paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added new session system, more simple

Browse source
This commit is contained in:
Antonio de la Rosa 2016-04-13 03:20:50 +02:00
parent 79a7f2291d
commit 4bebd7a6c4
10 changed files with 172 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

1
paramecio/citoplasma/httputils.py
View file

@ -44,7 +44,6 @@ class GetPostFiles:
#Clean csrf_token #Clean csrf_token
s['csrf_token']='' s['csrf_token']=''
s.save()
else: else:

13
paramecio/citoplasma/keyutils.py
View file

@ -1,6 +1,17 @@
from hashlib import sha512 from hashlib import sha512, sha256
from base64 import b64encode
from os import urandom from os import urandom
def create_key_encrypt(n=10): def create_key_encrypt(n=10):
return sha512(urandom(n)).hexdigest() return sha512(urandom(n)).hexdigest()
def create_key_encrypt_256(n=10):
return sha256(urandom(n)).hexdigest()
def create_key(n=10):
rand_bytes=urandom(n)
return b64encode(rand_bytes).decode('utf-8')

10
paramecio/citoplasma/lists.py
View file

@ -93,8 +93,6 @@ class SimpleList:
self.s['order']=order_k self.s['order']=order_k
self.s.save()
def obtain_field_search(self): def obtain_field_search(self):
self.s['order_field']=self.s.get('order_field', self.model.name_field_id) self.s['order_field']=self.s.get('order_field', self.model.name_field_id)
@ -116,8 +114,6 @@ class SimpleList:
else: else:
self.change_order[field_k]=0 self.change_order[field_k]=0
self.s.save()
self.order_field=self.s['order_field'] self.order_field=self.s['order_field']
def search(self): def search(self):
@ -182,5 +178,9 @@ class SimpleList:
self.model.yes_reset_conditions=True self.model.yes_reset_conditions=True
return self.t.load_template('utils/list.phtml', simplelist=self, list=list_items, pages=pages) listing=self.t.load_template('utils/list.phtml', simplelist=self, list=list_items, pages=pages)
list_items.close()
return listing

4
paramecio/citoplasma/mtemplates.py
View file

@ -266,8 +266,6 @@ def set_flash_message(message):
s['flash']=message s['flash']=message
s.save()
def show_flash_message(): def show_flash_message():
message="" message=""
@ -281,8 +279,6 @@ def show_flash_message():
s['flash']='' s['flash']=''
s.save()
return message return message
standard_t=ptemplate(__file__) standard_t=ptemplate(__file__)

83
paramecio/citoplasma/sessions.py
View file

@ -1,6 +1,8 @@
#!/usr/bin/python3 #!/usr/bin/python3
from bottle import request from itsdangerous import JSONWebSignatureSerializer
from paramecio.citoplasma.keyutils import create_key_encrypt, create_key_encrypt_256, create_key
from bottle import request, response
try: try:
@ -10,14 +12,91 @@ except:
class config: class config:
cookie_name='paramecio_session' cookie_name='paramecio_session'
key_encrypt=create_key_encrypt_256(30)
class ParamecioSession:
def __init__(self):
self.session=request.environ.get(config.cookie_name)
#self.token=request.get_cookie(config.cookie_name)
def get(self, name, default_value):
if not name in self.session:
self.session[name]=default_value
request.environ[config.cookie_name]=self.session
request.environ[config.cookie_name]['save']=True
return self.session[name]
def __getitem__(self, key):
return self.session[key]
def __setitem__(self, key, value):
self.session[key]=value
request.environ[config.cookie_name]=self.session
request.environ[config.cookie_name]['save']=True
def __delitem__(self, key):
del self.session[key]
request.environ[config.cookie_name]=self.session
request.environ[config.cookie_name]['save']=True
def __contains__(self, key):
if key in self.session:
return True
else:
return False
def __iter__(self):
return self.session
def __str__(self):
return self.session.__str__()
def keys(self):
return self.session.keys()
def generate_session():
random_text=create_key_encrypt_256(30)
response.set_cookie(config.cookie_name, random_text)
request.environ[config.cookie_name]={'token': random_text}
def get_session(): def get_session():
if config.cookie_name in request.environ:
return ParamecioSession()
else:
return None
"""
try: try:
return request.environ.get(config.cookie_name) # Check if session was loaded, if loaded, get cache
#return request.environ.get(config.cookie_name)
code_session=request.get_cookie(config.cookie_name)
try:
#with fopen(config.session_opts['session.data_dir']) as signed_session:
pass
except: except:
return {} return {}
except:
return {}
"""

3
paramecio/cromosoma/formsutils.py
View file

@ -44,8 +44,6 @@ def show_form(post, arr_form, t, yes_error=True, modelform_tpl='forms/modelform.
s['csrf_token']=create_key_encrypt() s['csrf_token']=create_key_encrypt()
s.save()
pass_values_to_form(post, arr_form, yes_error) pass_values_to_form(post, arr_form, yes_error)
return t.load_template(modelform_tpl, forms=arr_form) return t.load_template(modelform_tpl, forms=arr_form)
@ -74,7 +72,6 @@ def csrf_token():
s=get_session() s=get_session()
s['csrf_token']=create_key_encrypt() s['csrf_token']=create_key_encrypt()
s.save()
return '<input type="hidden" name="csrf_token" id="csrf_token" value="'+s['csrf_token']+'" />' return '<input type="hidden" name="csrf_token" id="csrf_token" value="'+s['csrf_token']+'" />'

77
paramecio/index.py
View file

@ -1,10 +1,13 @@
import os, sys, traceback, inspect import os, sys, traceback, inspect, resource
from importlib import import_module from importlib import import_module
from bottle import route, get, post, run, default_app, abort, request, static_file, load from bottle import route, get, post, run, default_app, abort, request, response, static_file, load
from settings import config, modules from settings import config, modules
from beaker.middleware import SessionMiddleware #from beaker.middleware import SessionMiddleware
from mimetypes import guess_type from mimetypes import guess_type
from paramecio.cromosoma.webmodel import WebModel from paramecio.cromosoma.webmodel import WebModel
from itsdangerous import JSONWebSignatureSerializer
from paramecio.citoplasma.keyutils import create_key_encrypt, create_key_encrypt_256, create_key
from paramecio.citoplasma.sessions import generate_session
#Prepare links for static. #Prepare links for static.
#WARNING: only use this feature in development, not in production. #WARNING: only use this feature in development, not in production.
@ -47,8 +50,8 @@ else:
pass pass
""" """
def print_cookie(): def print_memory():
pass print(resource.getrusage(resource.RUSAGE_SELF).ru_maxrss)
#print(request.cookies) #print(request.cookies)
routes={} routes={}
@ -119,18 +122,76 @@ if config.ssl==True:
app = application = default_app() app = application = default_app()
#app.add_hook('before_request', print_cookie) app.add_hook('before_request', print_memory)
app.add_hook('after_request', WebModel.close) #app.add_hook('after_request', WebModel.close)
if config.session_enabled==True: if config.session_enabled==True:
#Create dir for sessions #Create dir for sessions
key_encrypt=config.key_encrypt
if 'session_data_dir' in config.session_opts: if 'session_data_dir' in config.session_opts:
if not os.path.isdir(config.session_opts['session.data_dir']): if not os.path.isdir(config.session_opts['session.data_dir']):
os.makedirs(config.session_opts['session.data_dir'], 0o700, True) os.makedirs(config.session_opts['session.data_dir'], 0o700, True)
app = SessionMiddleware(app, config.session_opts, environ_key=config.cookie_name) def load_session():
code_session=request.get_cookie(config.cookie_name)
if code_session==None:
# Send cookie
generate_session()
else:
# Check if file exists
if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session):
with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f:
try:
s = JSONWebSignatureSerializer(key_encrypt)
session_dict=f.read()
request.environ[config.cookie_name]=s.loads(session_dict)
request.environ[config.cookie_name]['token']=code_session
except:
# Clean fake session
try:
os.remove(config.session_opts['session.data_dir']+'/session_'+code_session)
except:
pass
generate_session()
else:
request.environ[config.cookie_name]={'token': code_session}
def save_session():
save_session=request.environ[config.cookie_name]
if 'save' in save_session:
del save_session['save']
# Here define the session type, if memcached, save data in memcached
with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f:
s = JSONWebSignatureSerializer(key_encrypt)
json_encode=s.dumps(save_session)
f.write(json_encode.decode('utf8'))
#request.environ[config.cookie_name]['save']
#def save_session()
app.add_hook('before_request', load_session)
app.add_hook('after_request', save_session)
#def
#app = SessionMiddleware(app, config.session_opts, environ_key=config.cookie_name)
def run_app(app): def run_app(app):

4
paramecio/modules/admin/index.py
View file

@ -237,7 +237,7 @@ def login():
response.set_cookie('remember_login', random_text, expires=timestamp, secret=key_encrypt) response.set_cookie('remember_login', random_text, expires=timestamp, secret=key_encrypt)
#else: #else:
#print(user_admin.query_error) #print(user_admin.query_error)
s.save() #s.save()
return {'error': 0} return {'error': 0}
else: else:
@ -299,7 +299,7 @@ def logout():
del s['login'] del s['login']
del s['privileges'] del s['privileges']
s.save() #s.save()
if request.get_cookie("remember_login", secret=key_encrypt): if request.get_cookie("remember_login", secret=key_encrypt):

2
paramecio/modules/lang/index.py
View file

@ -12,8 +12,6 @@ def index(lang):
s['lang']=lang s['lang']=lang
s.save()
redirect_url=request.headers.get('Referer') redirect_url=request.headers.get('Referer')
if redirect_url!=None: if redirect_url!=None:

30
paramecio/settings/config.py.sample
View file

@ -50,38 +50,14 @@ cookie_name = 'paramecio.session'
#More simple sessions. Save the session in a file in ./sessions directory. #More simple sessions. Save the session in a file in ./sessions directory.
"""
session_opts = { session_opts = {
'session.type': 'file', 'session.type': 'file',
'session.cookie_expires': False, 'session.cookie_expires': False,
'session.data_dir': './sessions', 'session.data_dir': './sessions'
'session.auto': False, # Is better use s.save by performance
}
"""
# More fast methods for beaker sessions.
# Method for save info in cipher cookie. Don't use it if you want save many info in the session (cookies have 4k size limit normally). The default.
session_opts = {
'session.type': 'cookie',
'session.cookie_expires': False,
'session.data_dir': './sessions',
'session.auto': False, # Is better use s.save by performance
'session.validate_key': 'im smoking fool' #Key Generated by paramecio cmd using os.random, more secure if you want add or change random characters
} }
# Method for save info in a memcached server. key_encrypt="im smoking fool"
"""
session_opts = {
'session.type': 'ext:memcached',
'session.auto': False, # Is better use session.save by performance
'session.url': '127.0.0.1:11211'
}
"""
cache_session_opts = { cache_session_opts = {