def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
python类host()的实例源码
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def __init__(self, **kwargs):
self.generic_credentials = {
'key': os.getenv('VULTR_API_KEY', '')
}
for host in [request.host, os.getenv('APP_NAME', '') + '.nanoapp.io']:
try:
ip = socket.gethostbyname(host) or None
except socket.gaierror:
ip = None
if ip:
break
self.auth_instructions += (' (If you need to be more specific about '
'the access controls, you can use %s/32, but keep in mind that '
'this address may change at any point in the future, and you will '
'need to update your Vultr account accordingly to continue '
'deploying.)') % (ip) if ip else ''
# Internal overrides for provider retrieval
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def index():
nonce = ''.join(random.sample(
string.lowercase+string.digits, 16
))
r = Response(render_template("otm.jinja",
nonce=nonce
))
r.headers['Content-Security-Policy'] = ';'.join((
"default-src 'none'",
"style-src 'nonce-%s'" % nonce,
"script-src 'nonce-%s'" % nonce,
"connect-src %s://%s/ws" % (
"wss" if request.is_secure else "ws",
request.host,
),
))
r.headers['X-Frame-Options'] = 'DENY'
return r
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in current_app.config['WTF_CSRF_METHODS']:
return
try:
validate_csrf(self._get_csrf_token())
except ValidationError as e:
logger.info(e.args[0])
self._error_response(e.args[0])
if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
self._error_response('The referrer header is missing.')
good_referrer = 'https://{0}/'.format(request.host)
if not same_origin(request.referrer, good_referrer):
self._error_response('The referrer does not match the host.')
g.csrf_valid = True # mark this request as CSRF valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def protect(self):
if request.method not in self._app.config['WTF_CSRF_METHODS']:
return
if not validate_csrf(self._get_csrf_token()):
reason = 'CSRF token missing or incorrect.'
return self._error_response(reason)
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
if not request.referrer:
reason = 'Referrer checking failed - no Referrer.'
return self._error_response(reason)
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
request.csrf_valid = True # mark this request is csrf valid
def dl_skelenox():
"""
Generate a Zip file wich contains both the Skelenox script
and the associated config file.
"""
try:
ip_addr, _ = request.host.split(":")
except ValueError:
ip_addr = request.host
zipout = io.BytesIO()
with ZipFile(zipout, "w") as myzip:
myzip.write("skelenox.py")
skel_config = {}
skel_config["username"] = g.user.nickname
skel_config["edit_flag"] = True
skel_config["initial_sync"] = True
skel_config["poli_server"] = ip_addr
skel_config["poli_port"] = app.config['SERVER_PORT']
skel_config["poli_remote_path"] = app.config['API_PATH'] + "/"
skel_config["debug_http"] = app.config['HTTP_DEBUG']
skel_config["poli_apikey"] = g.user.api_key
skel_config["save_timeout"] = 10 * 60
skel_config["sync_frequency"] = 1.0 * 100
skel_config["debug_level"] = "info"
skel_config["notepad_font_name"] = "Courier New"
skel_config["notepad_font_size"] = 9
skel_json = json.dumps(skel_config, sort_keys=True, indent=4)
myzip.writestr("skelsettings.json", skel_json)
myzip.close()
response = make_response(zipout.getvalue())
response.headers["Content-type"] = "application/octet-stream"
response.headers[
"Content-Disposition"] = "attachment; filename=skelenox.zip"
return response
def logout():
'''
Manually override the logout URL to avoid completely signing the user
out of all Google accounts
'''
if os.getenv('SERVER_SOFTWARE', '').startswith('Google App Engine/'):
return redirect('_ah/logout?continue=https://' + request.host + '/')
return redirect(users.create_logout_url('/'))
def pushit(path):
# no path; return a list of avaliable archives
if path == '':
#resp = jsonify(listArchives_server(handlers))
#resp.status_code = 200
return render_template('index.html')
#return resp
# get request with path
elif (path == 'api'):
resp = jsonify(listArchives_server(handlers))
resp.status_code = 200
return resp
elif (path == "ajax-loader.gif"):
return render_template('ajax-loader.gif')
else:
try:
# get the args passed to push function like API KEY if provided
PUSH_ARGS = {}
for k in request.args.keys():
PUSH_ARGS[k] = request.args[k]
s = str(path).split('/', 1)
arc_id = s[0]
URI = s[1]
if 'herokuapp.com' in request.host:
PUSH_ARGS['from_heroku'] = True
# To push into archives
resp = {"results": push(URI, arc_id, PUSH_ARGS)}
if len(resp["results"]) == 0:
return bad_request()
else:
# what to return
resp = jsonify(resp)
resp.status_code = 200
return resp
except Exception as e:
pass
return bad_request()
def start(port=SERVER_PORT, host=SERVER_IP):
global SERVER_PORT
global SERVER_IP
SERVER_PORT = port
SERVER_IP = host
app.run(
host=host,
port=port,
threaded=True,
debug=True,
use_reloader=False)
def prepare_auth_request(request):
url_data = urlparse(request.url)
return {
"https": 'on',
'http_host': request.host,
'server_port': url_data.port,
'script_name': request.path,
'get_data': request.args.copy(),
'post_data': request.form.copy(),
# Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144
# 'lowercase_urlencoding': True,
'query_string': request.query_string
}
def index():
if request.method == 'POST':
uploaded_file = request.files['file']
w = request.form.get('w')
h = request.form.get('h')
if not uploaded_file:
return abort(400)
rs = create(uploaded_file, width=w, height=h)
if rs['r']:
return rs['error']
paste_file = rs['paste_file']
return jsonify({
'url_d': paste_file.url_d % request.host,
'url_i': paste_file.url_i % request.host,
'url_s': paste_file.url_s % request.host,
'url_p': paste_file.url_p % request.host,
'filename': paste_file.filename,
'size': humanize_bytes(paste_file.size),
'uploadtime': paste_file.uploadtime,
'type': paste_file.type,
'quoteurl': paste_file.quoteurl.replace('%25s', request.host)
})
return render_template('index.html', **locals())
def get_url(self, subtype, is_symlink=False):
hash_or_link = self.symlink if is_symlink else self.filehash
return 'http://{host}/{subtype}/{hash_or_link}'.format(
subtype=subtype, host=request.host, hash_or_link=hash_or_link)
def get_url(self, subtype, is_symlink=False):
hash_or_link = self.symlink if is_symlink else self.filehash
return 'http://{host}/{subtype}/{hash_or_link}'.format(
subtype=subtype, host=request.host, hash_or_link=hash_or_link)
def get_url(self, subtype, is_symlink=False):
hash_or_link = self.symlink if is_symlink else self.filehash
return 'http://{host}/{subtype}/{hash_or_link}'.format(
subtype=subtype, host=request.host, hash_or_link=hash_or_link)
def get_url(self, subtype, is_symlink=False):
hash_or_link = self.symlink if is_symlink else self.filehash
return 'http://{host}/{subtype}/{hash_or_link}'.format(
subtype=subtype, host=request.host, hash_or_link=hash_or_link)
def anticsrf(f):
@wraps(f)
def wrapper(*args, **kwargs):
try:
if request.referrer and request.referrer.replace('http://', '').split('/')[0] == request.host:
return f(*args, **kwargs)
else:
return redirect(url_for('NotFound'))
except Exception, e:
print e
return redirect(url_for('Error'))
return wrapper
