mirror of
https://github.com/avatao-content/baseimage-tutorial-framework
synced 2024-11-23 00:31:31 +00:00
Validate token in controller's HTTP handlers
This commit is contained in:
parent
019ce53b39
commit
dda470fc93
@ -17,7 +17,7 @@ class ControllerResponder:
|
|||||||
def handle_controller_request(self, stream, msg_parts):
|
def handle_controller_request(self, stream, msg_parts):
|
||||||
key, data = deserialize_all(*msg_parts)
|
key, data = deserialize_all(*msg_parts)
|
||||||
response = self.controller_request_handlers[key](data)
|
response = self.controller_request_handlers[key](data)
|
||||||
stream.send_multipart(serialize_all(key, response))
|
stream.send_multipart(serialize_all(self.token, response))
|
||||||
|
|
||||||
def handle_test_request(self, data):
|
def handle_test_request(self, data):
|
||||||
return 'OK'
|
return 'OK'
|
||||||
|
@ -1,15 +1,19 @@
|
|||||||
from tornado.web import RequestHandler
|
import secrets
|
||||||
|
from tornado.web import RequestHandler, HTTPError
|
||||||
|
|
||||||
from tfw.config.logs import logging
|
from tfw.config.logs import logging
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
|
|
||||||
class SolutionCheckHandler(RequestHandler):
|
class SolutionCheckHandler(RequestHandler):
|
||||||
def initialize(self, solvable_connector):
|
def initialize(self, solvable_connector, token):
|
||||||
self.solvable_connector = solvable_connector
|
self.solvable_connector = solvable_connector
|
||||||
|
self.token = token
|
||||||
|
|
||||||
async def get(self):
|
async def get(self):
|
||||||
log.debug('Sending request to solvable')
|
log.debug('Sending request to solvable')
|
||||||
self.solvable_connector.send('solution_check', {})
|
self.solvable_connector.send('solution_check', {})
|
||||||
resp_key, resp_data = await self.solvable_connector.recv()
|
resp_token, resp_data = await self.solvable_connector.recv()
|
||||||
|
if not secrets.compare_digest(self.token, resp_token):
|
||||||
|
raise HTTPError(500, 'Solvable didn\'t provide initial token.')
|
||||||
log.debug('Received answer from solvable')
|
log.debug('Received answer from solvable')
|
||||||
self.write(resp_data)
|
self.write(resp_data)
|
||||||
|
@ -1,11 +1,15 @@
|
|||||||
from tornado.web import RequestHandler
|
import secrets
|
||||||
|
from tornado.web import RequestHandler, HTTPError
|
||||||
|
|
||||||
|
|
||||||
class TestHandler(RequestHandler):
|
class TestHandler(RequestHandler):
|
||||||
def initialize(self, solvable_connector):
|
def initialize(self, solvable_connector, token):
|
||||||
self.solvable_connector = solvable_connector
|
self.solvable_connector = solvable_connector
|
||||||
|
self.token = token
|
||||||
|
|
||||||
async def get(self):
|
async def get(self):
|
||||||
self.solvable_connector.send('test', {})
|
self.solvable_connector.send('test', {})
|
||||||
resp_key, resp_data = await self.solvable_connector.recv()
|
resp_token, resp_data = await self.solvable_connector.recv()
|
||||||
|
if not secrets.compare_digest(self.token, resp_token):
|
||||||
|
raise HTTPError(500, 'Solvable didn\'t provide initial token.')
|
||||||
self.write(resp_data)
|
self.write(resp_data)
|
||||||
|
Loading…
Reference in New Issue
Block a user