mirror of
https://github.com/GNS3/gns3-server.git
synced 2025-01-18 15:33:49 +02:00
HTTP auth added to file_upload and jsonrpc
This commit is contained in:
parent
e2f3d2aca8
commit
b84dda3c8e
@ -22,6 +22,7 @@ Simple file upload & listing handler.
|
|||||||
|
|
||||||
import os
|
import os
|
||||||
import tornado.web
|
import tornado.web
|
||||||
|
import tornado.websocket
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
@ -35,6 +36,16 @@ class GNS3BaseHandler(tornado.web.RequestHandler):
|
|||||||
if self.settings['required_user'] == user.decode("utf-8"):
|
if self.settings['required_user'] == user.decode("utf-8"):
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
class GNS3WebSocketBaseHandler(tornado.websocket.WebSocketHandler):
|
||||||
|
def get_current_user(self):
|
||||||
|
user = self.get_secure_cookie("user")
|
||||||
|
if not user:
|
||||||
|
return None
|
||||||
|
|
||||||
|
if self.settings['required_user'] == user.decode("utf-8"):
|
||||||
|
return user
|
||||||
|
|
||||||
|
|
||||||
class LoginHandler(tornado.web.RequestHandler):
|
class LoginHandler(tornado.web.RequestHandler):
|
||||||
def get(self):
|
def get(self):
|
||||||
self.write('<html><body><form action="/login" method="post">'
|
self.write('<html><body><form action="/login" method="post">'
|
||||||
|
@ -23,6 +23,7 @@ Simple file upload & listing handler.
|
|||||||
import os
|
import os
|
||||||
import stat
|
import stat
|
||||||
import tornado.web
|
import tornado.web
|
||||||
|
from .auth_handler import GNS3BaseHandler
|
||||||
from ..version import __version__
|
from ..version import __version__
|
||||||
from ..config import Config
|
from ..config import Config
|
||||||
|
|
||||||
@ -30,7 +31,7 @@ import logging
|
|||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class FileUploadHandler(tornado.web.RequestHandler):
|
class FileUploadHandler(GNS3BaseHandler):
|
||||||
"""
|
"""
|
||||||
File upload handler.
|
File upload handler.
|
||||||
|
|
||||||
@ -54,6 +55,7 @@ class FileUploadHandler(tornado.web.RequestHandler):
|
|||||||
except OSError as e:
|
except OSError as e:
|
||||||
log.error("could not create the upload directory {}: {}".format(self._upload_dir, e))
|
log.error("could not create the upload directory {}: {}".format(self._upload_dir, e))
|
||||||
|
|
||||||
|
@tornado.web.authenticated
|
||||||
def get(self):
|
def get(self):
|
||||||
"""
|
"""
|
||||||
Invoked on GET request.
|
Invoked on GET request.
|
||||||
@ -70,6 +72,7 @@ class FileUploadHandler(tornado.web.RequestHandler):
|
|||||||
path=path,
|
path=path,
|
||||||
items=items)
|
items=items)
|
||||||
|
|
||||||
|
@tornado.web.authenticated
|
||||||
def post(self):
|
def post(self):
|
||||||
"""
|
"""
|
||||||
Invoked on POST request.
|
Invoked on POST request.
|
||||||
|
@ -22,6 +22,7 @@ JSON-RPC protocol over Websockets.
|
|||||||
import zmq
|
import zmq
|
||||||
import uuid
|
import uuid
|
||||||
import tornado.websocket
|
import tornado.websocket
|
||||||
|
from .auth_handler import GNS3WebSocketBaseHandler
|
||||||
from tornado.escape import json_decode
|
from tornado.escape import json_decode
|
||||||
from ..jsonrpc import JSONRPCParseError
|
from ..jsonrpc import JSONRPCParseError
|
||||||
from ..jsonrpc import JSONRPCInvalidRequest
|
from ..jsonrpc import JSONRPCInvalidRequest
|
||||||
@ -33,7 +34,7 @@ import logging
|
|||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class JSONRPCWebSocket(tornado.websocket.WebSocketHandler):
|
class JSONRPCWebSocket(GNS3WebSocketBaseHandler):
|
||||||
"""
|
"""
|
||||||
STOMP protocol over Tornado Websockets with message
|
STOMP protocol over Tornado Websockets with message
|
||||||
routing to ZeroMQ dealer clients.
|
routing to ZeroMQ dealer clients.
|
||||||
@ -116,7 +117,15 @@ class JSONRPCWebSocket(tornado.websocket.WebSocketHandler):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
log.info("Websocket client {} connected".format(self.session_id))
|
log.info("Websocket client {} connected".format(self.session_id))
|
||||||
|
|
||||||
|
authenticated_user = self.get_current_user()
|
||||||
|
|
||||||
|
if authenticated_user:
|
||||||
self.clients.add(self)
|
self.clients.add(self)
|
||||||
|
log.info("Websocket authenticated user: %s" % (authenticated_user))
|
||||||
|
else:
|
||||||
|
self.close()
|
||||||
|
log.info("Websocket non-authenticated user attempt: %s" % (authenticated_user))
|
||||||
|
|
||||||
def on_message(self, message):
|
def on_message(self, message):
|
||||||
"""
|
"""
|
||||||
|
Loading…
Reference in New Issue
Block a user