#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """ This is the session library for Apache Warble. It handles setting/getting cookies and user prefs """ # Main imports import cgi import re import sys import traceback import http.cookies import uuid import time import plugins.registry class WarbleSession(object): def logout(self): """Log out user and wipe cookie""" if self.user and self.cookie: cookies = http.cookies.SimpleCookie() cookies['warble_session'] = "null" self.headers.append(('Set-Cookie', cookies['warble_session'].OutputString())) try: if self.DB.dbtype == 'sqlite': c = self.DB.sqlite.open('sessions.db') cur = c.cursor() cur.execute("DELETE FROM `sessions` WHERE `cookie` = ? LIMIT 1", (self.cookie,)) c.commit() c.close() elif self.DB.dbtype == 'elasticsearch': self.DB.ES.delete(index=self.DB.dbname, doc_type='uisession', id = self.cookie) self.cookie = None self.user = None except: pass def newCookie(self): cookie = uuid.uuid4() cookies = http.cookies.SimpleCookie() cookies['warble_session'] = cookie cookies['warble_session']['expires'] = 86400 * 365 # Expire one year from now self.headers.append(('Set-Cookie', cookies['warble_session'].OutputString())) return str(cookie) def __init__(self, DB, environ, config): """ Loads the current user session or initiates a new session if none was found. """ self.config = config self.user = None self.client = None self.DB = DB self.headers = [('Content-Type', 'application/json')] self.cookie = None # Construct the URL we're visiting self.url = "%s://%s" % (environ['wsgi.url_scheme'], environ.get('HTTP_HOST', environ.get('SERVER_NAME'))) self.url += environ.get('SCRIPT_NAME', '/') # Get Warble cookie cookie = None cookies = None if 'HTTP_COOKIE' in environ: cookies = http.cookies.SimpleCookie(environ['HTTP_COOKIE']) if cookies and 'warble_session' in cookies: cookie = cookies['warble_session'].value try: if re.match(r"^[-a-f0-9]+$", cookie): # Validate cookie, must follow UUID4 specs doc = None if self.DB.dbtype == 'sqlite': session_conn = self.DB.sqlite.open('sessions.db') account_conn = self.DB.sqlite.open('accounts.db') sc = session_conn.cursor() ac = account_conn.cursor() sc.execute("SELECT * FROM `sessions` WHERE `cookie` = ?", (cookie,)) sdoc = sc.fetchone() if sdoc: userid = sdoc['userid'] if userid: ac.execute("SELECT * FROM `accounts` WHERE `userid` = ?", (userid,)) doc = ac.fetchone() if doc: # Make sure this cookie has been used in the past 7 days, else nullify it. # Further more, run an update of the session if >1 hour ago since last update. age = time.time() - sdoc['timestamp'] if age > (7*86400): sc.execute("DELETE FROM `sessions` WHERE `cookie` = ? LIMIT 1", (self.cookie,)) sdoc = None # Wipe it! doc = None elif age > 3600: st = int(time.time()) # Update timestamp in session DB sc.execute("UPDATE `sessions` SET `timestamp` = ? WHERE `cookie` = ? LIMIT 1", (st, cookie,)) if doc: self.user = {k:doc[k] for k in doc.keys()} self.user['userlevel'] = 'superuser' if doc['superuser'] else 'normal' session_conn.commit() session_conn.close() account_conn.close() if self.DB.dbtype == 'elasticsearch': sdoc = self.DB.ES.get(index=self.DB.dbname, doc_type='uisession', id = cookie) if sdoc and 'cid' in sdoc['_source']: doc = self.DB.ES.get(index=self.DB.dbname, doc_type='useraccount', id = sdoc['_source']['cid']) if doc and '_source' in doc: # Make sure this cookie has been used in the past 7 days, else nullify it. # Further more, run an update of the session if >1 hour ago since last update. age = time.time() - sdoc['_source']['timestamp'] if age > (7*86400): self.DB.ES.delete(index=self.DB.dbname, doc_type='uisession', id = cookie) sdoc['_source'] = None # Wipe it! doc = None elif age > 3600: sdoc['_source']['timestamp'] = int(time.time()) # Update timestamp in session DB self.DB.ES.update(index=self.DB.dbname, doc_type='uisession', id = cookie, body = {'doc':sdoc['_source']}) if doc: self.user = doc['_source'] else: cookie = None except Exception as err: print(err) # Non-human (node/agent) API Key auth elif 'HTTP_APIKEY' in environ: cookie = environ['HTTP_APIKEY'] if re.match(r"^[-a-f0-9]+$", cookie): # Validate cookie, must follow UUID4 specs try: self.client = plugins.registry.node(self, cookie) except: pass if not cookie: cookie = self.newCookie() self.cookie = cookie