From 2258ffce66c94c1ce7eae496ccd9fed80baa9c80 Mon Sep 17 00:00:00 2001 From: Gergely Hegedus Date: Thu, 30 Mar 2023 13:38:46 +0300 Subject: [PATCH] Update Media Access Request to accept Token in Query --- .../backend/media_access_requests.py | 21 ++++++++++++++++--- server/flask/application/nginx-proxy-config | 15 ++++++++++--- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/server/flask/application/backend/media_access_requests.py b/server/flask/application/backend/media_access_requests.py index f334911..1c90987 100644 --- a/server/flask/application/backend/media_access_requests.py +++ b/server/flask/application/backend/media_access_requests.py @@ -2,10 +2,10 @@ from flask import request, jsonify from .require_decorators import get_cropped_token from .data.data_models import ResponseCode from .data import dao_session -from .data import dao_users +from urllib.parse import parse_qs def handle_has_media_access(): - media_token = get_cropped_token(request.headers.get('Media-Authorization')) + media_token = get_cropped_token(_get_token_from_request('Media-Authorization')) if (media_token is None): errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_MEDIA_AUTHORIZATION}) return errorResponse, 401 @@ -13,4 +13,19 @@ def handle_has_media_access(): if (user_id is None): errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_MEDIA_AUTHORIZATION}) return errorResponse, 401 - return jsonify({'message':'Access Granted','code': ResponseCode.SUCCESS_MEDIA_ACCESS}), 200 \ No newline at end of file + return jsonify({'message':'Access Granted','code': ResponseCode.SUCCESS_MEDIA_ACCESS}), 200 + +def _get_token_from_request(key: str): + token = request.headers.get(key) + if (token is not None): + return token + original_uri = request.headers.get('X-Original-URI') + if not isinstance(original_uri,str): + return None + query_string = original_uri[original_uri.find('?')+1:] + return _get_first_token_from_query_string(query_string = query_string, key = key) + +def _get_first_token_from_query_string(query_string: str, key: str): + query_dict = parse_qs(query_string) + tokens = query_dict.get(key, [None]) + return tokens[0] \ No newline at end of file diff --git a/server/flask/application/nginx-proxy-config b/server/flask/application/nginx-proxy-config index 49ca730..e8553b7 100644 --- a/server/flask/application/nginx-proxy-config +++ b/server/flask/application/nginx-proxy-config @@ -6,6 +6,7 @@ limit_req_zone $binary_remote_addr zone=restricted_ip:10m rate=10r/m; server { server_name _; listen 8080 default_server; + return 404; } @@ -20,13 +21,11 @@ server { ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers on; - root /server; - # static media location /media { root /media-data/; autoindex on; - auth_request /has_media_access; + auth_request /require_media_access; limit_req zone=ip burst=12 delay=8; # enable cache @@ -41,6 +40,16 @@ server { # etag off; } + # auth request, passes query as header + location /require_media_access { + internal; + proxy_pass https://localhost:443/has_media_access; + proxy_pass_request_body off; + proxy_pass_request_headers on; + proxy_set_header Content-Length: ""; + proxy_set_header X-Original-URI $request_uri; + } + # flask server location / { include uwsgi_params;