Commit 4902eaff authored by CAMPION Sebastien's avatar CAMPION Sebastien
Browse files

Enable location /datastore in order to download file with nginx

authorization is done by django route /auth if user is logged or by token
parent a7e6a347
......@@ -70,4 +70,7 @@ urlpatterns = [
url(r'^runners/add/$', views.RunnerCreate.as_view(), name='runner_create'),
url(r'^runners/(?P<pk>\d+)/update/$', views.RunnerUpdate.as_view(), name='runner_update'),
url(r'^runners/(?P<pk>\d+)/delete/$', views.RunnerDelete.as_view(), name='runner_delete'),
url(r'^auth$', views.auth, name="auth"),
]
......@@ -24,6 +24,7 @@ from django.contrib.auth.forms import PasswordChangeForm
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.models import User
from django.contrib.messages.views import SuccessMessageMixin
from django.core.exceptions import ObjectDoesNotExist
from django.core.urlresolvers import reverse
from django.http import HttpResponse, JsonResponse
from django.shortcuts import render, get_object_or_404
......@@ -833,3 +834,32 @@ class RunnerDelete(SuccessMessageMixin, LoginRequiredMixin, DeleteView):
success_message = 'Runner successfully deleted.'
success_url = reverse_lazy('main:runner_list')
template_name = 'runner_delete.html'
@csrf_exempt
def auth(request):
"""
nginx route /datastore/jobid/filename ask an authorization here with auth_request module
we must play with two kind of auth, with django and by token
:param request:
:return:
"""
params = request.META['HTTP_X_ORIGINAL_URI'].split('/')
log.debug("Auth request for params %s", params)
try:
job = Job.objects.get(id=int(params[2]))
except ObjectDoesNotExist:
return HttpResponse(status=404)
if request.user and request.user.is_authenticated(): # django authentification
user = request.user
elif request.META.get('HTTP_AUTHORIZATION', ''): # token authentification
_, credentials = request.META.get('HTTP_AUTHORIZATION', '').split(' ')
_, token = credentials.split('=')
user = AllgoUser.objects.get(token=token)
if job.user.id == user.id:
return HttpResponse(status=200)
else:
HttpResponse(json.dumps({"error": "Unauthorized"}), status=500)
......@@ -38,6 +38,22 @@ server
proxy_buffering off;
}
location ~ /datastore/([0-9]+)/(.*)$ {
autoindex on;
auth_request /auth;
auth_request_set $auth_status $upstream_status;
root /vol/rw/;
}
location = /auth {
internal;
proxy_pass http://django/auth;
proxy_redirect off;
proxy_set_header X-Original-URI $request_uri;
}
# allgo endpoints
# - static files served directly by nginx
# - other requests forwarded to the django server
......@@ -63,4 +79,6 @@ server
# X-Forwarded-* headers), do not remove it !
proxy_set_header X-Origin "nginx";
}
}
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment