# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1592578071 -7200
# Node ID 7cec74557aa3de5fab87b79b2d6758381b694515
# Parent  1f26d8c2afc13005f32cf530601daecd992a45bb
pages: `_bridge` page:

this page is an endpoint to do bridge calls from browser scripts.

diff -r 1f26d8c2afc1 -r 7cec74557aa3 libervia/pages/_bridge/page_meta.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libervia/pages/_bridge/page_meta.py	Fri Jun 19 16:47:51 2020 +0200
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+
+import tempfile
+import os
+import os.path
+import json
+from twisted.internet import defer
+from twisted.web import static
+from sat.core.i18n import _
+from sat.core.log import getLogger
+from libervia.server.constants import Const as C
+from libervia.server.utils import ProgressHandler
+
+
+log = getLogger(__name__)
+"""access to restricted bridge"""
+
+name = "bridge"
+on_data_post = "continue"
+
+
+def parse_url(self, request):
+    self.getPathArgs(request, ["method_name"], min_args=1)
+
+
+async def render(self, request):
+    if request.method != b'POST':
+        log.warning(f"Bad method used with _bridge endpoint: {request.method.decode()}")
+        return self.pageError(request, C.HTTP_BAD_REQUEST)
+    data = self.getRData(request)
+    profile = self.getProfile(request)
+    if profile is None:
+        log.warning("_bridge endpoint accessed without authorisation")
+        return self.pageError(request, C.HTTP_UNAUTHORIZED)
+    self.checkCSRF(request)
+    method_name = data["method_name"]
+    method_data = json.load(request.content)
+    try:
+        bridge_method = getattr(self.host.restricted_bridge, method_name)
+    except AttributeError:
+        log.warning(_(
+            "{profile!r} is trying to access a bridge method not implemented in "
+            "RestrictedBridge: {method_name}").format(
+                profile=profile, method_name=method_name))
+        return self.pageError(request, C.HTTP_BAD_REQUEST)
+
+    try:
+        args, kwargs = method_data['args'], method_data['kwargs']
+    except KeyError:
+        log.warning(_(
+            "{profile!r} has sent a badly formatted method call: {method_data}"
+        ).format(profile=profile, method_data=method_data))
+        return self.pageError(request, C.HTTP_BAD_REQUEST)
+
+    if "profile" in kwargs:
+        log.warning(_(
+            '"profile" key should not be in method kwargs, hack attempt? '
+            "profile={profile}, method_data={method_data}"
+        ).format(profile=profile, method_data=method_data))
+        return self.pageError(request, C.HTTP_BAD_REQUEST)
+
+    ret = await bridge_method(*args, **kwargs, profile=profile)
+    return json.dumps(ret)