Validate token in controller's HTTP handlers

2024-11-22 19:41:32 +00:00 · 2018-02-13 13:39:27 +01:00 · 2018-02-13 13:39:27 +01:00 · dda470fc93
commit dda470fc93
parent 019ce53b39
3 changed files with 15 additions and 7 deletions
--- a/lib/tfw/networking/server/controller_responder.py
+++ b/lib/tfw/networking/server/controller_responder.py
@ -17,7 +17,7 @@ class ControllerResponder:
    def handle_controller_request(self, stream, msg_parts):
        key, data = deserialize_all(*msg_parts)
        response = self.controller_request_handlers[key](data)
-        stream.send_multipart(serialize_all(key, response))
+        stream.send_multipart(serialize_all(self.token, response))

    def handle_test_request(self, data):
        return 'OK'
--- a/src/controller/handlers/solution_check_handler.py
+++ b/src/controller/handlers/solution_check_handler.py
@ -1,15 +1,19 @@
-from tornado.web import RequestHandler
+import secrets
+from tornado.web import RequestHandler, HTTPError

 from tfw.config.logs import logging
 log = logging.getLogger(__name__)

 class SolutionCheckHandler(RequestHandler):
-    def initialize(self, solvable_connector):
+    def initialize(self, solvable_connector, token):
        self.solvable_connector = solvable_connector
+        self.token = token

    async def get(self):
        log.debug('Sending request to solvable')
        self.solvable_connector.send('solution_check', {})
-        resp_key, resp_data = await self.solvable_connector.recv()
+        resp_token, resp_data = await self.solvable_connector.recv()
+        if not secrets.compare_digest(self.token, resp_token):
+            raise HTTPError(500, 'Solvable didn\'t provide initial token.')
        log.debug('Received answer from solvable')
        self.write(resp_data)
--- a/src/controller/handlers/test_handler.py
+++ b/src/controller/handlers/test_handler.py
@ -1,11 +1,15 @@
-from tornado.web import RequestHandler
+import secrets
+from tornado.web import RequestHandler, HTTPError


 class TestHandler(RequestHandler):
-    def initialize(self, solvable_connector):
+    def initialize(self, solvable_connector, token):
        self.solvable_connector = solvable_connector
+        self.token = token

    async def get(self):
        self.solvable_connector.send('test', {})
-        resp_key, resp_data = await self.solvable_connector.recv()
+        resp_token, resp_data = await self.solvable_connector.recv()
+        if not secrets.compare_digest(self.token, resp_token):
+            raise HTTPError(500, 'Solvable didn\'t provide initial token.')
        self.write(resp_data)