diff --git a/paramecio/citoplasma/httputils.py b/paramecio/citoplasma/httputils.py index baff310..bfd71f4 100644 --- a/paramecio/citoplasma/httputils.py +++ b/paramecio/citoplasma/httputils.py @@ -44,7 +44,6 @@ class GetPostFiles: #Clean csrf_token s['csrf_token']='' - s.save() else: diff --git a/paramecio/citoplasma/keyutils.py b/paramecio/citoplasma/keyutils.py index 2ffe7bf..9f92dfa 100644 --- a/paramecio/citoplasma/keyutils.py +++ b/paramecio/citoplasma/keyutils.py @@ -1,6 +1,17 @@ -from hashlib import sha512 +from hashlib import sha512, sha256 +from base64 import b64encode from os import urandom def create_key_encrypt(n=10): return sha512(urandom(n)).hexdigest() + +def create_key_encrypt_256(n=10): + + return sha256(urandom(n)).hexdigest() + +def create_key(n=10): + + rand_bytes=urandom(n) + + return b64encode(rand_bytes).decode('utf-8') diff --git a/paramecio/citoplasma/lists.py b/paramecio/citoplasma/lists.py index b892f5f..c52c5e9 100644 --- a/paramecio/citoplasma/lists.py +++ b/paramecio/citoplasma/lists.py @@ -92,8 +92,6 @@ class SimpleList: self.order_by=self.order_defaults[ order_k ] self.s['order']=order_k - - self.s.save() def obtain_field_search(self): @@ -115,8 +113,6 @@ class SimpleList: self.change_order[field_k]=1 else: self.change_order[field_k]=0 - - self.s.save() self.order_field=self.s['order_field'] @@ -182,5 +178,9 @@ class SimpleList: self.model.yes_reset_conditions=True - return self.t.load_template('utils/list.phtml', simplelist=self, list=list_items, pages=pages) + listing=self.t.load_template('utils/list.phtml', simplelist=self, list=list_items, pages=pages) + + list_items.close() + + return listing diff --git a/paramecio/citoplasma/mtemplates.py b/paramecio/citoplasma/mtemplates.py index a863dfb..4871204 100644 --- a/paramecio/citoplasma/mtemplates.py +++ b/paramecio/citoplasma/mtemplates.py @@ -266,8 +266,6 @@ def set_flash_message(message): s['flash']=message - s.save() - def show_flash_message(): message="" @@ -281,8 +279,6 @@ def show_flash_message(): s['flash']='' - s.save() - return message standard_t=ptemplate(__file__) diff --git a/paramecio/citoplasma/sessions.py b/paramecio/citoplasma/sessions.py index 460e3c6..9bbe132 100644 --- a/paramecio/citoplasma/sessions.py +++ b/paramecio/citoplasma/sessions.py @@ -1,6 +1,8 @@ #!/usr/bin/python3 -from bottle import request +from itsdangerous import JSONWebSignatureSerializer +from paramecio.citoplasma.keyutils import create_key_encrypt, create_key_encrypt_256, create_key +from bottle import request, response try: @@ -10,14 +12,91 @@ except: class config: cookie_name='paramecio_session' + key_encrypt=create_key_encrypt_256(30) + + +class ParamecioSession: + def __init__(self): + self.session=request.environ.get(config.cookie_name) + #self.token=request.get_cookie(config.cookie_name) + + def get(self, name, default_value): + + if not name in self.session: + self.session[name]=default_value + request.environ[config.cookie_name]=self.session + request.environ[config.cookie_name]['save']=True + + return self.session[name] + + def __getitem__(self, key): + + return self.session[key] + + def __setitem__(self, key, value): + + self.session[key]=value + request.environ[config.cookie_name]=self.session + request.environ[config.cookie_name]['save']=True + + def __delitem__(self, key): + + del self.session[key] + request.environ[config.cookie_name]=self.session + request.environ[config.cookie_name]['save']=True + + def __contains__(self, key): + + if key in self.session: + return True + else: + return False + + def __iter__(self): + return self.session + + def __str__(self): + return self.session.__str__() + + def keys(self): + return self.session.keys() + + + +def generate_session(): + + random_text=create_key_encrypt_256(30) + response.set_cookie(config.cookie_name, random_text) + request.environ[config.cookie_name]={'token': random_text} def get_session(): + if config.cookie_name in request.environ: + + return ParamecioSession() + else: + return None + + """ try: - return request.environ.get(config.cookie_name) + # Check if session was loaded, if loaded, get cache + + #return request.environ.get(config.cookie_name) + code_session=request.get_cookie(config.cookie_name) + + try: + + #with fopen(config.session_opts['session.data_dir']) as signed_session: + pass + + + except: + + return {} except: return {} + """ diff --git a/paramecio/cromosoma/formsutils.py b/paramecio/cromosoma/formsutils.py index e3a372c..ee8c468 100644 --- a/paramecio/cromosoma/formsutils.py +++ b/paramecio/cromosoma/formsutils.py @@ -44,8 +44,6 @@ def show_form(post, arr_form, t, yes_error=True, modelform_tpl='forms/modelform. s['csrf_token']=create_key_encrypt() - s.save() - pass_values_to_form(post, arr_form, yes_error) return t.load_template(modelform_tpl, forms=arr_form) @@ -74,7 +72,6 @@ def csrf_token(): s=get_session() s['csrf_token']=create_key_encrypt() - s.save() return '' diff --git a/paramecio/index.py b/paramecio/index.py index 60f8142..6702615 100644 --- a/paramecio/index.py +++ b/paramecio/index.py @@ -1,10 +1,13 @@ -import os, sys, traceback, inspect +import os, sys, traceback, inspect, resource from importlib import import_module -from bottle import route, get, post, run, default_app, abort, request, static_file, load +from bottle import route, get, post, run, default_app, abort, request, response, static_file, load from settings import config, modules -from beaker.middleware import SessionMiddleware +#from beaker.middleware import SessionMiddleware from mimetypes import guess_type from paramecio.cromosoma.webmodel import WebModel +from itsdangerous import JSONWebSignatureSerializer +from paramecio.citoplasma.keyutils import create_key_encrypt, create_key_encrypt_256, create_key +from paramecio.citoplasma.sessions import generate_session #Prepare links for static. #WARNING: only use this feature in development, not in production. @@ -47,8 +50,8 @@ else: pass """ -def print_cookie(): - pass +def print_memory(): + print(resource.getrusage(resource.RUSAGE_SELF).ru_maxrss) #print(request.cookies) routes={} @@ -119,18 +122,76 @@ if config.ssl==True: app = application = default_app() -#app.add_hook('before_request', print_cookie) +app.add_hook('before_request', print_memory) -app.add_hook('after_request', WebModel.close) +#app.add_hook('after_request', WebModel.close) if config.session_enabled==True: #Create dir for sessions + key_encrypt=config.key_encrypt + if 'session_data_dir' in config.session_opts: if not os.path.isdir(config.session_opts['session.data_dir']): os.makedirs(config.session_opts['session.data_dir'], 0o700, True) - app = SessionMiddleware(app, config.session_opts, environ_key=config.cookie_name) + def load_session(): + + code_session=request.get_cookie(config.cookie_name) + + if code_session==None: + # Send cookie + generate_session() + else: + + # Check if file exists + + if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session): + with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f: + + try: + + s = JSONWebSignatureSerializer(key_encrypt) + session_dict=f.read() + request.environ[config.cookie_name]=s.loads(session_dict) + request.environ[config.cookie_name]['token']=code_session + + except: + + # Clean fake session + + try: + os.remove(config.session_opts['session.data_dir']+'/session_'+code_session) + + except: + + pass + + generate_session() + + else: + request.environ[config.cookie_name]={'token': code_session} + + def save_session(): + + save_session=request.environ[config.cookie_name] + if 'save' in save_session: + del save_session['save'] + # Here define the session type, if memcached, save data in memcached + + with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f: + s = JSONWebSignatureSerializer(key_encrypt) + json_encode=s.dumps(save_session) + f.write(json_encode.decode('utf8')) + + #request.environ[config.cookie_name]['save'] + #def save_session() + + app.add_hook('before_request', load_session) + app.add_hook('after_request', save_session) + #def + + #app = SessionMiddleware(app, config.session_opts, environ_key=config.cookie_name) def run_app(app): diff --git a/paramecio/modules/admin/index.py b/paramecio/modules/admin/index.py index ba49020..75dea13 100644 --- a/paramecio/modules/admin/index.py +++ b/paramecio/modules/admin/index.py @@ -237,7 +237,7 @@ def login(): response.set_cookie('remember_login', random_text, expires=timestamp, secret=key_encrypt) #else: #print(user_admin.query_error) - s.save() + #s.save() return {'error': 0} else: @@ -299,7 +299,7 @@ def logout(): del s['login'] del s['privileges'] - s.save() + #s.save() if request.get_cookie("remember_login", secret=key_encrypt): diff --git a/paramecio/modules/lang/index.py b/paramecio/modules/lang/index.py index 9f8f214..093c413 100644 --- a/paramecio/modules/lang/index.py +++ b/paramecio/modules/lang/index.py @@ -12,8 +12,6 @@ def index(lang): s['lang']=lang - s.save() - redirect_url=request.headers.get('Referer') if redirect_url!=None: diff --git a/paramecio/settings/config.py.sample b/paramecio/settings/config.py.sample index 85d26b0..82685f6 100644 --- a/paramecio/settings/config.py.sample +++ b/paramecio/settings/config.py.sample @@ -50,38 +50,14 @@ cookie_name = 'paramecio.session' #More simple sessions. Save the session in a file in ./sessions directory. -""" + session_opts = { 'session.type': 'file', 'session.cookie_expires': False, - 'session.data_dir': './sessions', - 'session.auto': False, # Is better use s.save by performance -} -""" - -# More fast methods for beaker sessions. - -# Method for save info in cipher cookie. Don't use it if you want save many info in the session (cookies have 4k size limit normally). The default. - -session_opts = { - 'session.type': 'cookie', - 'session.cookie_expires': False, - 'session.data_dir': './sessions', - 'session.auto': False, # Is better use s.save by performance - 'session.validate_key': 'im smoking fool' #Key Generated by paramecio cmd using os.random, more secure if you want add or change random characters + 'session.data_dir': './sessions' } -# Method for save info in a memcached server. - -""" -session_opts = { - - 'session.type': 'ext:memcached', - 'session.auto': False, # Is better use session.save by performance - 'session.url': '127.0.0.1:11211' - -} -""" +key_encrypt="im smoking fool" cache_session_opts = {