Mercurial > kallithea
comparison rhodecode/controllers/api/__init__.py @ 3179:cd50d1b5f35b
merged with beta
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Mon, 21 Jan 2013 00:03:44 +0100 |
| parents | 63e58ef80ef1 e1baadec6217 |
| children | ffd45b185016 |
comparison
equal
deleted
inserted
replaced
| 3113:a0737406ce26 | 3179:cd50d1b5f35b |
|---|---|
| 30 import types | 30 import types |
| 31 import urllib | 31 import urllib |
| 32 import traceback | 32 import traceback |
| 33 import time | 33 import time |
| 34 | 34 |
| 35 from rhodecode.lib.compat import izip_longest, json | |
| 36 | |
| 37 from paste.response import replace_header | 35 from paste.response import replace_header |
| 38 | |
| 39 from pylons.controllers import WSGIController | 36 from pylons.controllers import WSGIController |
| 40 | |
| 41 | 37 |
| 42 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ | 38 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ |
| 43 HTTPBadRequest, HTTPError | 39 HTTPBadRequest, HTTPError |
| 44 | 40 |
| 45 from rhodecode.model.db import User | 41 from rhodecode.model.db import User |
| 42 from rhodecode.model import meta | |
| 43 from rhodecode.lib.compat import izip_longest, json | |
| 46 from rhodecode.lib.auth import AuthUser | 44 from rhodecode.lib.auth import AuthUser |
| 47 from rhodecode.lib.base import _get_ip_addr, _get_access_path | 45 from rhodecode.lib.base import _get_ip_addr, _get_access_path |
| 48 from rhodecode.lib.utils2 import safe_unicode | 46 from rhodecode.lib.utils2 import safe_unicode |
| 49 | 47 |
| 50 log = logging.getLogger('JSONRPC') | 48 log = logging.getLogger('JSONRPC') |
| 84 Sub-classes should catch their exceptions and raise JSONRPCError | 82 Sub-classes should catch their exceptions and raise JSONRPCError |
| 85 if they want to pass meaningful errors to the client. | 83 if they want to pass meaningful errors to the client. |
| 86 | 84 |
| 87 """ | 85 """ |
| 88 | 86 |
| 87 def _get_ip_addr(self, environ): | |
| 88 return _get_ip_addr(environ) | |
| 89 | |
| 89 def _get_method_args(self): | 90 def _get_method_args(self): |
| 90 """ | 91 """ |
| 91 Return `self._rpc_args` to dispatched controller method | 92 Return `self._rpc_args` to dispatched controller method |
| 92 chosen by __call__ | 93 chosen by __call__ |
| 93 """ | 94 """ |
| 97 """ | 98 """ |
| 98 Parse the request body as JSON, look up the method on the | 99 Parse the request body as JSON, look up the method on the |
| 99 controller and if it exists, dispatch to it. | 100 controller and if it exists, dispatch to it. |
| 100 """ | 101 """ |
| 101 start = time.time() | 102 start = time.time() |
| 103 ip_addr = self.ip_addr = self._get_ip_addr(environ) | |
| 102 self._req_id = None | 104 self._req_id = None |
| 103 if 'CONTENT_LENGTH' not in environ: | 105 if 'CONTENT_LENGTH' not in environ: |
| 104 log.debug("No Content-Length") | 106 log.debug("No Content-Length") |
| 105 return jsonrpc_error(retid=self._req_id, | 107 return jsonrpc_error(retid=self._req_id, |
| 106 message="No Content-Length in request") | 108 message="No Content-Length in request") |
| 128 try: | 130 try: |
| 129 self._req_api_key = json_body['api_key'] | 131 self._req_api_key = json_body['api_key'] |
| 130 self._req_id = json_body['id'] | 132 self._req_id = json_body['id'] |
| 131 self._req_method = json_body['method'] | 133 self._req_method = json_body['method'] |
| 132 self._request_params = json_body['args'] | 134 self._request_params = json_body['args'] |
| 135 if not isinstance(self._request_params, dict): | |
| 136 self._request_params = {} | |
| 137 | |
| 133 log.debug( | 138 log.debug( |
| 134 'method: %s, params: %s' % (self._req_method, | 139 'method: %s, params: %s' % (self._req_method, |
| 135 self._request_params) | 140 self._request_params) |
| 136 ) | 141 ) |
| 137 except KeyError, e: | 142 except KeyError, e: |
| 142 try: | 147 try: |
| 143 u = User.get_by_api_key(self._req_api_key) | 148 u = User.get_by_api_key(self._req_api_key) |
| 144 if u is None: | 149 if u is None: |
| 145 return jsonrpc_error(retid=self._req_id, | 150 return jsonrpc_error(retid=self._req_id, |
| 146 message='Invalid API KEY') | 151 message='Invalid API KEY') |
| 147 auth_u = AuthUser(u.user_id, self._req_api_key) | 152 |
| 153 #check if we are allowed to use this IP | |
| 154 auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) | |
| 155 if not auth_u.ip_allowed: | |
| 156 return jsonrpc_error(retid=self._req_id, | |
| 157 message='request from IP:%s not allowed' % (ip_addr)) | |
| 158 else: | |
| 159 log.info('Access for IP:%s allowed' % (ip_addr)) | |
| 160 | |
| 148 except Exception, e: | 161 except Exception, e: |
| 149 return jsonrpc_error(retid=self._req_id, | 162 return jsonrpc_error(retid=self._req_id, |
| 150 message='Invalid API KEY') | 163 message='Invalid API KEY') |
| 151 | 164 |
| 152 self._error = None | 165 self._error = None |
| 200 'Missing non optional `%s` arg in JSON DATA' % arg | 213 'Missing non optional `%s` arg in JSON DATA' % arg |
| 201 ) | 214 ) |
| 202 ) | 215 ) |
| 203 | 216 |
| 204 self._rpc_args = {USER_SESSION_ATTR: u} | 217 self._rpc_args = {USER_SESSION_ATTR: u} |
| 218 | |
| 205 self._rpc_args.update(self._request_params) | 219 self._rpc_args.update(self._request_params) |
| 206 | 220 |
| 207 self._rpc_args['action'] = self._req_method | 221 self._rpc_args['action'] = self._req_method |
| 208 self._rpc_args['environ'] = environ | 222 self._rpc_args['environ'] = environ |
| 209 self._rpc_args['start_response'] = start_response | 223 self._rpc_args['start_response'] = start_response |