Mercurial > libervia-web
view libervia/server/websockets.py @ 1203:251eba911d4d
server (websockets): fixed websocket handling on HTTPS connections:
Original request used to retrieve a page was stored on dynamic pages, but after the end of
it, the channel was deleted, resulting in a isSecure() always returning False, and
troubles in chain leading to the the use of the wrong session object. This patch fixes
this by reworking the way original request is used, and creating a new wrapping class
allowing to keep an API similar to iweb.IRequest, with data coming from both the original
request and the websocket request.
fix 327
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 14 Jul 2019 14:45:51 +0200 |
| parents | 2af117bfe6cc |
| children | d2e2bf14f2e2 |
line wrap: on
line source
#!/usr/bin/python # -*- coding: utf-8 -*- # Libervia: a Salut à Toi frontend # Copyright (C) 2011-2019 Jérôme Poisson <goffi@goffi.org> # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import json from twisted.internet import error from autobahn.twisted import websocket from autobahn.twisted import resource as resource from autobahn.websocket import types from sat.core import exceptions from sat.core.i18n import _ from sat.core.log import getLogger log = getLogger(__name__) LIBERVIA_PROTOCOL = "libervia_page" class WebsocketRequest(object): """Wrapper around autobahn's ConnectionRequest and Twisted's server.Request This is used to have a common interface in Libervia page with request object """ def __init__(self, ws_protocol, connection_request, server_request): """ @param connection_request: websocket request @param serveur_request: original request of the page """ self.ws_protocol = ws_protocol self.ws_request = connection_request if self.isSecure(): cookie_string = "TWISTED_SECURE_SESSION" else: cookie_string = "TWISTED_SESSION" cookie_value = server_request.getCookie(cookie_string) try: raw_cookies = ws_protocol.http_headers['cookie'] except KeyError: raise ValueError(u"missing expected cookie header") self.cookies = {k:v for k,v in (c.split('=') for c in raw_cookies.split(';'))} if self.cookies[cookie_string] != cookie_value: raise exceptions.PermissionError( u"Bad cookie value, this should never happen.\n" u"headers: {headers}".format(headers=ws_protocol.http_headers)) self.template_data = server_request.template_data self.data = server_request.data self.session = server_request.getSession() self._signals_registered = server_request._signals_registered self._signals_cache = server_request._signals_cache # signal id is needed to link original request with signal handler self.signal_id = server_request._signal_id def isSecure(self): return self.ws_protocol.factory.isSecure def getSession(self, sessionInterface=None): try: self.session.touch() except (error.AlreadyCalled, error.AlreadyCancelled): # Session has already expired. self.session = None if sessionInterface: return self.session.getComponent(sessionInterface) return self.session def sendData(self, type_, **data): assert "type" not in data data["type"] = type_ self.ws_protocol.sendMessage(json.dumps(data, ensure_ascii=False).encode("utf8")) class LiberviaPageWSProtocol(websocket.WebSocketServerProtocol): host = None tokens_map = {} def onConnect(self, request): prefix = LIBERVIA_PROTOCOL + u"_" for protocol in request.protocols: if protocol.startswith(prefix): token = protocol[len(prefix) :].strip() if token: break else: raise types.ConnectionDeny( types.ConnectionDeny.NOT_IMPLEMENTED, u"Can't use this subprotocol" ) if token not in self.tokens_map: log.warning(_(u"Can't activate page socket: unknown token")) raise types.ConnectionDeny( types.ConnectionDeny.FORBIDDEN, u"Bad token, please reload page" ) self.token = token token_map = self.tokens_map.pop(token) self.page = token_map["page"] self.request = WebsocketRequest(self, request, token_map["request"]) return protocol def onOpen(self): log.debug( _( u"Websocket opened for {page} (token: {token})".format( page=self.page, token=self.token ) ) ) self.page.onSocketOpen(self.request) def onMessage(self, payload, isBinary): try: data_json = json.loads(payload.decode("utf8")) except ValueError as e: log.warning( _(u"Not valid JSON, ignoring data: {msg}\n{data}").format( msg=e, data=payload ) ) return # we request page first, to raise an AttributeError # if it is not set (which should never happen) page = self.page try: cb = page.on_data except AttributeError: log.warning( _( u'No "on_data" method set on dynamic page, ignoring data:\n{data}' ).format(data=data_json) ) else: cb(page, self.request, data_json) def onClose(self, wasClean, code, reason): self.page.onSocketClose(self.request) log.debug( _( u"Websocket closed for {page} (token: {token}). {reason}".format( page=self.page, token=self.token, reason=u"" if wasClean else _(u"Reason: {reason}").format(reason=reason), ) ) ) @classmethod def getBaseURL(cls, host, secure): return u"ws{sec}://localhost:{port}".format( sec="s" if secure else "", port=cls.host.options["port_https" if secure else "port"], ) @classmethod def getResource(cls, host, secure): if cls.host is None: cls.host = host factory = websocket.WebSocketServerFactory(cls.getBaseURL(host, secure)) factory.protocol = cls return resource.WebSocketResource(factory) @classmethod def registerToken(cls, token, page, request): if token in cls.tokens_map: raise exceptions.ConflictError(_(u"This token is already registered")) cls.tokens_map[token] = {"page": page, "request": request}