slaprunner: cors allow origin configurable with monitoring interface

58ccdb3b · Cédric Le Ninivin · 47c2fa64 · 58ccdb3b · 58ccdb3b · 58ccdb3b
Commit 58ccdb3b authored Sep 15, 2014 by Cédric Le Ninivin
4 changed files
--- a/software/slaprunner/common.cfg
+++ b/software/slaprunner/common.cfg
@@ -43,7 +43,7 @@ mode = 0644
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-runner.cfg
 output = ${buildout:directory}/template-runner.cfg.in
-md5sum = b5644037da14e79576840975415ee1a4
+md5sum = a1987b36e64cc021cb0cee47eee7dde2
 mode = 0644

 [template-runner-import-script]
@@ -103,7 +103,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/httpd_conf.in
 download-only = true
-md5sum = ffbf52ee43e64f58e7a3f64745fd9aab
+md5sum = 94bc5d6f1afc4e075d530fed496f47c2
 filename = httpd_conf.in
 mode = 0644

@@ -160,6 +160,15 @@ filename = listener_slapgrid.py.in
 download-only = true
 mode = 0644

+[cors-domain-cgi]
+recipe = hexagonit.recipe.download
+url = ${:_profile_base_location_}/template/${:filename}
+download-only = true
+md5sum = 4c44d617d5bfd1db8695200e896480c0
+destination = ${buildout:parts-directory}/monitor-template-cors-domain-cgi
+filename = cors-domain.jinja
+mode = 0644
+
 [eggs]
 recipe = z3c.recipe.scripts
 eggs =

--- a/software/slaprunner/httpd_conf.in
+++ b/software/slaprunner/httpd_conf.in
@@ -46,8 +46,7 @@ SSLHonorCipherOrder On
 SSLCipherSuite RC4-SHA:HIGH:!ADH
 SSLEngine   On

-SetEnvIf Origin "http(s)?://(www\.)?(.*)$" AccessControlAllowOrigin=$0$1
-Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
+Include {{ parameters.httpd_cors_file }}
 Header set Access-Control-Allow-Credentials "true"
 Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
 Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"

--- a/software/slaprunner/instance-runner.cfg
+++ b/software/slaprunner/instance-runner.cfg
@@ -50,6 +50,7 @@ parts =
  monitor-instance-log-access
 ## Monitor for runner
  monitor-current-log-access
+  monitor-deploy-cors-domain-cgi

 extends = ${monitor-template:output}

@@ -328,6 +329,7 @@ project_public_folder = $${runnerdirectory:public-project}
 runner_home = $${runnerdirectory:home}
 git_http_backend = ${git:location}/libexec/git-core/git-http-backend
 cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
+httpd_cors_file = $${monitor-httpd-cors:location}

 [httpd-conf]
 recipe = slapos.recipe.template:jinja2
@@ -696,3 +698,25 @@ port = $${supervisord:port}
 [monitor-current-log-access]
 < = monitor-directory-access
 source = $${directory:log}
+
+[monitor-deploy-cors-domain-cgi]
+recipe = slapos.recipe.template:jinja2
+template = ${cors-domain-cgi:location}/${cors-domain-cgi:filename}
+rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
+filename = cors-domain.cgi
+mode = 0744
+context =
+  raw config_cfg $${buildout:directory}/knowledge0.cfg
+  raw timestamp $${buildout:directory}/.timestamp
+  raw python_executable ${buildout:executable}
+  key apache_file httpd-parameters:httpd_cors_file
+  key pwd monitor-directory:knowledge0-cgi
+  key this_file :filename
+  key httpd_graceful cgi-httpd-graceful-wrapper:rendered
+
+[monitor-httpd-cors]
+recipe = plone.recipe.command
+command = if [ ! -f $${:location} ]; then touch $${:location}; fi
+location = $${directory:etc}/$${:filename}
+filename = httpd-cors.cfg
+stop-on-error = true
--- a/software/slaprunner/template/cors-domain.jinja
+++ b/software/slaprunner/template/cors-domain.jinja
+#!{{ python_executable }}
+
+import cgi
+import cgitb
+import ConfigParser
+import os
+import re
+import subprocess
+
+cgitb.enable(display=0, logdir="/tmp/cgi.log")
+form = cgi.FieldStorage()
+
+apache_file = "{{ apache_file }}"
+config_file = "{{ config_cfg }}"
+
+
+if not os.path.exists(config_file):
+  print "Your software does <b>not</b> embed 0-knowledge. \
+  This interface is useless in this case</body></html>"
+  exit(0)
+
+
+parser = ConfigParser.ConfigParser()
+parser.read(config_file)
+if not parser.has_section("cors"):
+  parser.add_section("cors")
+
+if not parser.has_option("cors", "cors-domain"):
+  parser.set("cors", "cors-domain", "")
+
+if "cors-domain" in form:
+  parser.set("cors", "cors-domain", form["cors-domain"].value)
+  cors_domain_list = form["cors-domain"].value.split()
+  cors_string = ""
+  for domain in cors_domain_list:
+    if cors_string:
+      cors_string += '|'
+    cors_string += re.escape(domain)
+  with open(apache_file, 'w') as file:
+    file.write('SetEnvIf Origin "^http(s)?://(.+\.)?(%s)$" origin_is=$0\n' % cors_string)
+    file.write('Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is')
+  subprocess.call('{{ httpd_graceful }}')
+
+cors_domain_parameter = parser.get("cors", "cors-domain")
+
+with open(config_file, 'w') as file:
+  parser.write(file)
+
+print "<html><head>"
+print "<link rel=\"stylesheet\" href=\"static/pure-min.css\">"
+print "<link rel=\"stylesheet\" href=\"static/style.css\">"
+print "</head><body>"
+print "<h1>Cors Domains :</h1>"
+print "<p>Enter domain names separated by space to authorized CORS on your dav storage for these domains</p>"
+print "<form action=\"/index.cgi\" method=\"post\" class=\"pure-form-aligned\">"
+print "<input type=\"hidden\" name=\"posting-script\" value=\"{{ pwd }}/{{ this_file }}\">"
+print "<div class=\"pure-control-group\">"
+print '<label for="cors-domain">CORS Domains</label>'
+print '<input type="text" name="cors-domain" value="%s">' % cors_domain_parameter
+print "</div>"
+print "<div class=\"pure-controls\"><button type=\"submit\" class=\"pure-button \
+ pure-button-primary\">Save</button></div></form>"
+print "</body></html>"