1 # Copyright (C) 2015 Ipsilon Contributors see COPYING for license
4 from ipsilon.util.log import Log
5 from ipsilon.util.user import UserSession
6 from urllib import unquote
8 from urlparse import urlparse
10 # pylint: disable=no-name-in-module, import-error
11 from urllib.parse import urlparse
15 def __init__(self, site):
17 self.basepath = cherrypy.config.get('base.mount', "")
19 self.default_headers = dict()
20 self.auth_protect = False
23 return cherrypy.url(relative=False)
25 def instance_base_url(self):
27 s = urlparse(unquote(url))
28 return '%s://%s%s' % (s.scheme, s.netloc, self.basepath)
30 def _check_referer(self, referer, url):
31 r = urlparse(unquote(referer))
32 u = urlparse(unquote(url))
33 if r.scheme != u.scheme:
35 if r.netloc != u.netloc:
37 if r.path.startswith(self.basepath):
41 def __call__(self, *args, **kwargs):
42 # pylint: disable=star-args
43 cherrypy.response.headers.update(self.default_headers)
45 self.user = UserSession().get_user()
47 if self.auth_protect and self.user.is_anonymous:
48 raise cherrypy.HTTPError(401)
50 self._debug("method: %s" % cherrypy.request.method)
51 op = getattr(self, cherrypy.request.method, None)
53 # Basic CSRF protection
54 if cherrypy.request.method != 'GET':
56 if 'referer' not in cherrypy.request.headers:
57 self._debug("Missing referer in %s request to %s"
58 % (cherrypy.request.method, url))
59 raise cherrypy.HTTPError(403)
60 referer = cherrypy.request.headers['referer']
61 if not self._check_referer(referer, url):
62 self._debug("Wrong referer %s in request to %s"
64 raise cherrypy.HTTPError(403)
65 return op(*args, **kwargs)
67 op = getattr(self, 'root', None)
69 return op(*args, **kwargs)
71 return self.default(*args, **kwargs)
73 def default(self, *args, **kwargs):
74 raise cherrypy.NotFound()
76 def add_subtree(self, name, page):
77 self.__dict__[name] = page
79 def del_subtree(self, name):
80 del self.__dict__[name]