diff --git a/higgins/api/app.py b/higgins/api/app.py index 03466aa69..bb9152cc7 100644 --- a/higgins/api/app.py +++ b/higgins/api/app.py @@ -15,8 +15,10 @@ from oslo_log import log import pecan from higgins.api import config as api_config +from higgins.api import middleware from higgins.common.i18n import _ + # Register options for the service API_SERVICE_OPTS = [ cfg.PortOpt('port', @@ -59,6 +61,7 @@ def setup_app(config=None): app = pecan.make_app( app_conf.pop('root'), logging=getattr(config, 'logging', {}), + wrap_app=middleware.ParsableErrorMiddleware, **app_conf ) diff --git a/higgins/api/middleware/__init__.py b/higgins/api/middleware/__init__.py new file mode 100644 index 000000000..a7f75c28f --- /dev/null +++ b/higgins/api/middleware/__init__.py @@ -0,0 +1,21 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from higgins.api.middleware import auth_token +from higgins.api.middleware import parsable_error + + +AuthTokenMiddleware = auth_token.AuthTokenMiddleware +ParsableErrorMiddleware = parsable_error.ParsableErrorMiddleware + +__all__ = (AuthTokenMiddleware, + ParsableErrorMiddleware) diff --git a/higgins/api/middleware/auth_token.py b/higgins/api/middleware/auth_token.py new file mode 100644 index 000000000..470718c34 --- /dev/null +++ b/higgins/api/middleware/auth_token.py @@ -0,0 +1,69 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import re + +from keystonemiddleware import auth_token +from oslo_log import log + +from higgins.common import exception +from higgins.common import utils +from higgins.i18n import _ + +LOG = log.getLogger(__name__) + + +class AuthTokenMiddleware(auth_token.AuthProtocol): + """A wrapper on Keystone auth_token middleware. + + Does not perform verification of authentication tokens + for public routes in the API. + + """ + def __init__(self, app, conf, public_api_routes=None): + if public_api_routes is None: + public_api_routes = [] + route_pattern_tpl = '%s(\.json)?$' + + try: + self.public_api_routes = [re.compile(route_pattern_tpl % route_tpl) + for route_tpl in public_api_routes] + except re.error as e: + msg = _('Cannot compile public API routes: %s') % e + + LOG.error(msg) + raise exception.ConfigInvalid(error_msg=msg) + + super(AuthTokenMiddleware, self).__init__(app, conf) + + def __call__(self, env, start_response): + path = utils.safe_rstrip(env.get('PATH_INFO'), '/') + + # The information whether the API call is being performed against the + # public API is required for some other components. Saving it to the + # WSGI environment is reasonable thereby. + env['is_public_api'] = any(map(lambda pattern: re.match(pattern, path), + self.public_api_routes)) + + if env['is_public_api']: + return self._app(env, start_response) + + return super(AuthTokenMiddleware, self).__call__(env, start_response) + + @classmethod + def factory(cls, global_config, **local_conf): + public_routes = local_conf.get('acl_public_routes', '') + public_api_routes = [path.strip() for path in public_routes.split(',')] + + def _factory(app): + return cls(app, global_config, public_api_routes=public_api_routes) + return _factory diff --git a/higgins/api/middleware/parsable_error.py b/higgins/api/middleware/parsable_error.py new file mode 100644 index 000000000..5995f4aa0 --- /dev/null +++ b/higgins/api/middleware/parsable_error.py @@ -0,0 +1,97 @@ +# Copyright ? 2012 New Dream Network, LLC (DreamHost) +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +""" +Middleware to replace the plain text message body of an error +response with one formatted so the client can parse it. + +Based on pecan.middleware.errordocument +""" + +import json +import six + +from higgins.i18n import _ + + +class ParsableErrorMiddleware(object): + """Replace error body with something the client can parse.""" + def __init__(self, app): + self.app = app + + def __call__(self, environ, start_response): + # Request for this state, modified by replace_start_response() + # and used when an error is being reported. + state = {} + + def replacement_start_response(status, headers, exc_info=None): + """Overrides the default response to make errors parsable.""" + try: + status_code = int(status.split(' ')[0]) + state['status_code'] = status_code + except (ValueError, TypeError): # pragma: nocover + raise Exception(_( + 'ErrorDocumentMiddleware received an invalid ' + 'status %s') % status) + else: + if (state['status_code'] // 100) not in (2, 3): + # Remove some headers so we can replace them later + # when we have the full error message and can + # compute the length. + headers = [(h, v) + for (h, v) in headers + if h not in ('Content-Length', 'Content-Type') + ] + # Save the headers in case we need to modify them. + state['headers'] = headers + return start_response(status, headers, exc_info) + + app_iter = self.app(environ, replacement_start_response) + + if (state['status_code'] // 100) not in (2, 3): + errs = [] + for err_str in app_iter: + err = {} + try: + err = json.loads(err_str.decode('utf-8')) + except ValueError: + pass + + if 'title' in err and 'description' in err: + title = err['title'] + desc = err['description'] + elif 'faultstring' in err: + title = err['faultstring'].split('.', 1)[0] + desc = err['faultstring'] + else: + title = '' + desc = '' + + code = err['faultcode'].lower() if 'faultcode' in err else '' + + errs.append({ + 'request_id': '', + 'code': code, + 'status': state['status_code'], + 'title': title, + 'detail': desc, + 'links': [] + }) + + body = [six.b(json.dumps({'errors': errs}))] + + state['headers'].append(('Content-Type', 'application/json')) + state['headers'].append(('Content-Length', str(len(body[0])))) + else: + body = app_iter + return body