quay/endpoints/decorators.py

""" Various decorators for endpoint and API handlers. """

import logging

from functools import wraps
from flask import abort, request, make_response

import features

from app import app
from auth.auth_context import get_authenticated_context
from util.names import parse_namespace_repository, ImplicitLibraryNamespaceNotAllowed
from util.http import abort

logger = logging.getLogger(__name__)


def parse_repository_name(include_tag=False,
                          ns_kwarg_name='namespace_name',
                          repo_kwarg_name='repo_name',
                          tag_kwarg_name='tag_name',
                          incoming_repo_kwarg='repository'):
  """ Decorator which parses the repository name found in the incoming_repo_kwarg argument,
      and applies its pieces to the decorated function.
  """
  def inner(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
      try:
        repo_name_components = parse_namespace_repository(kwargs[incoming_repo_kwarg],
                                                          app.config['LIBRARY_NAMESPACE'],
                                                          include_tag=include_tag,
                                                          allow_library=features.LIBRARY_SUPPORT)
      except ImplicitLibraryNamespaceNotAllowed:
        abort(400, message='A namespace must be specified explicitly')

      del kwargs[incoming_repo_kwarg]
      kwargs[ns_kwarg_name] = repo_name_components[0]
      kwargs[repo_kwarg_name] = repo_name_components[1]
      if include_tag:
        kwargs[tag_kwarg_name] = repo_name_components[2]
      return func(*args, **kwargs)
    return wrapper
  return inner


def param_required(param_name, allow_body=False):
  """ Marks a route as requiring a parameter with the given name to exist in the request's arguments
      or (if allow_body=True) in its body values. If the parameter is not present, the request will
      fail with a 400.
  """
  def wrapper(wrapped):
    @wraps(wrapped)
    def decorated(*args, **kwargs):
      if param_name not in request.args:
        if not allow_body or param_name not in request.values:
          abort(400, message='Required param: %s' % param_name)
      return wrapped(*args, **kwargs)
    return decorated
  return wrapper


def anon_allowed(func):
  """ Marks a method to allow anonymous access where it would otherwise be disallowed. """
  func.__anon_allowed = True
  return func


def anon_protect(func):
  """ Marks a method as requiring some form of valid user auth before it can be executed. """
  func.__anon_protected = True
  return check_anon_protection(func)


def check_anon_protection(func):
  """ Validates a method as requiring some form of valid user auth before it can be executed. """

  @wraps(func)
  def wrapper(*args, **kwargs):
    # Skip if anonymous access is allowed.
    if features.ANONYMOUS_ACCESS or '__anon_allowed' in dir(func):
      return func(*args, **kwargs)

    # Check for validated context. If none exists, fail with a 401.
    if get_authenticated_context() and not get_authenticated_context().is_anonymous:
      return func(*args, **kwargs)

    abort(401, message='Anonymous access is not allowed')

  return wrapper


def route_show_if(value):
  """ Adds/shows the decorated route if the given value is True. """

  def decorator(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
      if not value:
        abort(404)

      return f(*args, **kwargs)
    return decorated_function
  return decorator


def require_xhr_from_browser(func):
  """ Requires that API GET calls made from browsers are made via XHR, in order to prevent
      reflected text attacks.
  """

  @wraps(func)
  def wrapper(*args, **kwargs):
    if app.config.get('BROWSER_API_CALLS_XHR_ONLY', False):
      if request.method == 'GET' and request.user_agent.browser:
        has_xhr_header = request.headers.get('X-Requested-With') == 'XMLHttpRequest'
        if not has_xhr_header and not app.config.get('DEBUGGING') == True:
          logger.warning('Disallowed possible RTA to URL %s with user agent %s',
                         request.path, request.user_agent)
          abort(400, message='API calls must be invoked with an X-Requested-With header ' +
                'if called from a browser')

    return func(*args, **kwargs)
  return wrapper
Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 21:52:44 +00:00			`""" Various decorators for endpoint and API handlers. """`

Add new decorator to prevent reflected text attacks Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend. 2018-01-29 19:52:50 +00:00			`import logging`

endpoints: clarify repo access decorators 2017-03-23 03:41:31 +00:00			`from functools import wraps`
Move param_required into the decorators module 2017-07-20 15:41:19 +00:00			`from flask import abort, request, make_response`
endpoints: clarify repo access decorators 2017-03-23 03:41:31 +00:00
			`import features`
Move parse_repository_name into decorators 2017-07-20 15:31:22 +00:00
			`from app import app`
Refactor auth code to be cleaner and more extensible We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc). 2018-01-05 21:27:03 +00:00			`from auth.auth_context import get_authenticated_context`
Fix bug which allowed for implicit library namespace access via the V1 registry protocol when the feature flag was off Now we raise a 400 as expected 2018-05-01 10:26:24 +00:00			`from util.names import parse_namespace_repository, ImplicitLibraryNamespaceNotAllowed`
Add new decorator to prevent reflected text attacks Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend. 2018-01-29 19:52:50 +00:00			`from util.http import abort`

			`logger = logging.getLogger(__name__)`
Move parse_repository_name into decorators 2017-07-20 15:31:22 +00:00

			`def parse_repository_name(include_tag=False,`
			`ns_kwarg_name='namespace_name',`
			`repo_kwarg_name='repo_name',`
			`tag_kwarg_name='tag_name',`
			`incoming_repo_kwarg='repository'):`
			`""" Decorator which parses the repository name found in the incoming_repo_kwarg argument,`
			`and applies its pieces to the decorated function.`
			`"""`
			`def inner(func):`
			`@wraps(func)`
			`def wrapper(args, *kwargs):`
Fix bug which allowed for implicit library namespace access via the V1 registry protocol when the feature flag was off Now we raise a 400 as expected 2018-05-01 10:26:24 +00:00			`try:`
			`repo_name_components = parse_namespace_repository(kwargs[incoming_repo_kwarg],`
			`app.config['LIBRARY_NAMESPACE'],`
			`include_tag=include_tag,`
			`allow_library=features.LIBRARY_SUPPORT)`
			`except ImplicitLibraryNamespaceNotAllowed:`
Make API errors more informative Fixes https://jira.coreos.com/browse/QUAY-999 2018-07-08 08:45:33 +00:00			`abort(400, message='A namespace must be specified explicitly')`
Fix bug which allowed for implicit library namespace access via the V1 registry protocol when the feature flag was off Now we raise a 400 as expected 2018-05-01 10:26:24 +00:00
Move parse_repository_name into decorators 2017-07-20 15:31:22 +00:00			`del kwargs[incoming_repo_kwarg]`
			`kwargs[ns_kwarg_name] = repo_name_components[0]`
			`kwargs[repo_kwarg_name] = repo_name_components[1]`
			`if include_tag:`
			`kwargs[tag_kwarg_name] = repo_name_components[2]`
			`return func(args, *kwargs)`
			`return wrapper`
			`return inner`
endpoints: clarify repo access decorators 2017-03-23 03:41:31 +00:00

Move param_required into the decorators module 2017-07-20 15:41:19 +00:00			`def param_required(param_name, allow_body=False):`
			`""" Marks a route as requiring a parameter with the given name to exist in the request's arguments`
			`or (if allow_body=True) in its body values. If the parameter is not present, the request will`
			`fail with a 400.`
			`"""`
			`def wrapper(wrapped):`
			`@wraps(wrapped)`
			`def decorated(args, *kwargs):`
			`if param_name not in request.args:`
			`if not allow_body or param_name not in request.values:`
Make API errors more informative Fixes https://jira.coreos.com/browse/QUAY-999 2018-07-08 08:45:33 +00:00			`abort(400, message='Required param: %s' % param_name)`
Move param_required into the decorators module 2017-07-20 15:41:19 +00:00			`return wrapped(args, *kwargs)`
			`return decorated`
			`return wrapper`


Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 21:52:44 +00:00			`def anon_allowed(func):`
			`""" Marks a method to allow anonymous access where it would otherwise be disallowed. """`
			`func.__anon_allowed = True`
			`return func`


			`def anon_protect(func):`
			`""" Marks a method as requiring some form of valid user auth before it can be executed. """`
Add a test to verify that all important blueprints have all their methods decorated This ensures that we don't accidentally add a blueprint method without either explicitly blacklisting or whitelisting anonymous access 2015-06-02 19:56:44 +00:00			`func.__anon_protected = True`
			`return check_anon_protection(func)`


			`def check_anon_protection(func):`
			`""" Validates a method as requiring some form of valid user auth before it can be executed. """`
Small cleanups to the decorators file 2017-07-20 15:08:24 +00:00
Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 21:52:44 +00:00			`@wraps(func)`
			`def wrapper(args, *kwargs):`
			`# Skip if anonymous access is allowed.`
			`if features.ANONYMOUS_ACCESS or '__anon_allowed' in dir(func):`
			`return func(args, *kwargs)`

			`# Check for validated context. If none exists, fail with a 401.`
Refactor auth code to be cleaner and more extensible We move all the auth handling, serialization and deserialization into a new AuthContext interface, and then standardize a registration model for handling of specific auth context types (user, robot, token, etc). 2018-01-05 21:27:03 +00:00			`if get_authenticated_context() and not get_authenticated_context().is_anonymous:`
Add a feature flag for disabling unauthenticated access to the registry in its entirety. 2015-05-19 21:52:44 +00:00			`return func(args, *kwargs)`

Make API errors more informative Fixes https://jira.coreos.com/browse/QUAY-999 2018-07-08 08:45:33 +00:00			`abort(401, message='Anonymous access is not allowed')`
Small cleanups to the decorators file 2017-07-20 15:08:24 +00:00
Add missing newline at end of decorators.py 2015-05-26 20:48:59 +00:00			`return wrapper`
Move route_show_if into decorators Also removes unused route_hide_if 2017-07-20 15:07:31 +00:00

			`def route_show_if(value):`
			`""" Adds/shows the decorated route if the given value is True. """`
Small cleanups to the decorators file 2017-07-20 15:08:24 +00:00
Move route_show_if into decorators Also removes unused route_hide_if 2017-07-20 15:07:31 +00:00			`def decorator(f):`
			`@wraps(f)`
			`def decorated_function(args, *kwargs):`
			`if not value:`
			`abort(404)`

			`return f(args, *kwargs)`
			`return decorated_function`
			`return decorator`
Add new decorator to prevent reflected text attacks Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend. 2018-01-29 19:52:50 +00:00

			`def require_xhr_from_browser(func):`
			`""" Requires that API GET calls made from browsers are made via XHR, in order to prevent`
			`reflected text attacks.`
			`"""`

			`@wraps(func)`
			`def wrapper(args, *kwargs):`
			`if app.config.get('BROWSER_API_CALLS_XHR_ONLY', False):`
			`if request.method == 'GET' and request.user_agent.browser:`
			`has_xhr_header = request.headers.get('X-Requested-With') == 'XMLHttpRequest'`
Temporarily change to storing logs in a new LogEntry2 table This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt Fixes https://jira.coreos.com/browse/QUAY-943 2018-05-18 16:54:38 +00:00			`if not has_xhr_header and not app.config.get('DEBUGGING') == True:`
Add new decorator to prevent reflected text attacks Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend. 2018-01-29 19:52:50 +00:00			`logger.warning('Disallowed possible RTA to URL %s with user agent %s',`
Temporarily change to storing logs in a new LogEntry2 table This will prevent us from running out of auto-incrementing ID values until such time as we can upgrade to peewee 3 and change the field type to a BigInt Fixes https://jira.coreos.com/browse/QUAY-943 2018-05-18 16:54:38 +00:00			`request.path, request.user_agent)`
Make API errors more informative Fixes https://jira.coreos.com/browse/QUAY-999 2018-07-08 08:45:33 +00:00			`abort(400, message='API calls must be invoked with an X-Requested-With header ' +`
			`'if called from a browser')`
Add new decorator to prevent reflected text attacks Instead of disabling repo names with periods in them, we simply disallow calls to the API when they are GET requests, whose path ends in a dot, and that do not have a referrer from the frontend. 2018-01-29 19:52:50 +00:00
			`return func(args, *kwargs)`
			`return wrapper`