api.py
80 lines
| 3.0 KiB
| text/x-python
|
PythonLexer
r2 | # -*- coding: utf-8 -*- | |||
r112 | # Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors | |||
r2 | # | |||
r112 | # Licensed under the Apache License, Version 2.0 (the "License"); | |||
# you may not use this file except in compliance with the License. | ||||
# You may obtain a copy of the License at | ||||
r2 | # | |||
r112 | # http://www.apache.org/licenses/LICENSE-2.0 | |||
r2 | # | |||
r112 | # Unless required by applicable law or agreed to in writing, software | |||
# distributed under the License is distributed on an "AS IS" BASIS, | ||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
# See the License for the specific language governing permissions and | ||||
# limitations under the License. | ||||
r2 | ||||
import datetime | ||||
import logging | ||||
from pyramid.httpexceptions import HTTPForbidden, HTTPTooManyRequests | ||||
from appenlight.models.services.config import ConfigService | ||||
from appenlight.lib.redis_keys import REDIS_KEYS | ||||
log = logging.getLogger(__name__) | ||||
def rate_limiting(request, resource, section, to_increment=1): | ||||
tsample = datetime.datetime.utcnow().replace(second=0, microsecond=0) | ||||
r153 | key = REDIS_KEYS["rate_limits"][section].format(tsample, resource.resource_id) | |||
r87 | redis_pipeline = request.registry.redis_conn.pipeline() | |||
redis_pipeline.incr(key, to_increment) | ||||
redis_pipeline.expire(key, 3600 * 24) | ||||
results = redis_pipeline.execute() | ||||
current_count = results[0] | ||||
r153 | config = ConfigService.by_key_and_section(section, "global") | |||
r2 | limit = config.value if config else 1000 | |||
if current_count > int(limit): | ||||
r153 | log.info("RATE LIMITING: {}: {}, {}".format(section, resource, current_count)) | |||
abort_msg = "Rate limits are in effect for this application" | ||||
raise HTTPTooManyRequests(abort_msg, headers={"X-AppEnlight": abort_msg}) | ||||
r2 | ||||
def check_cors(request, application, should_return=True): | ||||
""" | ||||
Performs a check and validation if request comes from authorized domain for | ||||
application, otherwise return 403 | ||||
""" | ||||
origin_found = False | ||||
r153 | origin = request.headers.get("Origin") | |||
r2 | if should_return: | |||
r153 | log.info("CORS for %s" % origin) | |||
r2 | if not origin: | |||
return False | ||||
r153 | for domain in application.domains.split("\n"): | |||
r2 | if domain in origin: | |||
origin_found = True | ||||
if origin_found: | ||||
r153 | request.response.headers.add("Access-Control-Allow-Origin", origin) | |||
request.response.headers.add("XDomainRequestAllowed", "1") | ||||
request.response.headers.add( | ||||
"Access-Control-Allow-Methods", "GET, POST, OPTIONS" | ||||
) | ||||
request.response.headers.add( | ||||
"Access-Control-Allow-Headers", | ||||
"Accept-Encoding, Accept-Language, " | ||||
"Content-Type, " | ||||
"Depth, User-Agent, X-File-Size, " | ||||
"X-Requested-With, If-Modified-Since, " | ||||
"X-File-Name, " | ||||
"Cache-Control, Host, Pragma, Accept, " | ||||
"Origin, Connection, " | ||||
"Referer, Cookie, " | ||||
"X-appenlight-public-api-key, " | ||||
"x-appenlight-public-api-key", | ||||
) | ||||
request.response.headers.add("Access-Control-Max-Age", "86400") | ||||
r2 | return request.response | |||
else: | ||||
return HTTPForbidden() | ||||