##// END OF EJS Templates
Performing check only on open.
Kyle Kelley -
Show More
@@ -1,145 +1,138
1 """Tornado handlers for WebSocket <-> ZMQ sockets.
1 """Tornado handlers for WebSocket <-> ZMQ sockets.
2
2
3 Authors:
3 Authors:
4
4
5 * Brian Granger
5 * Brian Granger
6 """
6 """
7
7
8 #-----------------------------------------------------------------------------
8 #-----------------------------------------------------------------------------
9 # Copyright (C) 2008-2011 The IPython Development Team
9 # Copyright (C) 2008-2011 The IPython Development Team
10 #
10 #
11 # Distributed under the terms of the BSD License. The full license is in
11 # Distributed under the terms of the BSD License. The full license is in
12 # the file COPYING, distributed as part of this software.
12 # the file COPYING, distributed as part of this software.
13 #-----------------------------------------------------------------------------
13 #-----------------------------------------------------------------------------
14
14
15 #-----------------------------------------------------------------------------
15 #-----------------------------------------------------------------------------
16 # Imports
16 # Imports
17 #-----------------------------------------------------------------------------
17 #-----------------------------------------------------------------------------
18
18
19 try:
19 try:
20 from urllib.parse import urlparse # Py 3
20 from urllib.parse import urlparse # Py 3
21 except ImportError:
21 except ImportError:
22 from urlparse import urlparse # Py 2
22 from urlparse import urlparse # Py 2
23
23
24 try:
24 try:
25 from http.cookies import SimpleCookie # Py 3
25 from http.cookies import SimpleCookie # Py 3
26 except ImportError:
26 except ImportError:
27 from Cookie import SimpleCookie # Py 2
27 from Cookie import SimpleCookie # Py 2
28 import logging
28 import logging
29 from tornado import web
29 from tornado import web
30 from tornado import websocket
30 from tornado import websocket
31
31
32 from zmq.utils import jsonapi
32 from zmq.utils import jsonapi
33
33
34 from IPython.kernel.zmq.session import Session
34 from IPython.kernel.zmq.session import Session
35 from IPython.utils.jsonutil import date_default
35 from IPython.utils.jsonutil import date_default
36 from IPython.utils.py3compat import PY3, cast_unicode
36 from IPython.utils.py3compat import PY3, cast_unicode
37
37
38 from .handlers import IPythonHandler
38 from .handlers import IPythonHandler
39
39
40 #-----------------------------------------------------------------------------
40 #-----------------------------------------------------------------------------
41 # ZMQ handlers
41 # ZMQ handlers
42 #-----------------------------------------------------------------------------
42 #-----------------------------------------------------------------------------
43
43
44 class ZMQStreamHandler(websocket.WebSocketHandler):
44 class ZMQStreamHandler(websocket.WebSocketHandler):
45
45
46 def check_origin(self):
46 def is_cross_origin(self):
47 """Check origin from headers."""
47 """Check to see that origin and host match in the headers."""
48 origin_header = self.request.headers["Origin"]
48 origin_header = self.request.headers.get("Origin")
49 host = self.request.headers["Host"]
49 host = self.request.headers.get("Host")
50
50
51 parsed_origin = urlparse(origin_header)
51 parsed_origin = urlparse(origin_header)
52 origin = parsed_origin.netloc
52 origin = parsed_origin.netloc
53
53
54 # Check to see that origin matches host directly, including ports
54 # Check to see that origin matches host directly, including ports
55 if origin != host:
55 return origin != host
56 self.log.warn("Cross Origin WebSocket Attempt.")
57 raise web.HTTPError(404)
58
59
60 def _execute(self, *args, **kwargs):
61 """Wrap all calls to make sure origin gets checked."""
62
63 # Check to see that origin matches host directly, including ports
64 self.check_origin()
65
66 # Pass on the rest of the handling by the WebSocketHandler
67 super(ZMQStreamHandler, self)._execute(*args, **kwargs)
68
56
69 def clear_cookie(self, *args, **kwargs):
57 def clear_cookie(self, *args, **kwargs):
70 """meaningless for websockets"""
58 """meaningless for websockets"""
71 pass
59 pass
72
60
73 def _reserialize_reply(self, msg_list):
61 def _reserialize_reply(self, msg_list):
74 """Reserialize a reply message using JSON.
62 """Reserialize a reply message using JSON.
75
63
76 This takes the msg list from the ZMQ socket, unserializes it using
64 This takes the msg list from the ZMQ socket, unserializes it using
77 self.session and then serializes the result using JSON. This method
65 self.session and then serializes the result using JSON. This method
78 should be used by self._on_zmq_reply to build messages that can
66 should be used by self._on_zmq_reply to build messages that can
79 be sent back to the browser.
67 be sent back to the browser.
80 """
68 """
81 idents, msg_list = self.session.feed_identities(msg_list)
69 idents, msg_list = self.session.feed_identities(msg_list)
82 msg = self.session.unserialize(msg_list)
70 msg = self.session.unserialize(msg_list)
83 try:
71 try:
84 msg['header'].pop('date')
72 msg['header'].pop('date')
85 except KeyError:
73 except KeyError:
86 pass
74 pass
87 try:
75 try:
88 msg['parent_header'].pop('date')
76 msg['parent_header'].pop('date')
89 except KeyError:
77 except KeyError:
90 pass
78 pass
91 msg.pop('buffers')
79 msg.pop('buffers')
92 return jsonapi.dumps(msg, default=date_default)
80 return jsonapi.dumps(msg, default=date_default)
93
81
94 def _on_zmq_reply(self, msg_list):
82 def _on_zmq_reply(self, msg_list):
95 # Sometimes this gets triggered when the on_close method is scheduled in the
83 # Sometimes this gets triggered when the on_close method is scheduled in the
96 # eventloop but hasn't been called.
84 # eventloop but hasn't been called.
97 if self.stream.closed(): return
85 if self.stream.closed(): return
98 try:
86 try:
99 msg = self._reserialize_reply(msg_list)
87 msg = self._reserialize_reply(msg_list)
100 except Exception:
88 except Exception:
101 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
89 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
102 else:
90 else:
103 self.write_message(msg)
91 self.write_message(msg)
104
92
105 def allow_draft76(self):
93 def allow_draft76(self):
106 """Allow draft 76, until browsers such as Safari update to RFC 6455.
94 """Allow draft 76, until browsers such as Safari update to RFC 6455.
107
95
108 This has been disabled by default in tornado in release 2.2.0, and
96 This has been disabled by default in tornado in release 2.2.0, and
109 support will be removed in later versions.
97 support will be removed in later versions.
110 """
98 """
111 return True
99 return True
112
100
113
101
114 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
102 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
115
103
116 def open(self, kernel_id):
104 def open(self, kernel_id):
105 # Check to see that origin matches host directly, including ports
106 if self.is_cross_origin():
107 self.log.warn("Cross Origin WebSocket Attempt.")
108 raise web.HTTPError(404)
109
117 self.kernel_id = cast_unicode(kernel_id, 'ascii')
110 self.kernel_id = cast_unicode(kernel_id, 'ascii')
118 self.session = Session(config=self.config)
111 self.session = Session(config=self.config)
119 self.save_on_message = self.on_message
112 self.save_on_message = self.on_message
120 self.on_message = self.on_first_message
113 self.on_message = self.on_first_message
121
114
122 def _inject_cookie_message(self, msg):
115 def _inject_cookie_message(self, msg):
123 """Inject the first message, which is the document cookie,
116 """Inject the first message, which is the document cookie,
124 for authentication."""
117 for authentication."""
125 if not PY3 and isinstance(msg, unicode):
118 if not PY3 and isinstance(msg, unicode):
126 # Cookie constructor doesn't accept unicode strings
119 # Cookie constructor doesn't accept unicode strings
127 # under Python 2.x for some reason
120 # under Python 2.x for some reason
128 msg = msg.encode('utf8', 'replace')
121 msg = msg.encode('utf8', 'replace')
129 try:
122 try:
130 identity, msg = msg.split(':', 1)
123 identity, msg = msg.split(':', 1)
131 self.session.session = cast_unicode(identity, 'ascii')
124 self.session.session = cast_unicode(identity, 'ascii')
132 except Exception:
125 except Exception:
133 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
126 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
134
127
135 try:
128 try:
136 self.request._cookies = SimpleCookie(msg)
129 self.request._cookies = SimpleCookie(msg)
137 except:
130 except:
138 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
131 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
139
132
140 def on_first_message(self, msg):
133 def on_first_message(self, msg):
141 self._inject_cookie_message(msg)
134 self._inject_cookie_message(msg)
142 if self.get_current_user() is None:
135 if self.get_current_user() is None:
143 self.log.warn("Couldn't authenticate WebSocket connection")
136 self.log.warn("Couldn't authenticate WebSocket connection")
144 raise web.HTTPError(403)
137 raise web.HTTPError(403)
145 self.on_message = self.save_on_message
138 self.on_message = self.save_on_message
General Comments 0
You need to be logged in to leave comments. Login now