Mercurial > kallithea
comparison rhodecode/controllers/api/__init__.py @ 3179:cd50d1b5f35b
merged with beta
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 21 Jan 2013 00:03:44 +0100 |
parents | 63e58ef80ef1 e1baadec6217 |
children | ffd45b185016 |
comparison
equal
deleted
inserted
replaced
3113:a0737406ce26 | 3179:cd50d1b5f35b |
---|---|
30 import types | 30 import types |
31 import urllib | 31 import urllib |
32 import traceback | 32 import traceback |
33 import time | 33 import time |
34 | 34 |
35 from rhodecode.lib.compat import izip_longest, json | |
36 | |
37 from paste.response import replace_header | 35 from paste.response import replace_header |
38 | |
39 from pylons.controllers import WSGIController | 36 from pylons.controllers import WSGIController |
40 | |
41 | 37 |
42 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | 38 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ |
43 HTTPBadRequest, HTTPError | 39 HTTPBadRequest, HTTPError |
44 | 40 |
45 from rhodecode.model.db import User | 41 from rhodecode.model.db import User |
42 from rhodecode.model import meta | |
43 from rhodecode.lib.compat import izip_longest, json | |
46 from rhodecode.lib.auth import AuthUser | 44 from rhodecode.lib.auth import AuthUser |
47 from rhodecode.lib.base import _get_ip_addr, _get_access_path | 45 from rhodecode.lib.base import _get_ip_addr, _get_access_path |
48 from rhodecode.lib.utils2 import safe_unicode | 46 from rhodecode.lib.utils2 import safe_unicode |
49 | 47 |
50 log = logging.getLogger('JSONRPC') | 48 log = logging.getLogger('JSONRPC') |
84 Sub-classes should catch their exceptions and raise JSONRPCError | 82 Sub-classes should catch their exceptions and raise JSONRPCError |
85 if they want to pass meaningful errors to the client. | 83 if they want to pass meaningful errors to the client. |
86 | 84 |
87 """ | 85 """ |
88 | 86 |
87 def _get_ip_addr(self, environ): | |
88 return _get_ip_addr(environ) | |
89 | |
89 def _get_method_args(self): | 90 def _get_method_args(self): |
90 """ | 91 """ |
91 Return `self._rpc_args` to dispatched controller method | 92 Return `self._rpc_args` to dispatched controller method |
92 chosen by __call__ | 93 chosen by __call__ |
93 """ | 94 """ |
97 """ | 98 """ |
98 Parse the request body as JSON, look up the method on the | 99 Parse the request body as JSON, look up the method on the |
99 controller and if it exists, dispatch to it. | 100 controller and if it exists, dispatch to it. |
100 """ | 101 """ |
101 start = time.time() | 102 start = time.time() |
103 ip_addr = self.ip_addr = self._get_ip_addr(environ) | |
102 self._req_id = None | 104 self._req_id = None |
103 if 'CONTENT_LENGTH' not in environ: | 105 if 'CONTENT_LENGTH' not in environ: |
104 log.debug("No Content-Length") | 106 log.debug("No Content-Length") |
105 return jsonrpc_error(retid=self._req_id, | 107 return jsonrpc_error(retid=self._req_id, |
106 message="No Content-Length in request") | 108 message="No Content-Length in request") |
128 try: | 130 try: |
129 self._req_api_key = json_body['api_key'] | 131 self._req_api_key = json_body['api_key'] |
130 self._req_id = json_body['id'] | 132 self._req_id = json_body['id'] |
131 self._req_method = json_body['method'] | 133 self._req_method = json_body['method'] |
132 self._request_params = json_body['args'] | 134 self._request_params = json_body['args'] |
135 if not isinstance(self._request_params, dict): | |
136 self._request_params = {} | |
137 | |
133 log.debug( | 138 log.debug( |
134 'method: %s, params: %s' % (self._req_method, | 139 'method: %s, params: %s' % (self._req_method, |
135 self._request_params) | 140 self._request_params) |
136 ) | 141 ) |
137 except KeyError, e: | 142 except KeyError, e: |
142 try: | 147 try: |
143 u = User.get_by_api_key(self._req_api_key) | 148 u = User.get_by_api_key(self._req_api_key) |
144 if u is None: | 149 if u is None: |
145 return jsonrpc_error(retid=self._req_id, | 150 return jsonrpc_error(retid=self._req_id, |
146 message='Invalid API KEY') | 151 message='Invalid API KEY') |
147 auth_u = AuthUser(u.user_id, self._req_api_key) | 152 |
153 #check if we are allowed to use this IP | |
154 auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) | |
155 if not auth_u.ip_allowed: | |
156 return jsonrpc_error(retid=self._req_id, | |
157 message='request from IP:%s not allowed' % (ip_addr)) | |
158 else: | |
159 log.info('Access for IP:%s allowed' % (ip_addr)) | |
160 | |
148 except Exception, e: | 161 except Exception, e: |
149 return jsonrpc_error(retid=self._req_id, | 162 return jsonrpc_error(retid=self._req_id, |
150 message='Invalid API KEY') | 163 message='Invalid API KEY') |
151 | 164 |
152 self._error = None | 165 self._error = None |
200 'Missing non optional `%s` arg in JSON DATA' % arg | 213 'Missing non optional `%s` arg in JSON DATA' % arg |
201 ) | 214 ) |
202 ) | 215 ) |
203 | 216 |
204 self._rpc_args = {USER_SESSION_ATTR: u} | 217 self._rpc_args = {USER_SESSION_ATTR: u} |
218 | |
205 self._rpc_args.update(self._request_params) | 219 self._rpc_args.update(self._request_params) |
206 | 220 |
207 self._rpc_args['action'] = self._req_method | 221 self._rpc_args['action'] = self._req_method |
208 self._rpc_args['environ'] = environ | 222 self._rpc_args['environ'] = environ |
209 self._rpc_args['start_response'] = start_response | 223 self._rpc_args['start_response'] = start_response |