anonstream/anonstream/routes/wrappers.py

import hashlib
import time
from functools import wraps

from quart import current_app, request, abort, make_response, render_template, request
from werkzeug.security import check_password_hash

from anonstream.user import see, user_for_websocket
from anonstream.chat import broadcast
from anonstream.helpers.user import generate_user
from anonstream.utils.user import generate_token

CONFIG = current_app.config
MESSAGES = current_app.messages
USERS_BY_TOKEN = current_app.users_by_token
USERS = current_app.users

def check_auth(context):
    auth = context.authorization
    return (
        auth is not None
        and auth.type == "basic"
        and auth.username == CONFIG["AUTH_USERNAME"]
        and check_password_hash(CONFIG["AUTH_PWHASH"], auth.password)
    )

def auth_required(f):
    @wraps(f)
    async def wrapper(*args, **kwargs):
        if check_auth(request):
            return await f(*args, **kwargs)
        hint = 'The broadcaster should log in with the credentials printed ' \
               'in their terminal.'
        body = (
            f'<p>{hint}</p>'
            if request.authorization is None else
             '<p>Wrong username or password. Refresh the page to try again.</p>'
            f'<p>{hint}</p>'
        )
        return body, 401, {'WWW-Authenticate': 'Basic'}

    return wrapper

def with_user_from(context):
    def with_user_from_context(f):
        @wraps(f)
        async def wrapper(*args, **kwargs):
            timestamp = int(time.time())

            # Check if broadcaster
            broadcaster = check_auth(context)
            if broadcaster:
                token = CONFIG['AUTH_TOKEN']
            else:
                token = context.args.get('token') or context.cookies.get('token') or generate_token()

            # Update / create user
            user = USERS_BY_TOKEN.get(token)
            if user is not None:
                see(user)
            else:
                user = generate_user(
                    timestamp=timestamp,
                    token=token,
                    broadcaster=broadcaster,
                )
                USERS_BY_TOKEN[token] = user
                broadcast(
                    USERS,
                    payload={
                        'type': 'add-user',
                        'token_hash': user['token_hash'],
                        'user': user_for_websocket(user),
                    },
                )

            # Set cookie
            response = await f(user, *args, **kwargs)
            if context.cookies.get('token') != token:
                response = await make_response(response)
                response.headers['Set-Cookie'] = f'token={token}; path=/'
            return response

        return wrapper

    return with_user_from_context

async def render_template_with_etag(*args, **kwargs):
    rendered_template = await render_template(*args, **kwargs)
    tag = hashlib.sha256(rendered_template.encode()).hexdigest()
    etag = f'W/"{tag}"'
    if request.if_none_match.contains_weak(tag):
        return '', 304, {'ETag': etag}
    else:
        return rendered_template, {'ETag': etag}
Nojs chat: ETag, limit scrollback, timeout notice Limiting scrollback is happening for the js chat too. Also reject long comments. 2022-02-18 21:24:19 +09:00			`import hashlib`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`import time`
			`from functools import wraps`

Nojs chat: ETag, limit scrollback, timeout notice Limiting scrollback is happening for the js chat too. Also reject long comments. 2022-02-18 21:24:19 +09:00			`from quart import current_app, request, abort, make_response, render_template, request`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`from werkzeug.security import check_password_hash`

Setup background tasks, create t_sunset_users task 2022-02-19 12:14:37 +09:00			`from anonstream.user import see, user_for_websocket`
Some more project structure 2022-02-18 10:32:34 +09:00			`from anonstream.chat import broadcast`
Logicaler project structure, see rest of commit message Incoming requests are handled in anonstream/routes/. Route handlers mainly depend on files in anonstream/, which in turn depend on files in anonstream/helpers/ and anonstream/utils/. Utils are pure functions and helpers are almost pure functions; they don't mutate state but they do depend on the global app config. 2022-02-17 09:20:51 +09:00			`from anonstream.helpers.user import generate_user`
			`from anonstream.utils.user import generate_token`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00
Some more project structure 2022-02-18 10:32:34 +09:00			`CONFIG = current_app.config`
			`MESSAGES = current_app.messages`
			`USERS_BY_TOKEN = current_app.users_by_token`
			`USERS = current_app.users`

Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`def check_auth(context):`
			`auth = context.authorization`
			`return (`
			`auth is not None`
			`and auth.type == "basic"`
Some more project structure 2022-02-18 10:32:34 +09:00			`and auth.username == CONFIG["AUTH_USERNAME"]`
			`and check_password_hash(CONFIG["AUTH_PWHASH"], auth.password)`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`)`

			`def auth_required(f):`
			`@wraps(f)`
			`async def wrapper(args, *kwargs):`
			`if check_auth(request):`
			`return await f(args, *kwargs)`
			`hint = 'The broadcaster should log in with the credentials printed ' \`
			`'in their terminal.'`
			`body = (`
			`f'<p>{hint}</p>'`
			`if request.authorization is None else`
			`'<p>Wrong username or password. Refresh the page to try again.</p>'`
			`f'<p>{hint}</p>'`
			`)`
			`return body, 401, {'WWW-Authenticate': 'Basic'}`

			`return wrapper`

			`def with_user_from(context):`
			`def with_user_from_context(f):`
			`@wraps(f)`
			`async def wrapper(args, *kwargs):`
			`timestamp = int(time.time())`

			`# Check if broadcaster`
			`broadcaster = check_auth(context)`
			`if broadcaster:`
Some more project structure 2022-02-18 10:32:34 +09:00			`token = CONFIG['AUTH_TOKEN']`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`else:`
			`token = context.args.get('token') or context.cookies.get('token') or generate_token()`

			`# Update / create user`
Some more project structure 2022-02-18 10:32:34 +09:00			`user = USERS_BY_TOKEN.get(token)`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`if user is not None:`
Formalize/tidy user presence logic 2022-02-19 09:35:42 +09:00			`see(user)`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`else:`
			`user = generate_user(`
Some more project structure 2022-02-18 10:32:34 +09:00			`timestamp=timestamp,`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`token=token,`
			`broadcaster=broadcaster,`
			`)`
Some more project structure 2022-02-18 10:32:34 +09:00			`USERS_BY_TOKEN[token] = user`
Setup background tasks, create t_sunset_users task 2022-02-19 12:14:37 +09:00			`broadcast(`
Some more project structure 2022-02-18 10:32:34 +09:00			`USERS,`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`payload={`
			`'type': 'add-user',`
Some more project structure 2022-02-18 10:32:34 +09:00			`'token_hash': user['token_hash'],`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`'user': user_for_websocket(user),`
Reflect appearance changes with js 2022-02-18 14:16:54 +09:00			`},`
Nojs chat, store all user names/colors in js, forget about inactive users Project structure evolving a bit 2022-02-16 18:55:30 +09:00			`)`

			`# Set cookie`
			`response = await f(user, args, *kwargs)`
			`if context.cookies.get('token') != token:`
			`response = await make_response(response)`
			`response.headers['Set-Cookie'] = f'token={token}; path=/'`
			`return response`

			`return wrapper`

			`return with_user_from_context`
Nojs chat: ETag, limit scrollback, timeout notice Limiting scrollback is happening for the js chat too. Also reject long comments. 2022-02-18 21:24:19 +09:00
			`async def render_template_with_etag(args, *kwargs):`
			`rendered_template = await render_template(args, *kwargs)`
			`tag = hashlib.sha256(rendered_template.encode()).hexdigest()`
			`etag = f'W/"{tag}"'`
			`if request.if_none_match.contains_weak(tag):`
			`return '', 304, {'ETag': etag}`
			`else:`
			`return rendered_template, {'ETag': etag}`