changeset 1287:1f26d8c2afc1

server: restricted_bridge first draft: bridge with a limited set of methods, where arguments are checked or removed, and security_limit is used. This bridge is used for calls from browser.
author Goffi <goffi@goffi.org>
date Fri, 19 Jun 2020 16:47:51 +0200
parents 63328c793a9e
children 7cec74557aa3
files libervia/server/restricted_bridge.py libervia/server/server.py
diffstat 2 files changed, 39 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/libervia/server/restricted_bridge.py	Fri Jun 19 16:47:51 2020 +0200
@@ -0,0 +1,37 @@
+#!/usr/bin/env python3
+
+# Libervia: a SàT frontend
+# Copyright (C) 2009-2020 Jérôme Poisson (goffi@goffi.org)
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from libervia.server.constants import Const as C
+
+
+class RestrictedBridge:
+    """Bridge with limited access, which can be used in browser
+
+    Only a few method are implemented, with potentially dangerous argument controlled.
+    Security limit is used
+    """
+
+    def __init__(self, host):
+        self.host = host
+        self.security_limit = C.SECURITY_LIMIT
+
+    async def fileHTTPUploadGetSlot(
+        self, filename, size, content_type, upload_jid, profile):
+        return await self.host.bridgeCall(
+            "fileHTTPUploadGetSlot", filename, size, content_type,
+            upload_jid, profile)
--- a/libervia/server/server.py	Fri Jun 19 16:47:51 2020 +0200
+++ b/libervia/server/server.py	Fri Jun 19 16:47:51 2020 +0200
@@ -62,6 +62,7 @@
 
 from libervia.server.constants import Const as C
 from libervia.server import session_iface
+from .restricted_bridge import RestrictedBridge
 
 log = getLogger(__name__)
 
@@ -815,6 +816,7 @@
         self.cache_root_dir = os.path.join(self.local_dir, C.CACHE_DIR)
         self.renderer = template.Renderer(self, self._front_url_filter)
         sites_names = list(self.renderer.sites_paths.keys())
+        self.restricted_bridge = RestrictedBridge(self)
 
         self._moveFirstLevelToDict(self.options, "url_redirections_dict", sites_names)
         self._moveFirstLevelToDict(self.options, "menu_json", sites_names)