apikey check rewrite

This commit is contained in:
deflax 2016-04-09 04:10:07 +03:00
parent 6d5ae74495
commit c635db1af3
2 changed files with 42 additions and 49 deletions

View file

@ -76,7 +76,6 @@ def validate(clientemail, password):
c_id = str(path[0]) c_id = str(path[0])
#ioconfig.logger.info('client[{}]> path={}'.format(c_id, str(path))) #ioconfig.logger.info('client[{}]> path={}'.format(c_id, str(path)))
except: except:
raise
ioconfig.logger.warning('clients> {} was not found in the database!'.format(clientemail)) ioconfig.logger.warning('clients> {} was not found in the database!'.format(clientemail))
#log bad ips here... #log bad ips here...
return False return False
@ -93,7 +92,7 @@ def validate(clientemail, password):
#3. generate vmlist to return the owned ids to the client. #3. generate vmlist to return the owned ids to the client.
return clientvms(clientsdb[c_id]) return clientvms(clientsdb[c_id])
else: else:
ioconfig.logger.warning('clients> {} ACCESS DENIED!'.format(clientemail)) ioconfig.logger.warning('clients> {} access denied!'.format(clientemail))
#cant compare password #cant compare password
#TODO: Log attempts and block. #TODO: Log attempts and block.
return {} return {}

View file

@ -86,60 +86,47 @@ def max_body(limit):
return hook return hook
def apicheck(params):
""" compares request params for api key with the config file"""
try:
if params['apipass'] == config.get('general', 'apipass'):
status = True
response = 'OK'
else:
status = False
response = 'GET KEY DENIED'
logger.error('grid> read access denied. key mismatch')
except:
#raise
status = False
response = 'GET URL DENIED'
logger.error('grid> read access denied. url error?')
finally:
return (status, response)
#API methods #API methods
class ValidateResource(object): class ValidateResource(object):
@falcon.before(max_body(64 * 1024)) @falcon.before(max_body(64 * 1024))
def on_post(self, req, resp): def on_post(self, req, resp):
""" get clientemail and password and compare it with the client db and returns a list of managed object IDs """ """ get clientemail and password and compare it with the client db and returns a list of managed object IDs """
resp.status = falcon.HTTP_200 json = req.context['doc']
clientemail = req.context['doc']['clientemail'] apipass = json['apikey']
passwd = req.context['doc']['password'] if apipass != config.get('general', 'apipass'):
resp.status = falcon.HTTP_404
logger.error('grid> access denied. bad api key!')
return None
clientemail = json['clientemail']
passwd = json['password']
logger.info('grid> access requested for {} with {}'.format(clientemail, passwd)) logger.info('grid> access requested for {} with {}'.format(clientemail, passwd))
#apicheck_stat, apicheck_resp = apicheck(req.params)
response = clientsdb.validate(clientemail, passwd) response = clientsdb.validate(clientemail, passwd)
print(response) resp.status = falcon.HTTP_202
req.context['result'] = response req.context['result'] = response
#if response is not None:
# resp.status = falcon.HTTP_200
# resp.body = response
#else:
# resp.status = falcon.HTTP_403
# resp.body = 'ERR'
#return response
class ClusterResource(object): class ClusterResource(object):
def on_get(self, req, resp): def on_get(self, req, resp):
"""TEST ONLY. List cluster nodes. TEST ONLY""" """TEST ONLY. List cluster nodes. TEST ONLY"""
logger.info('grid> cache status') json = req.context['doc']
apicheck_stat, apicheck_resp = apicheck(req.params) apipass = json['apikey']
if apicheck_stat: if apipass != config.get('general', 'apipass'):
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_404
resp.body = str(grid.sync()) logger.error('grid> access denied. bad api key!')
else: return None
resp.status = falcon.HTTP_403
resp.body = apicheck_resp
logger.info('grid> cache status')
response = grid.sync(False)
resp.status = falcon.HTTP_202
req.context['result'] = response
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp): def on_post(self, req, resp):
"""Create a cluster node, returns array of: status, vmid, pass, ipv4, """ """Create a cluster node, returns array of: status, vmid, pass, ipv4, """
logger.info('grid> create ' + str(req.params)) logger.info('grid> create ' + str(req.params))
@ -180,6 +167,7 @@ class StatusResource(object):
class DeleteResource(object): class DeleteResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" delete machine completely""" """ delete machine completely"""
logger.info('grid> delete ' + str(vmid)) logger.info('grid> delete ' + str(vmid))
@ -199,12 +187,13 @@ class DeleteResource(object):
class ArchivateResource(object): class ArchivateResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" Temporary suspend the instance """ """ Temporary suspend the instance """
logger.info('grid> suspend ' + str(vmid)) logger.info('grid> suspend ' + str(vmid))
apicheck_stat, apicheck_resp = apicheck(req.params) apicheck_stat, apicheck_resp = apicheck(req.params)
if apicheck_stat: if apicheck_stat:
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_202
try: try:
resp.body = urllib.parse.urlencode(plugin.vmsuspend(vmid)) resp.body = urllib.parse.urlencode(plugin.vmsuspend(vmid))
except: except:
@ -219,12 +208,13 @@ class ArchivateResource(object):
class UnArchiveResource(object): class UnArchiveResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" Unuspend the instance """ """ Unuspend the instance """
logger.info('grid> resume ' + str(vmid)) logger.info('grid> resume ' + str(vmid))
apicheck_stat, apicheck_resp = apicheck(req.params) apicheck_stat, apicheck_resp = apicheck(req.params)
if apicheck_stat: if apicheck_stat:
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_202
try: try:
resp.body = urllib.parse.urlencode(plugin.vmresume(vmid)) resp.body = urllib.parse.urlencode(plugin.vmresume(vmid))
except: except:
@ -239,12 +229,13 @@ class UnArchiveResource(object):
class StartResource(object): class StartResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" Start the instance """ """ Start the instance """
logger.info('grid> start ' + str(vmid)) logger.info('grid> start ' + str(vmid))
apicheck_stat, apicheck_resp = apicheck(req.params) apicheck_stat, apicheck_resp = apicheck(req.params)
if apicheck_stat: if apicheck_stat:
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_202
try: try:
resp.body = urllib.parse.urlencode(plugin.vmstart(vmid)) resp.body = urllib.parse.urlencode(plugin.vmstart(vmid))
except: except:
@ -259,12 +250,13 @@ class StartResource(object):
class ShutdownResource(object): class ShutdownResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" ACPI Shutdown the instance """ """ ACPI Shutdown the instance """
logger.info('grid> shutdown ' + str(vmid)) logger.info('grid> shutdown ' + str(vmid))
apicheck_stat, apicheck_resp = apicheck(req.params) apicheck_stat, apicheck_resp = apicheck(req.params)
if apicheck_stat: if apicheck_stat:
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_202
try: try:
resp.body = urllib.parse.urlencode(plugin.vmshutdown(vmid)) resp.body = urllib.parse.urlencode(plugin.vmshutdown(vmid))
#TODO: Try few times and then return proper status message #TODO: Try few times and then return proper status message
@ -280,12 +272,13 @@ class ShutdownResource(object):
class StopResource(object): class StopResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" Stop the instance """ """ Stop the instance """
logger.info('grid> stop ' + str(vmid)) logger.info('grid> stop ' + str(vmid))
apicheck_stat, apicheck_resp = apicheck(req.params) apicheck_stat, apicheck_resp = apicheck(req.params)
if apicheck_stat: if apicheck_stat:
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_202
try: try:
resp.body = urllib.parse.urlencode(plugin.vmstop(vmid)) resp.body = urllib.parse.urlencode(plugin.vmstop(vmid))
except: except:
@ -299,13 +292,14 @@ class StopResource(object):
resp.body = apicheck_resp resp.body = apicheck_resp
class VNCResource(object): class VNCResource(object):
@falcon.before(max_body(64 * 1024))
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" Create a VNC link to the instance """ """ Create a VNC link to the instance """
apicheck_stat, apicheck_resp = apicheck(req.params) apicheck_stat, apicheck_resp = apicheck(req.params)
logger.info('grid> vnc ' + str(vmid)) logger.info('grid> vnc ' + str(vmid))
if apicheck_stat: if apicheck_stat:
try: try:
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_202
resp.body = urllib.parse.urlencode(plugin.vmvnc(vmid)) resp.body = urllib.parse.urlencode(plugin.vmvnc(vmid))
except: except:
logger.error('grid> vnc error') logger.error('grid> vnc error')