-
-
Save notmyname/a3cbb534b2d49c2813cbf6da0634d135 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/swift/common/middleware/decrypter.py b/swift/common/middleware/decrypter.py | |
index c0cb6f0..70787e6 100644 | |
--- a/swift/common/middleware/decrypter.py | |
+++ b/swift/common/middleware/decrypter.py | |
@@ -29,7 +29,7 @@ from swift.common.request_helpers import strip_user_meta_prefix, is_user_meta,\ | |
from swift.common.swob import Request, HTTPException, HTTPInternalServerError | |
from swift.common.utils import get_logger, config_true_value, \ | |
parse_content_range, closing_if_possible, parse_content_type, \ | |
- FileLikeIter, multipart_byteranges_to_document_iters | |
+ FileLikeIter, multipart_byteranges_to_document_iters, public | |
DECRYPT_CHUNK_SIZE = 65536 | |
@@ -272,6 +272,7 @@ class DecrypterObjContext(BaseDecrypterContext): | |
for chunk in resp: | |
yield decrypt_ctxt.update(chunk) | |
+ @public | |
def GET(self, req, start_response): | |
app_resp = self._app_call(req.environ) | |
@@ -326,6 +327,7 @@ class DecrypterObjContext(BaseDecrypterContext): | |
return resp_iter | |
+ @public | |
def HEAD(self, req, start_response): | |
app_resp = self._app_call(req.environ) | |
@@ -349,6 +351,7 @@ class DecrypterContContext(BaseDecrypterContext): | |
super(DecrypterContContext, self).__init__( | |
decrypter, 'container', logger) | |
+ @public | |
def GET(self, req, start_response): | |
app_resp = self._app_call(req.environ) | |
@@ -433,21 +436,22 @@ class Decrypter(object): | |
except ValueError: | |
return self.app(env, start_response) | |
- if parts[3] and hasattr(DecrypterObjContext, req.method): | |
- dec_context = DecrypterObjContext(self, self.logger) | |
- elif parts[2] and hasattr(DecrypterContContext, req.method): | |
- dec_context = DecrypterContContext(self, self.logger) | |
+ if parts[3]: | |
+ dec_context = DecrypterObjContext | |
+ elif parts[2]: | |
+ dec_context = DecrypterContContext | |
else: | |
- # url and/or request verb is not handled by decrypter | |
- dec_context = None | |
- | |
- if dec_context: | |
- try: | |
- return getattr(dec_context, req.method)(req, start_response) | |
- except HTTPException as err_resp: | |
- return err_resp(env, start_response) | |
- | |
- return self.app(env, start_response) | |
+ # pass through | |
+ return self.app(env, start_response) | |
+ handler = getattr(dec_context, req.method, None) | |
+ if handler is None or \ | |
+ getattr(handler, 'publicly_accessible', False) is not True: | |
+ # pass through, don't return/raise an error | |
+ return self.app(env, start_response) | |
+ try: | |
+ return handler(dec_context(self, self.logger), req, start_response) | |
+ except HTTPException as err_resp: | |
+ return err_resp(env, start_response) | |
def filter_factory(global_conf, **local_conf): | |
diff --git a/swift/common/middleware/encrypter.py b/swift/common/middleware/encrypter.py | |
index e486205..64bef69 100644 | |
--- a/swift/common/middleware/encrypter.py | |
+++ b/swift/common/middleware/encrypter.py | |
@@ -24,7 +24,7 @@ from swift.common.request_helpers import get_object_transient_sysmeta, \ | |
strip_user_meta_prefix, is_user_meta, update_etag_is_at_header | |
from swift.common.swob import Request, Match, HTTPException, \ | |
HTTPUnprocessableEntity | |
-from swift.common.utils import get_logger, config_true_value | |
+from swift.common.utils import get_logger, config_true_value, public | |
def encrypt_header_val(crypto, value, key, iv_base=None): | |
@@ -211,6 +211,7 @@ class EncrypterObjContext(CryptoWSGIContext): | |
short_name = strip_user_meta_prefix(self.server_type, name) | |
req.headers[prefix + short_name] = dump_crypto_meta(meta) | |
+ @public | |
def PUT(self, req, start_response): | |
self._check_headers(req) | |
keys = self.get_keys(req.environ, required=['object', 'container']) | |
@@ -234,6 +235,7 @@ class EncrypterObjContext(CryptoWSGIContext): | |
self._response_exc_info) | |
return resp | |
+ @public | |
def POST(self, req, start_response): | |
""" | |
Encrypt the new object headers with a new iv and the current crypto. | |
@@ -282,9 +284,11 @@ class EncrypterObjContext(CryptoWSGIContext): | |
self._response_exc_info) | |
return resp | |
+ @public | |
def HEAD(self, req, start_response): | |
return self.handle_get_or_head(req, start_response) | |
+ @public | |
def GET(self, req, start_response): | |
return self.handle_get_or_head(req, start_response) | |
@@ -313,16 +317,16 @@ class Encrypter(object): | |
except ValueError: | |
return self.app(env, start_response) | |
- if hasattr(EncrypterObjContext, req.method): | |
- # handle only those request methods that may require keys | |
- enc_context = EncrypterObjContext(self, self.logger) | |
- try: | |
- return getattr(enc_context, req.method)(req, start_response) | |
- except HTTPException as err_resp: | |
- return err_resp(env, start_response) | |
- | |
- # anything else | |
- return self.app(env, start_response) | |
+ enc_context = EncrypterObjContext | |
+ handler = getattr(enc_context, req.method, None) | |
+ if handler is None or \ | |
+ getattr(handler, 'publicly_accessible', False) is not True: | |
+ # pass through, don't return/raise an error | |
+ return self.app(env, start_response) | |
+ try: | |
+ return handler(enc_context(self, self.logger), req, start_response) | |
+ except HTTPException as err_resp: | |
+ return err_resp(env, start_response) | |
def filter_factory(global_conf, **local_conf): | |
diff --git a/swift/common/middleware/keymaster.py b/swift/common/middleware/keymaster.py | |
index eec2dce..cc8a3c3 100644 | |
--- a/swift/common/middleware/keymaster.py | |
+++ b/swift/common/middleware/keymaster.py | |
@@ -30,6 +30,7 @@ import os | |
from swift.common.middleware.crypto_utils import CRYPTO_KEY_CALLBACK | |
from swift.common.swob import Request, HTTPException | |
+from swift.common.utils import public | |
from swift.common.wsgi import WSGIContext | |
@@ -95,15 +96,19 @@ class KeyMasterContext(WSGIContext): | |
self._response_exc_info) | |
return resp | |
+ @public | |
def PUT(self, req, start_response): | |
return self._handle_request(req, start_response) | |
+ @public | |
def POST(self, req, start_response): | |
return self._handle_request(req, start_response) | |
+ @public | |
def GET(self, req, start_response): | |
return self._handle_request(req, start_response) | |
+ @public | |
def HEAD(self, req, start_response): | |
return self._handle_request(req, start_response) | |
@@ -130,16 +135,17 @@ class KeyMaster(object): | |
except ValueError: | |
return self.app(env, start_response) | |
- if hasattr(KeyMasterContext, req.method): | |
- # handle only those request methods that may require keys | |
- km_context = KeyMasterContext(self, *parts[1:]) | |
- try: | |
- return getattr(km_context, req.method)(req, start_response) | |
- except HTTPException as err_resp: | |
- return err_resp(env, start_response) | |
- | |
- # anything else | |
- return self.app(env, start_response) | |
+ # handle only those request methods that may require keys | |
+ km_context = KeyMasterContext | |
+ handler = getattr(km_context, req.method, None) | |
+ if handler is None or \ | |
+ getattr(handler, 'publicly_accessible', False) is not True: | |
+ # pass through, don't return/raise an error | |
+ return self.app(env, start_response) | |
+ try: | |
+ return handler(km_context(self, *parts[1:]), req, start_response) | |
+ except HTTPException as err_resp: | |
+ return err_resp(env, start_response) | |
def create_key(self, key_id): | |
return hmac.new(self.root_secret, key_id, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment