summaryrefslogtreecommitdiff
path: root/server.py
diff options
context:
space:
mode:
Diffstat (limited to 'server.py')
-rw-r--r--server.py41
1 files changed, 33 insertions, 8 deletions
diff --git a/server.py b/server.py
index 746dc8c0..dbaf6a13 100644
--- a/server.py
+++ b/server.py
@@ -12,6 +12,7 @@ try:
import simplejson as json
except ImportError:
import json # noqa
+from urlparse import parse_qs
from twisted.web.wsgi import WSGIResource
from twisted.internet import reactor
@@ -55,20 +56,28 @@ class SoledadAuthMiddleware(object):
def __call__(self, environ, start_response):
if self.prefix and not environ['PATH_INFO'].startswith(self.prefix):
return self._error(start_response, 400, "bad request")
- token = environ.get('HTTP_AUTHORIZATION')
- if not token:
+ shift_path_info(environ)
+ qs = parse_qs(environ.get('QUERY_STRING'), strict_parsing=True)
+ if 'auth_token' not in qs:
if self.need_auth(environ):
return self._error(start_response, 401, "unauthorized",
"Missing Authentication Token.")
else:
+ token = qs['auth_token'][0]
try:
self.verify_token(environ, token)
except Unauthorized:
return self._error(
start_response, 401, "unauthorized",
"Incorrect password or login.")
- del environ['HTTP_AUTHORIZATION']
- shift_path_info(environ)
+ # remove auth token from query string.
+ del qs['auth_token']
+ qs_str = ''
+ if qs:
+ qs_str = reduce(lambda x, y: '&'.join([x, y]),
+ map(lambda (x, y): '='.join([x, str(y)]),
+ qs.iteritems()))
+ environ['QUERY_STRING'] = qs_str
return self.app(environ, start_response)
def verify_token(self, environ, token):
@@ -76,14 +85,29 @@ class SoledadAuthMiddleware(object):
Verify if token is valid for authenticating this action.
"""
# TODO: implement token verification
- raise NotImplementedError(self.verify_user)
+ raise NotImplementedError(self.verify_token)
def need_auth(self, environ):
"""
Check if action can be performed on database without authentication.
+
+ For now, just allow access to /shared/*.
"""
- # TODO: implement unauth verification.
- raise NotImplementedError(self.allow_unauth)
+ # TODO: design unauth verification.
+ return not environ.get('PATH_INFO').startswith('/shared/')
+
+
+#-----------------------------------------------------------------------------
+# Soledad WSGI application
+#-----------------------------------------------------------------------------
+
+class SoledadApp(http_app.HTTPApp):
+ """
+ Soledad WSGI application
+ """
+
+ def __call__(self, environ, start_response):
+ return super(SoledadApp, self).__call__(environ, start_response)
#-----------------------------------------------------------------------------
@@ -111,13 +135,14 @@ def load_configuration(file_path):
# Run as Twisted WSGI Resource
#-----------------------------------------------------------------------------
+# TODO: create command-line option for choosing config file.
conf = load_configuration('/etc/leap/soledad-server.ini')
state = CouchServerState(conf['couch_url'])
# TODO: change working dir to something meaningful (maybe eliminate it)
state.set_workingdir(conf['working_dir'])
application = SoledadAuthMiddleware(
- http_app.HTTPApp(state),
+ SoledadApp(state),
conf['prefix'],
conf['public_dbs'].split(','))