Mercurial > libervia-web
annotate libervia/server/constants.py @ 1479:095e94ca6728
pages: disable CSRF token check when service profile is used:
CSRF token check doesn't make sense when no user is logged in, and it causes trouble for
caching.
fix 400
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 22 Oct 2021 16:04:23 +0200 |
| parents | 396d5606477f |
| children | ec3ad9abf9f9 |
| rev | line source |
|---|---|
| 1239 | 1 #!/usr/bin/env python3 |
| 2 | |
|
1275
334d044f2713
server: default theme can now be specified in site section of `sat.conf` with `theme` key
Goffi <goffi@goffi.org>
parents:
1257
diff
changeset
|
3 # Libervia: a SàT frontend |
| 1396 | 4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
5 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
10 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
15 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
18 |
|
860
05cd9dc775e6
server: use of relative import instead of try/except block in server/constants
Goffi <goffi@goffi.org>
parents:
856
diff
changeset
|
19 from ..common import constants |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
20 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
21 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
22 class Const(constants.Const): |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
23 |
|
1397
ed037818d6de
core (constants): renaming following global project renaming
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
24 APP_NAME = "Libervia Web" |
|
ed037818d6de
core (constants): renaming following global project renaming
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
25 APP_COMPONENT = "web" |
|
ed037818d6de
core (constants): renaming following global project renaming
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
26 APP_NAME_ALT = APP_NAME |
|
ed037818d6de
core (constants): renaming following global project renaming
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
27 APP_NAME_FILE = "libervia_web" |
|
1402
388558a30cf8
core (config): use component (i.e. "web") as config section
Goffi <goffi@goffi.org>
parents:
1397
diff
changeset
|
28 CONFIG_SECTION = APP_COMPONENT.lower() |
|
1479
095e94ca6728
pages: disable CSRF token check when service profile is used:
Goffi <goffi@goffi.org>
parents:
1435
diff
changeset
|
29 # the Libervia profile that is used for public operations (when nobody is connected) |
|
095e94ca6728
pages: disable CSRF token check when service profile is used:
Goffi <goffi@goffi.org>
parents:
1435
diff
changeset
|
30 SERVICE_PROFILE = "libervia" |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
31 |
|
993
641664553a41
server: changed session timeout from 5 min to 2h, avoiding undesired disconnection on Libervia pages.
Goffi <goffi@goffi.org>
parents:
990
diff
changeset
|
32 SESSION_TIMEOUT = 7200 # Session's timeout, after that the user will be disconnected |
|
449
981ed669d3b3
/!\ reorganize all the file hierarchy, move the code and launching script to src:
souliane <souliane@mailoo.org>
parents:
445
diff
changeset
|
33 HTML_DIR = "html/" |
|
703
1a19ee7d8d8a
server_side: add default theme
souliane <souliane@mailoo.org>
parents:
685
diff
changeset
|
34 THEMES_DIR = "themes/" |
|
823
027139763511
server (blog): cleaning & improvments:
Goffi <goffi@goffi.org>
parents:
818
diff
changeset
|
35 THEMES_URL = "themes" |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
36 MEDIA_DIR = "media/" |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
37 CARDS_DIR = "games/cards/tarot" |
| 1216 | 38 PAGES_DIR = "pages" |
| 39 TASKS_DIR = "tasks" | |
| 40 LIBERVIA_CACHE = "libervia" | |
| 1246 | 41 SITE_NAME_DEFAULT = "default" |
|
1257
1ec41ac1e7cf
server: seperation between production build dir and dev build dir:
Goffi <goffi@goffi.org>
parents:
1253
diff
changeset
|
42 # generated files will be accessible there |
| 1216 | 43 BUILD_DIR = "__b" |
| 1246 | 44 BUILD_DIR_DYN = "dyn" |
|
1257
1ec41ac1e7cf
server: seperation between production build dir and dev build dir:
Goffi <goffi@goffi.org>
parents:
1253
diff
changeset
|
45 # directory where build files are served to the client |
|
1ec41ac1e7cf
server: seperation between production build dir and dev build dir:
Goffi <goffi@goffi.org>
parents:
1253
diff
changeset
|
46 PRODUCTION_BUILD_DIR = "sites" |
|
1ec41ac1e7cf
server: seperation between production build dir and dev build dir:
Goffi <goffi@goffi.org>
parents:
1253
diff
changeset
|
47 # directory used for files needed temporarily (e.g. for compiling other files) |
|
1ec41ac1e7cf
server: seperation between production build dir and dev build dir:
Goffi <goffi@goffi.org>
parents:
1253
diff
changeset
|
48 DEV_BUILD_DIR = "dev_build" |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
49 |
| 1216 | 50 TPL_RESOURCE = '_t' |
|
1127
9234f29053b0
server, pages: update to handle multi sites themes, first draft:
Goffi <goffi@goffi.org>
parents:
1124
diff
changeset
|
51 |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
52 ERRNUM_BRIDGE_ERRBACK = 0 # FIXME |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
53 ERRNUM_LIBERVIA = 0 # FIXME |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
54 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
55 # Security limit for Libervia (get/set params) |
|
338
80016abf3ad3
server_side: raised default security_limit to 5
Goffi <goffi@goffi.org>
parents:
317
diff
changeset
|
56 SECURITY_LIMIT = 5 |
|
317
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
57 |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
58 # Security limit for Libervia server_side |
|
bbadd490e63c
misc: gather the constants in a single file, as it is done for other frontends
souliane <souliane@mailoo.org>
parents:
diff
changeset
|
59 SERVER_SECURITY_LIMIT = constants.Const.NO_SECURITY_LIMIT |
|
605
917e271975d9
server + browser side: implementation of new getEntitiesData bridge method + added a security check: only a white list of entities can be gotten
Goffi <goffi@goffi.org>
parents:
555
diff
changeset
|
60 |
|
917e271975d9
server + browser side: implementation of new getEntitiesData bridge method + added a security check: only a white list of entities can be gotten
Goffi <goffi@goffi.org>
parents:
555
diff
changeset
|
61 # keys for cache values we can get from browser |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
62 ALLOWED_ENTITY_DATA = {"avatar", "nick"} |
|
823
027139763511
server (blog): cleaning & improvments:
Goffi <goffi@goffi.org>
parents:
818
diff
changeset
|
63 |
|
027139763511
server (blog): cleaning & improvments:
Goffi <goffi@goffi.org>
parents:
818
diff
changeset
|
64 STATIC_RSM_MAX_LIMIT = 100 |
|
027139763511
server (blog): cleaning & improvments:
Goffi <goffi@goffi.org>
parents:
818
diff
changeset
|
65 STATIC_RSM_MAX_DEFAULT = 10 |
|
027139763511
server (blog): cleaning & improvments:
Goffi <goffi@goffi.org>
parents:
818
diff
changeset
|
66 STATIC_RSM_MAX_COMMENTS_DEFAULT = 10 |
| 917 | 67 |
| 68 ## Libervia pages ## | |
| 1216 | 69 PAGES_META_FILE = "page_meta.py" |
| 1246 | 70 PAGES_BROWSER_DIR = "_browser" |
|
1253
6d49fae517ba
pages: browser metadata + root `_browser`:
Goffi <goffi@goffi.org>
parents:
1248
diff
changeset
|
71 PAGES_BROWSER_META_FILE = "browser_meta.json" |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
72 PAGES_ACCESS_NONE = ( |
| 1216 | 73 "none" |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
74 ) # no access to this page (using its path will return a 404 error) |
| 1216 | 75 PAGES_ACCESS_PUBLIC = "public" |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
76 PAGES_ACCESS_PROFILE = ( |
| 1216 | 77 "profile" |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
78 ) # a session with an existing profile must be started |
| 1216 | 79 PAGES_ACCESS_ADMIN = "admin" # only profiles set in admins_list can access the page |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
80 PAGES_ACCESS_ALL = ( |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
81 PAGES_ACCESS_NONE, |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
82 PAGES_ACCESS_PUBLIC, |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
83 PAGES_ACCESS_PROFILE, |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
84 PAGES_ACCESS_ADMIN, |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
85 ) |
|
990
6daa59d44ee2
pages: menu implementation, first draft:
Goffi <goffi@goffi.org>
parents:
985
diff
changeset
|
86 # names of the page to use for menu |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
87 DEFAULT_MENU = [ |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
88 "login", |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
89 "chat", |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
90 "blog", |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
91 "forums", |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
92 "photos", |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
93 "files", |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
94 "events", |
|
1378
e3e303a30a74
pages (tickets): renamed "tickets" to "lists":
Goffi <goffi@goffi.org>
parents:
1296
diff
changeset
|
95 "lists", |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
96 "merge-requests", |
|
1248
9b865f2604a9
server (constants): temporarily removed `app` from menu
Goffi <goffi@goffi.org>
parents:
1246
diff
changeset
|
97 # XXX: app is not available anymore since removal of pyjamas code with Python 3 |
|
9b865f2604a9
server (constants): temporarily removed `app` from menu
Goffi <goffi@goffi.org>
parents:
1246
diff
changeset
|
98 # port. It should come back at a later point with an alternative (Brython |
|
9b865f2604a9
server (constants): temporarily removed `app` from menu
Goffi <goffi@goffi.org>
parents:
1246
diff
changeset
|
99 # probably). |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
1111
diff
changeset
|
100 ] |
|
922
16d1084d1371
server (pages): added "None" access (page is not rendered at all) and some HTTP code constants + helper methods to get session data
Goffi <goffi@goffi.org>
parents:
917
diff
changeset
|
101 |
|
957
67bf14c91d5c
server (pages): added a confirm flag on successful post:
Goffi <goffi@goffi.org>
parents:
956
diff
changeset
|
102 ## Session flags ## |
| 1216 | 103 FLAG_CONFIRM = "CONFIRM" |
| 962 | 104 |
| 105 ## Data post ## | |
| 1216 | 106 POST_NO_CONFIRM = "POST_NO_CONFIRM" |
|
957
67bf14c91d5c
server (pages): added a confirm flag on successful post:
Goffi <goffi@goffi.org>
parents:
956
diff
changeset
|
107 |
|
931
8a393ae90f8c
server (pages): post requests are now handled:
Goffi <goffi@goffi.org>
parents:
922
diff
changeset
|
108 ## HTTP methods ## |
| 1216 | 109 HTTP_METHOD_GET = b"GET" |
| 110 HTTP_METHOD_POST = b"POST" | |
|
931
8a393ae90f8c
server (pages): post requests are now handled:
Goffi <goffi@goffi.org>
parents:
922
diff
changeset
|
111 |
|
922
16d1084d1371
server (pages): added "None" access (page is not rendered at all) and some HTTP code constants + helper methods to get session data
Goffi <goffi@goffi.org>
parents:
917
diff
changeset
|
112 ## HTTP codes ## |
|
956
dabecab10faa
server (pages): impleted CSRF protection:
Goffi <goffi@goffi.org>
parents:
934
diff
changeset
|
113 HTTP_SEE_OTHER = 303 |
|
1019
34240d08f682
pages: HTTP cache headers handling:
Goffi <goffi@goffi.org>
parents:
1005
diff
changeset
|
114 HTTP_NOT_MODIFIED = 304 |
|
922
16d1084d1371
server (pages): added "None" access (page is not rendered at all) and some HTTP code constants + helper methods to get session data
Goffi <goffi@goffi.org>
parents:
917
diff
changeset
|
115 HTTP_BAD_REQUEST = 400 |
|
16d1084d1371
server (pages): added "None" access (page is not rendered at all) and some HTTP code constants + helper methods to get session data
Goffi <goffi@goffi.org>
parents:
917
diff
changeset
|
116 HTTP_UNAUTHORIZED = 401 |
|
1173
0f37b65fe7c2
server: replaced wrong usage of C.HTTP_UNAUTHORIZED by C.HTTP_FORBIDDEN
Goffi <goffi@goffi.org>
parents:
1146
diff
changeset
|
117 HTTP_FORBIDDEN = 403 |
|
922
16d1084d1371
server (pages): added "None" access (page is not rendered at all) and some HTTP code constants + helper methods to get session data
Goffi <goffi@goffi.org>
parents:
917
diff
changeset
|
118 HTTP_NOT_FOUND = 404 |
|
934
a21fee7e30ee
server (constants): added HTTP_INTERNAL_ERROR and HTTP_SERVICE_UNAVAILABLE
Goffi <goffi@goffi.org>
parents:
931
diff
changeset
|
119 HTTP_INTERNAL_ERROR = 500 |
|
1296
b1215347b5c3
pages (bridge): better handling of errors:
Goffi <goffi@goffi.org>
parents:
1275
diff
changeset
|
120 HTTP_PROXY_ERROR = 502 |
|
934
a21fee7e30ee
server (constants): added HTTP_INTERNAL_ERROR and HTTP_SERVICE_UNAVAILABLE
Goffi <goffi@goffi.org>
parents:
931
diff
changeset
|
121 HTTP_SERVICE_UNAVAILABLE = 503 |
|
985
64826e69f365
pages: cache mechanism, first draft:
Goffi <goffi@goffi.org>
parents:
964
diff
changeset
|
122 |
|
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
123 ## HTTP HEADERS ## |
|
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
124 H_FORWARDED = "Forwarded" |
|
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
125 H_X_FORWARDED_FOR = "X-Forwarded-For" |
|
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
126 H_X_FORWARDED_HOST = "X-Forwarded-Host" |
|
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
127 H_X_FORWARDED_PROTO = "X-Forwarded-Proto" |
|
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
128 |
|
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1402
diff
changeset
|
129 |
|
985
64826e69f365
pages: cache mechanism, first draft:
Goffi <goffi@goffi.org>
parents:
964
diff
changeset
|
130 ## Cache ## |
|
64826e69f365
pages: cache mechanism, first draft:
Goffi <goffi@goffi.org>
parents:
964
diff
changeset
|
131 CACHE_PUBSUB = 0 |
|
1019
34240d08f682
pages: HTTP cache headers handling:
Goffi <goffi@goffi.org>
parents:
1005
diff
changeset
|
132 |
|
34240d08f682
pages: HTTP cache headers handling:
Goffi <goffi@goffi.org>
parents:
1005
diff
changeset
|
133 ## Date/Time ## |
|
34240d08f682
pages: HTTP cache headers handling:
Goffi <goffi@goffi.org>
parents:
1005
diff
changeset
|
134 HTTP_DAYS = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun") |
|
1127
9234f29053b0
server, pages: update to handle multi sites themes, first draft:
Goffi <goffi@goffi.org>
parents:
1124
diff
changeset
|
135 HTTP_MONTH = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", |
|
9234f29053b0
server, pages: update to handle multi sites themes, first draft:
Goffi <goffi@goffi.org>
parents:
1124
diff
changeset
|
136 "Nov", "Dec") |