Changeset 85bb0a78 in trunk
- Timestamp:
- 2020-10-16T18:14:15Z (5 years ago)
- Branches:
- master
- Children:
- 540004f
- Parents:
- c2fe5a6
- Location:
- src/allmydata
- Files:
-
- 1 deleted
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified src/allmydata/web/common.py ¶
rc2fe5a6 r85bb0a78 38 38 ) 39 39 from allmydata.mutable.common import UnrecoverableFileError 40 from allmydata.util.hashutil import timing_safe_compare41 40 from allmydata.util.time_format import ( 42 41 format_delta, … … 427 426 428 427 429 class TokenOnlyWebApi(resource.Resource, object):430 """431 I provide a rend.Page implementation that only accepts POST calls,432 and only if they have a 'token=' arg with the correct433 authentication token (see434 :meth:`allmydata.client.Client.get_auth_token`). Callers must also435 provide the "t=" argument to indicate the return-value (the only436 valid value for this is "json")437 438 Subclasses should override 'post_json' which should process the439 API call and return a string which encodes a valid JSON440 object. This will only be called if the correct token is present441 and valid (during renderHTTP processing).442 """443 444 def __init__(self, client):445 self.client = client446 447 def post_json(self, req):448 return NotImplemented449 450 def render(self, req):451 if req.method != 'POST':452 raise server.UnsupportedMethod(('POST',))453 if req.args.get('token', False):454 raise WebError("Do not pass 'token' as URL argument", http.BAD_REQUEST)455 # not using get_arg() here because we *don't* want the token456 # argument to work if you passed it as a GET-style argument457 token = None458 if req.fields and 'token' in req.fields:459 token = req.fields['token'].value.strip()460 if not token:461 raise WebError("Missing token", http.UNAUTHORIZED)462 if not timing_safe_compare(token, self.client.get_auth_token()):463 raise WebError("Invalid token", http.UNAUTHORIZED)464 465 t = get_arg(req, "t", "").strip()466 if not t:467 raise WebError("Must provide 't=' argument")468 if t == u'json':469 try:470 return self.post_json(req)471 except WebError as e:472 req.setResponseCode(e.code)473 return json.dumps({"error": e.text})474 except Exception as e:475 message, code = humanize_exception(e)476 req.setResponseCode(500 if code is None else code)477 return json.dumps({"error": message})478 else:479 raise WebError("'%s' invalid type for 't' arg" % (t,), http.BAD_REQUEST)480 481 482 428 def exception_to_child(f): 483 429 """
Note: See TracChangeset
for help on using the changeset viewer.