Commit cab93b20 authored by Daniele Venzano's avatar Daniele Venzano

Merge CORS and other API changes. OAuth was left out for now.

parents 844dcc69 e331f298
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
from tornado.web import RequestHandler from tornado.web import RequestHandler
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
from zoe_api.rest_api.utils import catch_exceptions from zoe_api.rest_api.utils import catch_exceptions, manage_cors_headers
class DiscoveryAPI(RequestHandler): class DiscoveryAPI(RequestHandler):
...@@ -30,14 +30,7 @@ class DiscoveryAPI(RequestHandler): ...@@ -30,14 +30,7 @@ class DiscoveryAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET")
self.set_header("Access-Control-Max-Age", "1000")
def options(self): def options(self):
"""Needed for CORS.""" """Needed for CORS."""
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
from tornado.web import RequestHandler from tornado.web import RequestHandler
import tornado.escape import tornado.escape
from zoe_api.rest_api.utils import catch_exceptions, get_auth from zoe_api.rest_api.utils import catch_exceptions, get_auth, manage_cors_headers
import zoe_api.exceptions import zoe_api.exceptions
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
...@@ -32,14 +32,7 @@ class ExecutionAPI(RequestHandler): ...@@ -32,14 +32,7 @@ class ExecutionAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET, DELETE")
self.set_header("Access-Control-Max-Age", "1000")
def options(self, execution_id): def options(self, execution_id):
"""Needed for CORS.""" """Needed for CORS."""
...@@ -82,22 +75,6 @@ class ExecutionDeleteAPI(RequestHandler): ...@@ -82,22 +75,6 @@ class ExecutionDeleteAPI(RequestHandler):
"""Initializes the request handler.""" """Initializes the request handler."""
self.api_endpoint = kwargs['api_endpoint'] # type: APIEndpoint self.api_endpoint = kwargs['api_endpoint'] # type: APIEndpoint
def set_default_headers(self):
"""Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None:
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, DELETE")
self.set_header("Access-Control-Max-Age", "1000")
def options(self, execution_id):
"""Needed for CORS."""
self.set_status(204)
self.finish()
@catch_exceptions @catch_exceptions
def delete(self, execution_id: int): def delete(self, execution_id: int):
""" """
...@@ -125,22 +102,6 @@ class ExecutionCollectionAPI(RequestHandler): ...@@ -125,22 +102,6 @@ class ExecutionCollectionAPI(RequestHandler):
"""Initializes the request handler.""" """Initializes the request handler."""
self.api_endpoint = kwargs['api_endpoint'] # type: APIEndpoint self.api_endpoint = kwargs['api_endpoint'] # type: APIEndpoint
def set_default_headers(self):
"""Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None:
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET, POST")
self.set_header("Access-Control-Max-Age", "1000")
def options(self):
"""Needed for CORS."""
self.set_status(204)
self.finish()
@catch_exceptions @catch_exceptions
def get(self): def get(self):
""" """
......
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
from tornado.web import RequestHandler from tornado.web import RequestHandler
from zoe_api.rest_api.utils import catch_exceptions from zoe_api.rest_api.utils import catch_exceptions, manage_cors_headers
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
from zoe_lib.config import get_conf from zoe_lib.config import get_conf
...@@ -33,14 +33,7 @@ class InfoAPI(RequestHandler): ...@@ -33,14 +33,7 @@ class InfoAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET")
self.set_header("Access-Control-Max-Age", "1000")
def options(self): def options(self):
"""Needed for CORS.""" """Needed for CORS."""
......
# Copyright (c) 2016, Daniele Venzano # Copyright (c) 2016, Quang-Nhat Hoang-Xuan
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
...@@ -16,7 +16,8 @@ ...@@ -16,7 +16,8 @@
"""The Info API endpoint.""" """The Info API endpoint."""
from tornado.web import RequestHandler from tornado.web import RequestHandler
from zoe_api.rest_api.utils import get_auth, catch_exceptions from zoe_api.rest_api.utils import get_auth, catch_exceptions, manage_cors_headers
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
class LoginAPI(RequestHandler): class LoginAPI(RequestHandler):
...@@ -28,14 +29,7 @@ class LoginAPI(RequestHandler): ...@@ -28,14 +29,7 @@ class LoginAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET, DELETE")
self.set_header("Access-Control-Max-Age", "1000")
self.set_header("Access-Control-Allow-Credentials", "true")
@catch_exceptions @catch_exceptions
def options(self): def options(self):
...@@ -48,9 +42,9 @@ class LoginAPI(RequestHandler): ...@@ -48,9 +42,9 @@ class LoginAPI(RequestHandler):
"""HTTP GET method.""" """HTTP GET method."""
uid, role = get_auth(self) uid, role = get_auth(self)
cookieVal = uid + '.' + role cookie_val = uid + '.' + role
self.set_secure_cookie('zoe', cookieVal) self.set_secure_cookie('zoe', cookie_val)
ret = { ret = {
'uid': uid, 'uid': uid,
......
...@@ -20,7 +20,7 @@ import logging ...@@ -20,7 +20,7 @@ import logging
from tornado.web import RequestHandler from tornado.web import RequestHandler
from zoe_api.rest_api.utils import catch_exceptions, get_auth from zoe_api.rest_api.utils import catch_exceptions, get_auth, manage_cors_headers
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
...@@ -37,14 +37,7 @@ class ServiceAPI(RequestHandler): ...@@ -37,14 +37,7 @@ class ServiceAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET")
self.set_header("Access-Control-Max-Age", "1000")
@catch_exceptions @catch_exceptions
def options(self, service_id): def options(self, service_id):
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
from tornado.web import RequestHandler from tornado.web import RequestHandler
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
from zoe_api.rest_api.utils import catch_exceptions from zoe_api.rest_api.utils import catch_exceptions, manage_cors_headers
class SchedulerStatsAPI(RequestHandler): class SchedulerStatsAPI(RequestHandler):
...@@ -30,14 +30,7 @@ class SchedulerStatsAPI(RequestHandler): ...@@ -30,14 +30,7 @@ class SchedulerStatsAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else:
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET")
self.set_header("Access-Control-Max-Age", "1000")
@catch_exceptions @catch_exceptions
def options(self): def options(self):
......
# Copyright (c) 2016, Daniele Venzano # Copyright (c) 2016, Quang-Nhat Hoang-Xuan
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
...@@ -16,7 +16,8 @@ ...@@ -16,7 +16,8 @@
"""The Info API endpoint.""" """The Info API endpoint."""
from tornado.web import RequestHandler from tornado.web import RequestHandler
from zoe_api.rest_api.utils import get_auth, catch_exceptions from zoe_api.rest_api.utils import get_auth, catch_exceptions, manage_cors_headers
from zoe_api.api_endpoint import APIEndpoint # pylint: disable=unused-import
class UserInfoAPI(RequestHandler): class UserInfoAPI(RequestHandler):
...@@ -28,21 +29,14 @@ class UserInfoAPI(RequestHandler): ...@@ -28,21 +29,14 @@ class UserInfoAPI(RequestHandler):
def set_default_headers(self): def set_default_headers(self):
"""Set up the headers for enabling CORS.""" """Set up the headers for enabling CORS."""
if self.request.headers.get('Origin') is None: manage_cors_headers(self)
self.set_header("Access-Control-Allow-Origin", "*")
else: @catch_exceptions
self.set_header("Access-Control-Allow-Origin", self.request.headers.get('Origin'))
self.set_header("Access-Control-Allow-Credentials", "true")
self.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
self.set_header("Access-Control-Allow-Methods", "OPTIONS, GET, DELETE")
self.set_header("Access-Control-Max-Age", "1000")
@catch_exceptions
def options(self): def options(self):
"""Needed for CORS.""" """Needed for CORS."""
self.set_status(204) self.set_status(204)
self.finish() self.finish()
@catch_exceptions @catch_exceptions
def get(self): def get(self):
"""HTTP GET method.""" """HTTP GET method."""
......
...@@ -120,3 +120,15 @@ def get_auth(handler: tornado.web.RequestHandler): ...@@ -120,3 +120,15 @@ def get_auth(handler: tornado.web.RequestHandler):
log.debug('Authentication done using auth-mechanism') log.debug('Authentication done using auth-mechanism')
return uid, role return uid, role
def manage_cors_headers(handler: tornado.web.RequestHandler):
"""Set up the headers for enabling CORS."""
if handler.request.headers.get('Origin') is None:
handler.set_header("Access-Control-Allow-Origin", "*")
else:
handler.set_header("Access-Control-Allow-Origin", handler.request.headers.get('Origin'))
handler.set_header("Access-Control-Allow-Credentials", "true")
handler.set_header("Access-Control-Allow-Headers", "x-requested-with, Content-Type, origin, authorization, accept, client-security-token")
handler.set_header("Access-Control-Allow-Methods", "OPTIONS, GET, DELETE")
handler.set_header("Access-Control-Max-Age", "1000")
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment