Validate token in controller's HTTP handlers

This commit is contained in:
Bálint Bokros 2018-02-13 13:39:27 +01:00
parent 019ce53b39
commit dda470fc93
3 changed files with 15 additions and 7 deletions

View File

@ -17,7 +17,7 @@ class ControllerResponder:
def handle_controller_request(self, stream, msg_parts): def handle_controller_request(self, stream, msg_parts):
key, data = deserialize_all(*msg_parts) key, data = deserialize_all(*msg_parts)
response = self.controller_request_handlers[key](data) response = self.controller_request_handlers[key](data)
stream.send_multipart(serialize_all(key, response)) stream.send_multipart(serialize_all(self.token, response))
def handle_test_request(self, data): def handle_test_request(self, data):
return 'OK' return 'OK'

View File

@ -1,15 +1,19 @@
from tornado.web import RequestHandler import secrets
from tornado.web import RequestHandler, HTTPError
from tfw.config.logs import logging from tfw.config.logs import logging
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
class SolutionCheckHandler(RequestHandler): class SolutionCheckHandler(RequestHandler):
def initialize(self, solvable_connector): def initialize(self, solvable_connector, token):
self.solvable_connector = solvable_connector self.solvable_connector = solvable_connector
self.token = token
async def get(self): async def get(self):
log.debug('Sending request to solvable') log.debug('Sending request to solvable')
self.solvable_connector.send('solution_check', {}) self.solvable_connector.send('solution_check', {})
resp_key, resp_data = await self.solvable_connector.recv() resp_token, resp_data = await self.solvable_connector.recv()
if not secrets.compare_digest(self.token, resp_token):
raise HTTPError(500, 'Solvable didn\'t provide initial token.')
log.debug('Received answer from solvable') log.debug('Received answer from solvable')
self.write(resp_data) self.write(resp_data)

View File

@ -1,11 +1,15 @@
from tornado.web import RequestHandler import secrets
from tornado.web import RequestHandler, HTTPError
class TestHandler(RequestHandler): class TestHandler(RequestHandler):
def initialize(self, solvable_connector): def initialize(self, solvable_connector, token):
self.solvable_connector = solvable_connector self.solvable_connector = solvable_connector
self.token = token
async def get(self): async def get(self):
self.solvable_connector.send('test', {}) self.solvable_connector.send('test', {})
resp_key, resp_data = await self.solvable_connector.recv() resp_token, resp_data = await self.solvable_connector.recv()
if not secrets.compare_digest(self.token, resp_token):
raise HTTPError(500, 'Solvable didn\'t provide initial token.')
self.write(resp_data) self.write(resp_data)