from ..decorators import *
from .. import util
-def blacklisted(method):
- @tornado.gen.coroutine
- @functools.wraps(method)
- def wrapper(self, *args, **kwargs):
- # Check if remote is blacklisted
- is_blacklisted = yield self.remote.is_blacklisted()
-
- # If so, redirect to the blocked page
- if is_blacklisted:
- logging.warning("%s is blacklisted" % self.remote)
-
- return self.redirect("https://www.ipfire.org/blocked")
-
- return method(self, *args, **kwargs)
-
- return wrapper
-
class ratelimit(object):
def __init__(self, minutes=15, requests=180):
self.minutes = minutes
class BaseHandler(tornado.web.RequestHandler):
+ def prepare(self):
+ # Mark this as private when someone is logged in
+ if self.current_user:
+ self.set_header("Cache-Control", "private")
+
+ # Always send Vary: Cookie
+ self.set_header("Vary", "Cookie")
+
def set_expires(self, seconds):
# For HTTP/1.1
self.add_header("Cache-Control", "max-age=%s, must-revalidate" % seconds)
# For HTTP/1.0
expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=seconds)
- self.add_header("Expires", expires)
+ self.set_header("Expires", expires)
def write_error(self, status_code, **kwargs):
# Translate code into message
self.render("error.html", status_code=status_code, message=message, **kwargs)
- def xsrf_form_html(self, *args, **kwargs):
- # Set Vary: Cookie header
- self.add_header("Vary", "Cookie")
-
- return super().xsrf_form_html(*args, **kwargs)
-
@property
def hostname(self):
+ # Return hostname in production
+ if self.request.host.endswith("ipfire.org"):
+ return self.request.host
+
# Remove the development prefix
- return self.request.host.replace(".dev.", ".")
+ subdomain, delimier, domain = self.request.host.partition(".")
+ if subdomain:
+ return "%s.ipfire.org" % subdomain
+
+ # Return whatever it is
+ return self.request.host
def get_template_namespace(self):
ns = tornado.web.RequestHandler.get_template_namespace(self)
return remote_ips.pop()
@lazy_property
- def remote(self):
+ def current_address(self):
address = self.get_remote_ip()
if address:
- return self.backend.geoip.lookup(address)
+ return util.Address(self.backend, address)
@lazy_property
def current_country_code(self):
- remote_ip = self.get_remote_ip()
-
- if remote_ip:
- return self.backend.geoip.get_country(remote_ip)
-
- def get_remote_location(self):
- if not hasattr(self, "__remote_location"):
- remote_ip = self.get_remote_ip()
-
- self.__remote_location = self.geoip.get_location(remote_ip)
-
- return self.__remote_location
+ if self.current_address:
+ return self.current_address.country_code
def get_argument_int(self, *args, **kwargs):
arg = self.get_argument(*args, **kwargs)
def releases(self):
return self.backend.releases
- @property
- def geoip(self):
- return self.backend.geoip
-
- @property
- def talk(self):
- return self.backend.talk
-
class APIHandler(BaseHandler):
def check_xsrf_cookie(self):
raise tornado.web.HTTPError(400)
raise tornado.web.HTTPError(code)
-
-
-class BlockedHandler(BaseHandler):
- def get(self):
- # 403 - Forbidden
- self.set_status(403)
-
- self.render("static/blocked.html", address=self.get_remote_ip())