Statistics
| Branch: | Tag: | Revision:

root / api / middleware.py @ 96b635d9

History | View | Annotate | Download (2.5 kB)

1
from django.http import HttpResponse
2
from synnefo.db.models import SynnefoUser
3
from django.utils.cache import patch_vary_headers
4
import time
5

    
6
class ApiAuthMiddleware(object):
7

    
8
    auth_token = "X-Auth-Token"
9
    auth_user  = "X-Auth-User"
10
    auth_key   = "X-Auth-Key"
11

    
12
    def process_request(self, request):
13
        if not request.path.startswith('/api/') :
14
            return
15

    
16
        token = None
17

    
18
        # Try to find token in a cookie
19
        token = request.COOKIES.get('X-Auth-Token', None)
20

    
21
        # Try to find token in request header
22
        if not token:
23
            token = request.META.get('HTTP_X_AUTH_TOKEN', None)
24

    
25
        if token:
26
            user = None
27
            # Retrieve user from DB or other caching mechanism
28
            try:
29
                user = SynnefoUser.objects.get(auth_token=token)
30
            except SynnefoUser.DoesNotExist:
31
                user = None
32

    
33
            # Check user's auth token
34
            if user and (time.time() -
35
                time.mktime(user.auth_token_expires.timetuple())) > 0:
36
                # The user's token has expired, re-login
37
                user = None
38

    
39
            request.user = user
40
            return
41

    
42
        # A Rackspace API authentication request
43
        if self.auth_user in request.META and \
44
           self.auth_key in request.META and \
45
           'GET' == request.method:
46
            # This is here merely for compatibility with the Openstack API.
47
            # All normal users should authenticate through Shibboleth. Admin
48
            # users or other selected users could use this as a bypass
49
            # mechanism
50
            user = SynnefoUser.objects\
51
                    .filter(name = request.META[self.auth_user]) \
52
                    .filter(uniq = request.META[self.auth_key])
53

    
54
            response = HttpResponse()
55
            if user.count() <= 0:
56
                response.status_code = 401
57
            else:
58
                response.status_code = 204
59
                response['X-Auth-Token'] = user[0].auth_token
60
                # TODO: set the following fields when we do have this info
61
                response['X-Server-Management-Url'] = ""
62
                response['X-Storage-Url'] = ""
63
                response['X-CDN-Management-Url'] = ""
64
            return response
65

    
66
        request.user = None
67

    
68
    def process_response(self, request, response):
69
        # Tell proxies and other interested parties that the request varies
70
        # based on X-Auth-Token, to avoid caching of results
71
        patch_vary_headers(response, ('X-Auth-Token',))
72
        return response
73