Use function decorators to check authentication tokens.
This commit is contained in:
@@ -31,6 +31,7 @@ class Access:
|
|||||||
soc.close()
|
soc.close()
|
||||||
return message.get('data')
|
return message.get('data')
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
access = Access({'host': 'europa', 'port': 12345, 'buffer_size': 1024, 'auth_token': 'a'})
|
access = Access({'host': 'europa', 'port': 12345, 'buffer_size': 1024, 'auth_token': 'a'})
|
||||||
action = 'load_seasons'
|
action = 'load_seasons'
|
||||||
|
|||||||
@@ -542,7 +542,7 @@
|
|||||||
<object class="GtkLabel" id="ep_death_count_label">
|
<object class="GtkLabel" id="ep_death_count_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[DeathCount]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -553,7 +553,7 @@
|
|||||||
<object class="GtkLabel">
|
<object class="GtkLabel">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">Total Drinks:</property>
|
<property name="label" translatable="yes">Total Shots:</property>
|
||||||
<property name="xalign">1</property>
|
<property name="xalign">1</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
@@ -565,7 +565,7 @@
|
|||||||
<object class="GtkLabel" id="ep_drinks_label">
|
<object class="GtkLabel" id="ep_drinks_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[DrinkCount]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -588,7 +588,7 @@
|
|||||||
<object class="GtkLabel" id="ep_booze_label">
|
<object class="GtkLabel" id="ep_booze_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[ToatalBooze]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -647,7 +647,7 @@
|
|||||||
<object class="GtkLabel" id="ep_player_drinks_label">
|
<object class="GtkLabel" id="ep_player_drinks_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[PlayerDrinks]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -658,7 +658,7 @@
|
|||||||
<object class="GtkLabel" id="ep_player_booze_label">
|
<object class="GtkLabel" id="ep_player_booze_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[PlayerBooze]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -669,7 +669,7 @@
|
|||||||
<object class="GtkLabel" id="ep_player_alc_label">
|
<object class="GtkLabel" id="ep_player_alc_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[PlayerAlc]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -680,7 +680,7 @@
|
|||||||
<object class="GtkLabel" id="ep_alc_label">
|
<object class="GtkLabel" id="ep_alc_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
<property name="label" translatable="yes">[TotalAlc]</property>
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
@@ -703,6 +703,7 @@
|
|||||||
<object class="GtkLabel" id="ep_enemy_name_label">
|
<object class="GtkLabel" id="ep_enemy_name_label">
|
||||||
<property name="visible">True</property>
|
<property name="visible">True</property>
|
||||||
<property name="can_focus">False</property>
|
<property name="can_focus">False</property>
|
||||||
|
<property name="label" translatable="yes">Computing...</property>
|
||||||
</object>
|
</object>
|
||||||
<packing>
|
<packing>
|
||||||
<property name="left_attach">1</property>
|
<property name="left_attach">1</property>
|
||||||
|
|||||||
33
dsst/dsst_server/auth.py
Normal file
33
dsst/dsst_server/auth.py
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
READ_TOKENS = []
|
||||||
|
WRITE_TOKENS = []
|
||||||
|
|
||||||
|
|
||||||
|
class AuthenticationError(Exception):
|
||||||
|
def __init__(self, message):
|
||||||
|
self.message = message
|
||||||
|
|
||||||
|
def get_response(self):
|
||||||
|
return {
|
||||||
|
'success': False,
|
||||||
|
'message': 'Authentication Failed:\n'.format(self.message)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def check_read(func):
|
||||||
|
def wrapper(*args, **kwargs):
|
||||||
|
token = args[0]
|
||||||
|
if token in READ_TOKENS + WRITE_TOKENS:
|
||||||
|
return func(*args[1:], **kwargs)
|
||||||
|
else:
|
||||||
|
raise AuthenticationError('Token "{}" has no read access on database.'.format(token))
|
||||||
|
return wrapper
|
||||||
|
|
||||||
|
|
||||||
|
def check_write(func):
|
||||||
|
def wrapper(*args, **kwargs):
|
||||||
|
token = args[0]
|
||||||
|
if token in WRITE_TOKENS:
|
||||||
|
return func(*args[1:], **kwargs)
|
||||||
|
else:
|
||||||
|
raise AuthenticationError('Token "{}" has no write access on database.'.format(token))
|
||||||
|
return wrapper
|
||||||
@@ -1,40 +1,49 @@
|
|||||||
from dsst_server.data_access import sql, sql_func, mapping
|
from dsst_server.data_access import sql, sql_func, mapping
|
||||||
|
from dsst_server.auth import check_read
|
||||||
from common import models
|
from common import models
|
||||||
from playhouse import shortcuts
|
from playhouse import shortcuts
|
||||||
|
|
||||||
|
|
||||||
class ReadFunctions:
|
class ReadFunctions:
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_db_meta(*_):
|
def load_db_meta(*_):
|
||||||
return sql.db.database
|
return sql.db.database
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_seasons(*_):
|
def load_seasons(*_):
|
||||||
return [mapping.db_to_season(season) for season in sql.Season.select()]
|
return [mapping.db_to_season(season) for season in sql.Season.select()]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_seasons_all(*_):
|
def load_seasons_all(*_):
|
||||||
return [shortcuts.model_to_dict(season, backrefs=True, max_depth=2) for season in sql.Season.select()]
|
return [shortcuts.model_to_dict(season, backrefs=True, max_depth=2) for season in sql.Season.select()]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_episodes(season_id, *_):
|
def load_episodes(season_id, *_):
|
||||||
if not season_id:
|
if not season_id:
|
||||||
raise Exception('Exception: Missing argument (season_id)')
|
raise Exception('Exception: Missing argument (season_id)')
|
||||||
return [mapping.db_to_episode(ep) for ep in sql.Season.get(sql.Season.id == season_id).episodes]
|
return [mapping.db_to_episode(ep) for ep in sql.Season.get(sql.Season.id == season_id).episodes]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_players(*_):
|
def load_players(*_):
|
||||||
return [mapping.db_to_player(player) for player in sql.Player.select()]
|
return [mapping.db_to_player(player) for player in sql.Player.select()]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_enemies(season_id, *_):
|
def load_enemies(season_id, *_):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_drinks(*_):
|
def load_drinks(*_):
|
||||||
return [mapping.db_to_drink(drink) for drink in sql.Drink.select()]
|
return [mapping.db_to_drink(drink) for drink in sql.Drink.select()]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_read
|
||||||
def load_season_stats(season_id, *_):
|
def load_season_stats(season_id, *_):
|
||||||
season = sql.Season.get(sql.Season.id == season_id)
|
season = sql.Season.get(sql.Season.id == season_id)
|
||||||
players = sql_func.players_for_season(season_id)
|
players = sql_func.players_for_season(season_id)
|
||||||
|
|||||||
@@ -1,13 +1,16 @@
|
|||||||
from common import models
|
from common import models
|
||||||
from dsst_server.data_access import sql
|
from dsst_server.data_access import sql
|
||||||
|
from dsst_server.auth import check_write
|
||||||
|
|
||||||
|
|
||||||
class WriteFunctions:
|
class WriteFunctions:
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def create_season(season: 'models.Season'):
|
def create_season(season: 'models.Season'):
|
||||||
return 'Season created.'
|
return 'Season created.'
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def update_enemy(enemy: 'models.Enemy', *_):
|
def update_enemy(enemy: 'models.Enemy', *_):
|
||||||
(sql.Enemy
|
(sql.Enemy
|
||||||
.insert(id=enemy.id, boss=enemy.boss, name=enemy.name, season=enemy.season)
|
.insert(id=enemy.id, boss=enemy.boss, name=enemy.name, season=enemy.season)
|
||||||
@@ -17,6 +20,7 @@ class WriteFunctions:
|
|||||||
.execute())
|
.execute())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def update_player(player: 'models.Player', *_):
|
def update_player(player: 'models.Player', *_):
|
||||||
(sql.Player
|
(sql.Player
|
||||||
.insert(id=player.id, name=player.name, hex_id=player.hex_id)
|
.insert(id=player.id, name=player.name, hex_id=player.hex_id)
|
||||||
@@ -25,6 +29,7 @@ class WriteFunctions:
|
|||||||
.execute())
|
.execute())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def update_drink(drink: 'models.Drink', *_):
|
def update_drink(drink: 'models.Drink', *_):
|
||||||
(sql.Drink
|
(sql.Drink
|
||||||
.insert(id=drink.id, name=drink.name, vol=drink.vol)
|
.insert(id=drink.id, name=drink.name, vol=drink.vol)
|
||||||
@@ -33,6 +38,7 @@ class WriteFunctions:
|
|||||||
.execute())
|
.execute())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def save_death(death: 'models.Death'):
|
def save_death(death: 'models.Death'):
|
||||||
with sql.db.atomic():
|
with sql.db.atomic():
|
||||||
created_id = (sql.Death
|
created_id = (sql.Death
|
||||||
@@ -43,6 +49,7 @@ class WriteFunctions:
|
|||||||
sql.Penalty.create(death=created_id, size=penalty.size, drink=penalty.drink, player=penalty.player)
|
sql.Penalty.create(death=created_id, size=penalty.size, drink=penalty.drink, player=penalty.player)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def save_victory(victory: 'models.Victory'):
|
def save_victory(victory: 'models.Victory'):
|
||||||
(sql.Victory
|
(sql.Victory
|
||||||
.insert(info=victory.info, player=victory.player, enemy=victory.enemy, time=victory.time,
|
.insert(info=victory.info, player=victory.player, enemy=victory.enemy, time=victory.time,
|
||||||
@@ -50,6 +57,7 @@ class WriteFunctions:
|
|||||||
.execute())
|
.execute())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def update_season(season: 'models.Season', *_):
|
def update_season(season: 'models.Season', *_):
|
||||||
(sql.Season
|
(sql.Season
|
||||||
.insert(id=season.id, number=season.number, game_name=season.game_name, start_date=season.start_date,
|
.insert(id=season.id, number=season.number, game_name=season.game_name, start_date=season.start_date,
|
||||||
@@ -62,6 +70,7 @@ class WriteFunctions:
|
|||||||
.execute())
|
.execute())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@check_write
|
||||||
def update_episode(episode: 'models.Episode', *_):
|
def update_episode(episode: 'models.Episode', *_):
|
||||||
players = list(sql.Player.select().where(sql.Player.id << [player.id for player in episode.players]))
|
players = list(sql.Player.select().where(sql.Player.id << [player.id for player in episode.players]))
|
||||||
new_ep_id = (sql.Episode
|
new_ep_id = (sql.Episode
|
||||||
@@ -76,3 +85,8 @@ class WriteFunctions:
|
|||||||
db_episode = sql.Episode.get(sql.Episode.id == new_ep_id)
|
db_episode = sql.Episode.get(sql.Episode.id == new_ep_id)
|
||||||
db_episode.players = players
|
db_episode.players = players
|
||||||
db_episode.save()
|
db_episode.save()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
@check_write
|
||||||
|
def delete_player(player_id: int, *_):
|
||||||
|
sql.Player.delete_by_id(int)
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ import sys
|
|||||||
import os
|
import os
|
||||||
|
|
||||||
from common import util, models
|
from common import util, models
|
||||||
from dsst_server import func_read, func_write
|
from dsst_server import func_read, func_write, auth
|
||||||
from dsst_server.func_proxy import FunctionProxy
|
from dsst_server.func_proxy import FunctionProxy
|
||||||
from dsst_server.data_access import sql, sql_func
|
from dsst_server.data_access import sql, sql_func
|
||||||
from dsst_server.config import DEFAULT_CONFIG
|
from dsst_server.config import DEFAULT_CONFIG
|
||||||
@@ -16,8 +16,8 @@ class DsstServer:
|
|||||||
self.socket_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
self.socket_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
print('Created socket')
|
print('Created socket')
|
||||||
server_conf = config.get('server')
|
server_conf = config.get('server')
|
||||||
self.socket_server.bind((server_conf.get('host'), server_conf.get('port')))
|
self.socket_server.bind(('', server_conf.get('port')))
|
||||||
print('Bound socket to {} on host {}'.format(server_conf.get('port'), server_conf.get('host')))
|
print('Bound socket to port {}'.format(server_conf.get('port')))
|
||||||
|
|
||||||
# Initialize database
|
# Initialize database
|
||||||
db_config = config.get('database')
|
db_config = config.get('database')
|
||||||
@@ -25,15 +25,10 @@ class DsstServer:
|
|||||||
sql_func.create_tables()
|
sql_func.create_tables()
|
||||||
print('Database initialized ({})'.format(sql.db.database))
|
print('Database initialized ({})'.format(sql.db.database))
|
||||||
|
|
||||||
# Load access tokens and map them to their allowed methods
|
# Load access tokens
|
||||||
read_actions = util.list_class_methods(func_read.ReadFunctions)
|
auth.READ_TOKENS = config.get('tokens').get('readonly')
|
||||||
write_actions = util.list_class_methods(func_write.WriteFunctions)
|
auth.WRITE_TOKENS = config.get('tokens').get('readwrite')
|
||||||
parm_access = {
|
print('Auth tokens loaded')
|
||||||
'r': read_actions,
|
|
||||||
'rw': read_actions + write_actions
|
|
||||||
}
|
|
||||||
self.tokens = {token: parm_access[perms] for token, perms in config.get('tokens').items()}
|
|
||||||
print('Loaded auth tokens: {}'.format(self.tokens.keys()))
|
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
self.socket_server.listen(5)
|
self.socket_server.listen(5)
|
||||||
@@ -46,30 +41,23 @@ class DsstServer:
|
|||||||
data = util.recv_msg(client)
|
data = util.recv_msg(client)
|
||||||
request = pickle.loads(data)
|
request = pickle.loads(data)
|
||||||
print('Request: {}'.format(request))
|
print('Request: {}'.format(request))
|
||||||
# Validate auth token in request
|
# Get requested function from function proxy
|
||||||
token = request.get('auth_token')
|
|
||||||
if token not in self.tokens:
|
|
||||||
util.send_msg(client, pickle.dumps({'success': False, 'message': 'Auth token invalid'}))
|
|
||||||
print('Rejected request from {}. Auth token invalid ({})'.format(address, token))
|
|
||||||
continue
|
|
||||||
# Check read functions
|
|
||||||
action_name = request.get('action')
|
action_name = request.get('action')
|
||||||
if action_name in self.tokens[token]:
|
action = getattr(FunctionProxy, action_name)
|
||||||
action = getattr(FunctionProxy, action_name)
|
try:
|
||||||
try:
|
value = action(request.get('auth_token'), *request.get('args'))
|
||||||
value = action(*request.get('args'))
|
except auth.AuthenticationError as e:
|
||||||
except Exception as e:
|
response = e.get_response()
|
||||||
response = {'success': False, 'message': 'Exception was thrown on server.\n{}'.format(e)}
|
|
||||||
util.send_msg(client, pickle.dumps(response))
|
|
||||||
raise
|
|
||||||
response = {'success': True, 'data': value}
|
|
||||||
util.send_msg(client, pickle.dumps(response))
|
util.send_msg(client, pickle.dumps(response))
|
||||||
continue
|
raise
|
||||||
else:
|
except Exception as e:
|
||||||
msg = 'Action does not exist on server ({})'.format(request.get('action'))
|
response = {'success': False, 'message': 'Exception was thrown on server.\n{}'.format(e)}
|
||||||
util.send_msg(client, pickle.dumps({'success': False, 'message': msg}))
|
util.send_msg(client, pickle.dumps(response))
|
||||||
|
raise
|
||||||
|
response = {'success': True, 'data': value}
|
||||||
|
util.send_msg(client, pickle.dumps(response))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(e)
|
print('Exception: ' + str(e))
|
||||||
finally:
|
finally:
|
||||||
client.close()
|
client.close()
|
||||||
print('Connection to client closed')
|
print('Connection to client closed')
|
||||||
|
|||||||
Reference in New Issue
Block a user