From da26a7f22c6ea77bc417d1184c2a0a4f976669a2 Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Tue, 29 Aug 2017 17:05:02 -0300 Subject: [style] improve naming and fixes from code review -- Related: #8867 --- src/leap/soledad/server/_config.py | 2 +- src/leap/soledad/server/_resource.py | 4 +-- src/leap/soledad/server/auth.py | 32 +++++++++++-------- src/leap/soledad/server/entrypoint.py | 57 ---------------------------------- src/leap/soledad/server/entrypoints.py | 57 ++++++++++++++++++++++++++++++++++ src/leap/soledad/server/server.tac | 14 ++++++--- 6 files changed, 88 insertions(+), 78 deletions(-) delete mode 100644 src/leap/soledad/server/entrypoint.py create mode 100644 src/leap/soledad/server/entrypoints.py (limited to 'src/leap/soledad') diff --git a/src/leap/soledad/server/_config.py b/src/leap/soledad/server/_config.py index 3f3d7640..12c286f5 100644 --- a/src/leap/soledad/server/_config.py +++ b/src/leap/soledad/server/_config.py @@ -31,7 +31,7 @@ CONFIG_DEFAULTS = { 'batching': True, 'blobs': False, 'blobs_path': '/srv/leap/soledad/blobs', - 'services_tokens_file': '/dev/null', + 'services_tokens_file': '/etc/soledad/incoming.tokens', }, 'database-security': { 'members': ['soledad'], diff --git a/src/leap/soledad/server/_resource.py b/src/leap/soledad/server/_resource.py index a9f854b6..7b326fef 100644 --- a/src/leap/soledad/server/_resource.py +++ b/src/leap/soledad/server/_resource.py @@ -24,7 +24,7 @@ from ._incoming import IncomingResource from ._wsgi import get_sync_resource -__all__ = ['SoledadResource', 'SoledadAnonResource'] +__all__ = ['PublicResource', 'SoledadAnonResource'] class _Robots(Resource): @@ -60,7 +60,7 @@ class LocalResource(Resource): self.putChild('incoming', IncomingResource()) -class SoledadResource(Resource): +class PublicResource(Resource): """ This is a dummy twisted resource, used only to allow different entry points for the Soledad Server. diff --git a/src/leap/soledad/server/auth.py b/src/leap/soledad/server/auth.py index 4dbe9a6d..89626ead 100644 --- a/src/leap/soledad/server/auth.py +++ b/src/leap/soledad/server/auth.py @@ -17,6 +17,7 @@ """ Twisted http token auth. """ +import os import binascii import time @@ -38,7 +39,7 @@ from twisted.web.resource import IResource from leap.soledad.common.couch import couch_server -from ._resource import SoledadResource, SoledadAnonResource +from ._resource import PublicResource, SoledadAnonResource from ._resource import LocalResource from ._blobs import BlobsResource from ._config import get_config @@ -59,7 +60,7 @@ class SoledadRealm(object): conf['blobs_path']) if blobs else None self.anon_resource = SoledadAnonResource( enable_blobs=blobs) - self.auth_resource = SoledadResource( + self.auth_resource = PublicResource( blobs_resource=blobs_resource, sync_pool=sync_pool) @@ -81,9 +82,8 @@ class SoledadRealm(object): @implementer(IRealm) class LocalServicesRealm(object): - def __init__(self, conf=None): - if conf is None: - conf = get_config() + def __init__(self): + conf = get_config() self.anon_resource = SoledadAnonResource( enable_blobs=conf['blobs']) self.auth_resource = LocalResource() @@ -108,12 +108,16 @@ class FileTokenChecker(object): credentialInterfaces = [IUsernamePassword, IAnonymous] def __init__(self, conf=None): + # conf parameter is only used during tests conf = conf or get_config() self._trusted_services_tokens = {} self._tokens_file_path = conf['services_tokens_file'] self._reload_tokens() def _reload_tokens(self): + if not os.path.isfile(self._tokens_file_path): + log.warn("No local token auth file at %s" % self._tokens_file_path) + return with open(self._tokens_file_path) as tokens_file: for line in tokens_file.readlines(): line = line.strip() @@ -128,6 +132,7 @@ class FileTokenChecker(object): service = credentials.username token = credentials.password + # TODO: Use constant time comparison if self._trusted_services_tokens[service] != token: return defer.fail(error.UnauthorizedLogin()) @@ -221,16 +226,17 @@ class TokenCredentialFactory(object): raise error.LoginFailed('Invalid credentials') -def portalFactory(public=True, sync_pool=None): +def publicPortal(sync_pool): database_checker = CouchDBTokenChecker() + realm = SoledadRealm(sync_pool=sync_pool) + auth_checkers = [database_checker] + return Portal(realm, auth_checkers) + + +def localPortal(): file_checker = FileTokenChecker() - if public: - assert sync_pool - realm = SoledadRealm(sync_pool=sync_pool) - auth_checkers = [database_checker] - else: - realm = LocalServicesRealm() - auth_checkers = [file_checker, database_checker] + realm = LocalServicesRealm() + auth_checkers = [file_checker] return Portal(realm, auth_checkers) diff --git a/src/leap/soledad/server/entrypoint.py b/src/leap/soledad/server/entrypoint.py deleted file mode 100644 index 7115007b..00000000 --- a/src/leap/soledad/server/entrypoint.py +++ /dev/null @@ -1,57 +0,0 @@ -# -*- coding: utf-8 -*- -# entrypoint.py -# Copyright (C) 2016 LEAP -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -""" -The entrypoint for Soledad server. - -This is the entrypoint for the application that is loaded from the initscript -or the systemd script. -""" - -from twisted.internet import reactor -from twisted.python import threadpool - -from .auth import portalFactory -from .session import SoledadSession -from ._config import get_config -from ._wsgi import init_couch_state - - -# load configuration from file -conf = get_config() - - -class SoledadEntrypoint(SoledadSession): - - def __init__(self): - pool = threadpool.ThreadPool(name='wsgi') - reactor.callWhenRunning(pool.start) - reactor.addSystemEventTrigger('after', 'shutdown', pool.stop) - portal = portalFactory(public=True, sync_pool=pool) - SoledadSession.__init__(self, portal) - - -class LocalServicesEntrypoint(SoledadSession): - - def __init__(self): - portal = portalFactory(public=False) - SoledadSession.__init__(self, portal) - -# see the comments in application.py recarding why couch state has to be -# initialized when the reactor is running - - -reactor.callWhenRunning(init_couch_state, conf) diff --git a/src/leap/soledad/server/entrypoints.py b/src/leap/soledad/server/entrypoints.py new file mode 100644 index 00000000..ff2f333a --- /dev/null +++ b/src/leap/soledad/server/entrypoints.py @@ -0,0 +1,57 @@ +# -*- coding: utf-8 -*- +# entrypoint.py +# Copyright (C) 2016 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +""" +The entrypoint for Soledad server. + +This is the entrypoint for the application that is loaded from the initscript +or the systemd script. +""" + +from twisted.internet import reactor +from twisted.python import threadpool + +from .auth import localPortal, publicPortal +from .session import SoledadSession +from ._config import get_config +from ._wsgi import init_couch_state + + +# load configuration from file +conf = get_config() + + +class SoledadEntrypoint(SoledadSession): + + def __init__(self): + pool = threadpool.ThreadPool(name='wsgi') + reactor.callWhenRunning(pool.start) + reactor.addSystemEventTrigger('after', 'shutdown', pool.stop) + portal = publicPortal(sync_pool=pool) + SoledadSession.__init__(self, portal) + + +class LocalServicesEntrypoint(SoledadSession): + + def __init__(self): + portal = localPortal() + SoledadSession.__init__(self, portal) + +# see the comments in application.py recarding why couch state has to be +# initialized when the reactor is running + + +reactor.callWhenRunning(init_couch_state, conf) diff --git a/src/leap/soledad/server/server.tac b/src/leap/soledad/server/server.tac index b443e632..1a4e53ee 100644 --- a/src/leap/soledad/server/server.tac +++ b/src/leap/soledad/server/server.tac @@ -5,14 +5,14 @@ from twisted.application import service, strports from twisted.web import server from twisted.python import log -from leap.soledad.server import entrypoint +from leap.soledad.server import entrypoints application = service.Application('soledad-server') # local entrypoint -local_port = os.getenv('LOCAL_SERVICES_PORT', 2323) +local_port = os.getenv('LOCAL_SERVICES_PORT', 2525) local_description = 'tcp:%s:interface=127.0.0.1' % local_port -local_site = server.Site(entrypoint.LocalServicesEntrypoint()) +local_site = server.Site(entrypoints.LocalServicesEntrypoint()) local_server = strports.service(local_description, local_site) local_server.setServiceParent(application) @@ -33,9 +33,13 @@ if port: 'privateKey=' + privateKey, 'certKey=' + certKey, 'sslmethod=' + sslmethod]) -else: +elif os.getenv('DEBUG_SERVER', False): public_description = 'tcp:port=2424:interface=0.0.0.0' -public_site = server.Site(entrypoint.SoledadEntrypoint()) +else: + log.err("HTTPS_PORT env var is required to be set!") + sys.exit(20) + +public_site = server.Site(entrypoints.SoledadEntrypoint()) public_server = strports.service(public_description, public_site) public_server.setServiceParent(application) -- cgit v1.2.3