diff options
author | drebs <drebs@leap.se> | 2016-11-27 12:02:27 -0200 |
---|---|---|
committer | drebs <drebs@leap.se> | 2016-11-27 12:02:27 -0200 |
commit | f072f18f317ea31e66c7890d672b5d2fd9f3ef14 (patch) | |
tree | db18a701bbefdb9a5e71f814f5ff1263c2fa821d /server | |
parent | 564f55802455d08c9a38e892bb4b25ad6fbcb87d (diff) | |
parent | dff666e51240393ebbf2a2118e6e51130fe91f8c (diff) |
Merge tag '0.9.1'
Tag version 0.9.1
# gpg: Signature made Sun 27 Nov 2016 12:01:10 PM BRST
# gpg: using RSA key 0x6071E70DCACC60B2
# gpg: a verificar a base de dados de confiança
# gpg: public key of ultimately trusted key 0x030F1C082D2327BE not found
# gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
# gpg: depth: 0 valid: 11 signed: 71 trust: 0-, 0q, 0n, 0m, 0f, 11u
# gpg: depth: 1 valid: 71 signed: 64 trust: 69-, 0q, 0n, 0m, 2f, 0u
# gpg: depth: 2 valid: 55 signed: 74 trust: 55-, 0q, 0n, 0m, 0f, 0u
# gpg: proxima verificação da base de dados de confiança a 2016-12-12
# gpg: Good signature from "drebs (work key) <db@leap.se>" [ultimate]
# gpg: aka "drebs (work key) <drebs@leap.se>" [ultimate]
# Impressão da chave primária: 9F73 295B 6306 E06F 3151 99AE 6071 E70D CACC 60B2
Diffstat (limited to 'server')
-rwxr-xr-x | server/pkg/create-user-db | 2 | ||||
-rw-r--r-- | server/pkg/soledad-server | 2 | ||||
-rw-r--r-- | server/src/leap/soledad/server/__init__.py | 44 | ||||
-rw-r--r-- | server/src/leap/soledad/server/application.py | 73 | ||||
-rw-r--r-- | server/src/leap/soledad/server/auth.py | 12 |
5 files changed, 87 insertions, 46 deletions
diff --git a/server/pkg/create-user-db b/server/pkg/create-user-db index b955b4c3..9e2b6b50 100755 --- a/server/pkg/create-user-db +++ b/server/pkg/create-user-db @@ -22,7 +22,7 @@ import argparse from leap.soledad.common.couch import CouchDatabase from leap.soledad.common.couch.state import is_db_name_valid from leap.soledad.common.couch import list_users_dbs -from leap.soledad.server import load_configuration +from leap.soledad.server.config import load_configuration BYPASS_AUTH = os.environ.get('SOLEDAD_BYPASS_AUTH', False) diff --git a/server/pkg/soledad-server b/server/pkg/soledad-server index 9dada6a0..d9dab040 100644 --- a/server/pkg/soledad-server +++ b/server/pkg/soledad-server @@ -11,7 +11,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin PIDFILE=/var/run/soledad.pid -OBJ=leap.soledad.server.application +OBJ=leap.soledad.server.application.wsgi_application HTTPS_PORT=2424 CONFDIR=/etc/soledad CERT_PATH="${CONFDIR}/soledad-server.pem" diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py index d154e3fe..d8243c19 100644 --- a/server/src/leap/soledad/server/__init__.py +++ b/server/src/leap/soledad/server/__init__.py @@ -25,7 +25,9 @@ General information This is written as a Twisted application and intended to be run using the twistd command. To start the soledad server, run: - twistd -n web --wsgi=leap.soledad.server.application --port=X + twistd -n web \ + --wsgi=leap.soledad.server.application.wsgi_application \ + --port=X An initscript is included and will be installed system wide to make it feasible to start and stop the Soledad server service using a standard @@ -84,24 +86,17 @@ import urlparse import sys from leap.soledad.common.l2db.remote import http_app, utils +from leap.soledad.common import SHARED_DB_NAME -from leap.soledad.server.auth import SoledadTokenAuthMiddleware -from leap.soledad.server.gzip_middleware import GzipMiddleware from leap.soledad.server.sync import SyncResource from leap.soledad.server.sync import MAX_REQUEST_SIZE from leap.soledad.server.sync import MAX_ENTRY_SIZE -from leap.soledad.server.config import load_configuration - -from leap.soledad.common import SHARED_DB_NAME -from leap.soledad.common.backend import SoledadBackend -from leap.soledad.common.couch.state import CouchServerState from ._version import get_versions __all__ = [ 'SoledadApp', - 'application', '__version__', ] @@ -255,36 +250,5 @@ class HTTPInvocationByMethodWithBody( http_app.HTTPInvocationByMethodWithBody = HTTPInvocationByMethodWithBody -# ---------------------------------------------------------------------------- -# Run as Twisted WSGI Resource -# ---------------------------------------------------------------------------- - - -def _load_config(): - conf = load_configuration('/etc/soledad/soledad-server.conf') - return conf['soledad-server'] - - -def _get_couch_state(): - conf = _load_config() - state = CouchServerState(conf['couch_url'], create_cmd=conf['create_cmd'], - check_schema_versions=True) - SoledadBackend.BATCH_SUPPORT = conf.get('batching', False) - return state - -try: - _couch_state = _get_couch_state() - # a WSGI application that may be used by `twistd -web` - application = GzipMiddleware( - SoledadTokenAuthMiddleware(SoledadApp(_couch_state))) -except: - pass - - -# another WSGI application in which we bypass token auth middleware for ease of -# mind while debugging in your local environment -# debug_local_application_do_not_use = SoledadApp(_couch_state) - - __version__ = get_versions()['version'] del get_versions diff --git a/server/src/leap/soledad/server/application.py b/server/src/leap/soledad/server/application.py new file mode 100644 index 00000000..17296425 --- /dev/null +++ b/server/src/leap/soledad/server/application.py @@ -0,0 +1,73 @@ +# -*- coding: utf-8 -*- +# application.py +# Copyright (C) 2016 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +A WSGI application to serve as the root resource of the webserver. + +Use it like this: + + twistd web --wsgi=leap.soledad.server.application.wsgi_application +""" +from twisted.internet import reactor + +from leap.soledad.server import SoledadApp +from leap.soledad.server.auth import SoledadTokenAuthMiddleware +from leap.soledad.server.gzip_middleware import GzipMiddleware +from leap.soledad.server.config import load_configuration +from leap.soledad.common.backend import SoledadBackend +from leap.soledad.common.couch.state import CouchServerState +from leap.soledad.common.log import getLogger + + +__all__ = ['wsgi_application'] + + +def _load_config(): + conf = load_configuration('/etc/soledad/soledad-server.conf') + return conf['soledad-server'] + + +def _get_couch_state(): + conf = _load_config() + state = CouchServerState(conf['couch_url'], create_cmd=conf['create_cmd'], + check_schema_versions=True) + SoledadBackend.BATCH_SUPPORT = conf.get('batching', False) + return state + + +_app = SoledadTokenAuthMiddleware(SoledadApp(None)) # delay state init +wsgi_application = GzipMiddleware(_app) + + +# During its initialization, the couch state verifies if all user databases +# contain a config document with the correct couch schema version stored, and +# will log an error and raise an exception if that is not the case. +# +# If this verification made too early (i.e. before the reactor has started and +# the twistd web logging facilities have been setup), the logging will not +# work. Because of that, we delay couch state initialization until the reactor +# is running. + +def _init_couch_state(_app): + try: + _app.state = _get_couch_state() + except Exception as e: + logger = getLogger() + logger.error(str(e)) + reactor.stop() + + +reactor.callWhenRunning(_init_couch_state, _app) diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py index b7186b3b..b0764569 100644 --- a/server/src/leap/soledad/server/auth.py +++ b/server/src/leap/soledad/server/auth.py @@ -343,9 +343,13 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): TOKEN_AUTH_ERROR_STRING = "Incorrect address or token." - def __init__(self, app): - self._state = app.state - super(SoledadTokenAuthMiddleware, self).__init__(app) + def _get_state(self): + return self._app.state + + def _set_state(self, state): + self._app.state = state + + state = property(_get_state, _set_state) def _verify_authentication_scheme(self, scheme): """ @@ -379,7 +383,7 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware): """ token = auth_data # we expect a cleartext token at this point try: - return self._state.verify_token(uuid, token) + return self.state.verify_token(uuid, token) except Exception as e: logger.error(e) return False |