Mercurial > libervia-web

view libervia/pages/_bridge/page_meta.py @ 1406:cffa3ae4d0aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pages (blog/view): move URL friendly code to backend tools: - the code to render an URL friendly is now in `sat.tools.common.regex` - user friendly extra text is now only displayed when no `-` is found in ID. This is a temporary transition behaviour because new blog items IDs are now user friendly by default, and thus extra text is not wanted anymore. For older IDs it is still needed though, and the presence of `-` is used to guess when an ID is user friendly or not.
author Goffi <goffi@goffi.org>
date Fri, 16 Apr 2021 18:44:49 +0200
parents b1215347b5c3
children 7472d5a88006
line wrap: on
line source

#!/usr/bin/env python3

import tempfile
import os
import os.path
import json
from twisted.internet import defer
from twisted.web import static
from sat.core.i18n import _
from sat.core.log import getLogger
from sat_frontends.bridge.bridge_frontend import BridgeException
from libervia.server.constants import Const as C
from libervia.server.utils import ProgressHandler


log = getLogger(__name__)
"""access to restricted bridge"""

name = "bridge"
on_data_post = "continue"


def parse_url(self, request):
    self.getPathArgs(request, ["method_name"], min_args=1)


async def render(self, request):
    if request.method != b'POST':
        log.warning(f"Bad method used with _bridge endpoint: {request.method.decode()}")
        return self.pageError(request, C.HTTP_BAD_REQUEST)
    data = self.getRData(request)
    profile = self.getProfile(request)
    if profile is None:
        log.warning("_bridge endpoint accessed without authorisation")
        return self.pageError(request, C.HTTP_UNAUTHORIZED)
    self.checkCSRF(request)
    method_name = data["method_name"]
    method_data = json.load(request.content)
    try:
        bridge_method = getattr(self.host.restricted_bridge, method_name)
    except AttributeError:
        log.warning(_(
            "{profile!r} is trying to access a bridge method not implemented in "
            "RestrictedBridge: {method_name}").format(
                profile=profile, method_name=method_name))
        return self.pageError(request, C.HTTP_BAD_REQUEST)

    try:
        args, kwargs = method_data['args'], method_data['kwargs']
    except KeyError:
        log.warning(_(
            "{profile!r} has sent a badly formatted method call: {method_data}"
        ).format(profile=profile, method_data=method_data))
        return self.pageError(request, C.HTTP_BAD_REQUEST)

    if "profile" in kwargs or "profile_key" in kwargs:
        log.warning(_(
            '"profile" key should not be in method kwargs, hack attempt? '
            "profile={profile}, method_data={method_data}"
        ).format(profile=profile, method_data=method_data))
        return self.pageError(request, C.HTTP_BAD_REQUEST)

    try:
        ret = await bridge_method(*args, **kwargs, profile=profile)
    except BridgeException as e:
        request.setResponseCode(C.HTTP_PROXY_ERROR)
        ret = {
            "fullname": e.fullname,
            "message": e.message,
            "condition": e.condition,
            "module": e.module,
            "classname": e.classname,
        }
    return json.dumps(ret)