Mercurial > libervia-pubsub
view sat_pubsub/tap_http.py @ 330:82d1259b3e36
backend, pgsql storage: better items/notification handling, various fixes:
- replaced const.VAL_AMODEL_ROSTER by const.VAL_AMODEL_PUBLISHER_ROSTER to follow change in pgsql schema
- implemented whitelist access model
- fixed bad access check during items retrieval (access was checked on recipient instead of requestor/sender)
- getItemsData and notification filtering now use inline callbacks: this make these complexe workflows far mor easy to read, and clarity is imperative in these security critical sections.
- publisher-roster access model now need to have only one owner, else it will fail. The idea is to use this model only when owner=publisher, else there is ambiguity on the roster to use to check access
- replaced getNodeOwner by node.getOwners, as a node can have several owners
- notifications filtering has been fixed in a similar way
- psql: simplified withPEP method, pep_table argument is actually not needed
- removed error.NotInRoster: error.Forbidden is used instead
- notifications now notify all the owners, not only the first one
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 26 Mar 2017 20:52:32 +0200 |
parents | 5d7c3787672e |
children | 9fbb31ce495b |
line wrap: on
line source
#!/usr/bin/python #-*- coding: utf-8 -*- # Copyright (c) 2003-2011 Ralph Meijer # Copyright (c) 2012-2016 Jérôme Poisson # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # -- # This program is based on Idavoll (http://idavoll.ik.nu/), # originaly written by Ralph Meijer (http://ralphm.net/blog/) # It is sublicensed under AGPL v3 (or any later version) as allowed by the original # license. # -- # Here is a copy of the original license: # Copyright (c) 2003-2011 Ralph Meijer # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. from twisted.application import internet, strports from twisted.conch import manhole, manhole_ssh from twisted.cred import portal, checkers from twisted.web import resource, server from sat_pubsub import gateway, tap from sat_pubsub.gateway import RemoteSubscriptionService class Options(tap.Options): optParameters = [ ('webport', None, '8086', 'Web port'), ] def getManholeFactory(namespace, **passwords): def getManHole(_): return manhole.Manhole(namespace) realm = manhole_ssh.TerminalRealm() realm.chainedProtocolFactory.protocolFactory = getManHole p = portal.Portal(realm) p.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(**passwords)) f = manhole_ssh.ConchFactory(p) return f def makeService(config): s = tap.makeService(config) bs = s.getServiceNamed('backend') cs = s.getServiceNamed('component') # Set up XMPP service for subscribing to remote nodes if config['backend'] == 'pgsql': from sat_pubsub.pgsql_storage import GatewayStorage gst = GatewayStorage(bs.storage.dbpool) elif config['backend'] == 'memory': from sat_pubsub.memory_storage import GatewayStorage gst = GatewayStorage() ss = RemoteSubscriptionService(config['jid'], gst) ss.setHandlerParent(cs) ss.startService() # Set up web service root = resource.Resource() # Set up resources that exposes the backend root.putChild('create', gateway.CreateResource(bs, config['jid'], config['jid'])) root.putChild('delete', gateway.DeleteResource(bs, config['jid'], config['jid'])) root.putChild('publish', gateway.PublishResource(bs, config['jid'], config['jid'])) root.putChild('list', gateway.ListResource(bs)) # Set up resources for accessing remote pubsub nodes. root.putChild('subscribe', gateway.RemoteSubscribeResource(ss)) root.putChild('unsubscribe', gateway.RemoteUnsubscribeResource(ss)) root.putChild('items', gateway.RemoteItemsResource(ss)) site = server.Site(root) w = internet.TCPServer(int(config['webport']), site) w.setServiceParent(s) # Set up a manhole namespace = {'service': s, 'component': cs, 'backend': bs, 'root': root} f = getManholeFactory(namespace, admin='admin') manholeService = strports.service('2222', f) manholeService.setServiceParent(s) return s