From e29b961b5bf0f9b4ec56b12737fe6336620a83e2 Mon Sep 17 00:00:00 2001 From: Mark Murnane Date: Sat, 12 Aug 2023 23:36:09 -0400 Subject: [PATCH 1/3] Pulling in cherrys directly --- requirements.txt | 19 ++++---- sideboard/lib/_cp.py | 8 +--- sideboard/lib/_redissession.py | 88 ++++++++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+), 15 deletions(-) create mode 100644 sideboard/lib/_redissession.py diff --git a/requirements.txt b/requirements.txt index b777457..2bd972b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,15 +1,16 @@ -configobj>=5.0.5 cherrypy==17.3.0 -ws4py>=0.3.2 -SQLAlchemy>=1.1.0 -six>=1.5.2 +configobj>=5.0.5 Jinja2>=2.7 -rpctools>=0.3.1 logging_unterpolation>=0.2.0 -requests>=2.2.1 paver>=1.2.2 -wheel>=0.24.0 pip>=1.5.6 -sh>=1.09 -python-prctl>=1.6.1; 'linux' in sys_platform psutil>=5.4.1 +python-prctl>=1.6.1; 'linux' in sys_platform +redis==4.6.0 +requests>=2.2.1 +rpctools>=0.3.1 +sh>=1.09 +six>=1.5.2 +SQLAlchemy>=1.1.0 +wheel>=0.24.0 +ws4py>=0.3.2 diff --git a/sideboard/lib/_cp.py b/sideboard/lib/_cp.py index 650c651..4c61e23 100644 --- a/sideboard/lib/_cp.py +++ b/sideboard/lib/_cp.py @@ -9,12 +9,8 @@ import jinja2 import cherrypy -try: - import cherrys - cherrypy.lib.sessions.RedisSession = cherrys.RedisSession -except ImportError: - # cherrys not installed, so redis sessions not supported - pass +from sideboard.lib._redissession import RedisSession +cherrypy.lib.sessions.RedisSession = RedisSession import sideboard.lib from sideboard.lib import log, config, serializer diff --git a/sideboard/lib/_redissession.py b/sideboard/lib/_redissession.py new file mode 100644 index 0000000..07bb307 --- /dev/null +++ b/sideboard/lib/_redissession.py @@ -0,0 +1,88 @@ +import threading + +try: + import cPickle as pickle +except ImportError: + import pickle + +from cherrypy.lib.sessions import Session +import redis +from redis import Sentinel + +class RedisSession(Session): + + # the default settings + host = '127.0.0.1' + port = 6379 + db = 0 + password = None + tls_skip_verify = False + is_sentinel = False + ssl = False + user = "" + + + @classmethod + def setup(cls, **kwargs): + """Set up the storage system for redis-based sessions. + Called once when the built-in tool calls sessions.init. + """ + # overwritting default settings with the config dictionary values + for k, v in kwargs.items(): + setattr(cls, k, v) + + if cls.tls_skip_verify: + cls.ssl_cert_req=None + else: + cls.ssl_cert_req="required" + + if cls.is_sentinel: + sentinel = Sentinel([(cls.host, cls.port)], ssl=cls.ssl, ssl_cert_reqs=cls.ssl_cert_req, sentinel_kwargs={"password":cls.sentinel_pass, "ssl": cls.ssl, "ssl_cert_reqs": cls.ssl_cert_req}, username=cls.user, password=cls.password) + cls.cache = sentinel.master_for(cls.sentinel_service) + + else: + cls.cache = redis.Redis( + host=cls.host, + port=cls.port, + db=cls.db, + ssl=cls.ssl, + username=cls.user, + password=cls.password) + + def _exists(self): + return bool(self.cache.exists(self.prefix+self.id)) + + def _load(self): + try: + return pickle.loads(self.cache.get(self.prefix+self.id)) + except TypeError: + # if id not defined pickle can't load None and raise TypeError + return None + + def _save(self, expiration_time): + pickled_data = pickle.dumps( + (self._data, expiration_time), + pickle.HIGHEST_PROTOCOL) + + result = self.cache.setex(self.prefix+self.id, self.timeout * 60, pickled_data) + + if not result: + raise AssertionError("Session data for id %r not set." % self.prefix+self.id) + + def _delete(self): + self.cache.delete(self.prefix+self.id) + + # http://docs.cherrypy.org/dev/refman/lib/sessions.html?highlight=session#locking-sessions + # session id locks as done in RamSession + + locks = {} + + def acquire_lock(self): + """Acquire an exclusive lock on the currently-loaded session data.""" + self.locked = True + self.locks.setdefault(self.prefix+self.id, threading.RLock()).acquire() + + def release_lock(self): + """Release the lock on the currently-loaded session data.""" + self.locks[self.prefix+self.id].release() + self.locked = False \ No newline at end of file From c556993ae557ea3b4c5d83364a6c80bf82a56b40 Mon Sep 17 00:00:00 2001 From: Mark Murnane Date: Sat, 12 Aug 2023 23:43:09 -0400 Subject: [PATCH 2/3] Moving to supported redis version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 2bd972b..a8c4727 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ paver>=1.2.2 pip>=1.5.6 psutil>=5.4.1 python-prctl>=1.6.1; 'linux' in sys_platform -redis==4.6.0 +redis==4.3.6 requests>=2.2.1 rpctools>=0.3.1 sh>=1.09 From 15205c15dc8770d03354fe3754f4651066b899cf Mon Sep 17 00:00:00 2001 From: Mark Murnane Date: Tue, 22 Aug 2023 21:42:49 -0400 Subject: [PATCH 3/3] Clearing sideboard root paths --- sideboard/server.py | 144 +------------------------------------------- 1 file changed, 1 insertion(+), 143 deletions(-) diff --git a/sideboard/server.py b/sideboard/server.py index cd370d4..4606020 100755 --- a/sideboard/server.py +++ b/sideboard/server.py @@ -4,16 +4,8 @@ import six import cherrypy -from cherrypy.lib import cpstats -import sideboard -from sideboard.internal import connection_checker -from sideboard.jsonrpc import _make_jsonrpc_handler -from sideboard.websockets import WebSocketDispatcher, WebSocketRoot, WebSocketAuthError -from sideboard.lib import log, listify, config, render_with_templates, services, threadlocal -from sideboard.lib._cp import auth_registry - -default_auth_checker = auth_registry[config['default_authenticator']]['check'] +from sideboard.lib import config, threadlocal def reset_threadlocal(): @@ -21,111 +13,6 @@ def reset_threadlocal(): cherrypy.tools.reset_threadlocal = cherrypy.Tool('before_handler', reset_threadlocal, priority=51) - -def jsonrpc_reset(body): - reset_threadlocal() - threadlocal.set('client', body.get('websocket_client')) - - -def jsonrpc_auth(body): - jsonrpc_reset(body) - if not default_auth_checker(): - raise cherrypy.HTTPError(401, 'not logged in') - - -@render_with_templates(config['template_dir']) -class Root(object): - def default(self, *args, **kwargs): - raise cherrypy.HTTPRedirect(config['default_url']) - - def logout(self, return_to='/'): - cherrypy.session.pop('username', None) - raise cherrypy.HTTPRedirect('login?return_to=%s' % return_to) - - def login(self, username='', password='', message='', return_to=''): - if not config['debug']: - return 'Login page only available in debug mode.' - - if username: - if config['debug'] and password == config['debug_password']: - cherrypy.session['username'] = username - raise cherrypy.HTTPRedirect(return_to or config['default_url']) - else: - message = 'Invalid credentials' - - return { - 'message': message, - 'username': username, - 'return_to': return_to - } - - def list_plugins(self): - from sideboard.internal.imports import plugins - plugin_info = {} - for plugin, module in plugins.items(): - plugin_info[plugin] = { - 'name': ' '.join(plugin.split('_')).title(), - 'version': getattr(module, '__version__', None), - 'paths': [] - } - for path, app in cherrypy.tree.apps.items(): - # exclude what Sideboard itself mounts and grafted mount points - if path and hasattr(app, 'root'): - plugin = app.root.__module__.split('.')[0] - plugin_info[plugin]['paths'].append(path) - return { - 'plugins': plugin_info, - 'version': getattr(sideboard, '__version__', None) - } - - def connections(self): - return {'connections': connection_checker.check_all()} - - ws = WebSocketRoot() - wsrpc = WebSocketRoot() - - json = _make_jsonrpc_handler(services.get_services(), precall=jsonrpc_auth) - jsonrpc = _make_jsonrpc_handler(services.get_services(), precall=jsonrpc_reset) - - -class SideboardWebSocket(WebSocketDispatcher): - """ - This web socket handler will be used by browsers connecting to Sideboard web - sites. Therefore, the authentication mechanism is the default approach - of checking the session for a username and rejecting unauthenticated users. - """ - services = services.get_services() - - @classmethod - def check_authentication(cls): - host, origin = cherrypy.request.headers['host'], cherrypy.request.headers['origin'] - if ('//' + host.split(':')[0]) not in origin: - log.error('Javascript websocket connections must follow same-origin policy; origin {!r} does not match host {!r}', origin, host) - raise WebSocketAuthError('Origin and Host headers do not match') - - if config['ws.auth_required'] and not cherrypy.session.get(config['ws.auth_field']): - log.warning('websocket connections to this address must have a valid session') - raise WebSocketAuthError('You are not logged in') - - return WebSocketDispatcher.check_authentication() - - -app_config = { - '/static': { - 'tools.staticdir.on': True, - 'tools.staticdir.dir': os.path.join(config['module_root'], 'static') - }, - '/ws': { - 'tools.websockets.on': True, - 'tools.websockets.handler_cls': SideboardWebSocket - } -} -if config['debug']: - app_config['/docs'] = { - 'tools.staticdir.on': True, - 'tools.staticdir.dir': os.path.join(config['module_root'], 'docs', 'html'), - 'tools.staticdir.index': 'index.html' - } cherrypy_config = {} for setting, value in config['cherrypy'].items(): if isinstance(value, six.string_types): @@ -137,32 +24,3 @@ def check_authentication(cls): value = value.encode('utf-8') cherrypy_config[setting] = value cherrypy.config.update(cherrypy_config) - - -# on Python 2, we need bytestrings for CherryPy config, see https://bitbucket.org/cherrypy/cherrypy/issue/1184 -def recursive_coerce(d): - if isinstance(d, dict): - for k, v in d.items(): - if sys.version_info[:2] == (2, 7) and isinstance(k, unicode): - del d[k] - d[k.encode('utf-8')] = recursive_coerce(v) - return d - - -def mount(root, script_name='', config=None): - assert script_name not in cherrypy.tree.apps, '{} has already been mounted, probably by another plugin'.format(script_name) - return orig_mount(root, script_name, recursive_coerce(config)) - -orig_mount = cherrypy.tree.mount -cherrypy.tree.mount = mount -root = Root() -if config['cherrypy']['tools.cpstats.on']: - root.stats = cpstats.StatsPage() -cherrypy.tree.mount(root, '', app_config) - -if config['cherrypy']['profiling.on']: - # If profiling is turned on then expose the web UI, otherwise ignore it. - from sideboard.lib import Profiler - cherrypy.tree.mount(Profiler(config['cherrypy']['profiling.path']), '/profiler') - -sys.modules.pop('six.moves.winreg', None) # kludgy workaround for CherryPy's autoreloader erroring on winreg for versions which have this