From bf097914f492a2f3973d0b051324d121353fa5fa Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 5 Mar 2013 17:29:37 -0300 Subject: Add a shared remote database to Soledad (client and server). --- server.py | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) (limited to 'server.py') diff --git a/server.py b/server.py index 746dc8c0..dbaf6a13 100644 --- a/server.py +++ b/server.py @@ -12,6 +12,7 @@ try: import simplejson as json except ImportError: import json # noqa +from urlparse import parse_qs from twisted.web.wsgi import WSGIResource from twisted.internet import reactor @@ -55,20 +56,28 @@ class SoledadAuthMiddleware(object): def __call__(self, environ, start_response): if self.prefix and not environ['PATH_INFO'].startswith(self.prefix): return self._error(start_response, 400, "bad request") - token = environ.get('HTTP_AUTHORIZATION') - if not token: + shift_path_info(environ) + qs = parse_qs(environ.get('QUERY_STRING'), strict_parsing=True) + if 'auth_token' not in qs: if self.need_auth(environ): return self._error(start_response, 401, "unauthorized", "Missing Authentication Token.") else: + token = qs['auth_token'][0] try: self.verify_token(environ, token) except Unauthorized: return self._error( start_response, 401, "unauthorized", "Incorrect password or login.") - del environ['HTTP_AUTHORIZATION'] - shift_path_info(environ) + # remove auth token from query string. + del qs['auth_token'] + qs_str = '' + if qs: + qs_str = reduce(lambda x, y: '&'.join([x, y]), + map(lambda (x, y): '='.join([x, str(y)]), + qs.iteritems())) + environ['QUERY_STRING'] = qs_str return self.app(environ, start_response) def verify_token(self, environ, token): @@ -76,14 +85,29 @@ class SoledadAuthMiddleware(object): Verify if token is valid for authenticating this action. """ # TODO: implement token verification - raise NotImplementedError(self.verify_user) + raise NotImplementedError(self.verify_token) def need_auth(self, environ): """ Check if action can be performed on database without authentication. + + For now, just allow access to /shared/*. """ - # TODO: implement unauth verification. - raise NotImplementedError(self.allow_unauth) + # TODO: design unauth verification. + return not environ.get('PATH_INFO').startswith('/shared/') + + +#----------------------------------------------------------------------------- +# Soledad WSGI application +#----------------------------------------------------------------------------- + +class SoledadApp(http_app.HTTPApp): + """ + Soledad WSGI application + """ + + def __call__(self, environ, start_response): + return super(SoledadApp, self).__call__(environ, start_response) #----------------------------------------------------------------------------- @@ -111,13 +135,14 @@ def load_configuration(file_path): # Run as Twisted WSGI Resource #----------------------------------------------------------------------------- +# TODO: create command-line option for choosing config file. conf = load_configuration('/etc/leap/soledad-server.ini') state = CouchServerState(conf['couch_url']) # TODO: change working dir to something meaningful (maybe eliminate it) state.set_workingdir(conf['working_dir']) application = SoledadAuthMiddleware( - http_app.HTTPApp(state), + SoledadApp(state), conf['prefix'], conf['public_dbs'].split(',')) -- cgit v1.2.3