summaryrefslogtreecommitdiff
path: root/src/leap/soledad/server.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/soledad/server.py')
-rw-r--r--src/leap/soledad/server.py39
1 files changed, 21 insertions, 18 deletions
diff --git a/src/leap/soledad/server.py b/src/leap/soledad/server.py
index 7aa253a3..e2944057 100644
--- a/src/leap/soledad/server.py
+++ b/src/leap/soledad/server.py
@@ -32,10 +32,22 @@ except ImportError:
from u1db.remote import http_app
+# Keep OpenSSL's tsafe before importing Twisted submodules so we can put
+# it back if Twisted==12.0.0 messes with it.
+from OpenSSL import tsafe
+old_tsafe = tsafe
+
from twisted.web.wsgi import WSGIResource
from twisted.internet import reactor
from twisted.python import log
+from twisted import version
+if version.base() == "12.0.0":
+ # Put OpenSSL's tsafe back into place. This can probably be removed if we
+ # come to use Twisted>=12.3.0.
+ import sys
+ sys.modules['OpenSSL.tsafe'] = old_tsafe
+
from couchdb.client import Server
from leap.soledad.backends.couch import CouchServerState
@@ -171,21 +183,6 @@ class SoledadAuthMiddleware(object):
return False
return True
- def need_auth(self, environ):
- """
- Check if action can be performed on database without authentication.
-
- For now, just allow access to /shared/*.
-
- @param environ: Dictionary containing CGI variables.
- @type environ: dict
-
- @return: Whether the requests needs authentication.
- @rtype: bool
- """
- # TODO: design unauth verification.
- return not environ.get(self.PATH_INFO_KEY).startswith('/shared/')
-
#-----------------------------------------------------------------------------
# Soledad WSGI application
@@ -196,6 +193,11 @@ class SoledadApp(http_app.HTTPApp):
Soledad WSGI application
"""
+ SHARED_DB_NAME = 'shared'
+ """
+ The name of the shared database that holds user's encrypted secrets.
+ """
+
def __call__(self, environ, start_response):
"""
Handle a WSGI call to the Soledad application.
@@ -209,6 +211,8 @@ class SoledadApp(http_app.HTTPApp):
@return: HTTP application results.
@rtype: list
"""
+ # ensure the shared database exists
+ self.state.ensure_database(self.SHARED_DB_NAME)
return http_app.HTTPApp.__call__(self, environ, start_response)
@@ -244,11 +248,10 @@ def load_configuration(file_path):
# Run as Twisted WSGI Resource
#-----------------------------------------------------------------------------
-# TODO: create command-line option for choosing config file.
conf = load_configuration('/etc/leap/soledad-server.conf')
state = CouchServerState(conf['couch_url'])
-application = SoledadAuthMiddleware(
- SoledadApp(state))
+# WSGI application that may be used by `twistd -web`
+application = SoledadAuthMiddleware(SoledadApp(state))
resource = WSGIResource(reactor, reactor.getThreadPool(), application)