view libervia/server/ @ 1203:251eba911d4d

server (websockets): fixed websocket handling on HTTPS connections: Original request used to retrieve a page was stored on dynamic pages, but after the end of it, the channel was deleted, resulting in a isSecure() always returning False, and troubles in chain leading to the the use of the wrong session object. This patch fixes this by reworking the way original request is used, and creating a new wrapping class allowing to keep an API similar to iweb.IRequest, with data coming from both the original request and the websocket request. fix 327
author Goffi <>
date Sun, 14 Jul 2019 14:45:51 +0200
parents 2af117bfe6cc
children d2e2bf14f2e2
line wrap: on
line source

# -*- coding: utf-8 -*-

# Libervia: a Salut à Toi frontend
# Copyright (C) 2011-2019 Jérôme Poisson <>

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU Affero General Public License for more details.

# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <>.

import json
from twisted.internet import error
from autobahn.twisted import websocket
from autobahn.twisted import resource as resource
from autobahn.websocket import types
from sat.core import exceptions
from sat.core.i18n import _
from sat.core.log import getLogger

log = getLogger(__name__)

LIBERVIA_PROTOCOL = "libervia_page"

class WebsocketRequest(object):
    """Wrapper around autobahn's ConnectionRequest and Twisted's server.Request

    This is used to have a common interface in Libervia page with request object

    def __init__(self, ws_protocol, connection_request, server_request):
        @param connection_request: websocket request
        @param serveur_request: original request of the page
        self.ws_protocol = ws_protocol
        self.ws_request = connection_request
        if self.isSecure():
            cookie_string = "TWISTED_SECURE_SESSION"
            cookie_string = "TWISTED_SESSION"
        cookie_value = server_request.getCookie(cookie_string)
            raw_cookies = ws_protocol.http_headers['cookie']
        except KeyError:
            raise ValueError(u"missing expected cookie header")
        self.cookies = {k:v for k,v in (c.split('=') for c in raw_cookies.split(';'))}
        if self.cookies[cookie_string] != cookie_value:
            raise exceptions.PermissionError(
                u"Bad cookie value, this should never happen.\n"
                u"headers: {headers}".format(headers=ws_protocol.http_headers))

        self.template_data = server_request.template_data =
        self.session = server_request.getSession()
        self._signals_registered = server_request._signals_registered
        self._signals_cache = server_request._signals_cache
        # signal id is needed to link original request with signal handler
        self.signal_id = server_request._signal_id

    def isSecure(self):
        return self.ws_protocol.factory.isSecure

    def getSession(self, sessionInterface=None):
        except (error.AlreadyCalled, error.AlreadyCancelled):
            # Session has already expired.
            self.session = None

        if sessionInterface:
            return self.session.getComponent(sessionInterface)

        return self.session

    def sendData(self, type_, **data):
        assert "type" not in data
        data["type"] = type_
        self.ws_protocol.sendMessage(json.dumps(data, ensure_ascii=False).encode("utf8"))

class LiberviaPageWSProtocol(websocket.WebSocketServerProtocol):
    host = None
    tokens_map = {}

    def onConnect(self, request):
        prefix = LIBERVIA_PROTOCOL + u"_"
        for protocol in request.protocols:
            if protocol.startswith(prefix):
                token = protocol[len(prefix) :].strip()
                if token:
            raise types.ConnectionDeny(
                types.ConnectionDeny.NOT_IMPLEMENTED, u"Can't use this subprotocol"

        if token not in self.tokens_map:
            log.warning(_(u"Can't activate page socket: unknown token"))
            raise types.ConnectionDeny(
                types.ConnectionDeny.FORBIDDEN, u"Bad token, please reload page"
        self.token = token
        token_map = self.tokens_map.pop(token) = token_map["page"]
        self.request = WebsocketRequest(self, request, token_map["request"])
        return protocol

    def onOpen(self):
                u"Websocket opened for {page} (token: {token})".format(
          , token=self.token

    def onMessage(self, payload, isBinary):
            data_json = json.loads(payload.decode("utf8"))
        except ValueError as e:
                _(u"Not valid JSON, ignoring data: {msg}\n{data}").format(
                    msg=e, data=payload
        #  we request page first, to raise an AttributeError
        # if it is not set (which should never happen)
        page =
            cb = page.on_data
        except AttributeError:
                    u'No "on_data" method set on dynamic page, ignoring data:\n{data}'
            cb(page, self.request, data_json)

    def onClose(self, wasClean, code, reason):

                u"Websocket closed for {page} (token: {token}). {reason}".format(
                    if wasClean
                    else _(u"Reason: {reason}").format(reason=reason),

    def getBaseURL(cls, host, secure):
        return u"ws{sec}://localhost:{port}".format(
            sec="s" if secure else "",
  ["port_https" if secure else "port"],

    def getResource(cls, host, secure):
        if is None:
   = host
        factory = websocket.WebSocketServerFactory(cls.getBaseURL(host, secure))
        factory.protocol = cls
        return resource.WebSocketResource(factory)

    def registerToken(cls, token, page, request):
        if token in cls.tokens_map:
            raise exceptions.ConflictError(_(u"This token is already registered"))
        cls.tokens_map[token] = {"page": page, "request": request}