappe.local.conf.db_name):
# site does not exist
raise NotFound
def make_form_dict(request):
frappe.local.form_dict = frappe._dict({ k:v[0] if isinstance(v, (list, tuple)) else v \
for k, v in (request.form or request.args).iteritems() })
if "_" in frappe.local.form_dict:
# _ is passed by $.ajax so that the request is not cached by the browser. So, remove _ from form_dict
frappe.local.form_dict.pop("_")
application = local_manager.make_middleware(application)
def serve(port=8000, profile=False, site=None, sites_path='.'):
global application, _site, _sites_path
_site = site
_sites_path = sites_path
from werkzeug.serving import run_simple
if profile:
application = ProfilerMiddleware(application, sort_by=('tottime', 'calls'))
if not os.environ.get('NO_STATICS'):
application = SharedDataMiddleware(application, {
b'/assets': os.path.join(sites_path, 'assets').encode("utf-8"),
})
def create_app():
local = Local()
local_manager = LocalManager([local])
app = local_manager.make_middleware(Olaf())
app = set_statics(app)
return app
class AWSAuthMiddleware(object):
"""Handler for the low-level tasks of admin authentication.
Intercepts all requests and responses to AWS, parses the auth
cookie to retrieve the admin, provides an interface for the rest of
the application to access and modify this information, and then
writes the headers to update the cookie.
A single instance of this class manages the cookies for all current
requests at the same time, using a Local object from Werkzeug.
"""
COOKIE = "awslogin"
def __init__(self, app):
"""Initialize the middleware, and chain it to the given app.
app (function): a WSGI application.
"""
self._app = app
self._local = Local()
self._local_manager = LocalManager([self._local])
self.wsgi_app = self._local_manager.make_middleware(self.wsgi_app)
self._request = self._local("request")
self._cookie = self._local("cookie")
@property
def admin_id(self):
"""Return the ID of the admin.
It's the value that has been read from the cookie and (if
modified by the rest of the application) will be written back.
returns (int or None): the ID of the admin, if logged in.
"""
return self._cookie.get("id", None)
def set(self, admin_id):
"""Set the admin ID that will be stored in the cookie.
admin_id (int): the ID of the admin (to unset don't pass None:
use clear()).
"""
self._cookie["id"] = admin_id
self._cookie["ip"] = self._request.remote_addr
self.refresh()
def refresh(self):
"""Update the timestamp that will be stored in the cookie.
"""
self._cookie["timestamp"] = make_timestamp()
def clear(self):
"""Remove all fields from the cookie.
This doesn't actually cause the client to remove the cookie, it
just makes it update the stored cookie to an empty value.
"""
self._cookie.clear()
def __call__(self, environ, start_response):
"""Invoke the class as a WSGI application.
environ (dict): the WSGI environment.
start_response (function): the WSGI start_response callable.
returns (iterable): the WSGI response data.
"""
return self.wsgi_app(environ, start_response)
def wsgi_app(self, environ, start_response):
"""Invoke the class as a WSGI application.
environ (dict): the WSGI environment.
start_response (function): the WSGI start_response callable.
returns (iterable): the WSGI response data.
"""
self._local.request = Request(environ)
self._local.cookie = JSONSecureCookie.load_cookie(
self._request, AWSAuthMiddleware.COOKIE,
hex_to_bin(config.secret_key))
self._verify_cookie()
def my_start_response(status, headers, exc_info=None):
"""Wrapper for the server-provided start_response.
Once called by the application, modifies the received
parameters to add the Set-Cookie parameter (if needed)
and then forwards everything to the server.
"""
response = Response(status=status, headers=headers)
self._cookie.save_cookie(response,
AWSAuthMiddleware.COOKIE,
httponly=True)
return start_response(status, response.headers.to_wsgi_list(),
exc_info)
return self._app(environ, my_start_response)
def _verify_cookie(self):
"""Check whether the cookie is valid, and if not clear it.
"""
# Clearing an empty cookie marks it as modified and causes it
# to be sent in the response. This check prevents it.
if len(self._cookie) == 0:
return
admin_id = self._cookie.get("id", None)
remote_addr = self._cookie.get("ip", None)
timestamp = self._cookie.get("timestamp", None)
if admin_id is None or remote_addr is None or timestamp is None:
self.clear()
return
if not isinstance(admin_id, int) or not isinstance(timestamp, float):
self.clear()
return
if remote_addr != self._request.remote_addr:
self.clear()
return
if make_timestamp() - timestamp > config.admin_cookie_duration:
self.clear()
return
class AWSAuthMiddleware(object):
"""Handler for the low-level tasks of admin authentication.
Intercepts all requests and responses to AWS, parses the auth
cookie to retrieve the admin, provides an interface for the rest of
the application to access and modify this information, and then
writes the headers to update the cookie.
A single instance of this class manages the cookies for all current
requests at the same time, using a Local object from Werkzeug.
"""
COOKIE = "awslogin"
def __init__(self, app):
"""Initialize the middleware, and chain it to the given app.
app (function): a WSGI application.
"""
self._app = app
self._local = Local()
self._local_manager = LocalManager([self._local])
self.wsgi_app = self._local_manager.make_middleware(self.wsgi_app)
self._request = self._local("request")
self._cookie = self._local("cookie")
@property
def admin_id(self):
"""Return the ID of the admin.
It's the value that has been read from the cookie and (if
modified by the rest of the application) will be written back.
returns (int or None): the ID of the admin, if logged in.
"""
return self._cookie.get("id", None)
def set(self, admin_id):
"""Set the admin ID that will be stored in the cookie.
admin_id (int): the ID of the admin (to unset don't pass None:
use clear()).
"""
self._cookie["id"] = admin_id
self._cookie["ip"] = self._request.remote_addr
self.refresh()
def refresh(self):
"""Update the timestamp that will be stored in the cookie.
"""
self._cookie["timestamp"] = make_timestamp()
def clear(self):
"""Remove all fields from the cookie.
This doesn't actually cause the client to remove the cookie, it
just makes it update the stored cookie to an empty value.
"""
self._cookie.clear()
def __call__(self, environ, start_response):
"""Invoke the class as a WSGI application.
environ (dict): the WSGI environment.
start_response (function): the WSGI start_response callable.
returns (iterable): the WSGI response data.
"""
return self.wsgi_app(environ, start_response)
def wsgi_app(self, environ, start_response):
"""Invoke the class as a WSGI application.
environ (dict): the WSGI environment.
start_response (function): the WSGI start_response callable.
returns (iterable): the WSGI response data.
"""
self._local.request = Request(environ)
self._local.cookie = JSONSecureCookie.load_cookie(
self._request, AWSAuthMiddleware.COOKIE, config.secret_key)
self._verify_cookie()
def my_start_response(status, headers, exc_info=None):
"""Wrapper for the server-provided start_response.
Once called by the application, modifies the received
parameters to add the Set-Cookie parameter (if needed)
and then forwards everything to the server.
"""
response = Response(status=status, headers=headers)
self._cookie.save_cookie(
response, AWSAuthMiddleware.COOKIE, httponly=True)
return start_response(
status, response.headers.to_wsgi_list(), exc_info)
return self._app(environ, my_start_response)
def _verify_cookie(self):
"""Check whether the cookie is valid, and if not clear it.
"""
# Clearing an empty cookie marks it as modified and causes it
# to be sent in the response. This check prevents it.
if len(self._cookie) == 0:
return
admin_id = self._cookie.get("id", None)
remote_addr = self._cookie.get("ip", None)
timestamp = self._cookie.get("timestamp", None)
if admin_id is None or remote_addr is None or timestamp is None:
self.clear()
return
if not isinstance(admin_id, int) or not isinstance(timestamp, float):
self.clear()
return
if remote_addr != self._request.remote_addr:
self.clear()
return
if make_timestamp() - timestamp > config.admin_cookie_duration:
self.clear()
return
