Commit c45c2295 authored by Julien Muchembled's avatar Julien Muchembled

erp5_web_shadir: more useful checks

See also nexedi/slapos.libnetworkcache@319b8b18
parent 76bc24f1
Pipeline #25360 failed with stage
......@@ -25,10 +25,11 @@
#
##############################################################################
import hashlib
import json
import validictory
from base64 import b64decode
from binascii import a2b_hex
from zExceptions import BadRequest
from Products.ERP5Type.UnrestrictedMethod import super_user
......@@ -39,17 +40,10 @@ def WebSection_getDocumentValue(self, key, portal=None, language=None,\
- POST /<key>
+ parameters required:
* file: the name of the file
* urlmd5: mdsum of orginal url
* sha512: the hash (sha512) of the file content
+ parameters not required:
* valid-until: the date which the file must be expired
* architecture: computer architecture
Used to add information on shadir server.
- GET /<key>
Return list of information for a given key
Raise HTTP error (404) if key does not exist
......@@ -83,16 +77,17 @@ def WebSection_setObject(self, id, ob, **kw):
"""
portal = self.getPortalObject()
data = self.REQUEST.get('BODY')
schema = self.WebSite_getJSONSchema()
structure = json.loads(data)
# 0 elementh in structure is json in json
# 1 elementh is just signature
structure = [json.loads(structure[0]), structure[1]]
validictory.validate(structure, schema)
file_name = structure[0].get('file', None)
expiration_date = structure[0].get('expiration_date', None)
try:
metadata, signature = json.loads(data)
metadata = json.loads(metadata)
# a few basic checks
b64decode(signature)
if len(a2b_hex(metadata['sha512'])) != 64:
raise Exception('sha512: invalid length')
except Exception as e:
raise BadRequest(str(e))
expiration_date = metadata.get('expiration_date')
data_set = portal.portal_catalog.getResultValue(portal_type='Data Set',
reference=id)
......@@ -105,7 +100,6 @@ def WebSection_setObject(self, id, ob, **kw):
reference = hashlib.sha512(data).hexdigest()
ob.setFilename(file_name)
ob.setFollowUp(data_set.getRelativeUrl())
ob.setContentType('application/json')
ob.setReference(reference)
......@@ -131,4 +125,3 @@ def WebSection_putFactory(self, name, typ, body):
filename=name,
discover_metadata=False)
return document
......@@ -74,33 +74,6 @@
<key> <string>action</string> </key>
<value> <string>validate</string> </value>
</item>
<item>
<key> <string>actor</string> </key>
<value> <string>ERP5TypeTestCase</string> </value>
</item>
<item>
<key> <string>comment</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>time</string> </key>
<value>
<object>
<klass>
<global name="DateTime" module="DateTime.DateTime"/>
</klass>
<tuple>
<none/>
</tuple>
<state>
<tuple>
<float>1377844502.87</float>
<string>GMT+9</string>
</tuple>
</state>
</object>
</value>
</item>
<item>
<key> <string>validation_state</string> </key>
<value> <string>validated</string> </value>
......
return {
'type': 'array',
'items': [
{'type': 'object',
'properties':{
'file':{
'type': 'string',
'required': True,
},
'urlmd5': {
'type': 'string',
'required': True,
},
'sha512': {
'type': 'string',
'required': True,
},
'creation_date': {
'type': 'string',
'required': False,
},
'expiration_date': {
'type': 'string',
'required': False,
},
'distribution': {
'type': 'string',
'required': False,
},
'architecture': {
'type': 'string',
'required': False,
},
}
},
{'type': 'string',
'blank': True},
]
}
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>WebSite_getJSONSchema</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment