summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2016-11-27 12:02:27 -0200
committerdrebs <drebs@leap.se>2016-11-27 12:02:27 -0200
commitf072f18f317ea31e66c7890d672b5d2fd9f3ef14 (patch)
treedb18a701bbefdb9a5e71f814f5ff1263c2fa821d /server
parent564f55802455d08c9a38e892bb4b25ad6fbcb87d (diff)
parentdff666e51240393ebbf2a2118e6e51130fe91f8c (diff)
Merge tag '0.9.1'
Tag version 0.9.1 # gpg: Signature made Sun 27 Nov 2016 12:01:10 PM BRST # gpg: using RSA key 0x6071E70DCACC60B2 # gpg: a verificar a base de dados de confiança # gpg: public key of ultimately trusted key 0x030F1C082D2327BE not found # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model # gpg: depth: 0 valid: 11 signed: 71 trust: 0-, 0q, 0n, 0m, 0f, 11u # gpg: depth: 1 valid: 71 signed: 64 trust: 69-, 0q, 0n, 0m, 2f, 0u # gpg: depth: 2 valid: 55 signed: 74 trust: 55-, 0q, 0n, 0m, 0f, 0u # gpg: proxima verificação da base de dados de confiança a 2016-12-12 # gpg: Good signature from "drebs (work key) <db@leap.se>" [ultimate] # gpg: aka "drebs (work key) <drebs@leap.se>" [ultimate] # Impressão da chave primária: 9F73 295B 6306 E06F 3151 99AE 6071 E70D CACC 60B2
Diffstat (limited to 'server')
-rwxr-xr-xserver/pkg/create-user-db2
-rw-r--r--server/pkg/soledad-server2
-rw-r--r--server/src/leap/soledad/server/__init__.py44
-rw-r--r--server/src/leap/soledad/server/application.py73
-rw-r--r--server/src/leap/soledad/server/auth.py12
5 files changed, 87 insertions, 46 deletions
diff --git a/server/pkg/create-user-db b/server/pkg/create-user-db
index b955b4c3..9e2b6b50 100755
--- a/server/pkg/create-user-db
+++ b/server/pkg/create-user-db
@@ -22,7 +22,7 @@ import argparse
from leap.soledad.common.couch import CouchDatabase
from leap.soledad.common.couch.state import is_db_name_valid
from leap.soledad.common.couch import list_users_dbs
-from leap.soledad.server import load_configuration
+from leap.soledad.server.config import load_configuration
BYPASS_AUTH = os.environ.get('SOLEDAD_BYPASS_AUTH', False)
diff --git a/server/pkg/soledad-server b/server/pkg/soledad-server
index 9dada6a0..d9dab040 100644
--- a/server/pkg/soledad-server
+++ b/server/pkg/soledad-server
@@ -11,7 +11,7 @@
PATH=/sbin:/bin:/usr/sbin:/usr/bin
PIDFILE=/var/run/soledad.pid
-OBJ=leap.soledad.server.application
+OBJ=leap.soledad.server.application.wsgi_application
HTTPS_PORT=2424
CONFDIR=/etc/soledad
CERT_PATH="${CONFDIR}/soledad-server.pem"
diff --git a/server/src/leap/soledad/server/__init__.py b/server/src/leap/soledad/server/__init__.py
index d154e3fe..d8243c19 100644
--- a/server/src/leap/soledad/server/__init__.py
+++ b/server/src/leap/soledad/server/__init__.py
@@ -25,7 +25,9 @@ General information
This is written as a Twisted application and intended to be run using the
twistd command. To start the soledad server, run:
- twistd -n web --wsgi=leap.soledad.server.application --port=X
+ twistd -n web \
+ --wsgi=leap.soledad.server.application.wsgi_application \
+ --port=X
An initscript is included and will be installed system wide to make it
feasible to start and stop the Soledad server service using a standard
@@ -84,24 +86,17 @@ import urlparse
import sys
from leap.soledad.common.l2db.remote import http_app, utils
+from leap.soledad.common import SHARED_DB_NAME
-from leap.soledad.server.auth import SoledadTokenAuthMiddleware
-from leap.soledad.server.gzip_middleware import GzipMiddleware
from leap.soledad.server.sync import SyncResource
from leap.soledad.server.sync import MAX_REQUEST_SIZE
from leap.soledad.server.sync import MAX_ENTRY_SIZE
-from leap.soledad.server.config import load_configuration
-
-from leap.soledad.common import SHARED_DB_NAME
-from leap.soledad.common.backend import SoledadBackend
-from leap.soledad.common.couch.state import CouchServerState
from ._version import get_versions
__all__ = [
'SoledadApp',
- 'application',
'__version__',
]
@@ -255,36 +250,5 @@ class HTTPInvocationByMethodWithBody(
http_app.HTTPInvocationByMethodWithBody = HTTPInvocationByMethodWithBody
-# ----------------------------------------------------------------------------
-# Run as Twisted WSGI Resource
-# ----------------------------------------------------------------------------
-
-
-def _load_config():
- conf = load_configuration('/etc/soledad/soledad-server.conf')
- return conf['soledad-server']
-
-
-def _get_couch_state():
- conf = _load_config()
- state = CouchServerState(conf['couch_url'], create_cmd=conf['create_cmd'],
- check_schema_versions=True)
- SoledadBackend.BATCH_SUPPORT = conf.get('batching', False)
- return state
-
-try:
- _couch_state = _get_couch_state()
- # a WSGI application that may be used by `twistd -web`
- application = GzipMiddleware(
- SoledadTokenAuthMiddleware(SoledadApp(_couch_state)))
-except:
- pass
-
-
-# another WSGI application in which we bypass token auth middleware for ease of
-# mind while debugging in your local environment
-# debug_local_application_do_not_use = SoledadApp(_couch_state)
-
-
__version__ = get_versions()['version']
del get_versions
diff --git a/server/src/leap/soledad/server/application.py b/server/src/leap/soledad/server/application.py
new file mode 100644
index 00000000..17296425
--- /dev/null
+++ b/server/src/leap/soledad/server/application.py
@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+# application.py
+# Copyright (C) 2016 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+A WSGI application to serve as the root resource of the webserver.
+
+Use it like this:
+
+ twistd web --wsgi=leap.soledad.server.application.wsgi_application
+"""
+from twisted.internet import reactor
+
+from leap.soledad.server import SoledadApp
+from leap.soledad.server.auth import SoledadTokenAuthMiddleware
+from leap.soledad.server.gzip_middleware import GzipMiddleware
+from leap.soledad.server.config import load_configuration
+from leap.soledad.common.backend import SoledadBackend
+from leap.soledad.common.couch.state import CouchServerState
+from leap.soledad.common.log import getLogger
+
+
+__all__ = ['wsgi_application']
+
+
+def _load_config():
+ conf = load_configuration('/etc/soledad/soledad-server.conf')
+ return conf['soledad-server']
+
+
+def _get_couch_state():
+ conf = _load_config()
+ state = CouchServerState(conf['couch_url'], create_cmd=conf['create_cmd'],
+ check_schema_versions=True)
+ SoledadBackend.BATCH_SUPPORT = conf.get('batching', False)
+ return state
+
+
+_app = SoledadTokenAuthMiddleware(SoledadApp(None)) # delay state init
+wsgi_application = GzipMiddleware(_app)
+
+
+# During its initialization, the couch state verifies if all user databases
+# contain a config document with the correct couch schema version stored, and
+# will log an error and raise an exception if that is not the case.
+#
+# If this verification made too early (i.e. before the reactor has started and
+# the twistd web logging facilities have been setup), the logging will not
+# work. Because of that, we delay couch state initialization until the reactor
+# is running.
+
+def _init_couch_state(_app):
+ try:
+ _app.state = _get_couch_state()
+ except Exception as e:
+ logger = getLogger()
+ logger.error(str(e))
+ reactor.stop()
+
+
+reactor.callWhenRunning(_init_couch_state, _app)
diff --git a/server/src/leap/soledad/server/auth.py b/server/src/leap/soledad/server/auth.py
index b7186b3b..b0764569 100644
--- a/server/src/leap/soledad/server/auth.py
+++ b/server/src/leap/soledad/server/auth.py
@@ -343,9 +343,13 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
TOKEN_AUTH_ERROR_STRING = "Incorrect address or token."
- def __init__(self, app):
- self._state = app.state
- super(SoledadTokenAuthMiddleware, self).__init__(app)
+ def _get_state(self):
+ return self._app.state
+
+ def _set_state(self, state):
+ self._app.state = state
+
+ state = property(_get_state, _set_state)
def _verify_authentication_scheme(self, scheme):
"""
@@ -379,7 +383,7 @@ class SoledadTokenAuthMiddleware(SoledadAuthMiddleware):
"""
token = auth_data # we expect a cleartext token at this point
try:
- return self._state.verify_token(uuid, token)
+ return self.state.verify_token(uuid, token)
except Exception as e:
logger.error(e)
return False