pep8 middleware
Change-Id: Ieef65f05e66b12347752c0e02648858e3242d8e7
This commit is contained in:
parent
cb55f0c3a8
commit
1f7be20a91
|
@ -125,15 +125,16 @@ class CNAMELookupMiddleware(object):
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
# try one more deep in the chain
|
# try one more deep in the chain
|
||||||
self.logger.debug(_('Following CNAME chain for ' \
|
self.logger.debug(
|
||||||
'%(given_domain)s to %(found_domain)s') %
|
_('Following CNAME chain for '
|
||||||
{'given_domain': given_domain,
|
'%(given_domain)s to %(found_domain)s') %
|
||||||
'found_domain': found_domain})
|
{'given_domain': given_domain,
|
||||||
|
'found_domain': found_domain})
|
||||||
a_domain = found_domain
|
a_domain = found_domain
|
||||||
if error:
|
if error:
|
||||||
if found_domain:
|
if found_domain:
|
||||||
msg = 'CNAME lookup failed after %d tries' % \
|
msg = 'CNAME lookup failed after %d tries' % \
|
||||||
self.lookup_depth
|
self.lookup_depth
|
||||||
else:
|
else:
|
||||||
msg = 'CNAME lookup failed to resolve to a valid domain'
|
msg = 'CNAME lookup failed to resolve to a valid domain'
|
||||||
resp = HTTPBadRequest(request=Request(env), body=msg,
|
resp = HTTPBadRequest(request=Request(env), body=msg,
|
||||||
|
|
|
@ -102,7 +102,7 @@ class DomainRemapMiddleware(object):
|
||||||
# account prefix is not in config list. bail.
|
# account prefix is not in config list. bail.
|
||||||
return self.app(env, start_response)
|
return self.app(env, start_response)
|
||||||
prefix_index = self.reseller_prefixes_lower.index(
|
prefix_index = self.reseller_prefixes_lower.index(
|
||||||
account_reseller_prefix)
|
account_reseller_prefix)
|
||||||
real_prefix = self.reseller_prefixes[prefix_index]
|
real_prefix = self.reseller_prefixes[prefix_index]
|
||||||
if not account.startswith(real_prefix):
|
if not account.startswith(real_prefix):
|
||||||
account_suffix = account[len(real_prefix):]
|
account_suffix = account[len(real_prefix):]
|
||||||
|
|
|
@ -245,9 +245,9 @@ class KeystoneAuth(object):
|
||||||
"""
|
"""
|
||||||
# Allow container sync.
|
# Allow container sync.
|
||||||
if (req.environ.get('swift_sync_key')
|
if (req.environ.get('swift_sync_key')
|
||||||
and req.environ['swift_sync_key'] ==
|
and (req.environ['swift_sync_key'] ==
|
||||||
req.headers.get('x-container-sync-key', None)
|
req.headers.get('x-container-sync-key', None))
|
||||||
and 'x-timestamp' in req.headers):
|
and 'x-timestamp' in req.headers):
|
||||||
log_msg = 'allowing proxy %s for container-sync' % req.remote_addr
|
log_msg = 'allowing proxy %s for container-sync' % req.remote_addr
|
||||||
self.logger.debug(log_msg)
|
self.logger.debug(log_msg)
|
||||||
return True
|
return True
|
||||||
|
|
|
@ -54,7 +54,7 @@ class NameCheckMiddleware(object):
|
||||||
self.app = app
|
self.app = app
|
||||||
self.conf = conf
|
self.conf = conf
|
||||||
self.forbidden_chars = self.conf.get('forbidden_chars',
|
self.forbidden_chars = self.conf.get('forbidden_chars',
|
||||||
FORBIDDEN_CHARS)
|
FORBIDDEN_CHARS)
|
||||||
self.maximum_length = self.conf.get('maximum_length', MAX_LENGTH)
|
self.maximum_length = self.conf.get('maximum_length', MAX_LENGTH)
|
||||||
self.forbidden_regexp = self.conf.get('forbidden_regexp',
|
self.forbidden_regexp = self.conf.get('forbidden_regexp',
|
||||||
FORBIDDEN_REGEXP)
|
FORBIDDEN_REGEXP)
|
||||||
|
@ -72,7 +72,7 @@ class NameCheckMiddleware(object):
|
||||||
'''
|
'''
|
||||||
self.logger.debug("name_check: path %s" % req.path)
|
self.logger.debug("name_check: path %s" % req.path)
|
||||||
self.logger.debug("name_check: self.forbidden_chars %s" %
|
self.logger.debug("name_check: self.forbidden_chars %s" %
|
||||||
self.forbidden_chars)
|
self.forbidden_chars)
|
||||||
|
|
||||||
for c in unquote(req.path):
|
for c in unquote(req.path):
|
||||||
if c in self.forbidden_chars:
|
if c in self.forbidden_chars:
|
||||||
|
@ -104,7 +104,7 @@ class NameCheckMiddleware(object):
|
||||||
|
|
||||||
self.logger.debug("name_check: path %s" % req.path)
|
self.logger.debug("name_check: path %s" % req.path)
|
||||||
self.logger.debug("name_check: self.forbidden_regexp %s" %
|
self.logger.debug("name_check: self.forbidden_regexp %s" %
|
||||||
self.forbidden_regexp)
|
self.forbidden_regexp)
|
||||||
|
|
||||||
unquoted_path = unquote(req.path)
|
unquoted_path = unquote(req.path)
|
||||||
match = self.forbidden_regexp_compiled.search(unquoted_path)
|
match = self.forbidden_regexp_compiled.search(unquoted_path)
|
||||||
|
@ -114,18 +114,21 @@ class NameCheckMiddleware(object):
|
||||||
req = Request(env)
|
req = Request(env)
|
||||||
|
|
||||||
if self.check_character(req):
|
if self.check_character(req):
|
||||||
return HTTPBadRequest(request=req,
|
return HTTPBadRequest(
|
||||||
body=("Object/Container name contains forbidden chars from %s"
|
request=req,
|
||||||
% self.forbidden_chars))(env, start_response)
|
body=("Object/Container name contains forbidden chars from %s"
|
||||||
|
% self.forbidden_chars))(env, start_response)
|
||||||
elif self.check_length(req):
|
elif self.check_length(req):
|
||||||
return HTTPBadRequest(request=req,
|
return HTTPBadRequest(
|
||||||
body=("Object/Container name longer than the allowed maximum %s"
|
request=req,
|
||||||
% self.maximum_length))(env, start_response)
|
body=("Object/Container name longer than the allowed maximum "
|
||||||
|
"%s" % self.maximum_length))(env, start_response)
|
||||||
elif self.check_regexp(req):
|
elif self.check_regexp(req):
|
||||||
return HTTPBadRequest(request=req,
|
return HTTPBadRequest(
|
||||||
body=("Object/Container name contains a forbidden substring "
|
request=req,
|
||||||
"from regular expression %s"
|
body=("Object/Container name contains a forbidden substring "
|
||||||
% self.forbidden_regexp))(env, start_response)
|
"from regular expression %s"
|
||||||
|
% self.forbidden_regexp))(env, start_response)
|
||||||
else:
|
else:
|
||||||
# Pass on to downstream WSGI component
|
# Pass on to downstream WSGI component
|
||||||
return self.app(env, start_response)
|
return self.app(env, start_response)
|
||||||
|
|
|
@ -47,10 +47,12 @@ class RateLimitMiddleware(object):
|
||||||
float(conf.get('log_sleep_time_seconds', 0))
|
float(conf.get('log_sleep_time_seconds', 0))
|
||||||
self.clock_accuracy = int(conf.get('clock_accuracy', 1000))
|
self.clock_accuracy = int(conf.get('clock_accuracy', 1000))
|
||||||
self.rate_buffer_seconds = int(conf.get('rate_buffer_seconds', 5))
|
self.rate_buffer_seconds = int(conf.get('rate_buffer_seconds', 5))
|
||||||
self.ratelimit_whitelist = [acc.strip() for acc in
|
self.ratelimit_whitelist = \
|
||||||
conf.get('account_whitelist', '').split(',') if acc.strip()]
|
[acc.strip() for acc in
|
||||||
self.ratelimit_blacklist = [acc.strip() for acc in
|
conf.get('account_whitelist', '').split(',') if acc.strip()]
|
||||||
conf.get('account_blacklist', '').split(',') if acc.strip()]
|
self.ratelimit_blacklist = \
|
||||||
|
[acc.strip() for acc in
|
||||||
|
conf.get('account_blacklist', '').split(',') if acc.strip()]
|
||||||
self.memcache_client = None
|
self.memcache_client = None
|
||||||
conf_limits = []
|
conf_limits = []
|
||||||
for conf_key in conf.keys():
|
for conf_key in conf.keys():
|
||||||
|
@ -66,7 +68,7 @@ class RateLimitMiddleware(object):
|
||||||
if conf_limits:
|
if conf_limits:
|
||||||
next_size, next_rate = conf_limits[0]
|
next_size, next_rate = conf_limits[0]
|
||||||
slope = (float(next_rate) - float(cur_rate)) \
|
slope = (float(next_rate) - float(cur_rate)) \
|
||||||
/ (next_size - cur_size)
|
/ (next_size - cur_size)
|
||||||
|
|
||||||
def new_scope(cur_size, slope, cur_rate):
|
def new_scope(cur_size, slope, cur_rate):
|
||||||
# making new scope for variables
|
# making new scope for variables
|
||||||
|
@ -139,8 +141,8 @@ class RateLimitMiddleware(object):
|
||||||
try:
|
try:
|
||||||
now_m = int(round(time.time() * self.clock_accuracy))
|
now_m = int(round(time.time() * self.clock_accuracy))
|
||||||
time_per_request_m = int(round(self.clock_accuracy / max_rate))
|
time_per_request_m = int(round(self.clock_accuracy / max_rate))
|
||||||
running_time_m = self.memcache_client.incr(key,
|
running_time_m = self.memcache_client.incr(
|
||||||
delta=time_per_request_m)
|
key, delta=time_per_request_m)
|
||||||
need_to_sleep_m = 0
|
need_to_sleep_m = 0
|
||||||
if (now_m - running_time_m >
|
if (now_m - running_time_m >
|
||||||
self.rate_buffer_seconds * self.clock_accuracy):
|
self.rate_buffer_seconds * self.clock_accuracy):
|
||||||
|
@ -155,7 +157,8 @@ class RateLimitMiddleware(object):
|
||||||
if max_sleep_m - need_to_sleep_m <= self.clock_accuracy * 0.01:
|
if max_sleep_m - need_to_sleep_m <= self.clock_accuracy * 0.01:
|
||||||
# treat as no-op decrement time
|
# treat as no-op decrement time
|
||||||
self.memcache_client.decr(key, delta=time_per_request_m)
|
self.memcache_client.decr(key, delta=time_per_request_m)
|
||||||
raise MaxSleepTimeHitError("Max Sleep Time Exceeded: %.2f" %
|
raise MaxSleepTimeHitError(
|
||||||
|
"Max Sleep Time Exceeded: %.2f" %
|
||||||
(float(need_to_sleep_m) / self.clock_accuracy))
|
(float(need_to_sleep_m) / self.clock_accuracy))
|
||||||
|
|
||||||
return float(need_to_sleep_m) / self.clock_accuracy
|
return float(need_to_sleep_m) / self.clock_accuracy
|
||||||
|
@ -176,7 +179,8 @@ class RateLimitMiddleware(object):
|
||||||
account_name)
|
account_name)
|
||||||
eventlet.sleep(self.BLACK_LIST_SLEEP)
|
eventlet.sleep(self.BLACK_LIST_SLEEP)
|
||||||
return Response(status='497 Blacklisted',
|
return Response(status='497 Blacklisted',
|
||||||
body='Your account has been blacklisted', request=req)
|
body='Your account has been blacklisted',
|
||||||
|
request=req)
|
||||||
if account_name in self.ratelimit_whitelist:
|
if account_name in self.ratelimit_whitelist:
|
||||||
return None
|
return None
|
||||||
for key, max_rate in self.get_ratelimitable_key_tuples(
|
for key, max_rate in self.get_ratelimitable_key_tuples(
|
||||||
|
@ -186,15 +190,17 @@ class RateLimitMiddleware(object):
|
||||||
need_to_sleep = self._get_sleep_time(key, max_rate)
|
need_to_sleep = self._get_sleep_time(key, max_rate)
|
||||||
if self.log_sleep_time_seconds and \
|
if self.log_sleep_time_seconds and \
|
||||||
need_to_sleep > self.log_sleep_time_seconds:
|
need_to_sleep > self.log_sleep_time_seconds:
|
||||||
self.logger.warning(_("Ratelimit sleep log: %(sleep)s for "
|
self.logger.warning(
|
||||||
"%(account)s/%(container)s/%(object)s"),
|
_("Ratelimit sleep log: %(sleep)s for "
|
||||||
|
"%(account)s/%(container)s/%(object)s"),
|
||||||
{'sleep': need_to_sleep, 'account': account_name,
|
{'sleep': need_to_sleep, 'account': account_name,
|
||||||
'container': container_name, 'object': obj_name})
|
'container': container_name, 'object': obj_name})
|
||||||
if need_to_sleep > 0:
|
if need_to_sleep > 0:
|
||||||
eventlet.sleep(need_to_sleep)
|
eventlet.sleep(need_to_sleep)
|
||||||
except MaxSleepTimeHitError, e:
|
except MaxSleepTimeHitError, e:
|
||||||
self.logger.error(_('Returning 498 for %(meth)s to '
|
self.logger.error(
|
||||||
'%(acc)s/%(cont)s/%(obj)s . Ratelimit (Max Sleep) %(e)s'),
|
_('Returning 498 for %(meth)s to %(acc)s/%(cont)s/%(obj)s '
|
||||||
|
'. Ratelimit (Max Sleep) %(e)s'),
|
||||||
{'meth': req.method, 'acc': account_name,
|
{'meth': req.method, 'acc': account_name,
|
||||||
'cont': container_name, 'obj': obj_name, 'e': str(e)})
|
'cont': container_name, 'obj': obj_name, 'e': str(e)})
|
||||||
error_resp = Response(status='498 Rate Limited',
|
error_resp = Response(status='498 Rate Limited',
|
||||||
|
|
|
@ -256,10 +256,10 @@ class TempAuth(object):
|
||||||
# account DELETE or PUT...
|
# account DELETE or PUT...
|
||||||
req.environ['swift_owner'] = True
|
req.environ['swift_owner'] = True
|
||||||
return None
|
return None
|
||||||
if (req.environ.get('swift_sync_key') and
|
if (req.environ.get('swift_sync_key')
|
||||||
req.environ['swift_sync_key'] ==
|
and (req.environ['swift_sync_key'] ==
|
||||||
req.headers.get('x-container-sync-key', None) and
|
req.headers.get('x-container-sync-key', None))
|
||||||
'x-timestamp' in req.headers):
|
and 'x-timestamp' in req.headers):
|
||||||
return None
|
return None
|
||||||
if req.method == 'OPTIONS':
|
if req.method == 'OPTIONS':
|
||||||
#allow OPTIONS requests to proceed as normal
|
#allow OPTIONS requests to proceed as normal
|
||||||
|
|
|
@ -261,8 +261,8 @@ class TempURL(object):
|
||||||
already = True
|
already = True
|
||||||
break
|
break
|
||||||
if not already:
|
if not already:
|
||||||
headers.append(('Content-Disposition',
|
headers.append(
|
||||||
'attachment; filename=%s' %
|
('Content-Disposition', 'attachment; filename=%s' %
|
||||||
(quote(basename(env['PATH_INFO'])))))
|
(quote(basename(env['PATH_INFO'])))))
|
||||||
return start_response(status, headers, exc_info)
|
return start_response(status, headers, exc_info)
|
||||||
|
|
||||||
|
@ -365,8 +365,9 @@ class TempURL(object):
|
||||||
"""
|
"""
|
||||||
if not request_method:
|
if not request_method:
|
||||||
request_method = env['REQUEST_METHOD']
|
request_method = env['REQUEST_METHOD']
|
||||||
return hmac.new(key, '%s\n%s\n%s' % (request_method, expires,
|
return hmac.new(
|
||||||
env['PATH_INFO']), sha1).hexdigest()
|
key, '%s\n%s\n%s' % (request_method, expires,
|
||||||
|
env['PATH_INFO']), sha1).hexdigest()
|
||||||
|
|
||||||
def _invalid(self, env, start_response):
|
def _invalid(self, env, start_response):
|
||||||
"""
|
"""
|
||||||
|
@ -380,8 +381,8 @@ class TempURL(object):
|
||||||
self._log_request(env, HTTP_UNAUTHORIZED)
|
self._log_request(env, HTTP_UNAUTHORIZED)
|
||||||
body = '401 Unauthorized: Temp URL invalid\n'
|
body = '401 Unauthorized: Temp URL invalid\n'
|
||||||
start_response('401 Unauthorized',
|
start_response('401 Unauthorized',
|
||||||
[('Content-Type', 'text/plain'),
|
[('Content-Type', 'text/plain'),
|
||||||
('Content-Length', str(len(body)))])
|
('Content-Length', str(len(body)))])
|
||||||
if env['REQUEST_METHOD'] == 'HEAD':
|
if env['REQUEST_METHOD'] == 'HEAD':
|
||||||
return []
|
return []
|
||||||
return [body]
|
return [body]
|
||||||
|
|
Loading…
Reference in New Issue