HTTP auth added to file_upload and jsonrpc

This commit is contained in:
Michael 2014-09-03 22:12:34 -06:00
parent e2f3d2aca8
commit b84dda3c8e
3 changed files with 26 additions and 3 deletions

View File

@ -22,6 +22,7 @@ Simple file upload & listing handler.
import os import os
import tornado.web import tornado.web
import tornado.websocket
import logging import logging
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@ -35,6 +36,16 @@ class GNS3BaseHandler(tornado.web.RequestHandler):
if self.settings['required_user'] == user.decode("utf-8"): if self.settings['required_user'] == user.decode("utf-8"):
return user return user
class GNS3WebSocketBaseHandler(tornado.websocket.WebSocketHandler):
def get_current_user(self):
user = self.get_secure_cookie("user")
if not user:
return None
if self.settings['required_user'] == user.decode("utf-8"):
return user
class LoginHandler(tornado.web.RequestHandler): class LoginHandler(tornado.web.RequestHandler):
def get(self): def get(self):
self.write('<html><body><form action="/login" method="post">' self.write('<html><body><form action="/login" method="post">'

View File

@ -23,6 +23,7 @@ Simple file upload & listing handler.
import os import os
import stat import stat
import tornado.web import tornado.web
from .auth_handler import GNS3BaseHandler
from ..version import __version__ from ..version import __version__
from ..config import Config from ..config import Config
@ -30,7 +31,7 @@ import logging
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
class FileUploadHandler(tornado.web.RequestHandler): class FileUploadHandler(GNS3BaseHandler):
""" """
File upload handler. File upload handler.
@ -54,6 +55,7 @@ class FileUploadHandler(tornado.web.RequestHandler):
except OSError as e: except OSError as e:
log.error("could not create the upload directory {}: {}".format(self._upload_dir, e)) log.error("could not create the upload directory {}: {}".format(self._upload_dir, e))
@tornado.web.authenticated
def get(self): def get(self):
""" """
Invoked on GET request. Invoked on GET request.
@ -70,6 +72,7 @@ class FileUploadHandler(tornado.web.RequestHandler):
path=path, path=path,
items=items) items=items)
@tornado.web.authenticated
def post(self): def post(self):
""" """
Invoked on POST request. Invoked on POST request.

View File

@ -22,6 +22,7 @@ JSON-RPC protocol over Websockets.
import zmq import zmq
import uuid import uuid
import tornado.websocket import tornado.websocket
from .auth_handler import GNS3WebSocketBaseHandler
from tornado.escape import json_decode from tornado.escape import json_decode
from ..jsonrpc import JSONRPCParseError from ..jsonrpc import JSONRPCParseError
from ..jsonrpc import JSONRPCInvalidRequest from ..jsonrpc import JSONRPCInvalidRequest
@ -33,7 +34,7 @@ import logging
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
class JSONRPCWebSocket(tornado.websocket.WebSocketHandler): class JSONRPCWebSocket(GNS3WebSocketBaseHandler):
""" """
STOMP protocol over Tornado Websockets with message STOMP protocol over Tornado Websockets with message
routing to ZeroMQ dealer clients. routing to ZeroMQ dealer clients.
@ -116,7 +117,15 @@ class JSONRPCWebSocket(tornado.websocket.WebSocketHandler):
""" """
log.info("Websocket client {} connected".format(self.session_id)) log.info("Websocket client {} connected".format(self.session_id))
authenticated_user = self.get_current_user()
if authenticated_user:
self.clients.add(self) self.clients.add(self)
log.info("Websocket authenticated user: %s" % (authenticated_user))
else:
self.close()
log.info("Websocket non-authenticated user attempt: %s" % (authenticated_user))
def on_message(self, message): def on_message(self, message):
""" """