| 1 | # |
|---|
| 2 | # This files allows to delegate authentication for every URL within a domain |
|---|
| 3 | # to a web2py app within the same domain |
|---|
| 4 | # If you are logged in the app, you have access to the URL |
|---|
| 5 | # even if the URL is not a web2py URL |
|---|
| 6 | # |
|---|
| 7 | # in /etc/apache2/sites-available/default |
|---|
| 8 | # |
|---|
| 9 | # <VirtualHost *:80> |
|---|
| 10 | # WSGIDaemonProcess web2py user=www-data group=www-data |
|---|
| 11 | # WSGIProcessGroup web2py |
|---|
| 12 | # WSGIScriptAlias / /home/www-data/web2py/wsgihandler.py |
|---|
| 13 | # |
|---|
| 14 | # AliasMatch ^myapp/whatever/myfile /path/to/myfile |
|---|
| 15 | # <Directory /path/to/> |
|---|
| 16 | # WSGIAccessScript /path/to/web2py/scripts/access.wsgi |
|---|
| 17 | # </Directory> |
|---|
| 18 | # </VirtualHost> |
|---|
| 19 | # |
|---|
| 20 | # in yourapp/controllers/default.py |
|---|
| 21 | # |
|---|
| 22 | # def check_access(): |
|---|
| 23 | # request_uri = request.vars.request_uri |
|---|
| 24 | # return 'true' if auth.is_logged_in() else 'false' |
|---|
| 25 | # |
|---|
| 26 | # start web2py as deamon |
|---|
| 27 | # |
|---|
| 28 | # nohup python web2py.py -a '' -p 8002 |
|---|
| 29 | # |
|---|
| 30 | # now try visit: |
|---|
| 31 | # |
|---|
| 32 | # http://domain/myapp/whatever/myfile |
|---|
| 33 | # |
|---|
| 34 | # and you will have access ONLY if you are logged into myapp |
|---|
| 35 | # |
|---|
| 36 | |
|---|
| 37 | URL_CHECK_ACCESS = 'http://127.0.0.1:8002/%(app)s/default/check_access' |
|---|
| 38 | PY2 = sys.version_info[0] == 2 |
|---|
| 39 | |
|---|
| 40 | def allow_access(environ,host): |
|---|
| 41 | if PY2: |
|---|
| 42 | import urllib2 |
|---|
| 43 | from urllib import urlencode |
|---|
| 44 | else: |
|---|
| 45 | from urllib import request as urllib2 |
|---|
| 46 | from urllib.parse import urlencode |
|---|
| 47 | |
|---|
| 48 | import os |
|---|
| 49 | import datetime |
|---|
| 50 | header = '%s @ %s ' % (datetime.datetime.now(),host) + '='*20 |
|---|
| 51 | pprint = '\n'.join('%s:%s' % item for item in environ.items()) |
|---|
| 52 | filename = os.path.join(os.path.dirname(__file__),'access.wsgi.log') |
|---|
| 53 | f = open(filename,'a') |
|---|
| 54 | try: |
|---|
| 55 | f.write('\n'+header+'\n'+pprint+'\n') |
|---|
| 56 | finally: |
|---|
| 57 | f.close() |
|---|
| 58 | app = environ['REQUEST_URI'].split('/')[1] |
|---|
| 59 | keys = [key for key in environ if key.startswith('HTTP_')] |
|---|
| 60 | headers = {} |
|---|
| 61 | for key in environ: |
|---|
| 62 | if key.startswith('HTTP_'): |
|---|
| 63 | headers[key[5:]] = environ[key] # this passes the cookies through! |
|---|
| 64 | try: |
|---|
| 65 | data = urlencode({'request_uri':environ['REQUEST_URI']}) |
|---|
| 66 | request = urllib2.Request(URL_CHECK_ACCESS % dict(app=app),data,headers) |
|---|
| 67 | response = urllib2.urlopen(request).read().strip().lower() |
|---|
| 68 | if response.startswith('true'): return True |
|---|
| 69 | except: pass |
|---|
| 70 | return False |
|---|
