Mercurial > libervia-web

view libervia/pages/_bridge/page_meta.py @ 1504:409d10211b20

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server, browser: dynamic pages refactoring: dynamic pages has been reworked, to change the initial basic implementation. Pages are now dynamic by default, and a websocket is established by the first connected page of a session. The socket is used to transmit bridge signals, and then the signal is broadcasted to other tabs using broadcast channel. If the connecting tab is closed, an other one is chosen. Some tests are made to retry connecting in case of problem, and sometimes reload the pages (e.g. if profile is connected). Signals (or other data) are cached during reconnection phase, to avoid lost of data. All previous partial rendering mechanism have been removed, chat page is temporarily not working anymore, but will be eventually redone (one of the goal of this work is to have proper chat).
author Goffi <goffi@goffi.org>
date Wed, 01 Mar 2023 18:02:44 +0100
parents 7472d5a88006
children 106bae41f5c8
line wrap: on
line source

#!/usr/bin/env python3

import json
from sat.core.i18n import _
from sat.core.log import getLogger
from sat_frontends.bridge.bridge_frontend import BridgeException
from libervia.server.constants import Const as C


log = getLogger(__name__)
"""access to restricted bridge"""

name = "bridge"
on_data_post = "continue"

# bridge method allowed when no profile is connected
NO_SESSION_ALLOWED = ("getContacts", "identitiesBaseGet", "identitiesGet")


def parse_url(self, request):
    self.getPathArgs(request, ["method_name"], min_args=1)


async def render(self, request):
    if request.method != b'POST':
        log.warning(f"Bad method used with _bridge endpoint: {request.method.decode()}")
        return self.pageError(request, C.HTTP_BAD_REQUEST)
    data = self.getRData(request)
    profile = self.getProfile(request)
    self.checkCSRF(request)
    method_name = data["method_name"]
    if profile is None:
        if method_name in NO_SESSION_ALLOWED:
            # this method is allowed, we use the service profile
            profile = C.SERVICE_PROFILE
        else:
            log.warning("_bridge endpoint accessed without authorisation")
            return self.pageError(request, C.HTTP_UNAUTHORIZED)
    method_data = json.load(request.content)
    try:
        bridge_method = getattr(self.host.restricted_bridge, method_name)
    except AttributeError:
        log.warning(_(
            "{profile!r} is trying to access a bridge method not implemented in "
            "RestrictedBridge: {method_name}").format(
                profile=profile, method_name=method_name))
        return self.pageError(request, C.HTTP_BAD_REQUEST)

    try:
        args, kwargs = method_data['args'], method_data['kwargs']
    except KeyError:
        log.warning(_(
            "{profile!r} has sent a badly formatted method call: {method_data}"
        ).format(profile=profile, method_data=method_data))
        return self.pageError(request, C.HTTP_BAD_REQUEST)

    if "profile" in kwargs or "profile_key" in kwargs:
        log.warning(_(
            '"profile" key should not be in method kwargs, hack attempt? '
            "profile={profile}, method_data={method_data}"
        ).format(profile=profile, method_data=method_data))
        return self.pageError(request, C.HTTP_BAD_REQUEST)

    try:
        ret = await bridge_method(*args, **kwargs, profile=profile)
    except BridgeException as e:
        request.setResponseCode(C.HTTP_PROXY_ERROR)
        ret = {
            "fullname": e.fullname,
            "message": e.message,
            "condition": e.condition,
            "module": e.module,
            "classname": e.classname,
        }
    return json.dumps(ret)