From c635db1af381e40e150367d8f52e51461b3b2e1a Mon Sep 17 00:00:00 2001
From: deflax <daniel@deflax.net>
Date: Sat, 9 Apr 2016 04:10:07 +0300
Subject: [PATCH] apikey check rewrite

---
 clientsdb.py  |  3 +-
 proxmaster.py | 88 ++++++++++++++++++++++++---------------------------
 2 files changed, 42 insertions(+), 49 deletions(-)

diff --git a/clientsdb.py b/clientsdb.py
index 16dac5b..2dfdfe1 100644
--- a/clientsdb.py
+++ b/clientsdb.py
@@ -76,7 +76,6 @@ def validate(clientemail, password):
         c_id = str(path[0])
         #ioconfig.logger.info('client[{}]> path={}'.format(c_id, str(path)))
     except:
-        raise
         ioconfig.logger.warning('clients> {} was not found in the database!'.format(clientemail))
         #log bad ips here...
         return False
@@ -93,7 +92,7 @@ def validate(clientemail, password):
         #3. generate vmlist to return the owned ids to the client.
         return clientvms(clientsdb[c_id])
     else:
-        ioconfig.logger.warning('clients> {} ACCESS DENIED!'.format(clientemail))
+        ioconfig.logger.warning('clients> {} access denied!'.format(clientemail))
         #cant compare password
         #TODO: Log attempts and block.
         return {} 
diff --git a/proxmaster.py b/proxmaster.py
index eb473c7..cbf8a0e 100644
--- a/proxmaster.py
+++ b/proxmaster.py
@@ -86,60 +86,47 @@ def max_body(limit):
     return hook
 
 
-def apicheck(params):
-    """ compares request params for api key with the config file"""
-    try:
-        if params['apipass'] == config.get('general', 'apipass'):
-            status = True
-            response = 'OK'
-        else:
-            status = False
-            response = 'GET KEY DENIED'
-            logger.error('grid> read access denied. key mismatch')
-    except:
-        #raise
-        status = False
-        response = 'GET URL DENIED'
-        logger.error('grid> read access denied. url error?')
-    finally:
-        return (status, response)
-
-
 #API methods
 class ValidateResource(object):
-    
     @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp):
         """ get clientemail and password and compare it with the client db and returns a list of managed object IDs """
-        resp.status = falcon.HTTP_200
-        clientemail = req.context['doc']['clientemail']
-        passwd = req.context['doc']['password']
+        json = req.context['doc']
+        apipass = json['apikey']
+        if apipass != config.get('general', 'apipass'):
+            resp.status = falcon.HTTP_404
+            logger.error('grid> access denied. bad api key!')
+            return None
+        
+        clientemail = json['clientemail']
+        passwd = json['password']
+
         logger.info('grid> access requested for {} with {}'.format(clientemail, passwd))
-        #apicheck_stat, apicheck_resp = apicheck(req.params)
+
         response = clientsdb.validate(clientemail, passwd)
-        print(response)
+        resp.status = falcon.HTTP_202
         req.context['result'] = response
-        #if response is not None:
-        #    resp.status = falcon.HTTP_200
-        #    resp.body = response
-        #else:
-        #    resp.status = falcon.HTTP_403
-        #    resp.body = 'ERR'
-        #return response
- 
+
 
 class ClusterResource(object):
     def on_get(self, req, resp):
         """TEST ONLY. List cluster nodes. TEST ONLY"""
-        logger.info('grid> cache status')
-        apicheck_stat, apicheck_resp = apicheck(req.params)
-        if apicheck_stat:
-            resp.status = falcon.HTTP_200
-            resp.body = str(grid.sync())
-        else:
-            resp.status = falcon.HTTP_403
-            resp.body = apicheck_resp
+        json = req.context['doc']
+        apipass = json['apikey']
+        if apipass != config.get('general', 'apipass'):
+            resp.status = falcon.HTTP_404
+            logger.error('grid> access denied. bad api key!')
+            return None
 
+        logger.info('grid> cache status')
+
+        response = grid.sync(False)
+        resp.status = falcon.HTTP_202
+        req.context['result'] = response
+ 
+
+
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp):
         """Create a cluster node, returns array of: status, vmid, pass, ipv4, """
         logger.info('grid> create ' + str(req.params))
@@ -180,6 +167,7 @@ class StatusResource(object):
 
 
 class DeleteResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ delete machine completely"""
         logger.info('grid> delete ' + str(vmid))
@@ -199,12 +187,13 @@ class DeleteResource(object):
 
 
 class ArchivateResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ Temporary suspend the instance """
         logger.info('grid> suspend ' + str(vmid))
         apicheck_stat, apicheck_resp = apicheck(req.params)
         if apicheck_stat:
-            resp.status = falcon.HTTP_200
+            resp.status = falcon.HTTP_202
             try:
                 resp.body = urllib.parse.urlencode(plugin.vmsuspend(vmid))
             except:
@@ -219,12 +208,13 @@ class ArchivateResource(object):
 
 
 class UnArchiveResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ Unuspend the instance """
         logger.info('grid> resume ' + str(vmid))
         apicheck_stat, apicheck_resp = apicheck(req.params)
         if apicheck_stat:
-            resp.status = falcon.HTTP_200
+            resp.status = falcon.HTTP_202
             try:
                 resp.body = urllib.parse.urlencode(plugin.vmresume(vmid))
             except:
@@ -239,12 +229,13 @@ class UnArchiveResource(object):
 
 
 class StartResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ Start the instance """
         logger.info('grid> start ' + str(vmid))
         apicheck_stat, apicheck_resp = apicheck(req.params)
         if apicheck_stat:
-            resp.status = falcon.HTTP_200
+            resp.status = falcon.HTTP_202
             try:
                 resp.body = urllib.parse.urlencode(plugin.vmstart(vmid))
             except:
@@ -259,12 +250,13 @@ class StartResource(object):
 
 
 class ShutdownResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ ACPI Shutdown the instance """
         logger.info('grid> shutdown ' + str(vmid))
         apicheck_stat, apicheck_resp = apicheck(req.params)
         if apicheck_stat:
-            resp.status = falcon.HTTP_200
+            resp.status = falcon.HTTP_202
             try:
                 resp.body = urllib.parse.urlencode(plugin.vmshutdown(vmid))
                 #TODO: Try few times and then return proper status message
@@ -280,12 +272,13 @@ class ShutdownResource(object):
 
 
 class StopResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ Stop the instance """
         logger.info('grid> stop ' + str(vmid))
         apicheck_stat, apicheck_resp = apicheck(req.params)
         if apicheck_stat:
-            resp.status = falcon.HTTP_200
+            resp.status = falcon.HTTP_202
             try:
                 resp.body = urllib.parse.urlencode(plugin.vmstop(vmid))
             except:
@@ -299,13 +292,14 @@ class StopResource(object):
             resp.body = apicheck_resp
 
 class VNCResource(object):
+    @falcon.before(max_body(64 * 1024))
     def on_post(self, req, resp, vmid):
         """ Create a VNC link to the instance """
         apicheck_stat, apicheck_resp = apicheck(req.params)
         logger.info('grid> vnc ' + str(vmid))
         if apicheck_stat:
             try:
-                resp.status = falcon.HTTP_200
+                resp.status = falcon.HTTP_202
                 resp.body = urllib.parse.urlencode(plugin.vmvnc(vmid))
             except:
                 logger.error('grid> vnc error')