]> git.ipfire.org Git - ipfire.org.git/blob - src/web/base.py
projects / ipfire.org.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove unused blacklist feature
[ipfire.org.git] / src / web / base.py
1 #!/usr/bin/python
2
3 import datetime
4 import dateutil.parser
5 import functools
6 import http.client
7 import ipaddress
8 import logging
9 import time
10 import tornado.locale
11 import tornado.web
12
13 from ..decorators import *
14 from .. import util
15
16 class ratelimit(object):
17 def __init__(self, minutes=15, requests=180):
18 self.minutes = minutes
19 self.requests = requests
20
21 def __call__(self, method):
22 @functools.wraps(method)
23 def wrapper(handler, *args, **kwargs):
24 # Pass the request to the rate limiter and get a request object
25 req = handler.backend.ratelimiter.handle_request(handler.request,
26 handler, minutes=self.minutes, limit=self.requests)
27
28 # If the rate limit has been reached, we won't allow
29 # processing the request and therefore send HTTP error code 429.
30 if req.is_ratelimited():
31 raise tornado.web.HTTPError(429, "Rate limit exceeded")
32
33 return method(handler, *args, **kwargs)
34
35 return wrapper
36
37
38 class BaseHandler(tornado.web.RequestHandler):
39 def set_expires(self, seconds):
40 # For HTTP/1.1
41 self.add_header("Cache-Control", "max-age=%s, must-revalidate" % seconds)
42
43 # For HTTP/1.0
44 expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=seconds)
45 self.add_header("Expires", expires)
46
47 def write_error(self, status_code, **kwargs):
48 # Translate code into message
49 try:
50 message = http.client.responses[status_code]
51 except KeyError:
52 message = None
53
54 self.render("error.html", status_code=status_code, message=message, **kwargs)
55
56 def xsrf_form_html(self, *args, **kwargs):
57 # Set Vary: Cookie header
58 self.add_header("Vary", "Cookie")
59
60 return super().xsrf_form_html(*args, **kwargs)
61
62 @property
63 def hostname(self):
64 # Remove the development prefix
65 return self.request.host.replace(".dev.", ".")
66
67 def get_template_namespace(self):
68 ns = tornado.web.RequestHandler.get_template_namespace(self)
69
70 now = datetime.date.today()
71
72 ns.update({
73 "backend" : self.backend,
74 "debug" : self.application.settings.get("debug", False),
75 "format_size" : util.format_size,
76 "format_time" : util.format_time,
77 "hostname" : self.hostname,
78 "now" : now,
79 "year" : now.year,
80 })
81
82 return ns
83
84 def get_remote_ip(self):
85 # Fix for clients behind a proxy that sends "X-Forwarded-For".
86 remote_ips = self.request.remote_ip.split(", ")
87
88 for remote_ip in remote_ips:
89 try:
90 addr = ipaddress.ip_address(remote_ip)
91 except ValueError:
92 # Skip invalid IP addresses.
93 continue
94
95 # Check if the given IP address is from a
96 # private network.
97 if addr.is_private:
98 continue
99
100 return remote_ip
101
102 # Return the last IP if nothing else worked
103 return remote_ips.pop()
104
105 @lazy_property
106 def current_address(self):
107 address = self.get_remote_ip()
108
109 if address:
110 return util.Address(self.backend, address)
111
112 @lazy_property
113 def current_country_code(self):
114 if self.current_address:
115 return self.current_address.country_code
116
117 def get_argument_int(self, *args, **kwargs):
118 arg = self.get_argument(*args, **kwargs)
119
120 if arg is None or arg == "":
121 return
122
123 try:
124 return int(arg)
125 except ValueError:
126 raise tornado.web.HTTPError(400, "Could not convert integer: %s" % arg)
127
128 def get_argument_float(self, *args, **kwargs):
129 arg = self.get_argument(*args, **kwargs)
130
131 if arg is None or arg == "":
132 return
133
134 try:
135 return float(arg)
136 except ValueError:
137 raise tornado.web.HTTPError(400, "Could not convert float: %s" % arg)
138
139 def get_argument_date(self, arg, *args, **kwargs):
140 value = self.get_argument(arg, *args, **kwargs)
141 if value is None:
142 return
143
144 try:
145 return dateutil.parser.parse(value)
146 except ValueError:
147 raise tornado.web.HTTPError(400)
148
149 def get_file(self, name):
150 try:
151 file = self.request.files[name][0]
152
153 return file["filename"], file["body"], file["content_type"]
154 except KeyError:
155 return None
156
157 # Login stuff
158
159 def get_current_user(self):
160 session_id = self.get_cookie("session_id")
161 if not session_id:
162 return
163
164 # Get account from the session object
165 account = self.backend.accounts.get_by_session(session_id, self.request.host)
166
167 # If the account was not found or the session was not valid
168 # any more, we will remove the cookie.
169 if not account:
170 self.clear_cookie("session_id")
171
172 return account
173
174 @property
175 def backend(self):
176 return self.application.backend
177
178 @property
179 def db(self):
180 return self.backend.db
181
182 @property
183 def accounts(self):
184 return self.backend.accounts
185
186 @property
187 def downloads(self):
188 return self.backend.downloads
189
190 @property
191 def fireinfo(self):
192 return self.backend.fireinfo
193
194 @property
195 def iuse(self):
196 return self.backend.iuse
197
198 @property
199 def memcached(self):
200 return self.backend.memcache
201
202 @property
203 def mirrors(self):
204 return self.backend.mirrors
205
206 @property
207 def netboot(self):
208 return self.backend.netboot
209
210 @property
211 def releases(self):
212 return self.backend.releases
213
214 @property
215 def talk(self):
216 return self.backend.talk
217
218
219 class APIHandler(BaseHandler):
220 def check_xsrf_cookie(self):
221 """
222 Do nothing here, because we cannot verify the XSRF token
223 """
224 pass
225
226
227 class NotFoundHandler(BaseHandler):
228 def prepare(self):
229 # Raises 404 as soon as it is called
230 raise tornado.web.HTTPError(404)
231
232
233 class ErrorHandler(BaseHandler):
234 """
235 Raises any error we want
236 """
237 def get(self, code):
238 try:
239 code = int(code)
240 except:
241 raise tornado.web.HTTPError(400)
242
243 raise tornado.web.HTTPError(code)
The website of ipfire.org.