Commit 8a17e7bb authored by CAMPION Sebastien's avatar CAMPION Sebastien

refactoring decorator for token request verification

parent db0d0a16
...@@ -33,24 +33,6 @@ log = logging.getLogger('allgo') ...@@ -33,24 +33,6 @@ log = logging.getLogger('allgo')
BUF_SIZE = 65536 BUF_SIZE = 65536
@csrf_exempt
def runner_dw(request, jobid, filename):
username, runner = get_token_cred(request)
if username != "$token" or not runner:
log.warning("Runner request $token user or a valid token")
return HttpResponse(status=401)
job = Job.objects.get(runner=runner, id=jobid)
if not job:
log.warning("No job found for id %s and runner %s", jobid, runner)
return HttpResponse(status=401)
datastore = os.environ.get("ALLGO_DATASTORE")
filepath = os.path.join(datastore, jobid, filename)
assert ".." not in filepath, "filepath unsecure"
return FileResponse(open(filepath, 'rb'))
def sha1file(filepath): def sha1file(filepath):
sha1 = hashlib.sha1() sha1 = hashlib.sha1()
with open(filepath, 'rb') as f: with open(filepath, 'rb') as f:
...@@ -61,18 +43,36 @@ def sha1file(filepath): ...@@ -61,18 +43,36 @@ def sha1file(filepath):
sha1.update(data) sha1.update(data)
return "sha1:%s" % sha1.hexdigest() return "sha1:%s" % sha1.hexdigest()
def check_token_and_jobid(func): # Check token decorator
def wrapper(*args, **kwargs):
request = args[0]
jobid = args[1]
username, runner = get_token_cred(request)
if username != "$token" or not runner:
log.error("Runner request $token user or a valid token")
return HttpResponse(status=401)
job = Job.objects.get(runner=runner, id=jobid)
if not job:
log.error("No job found for id %s and runner %s", jobid, runner)
return HttpResponse(status=401)
func(*args, **kwargs)
return wrapper
@check_token_and_jobid
@csrf_exempt @csrf_exempt
def runner_up(request, jobid, digest, nbofchunk, chunkid): def runner_dw(request, jobid, filename):
username, runner = get_token_cred(request) datastore = os.environ.get("ALLGO_DATASTORE")
if username != "$token" or not runner: filepath = os.path.join(datastore, jobid, filename)
log.warning("Runner request $token user or a valid token") assert ".." not in filepath, "filepath unsecure"
return HttpResponse(status=401) return FileResponse(open(filepath, 'rb'))
job = Job.objects.get(runner=runner, id=jobid)
if not job:
log.warning("No job found for id %s and runner %s", jobid, runner)
return HttpResponse(status=401)
@check_token_and_jobid
@csrf_exempt
def runner_up(request, jobid, digest, nbofchunk, chunkid):
datastore = os.environ.get("ALLGO_DATASTORE") datastore = os.environ.get("ALLGO_DATASTORE")
outputdir = os.path.join(datastore, jobid, ".%s" % digest) outputdir = os.path.join(datastore, jobid, ".%s" % digest)
if not os.path.exists(outputdir): if not os.path.exists(outputdir):
...@@ -82,16 +82,23 @@ def runner_up(request, jobid, digest, nbofchunk, chunkid): ...@@ -82,16 +82,23 @@ def runner_up(request, jobid, digest, nbofchunk, chunkid):
with open(filepath, 'wb') as fp: with open(filepath, 'wb') as fp:
fp.write(request.body) fp.write(request.body)
if int(nbofchunk) == len(os.listdir(outputdir)): # we receive all chunk if upload_is_finish(request, jobid, digest, nbofchunk, datastore, outputdir):
return JsonResponse({'status': 'success'}, status=200)
else:
return HttpResponse(status=200)
def upload_is_finish(request, jobid, digest, nbofchunk, datastore, outputdir):
if int(nbofchunk) == len(os.listdir(outputdir)): # we receive all chunk
username, runner = get_token_cred(request)
job = Job.objects.get(runner=runner, id=jobid)
tarfilepath = os.path.join(datastore, jobid, ".%s.tar" % digest) tarfilepath = os.path.join(datastore, jobid, ".%s.tar" % digest)
concatenate_chunks_in_onefiletar(outputdir, tarfilepath) concatenate_chunks_in_onefiletar(outputdir, tarfilepath)
if check_tar_digest_and_extract(datastore, digest, jobid, tarfilepath): if check_tar_digest_and_extract(datastore, digest, jobid, tarfilepath):
log.info("Results successfully uploaded for jobid %s", jobid) log.info("Results successfully uploaded for jobid %s", jobid)
job.state = 3 job.state = 3
job.save() job.save()
return JsonResponse({'status': 'success'}, status=200) return True
else:
return HttpResponse(status=200)
def check_tar_digest_and_extract(datastore, digest, jobid, tarfilepath): def check_tar_digest_and_extract(datastore, digest, jobid, tarfilepath):
...@@ -108,19 +115,13 @@ def concatenate_chunks_in_onefiletar(odir, tarfilepath): ...@@ -108,19 +115,13 @@ def concatenate_chunks_in_onefiletar(odir, tarfilepath):
fp.write(c.read()) fp.write(c.read())
@check_token_and_jobid
@csrf_exempt @csrf_exempt
def runner_log(request, jobid): def runner_log(request, jobid):
redis_host = getattr(settings, "ALLGO_DJANGO_REDIS_HOST") redis_host = getattr(settings, "ALLGO_DJANGO_REDIS_HOST")
r = redis.StrictRedis(host=redis_host, port=6379, db=0) r = redis.StrictRedis(host=redis_host, port=6379, db=0)
username, runner = get_token_cred(request) username, runner = get_token_cred(request)
if username != "$token" or not runner:
log.warning("Runner request $token user or a valid token")
return HttpResponse(status=401)
job = Job.objects.get(runner=runner, id=jobid) job = Job.objects.get(runner=runner, id=jobid)
if not job:
log.warning("No job found for id %s and runner %s", jobid, runner)
return HttpResponse(status=401)
job.state = 2 job.state = 2
job.save() job.save()
...@@ -136,7 +137,7 @@ def runner_log(request, jobid): ...@@ -136,7 +137,7 @@ def runner_log(request, jobid):
if c == b'\n': if c == b'\n':
k = "job:log:%s:%s" % (jobid, linenumber) k = "job:log:%s:%s" % (jobid, linenumber)
log.debug("redis %s %s", k, line) log.debug("redis %s %s", k, line)
r.setex(k, 60 * 60 * 24, line) # keep job log in cache 24 hours r.setex(k, 60 * 60 * 24, line) # keep job log in cache 24 hours
linenumber += 1 linenumber += 1
line = None line = None
else: else:
...@@ -173,6 +174,7 @@ def runner_jobs(runner): ...@@ -173,6 +174,7 @@ def runner_jobs(runner):
else: else:
return "" return ""
@csrf_exempt @csrf_exempt
def runner_cmd(request): def runner_cmd(request):
username, runner = get_token_cred(request) username, runner = get_token_cred(request)
...@@ -192,6 +194,7 @@ def get_allowed_actions(user, scope, actions): ...@@ -192,6 +194,7 @@ def get_allowed_actions(user, scope, actions):
if resource_type == "repository" and resource_name.rstrip('-incoming') in allgouser.getApp(): if resource_type == "repository" and resource_name.rstrip('-incoming') in allgouser.getApp():
return actions return actions
def update_webapp_metadata(repository, url): def update_webapp_metadata(repository, url):
log.info("New webapp version received %s %s", repository, url) log.info("New webapp version received %s %s", repository, url)
webapp = Webapp.objects.filter(name=repository)[0] webapp = Webapp.objects.filter(name=repository)[0]
...@@ -210,7 +213,8 @@ def notify_controler(): ...@@ -210,7 +213,8 @@ def notify_controler():
sock.close() sock.close()
log.info("Controller notified") log.info("Controller notified")
except Exception as e: except Exception as e:
log.error("Controller notification failed !!! %s", str(e )) log.error("Controller notification failed !!! %s", str(e))
def index(request): def index(request):
""" """
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment