web/flask-home-vod
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update Media Access Request to accept Token in Query

Browse source
This commit is contained in:
Gergely Hegedus 2023-03-30 13:38:46 +03:00
parent 03728447ef
commit 2258ffce66
2 changed files with 30 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
server/flask/application/backend/media_access_requests.py
View file

@ -2,10 +2,10 @@ from flask import request, jsonify
from .require_decorators import get_cropped_token from .require_decorators import get_cropped_token
from .data.data_models import ResponseCode from .data.data_models import ResponseCode
from .data import dao_session from .data import dao_session
from .data import dao_users from urllib.parse import parse_qs
def handle_has_media_access(): def handle_has_media_access():
media_token = get_cropped_token(request.headers.get('Media-Authorization')) media_token = get_cropped_token(_get_token_from_request('Media-Authorization'))
if (media_token is None): if (media_token is None):
errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_MEDIA_AUTHORIZATION}) errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_MEDIA_AUTHORIZATION})
return errorResponse, 401 return errorResponse, 401
@ -14,3 +14,18 @@ def handle_has_media_access():
errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_MEDIA_AUTHORIZATION}) errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_MEDIA_AUTHORIZATION})
return errorResponse, 401 return errorResponse, 401
return jsonify({'message':'Access Granted','code': ResponseCode.SUCCESS_MEDIA_ACCESS}), 200 return jsonify({'message':'Access Granted','code': ResponseCode.SUCCESS_MEDIA_ACCESS}), 200
def _get_token_from_request(key: str):
token = request.headers.get(key)
if (token is not None):
return token
original_uri = request.headers.get('X-Original-URI')
if not isinstance(original_uri,str):
return None
query_string = original_uri[original_uri.find('?')+1:]
return _get_first_token_from_query_string(query_string = query_string, key = key)
def _get_first_token_from_query_string(query_string: str, key: str):
query_dict = parse_qs(query_string)
tokens = query_dict.get(key, [None])
return tokens[0]

15
server/flask/application/nginx-proxy-config
View file

@ -6,6 +6,7 @@ limit_req_zone $binary_remote_addr zone=restricted_ip:10m rate=10r/m;
server { server {
server_name _; server_name _;
listen 8080 default_server; listen 8080 default_server;
return 404; return 404;
} }
@ -20,13 +21,11 @@ server {
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
root /server;
# static media # static media
location /media { location /media {
root /media-data/; root /media-data/;
autoindex on; autoindex on;
auth_request /has_media_access; auth_request /require_media_access;
limit_req zone=ip burst=12 delay=8; limit_req zone=ip burst=12 delay=8;
# enable cache # enable cache
@ -41,6 +40,16 @@ server {
# etag off; # etag off;
} }
# auth request, passes query as header
location /require_media_access {
internal;
proxy_pass https://localhost:443/has_media_access;
proxy_pass_request_body off;
proxy_pass_request_headers on;
proxy_set_header Content-Length: "";
proxy_set_header X-Original-URI $request_uri;
}
# flask server # flask server
location / { location / {
include uwsgi_params; include uwsgi_params;