Back to index

moin  1.9.0~rc2
Classes | Functions | Variables
MoinMoin.web.utils Namespace Reference

Classes

class  UniqueIDGenerator

Functions

def check_forbidden
def check_surge_protect
def redirect_last_visited
def fatal_response

Variables

tuple logging = log.getLogger(__name__)
string FATALTMPL

Function Documentation

Simple action and host access checks

Spider agents are checked against the called actions,
hosts against the blacklist. Raises Forbidden if triggered.

Definition at line 21 of file utils.py.

00021 
00022 def check_forbidden(request):
00023     """ Simple action and host access checks
00024 
00025     Spider agents are checked against the called actions,
00026     hosts against the blacklist. Raises Forbidden if triggered.
00027     """
00028     args = request.args
00029     action = args.get('action')
00030     if ((args or request.method != 'GET') and
00031         action not in ['rss_rc', 'show', 'sitemap'] and
00032         not (action == 'AttachFile' and args.get('do') == 'get')):
00033         if request.isSpiderAgent:
00034             raise Forbidden()
00035     if request.cfg.hosts_deny:
00036         remote_addr = request.remote_addr
00037         for host in request.cfg.hosts_deny:
00038             if host[-1] == '.' and remote_addr.startswith(host):
00039                 logging.debug("hosts_deny (net): %s" % remote_addr)
00040                 raise Forbidden()
00041             if remote_addr == host:
00042                 logging.debug("hosts_deny (ip): %s" % remote_addr)
00043                 raise Forbidden()
00044     return False

Here is the caller graph for this function:

def MoinMoin.web.utils.check_surge_protect (   request,
  kick = False 
)
Check for excessive requests

Raises a SurgeProtection exception on wiki overuse.

@param request: a moin request object

Definition at line 45 of file utils.py.

00045 
00046 def check_surge_protect(request, kick=False):
00047     """ Check for excessive requests
00048 
00049     Raises a SurgeProtection exception on wiki overuse.
00050 
00051     @param request: a moin request object
00052     """
00053     limits = request.cfg.surge_action_limits
00054     if not limits:
00055         return False
00056 
00057     remote_addr = request.remote_addr or ''
00058     if remote_addr.startswith('127.'):
00059         return False
00060 
00061     validuser = request.user.valid
00062     current_id = validuser and request.user.name or remote_addr
00063     current_action = request.action
00064 
00065     default_limit = limits.get('default', (30, 60))
00066 
00067     now = int(time.time())
00068     surgedict = {}
00069     surge_detected = False
00070 
00071     try:
00072         # if we have common farm users, we could also use scope='farm':
00073         cache = caching.CacheEntry(request, 'surgeprotect', 'surge-log', scope='wiki', use_encode=True)
00074         if cache.exists():
00075             data = cache.content()
00076             data = data.split("\n")
00077             for line in data:
00078                 try:
00079                     id, t, action, surge_indicator = line.split("\t")
00080                     t = int(t)
00081                     maxnum, dt = limits.get(action, default_limit)
00082                     if t >= now - dt:
00083                         events = surgedict.setdefault(id, {})
00084                         timestamps = events.setdefault(action, [])
00085                         timestamps.append((t, surge_indicator))
00086                 except StandardError:
00087                     pass
00088 
00089         maxnum, dt = limits.get(current_action, default_limit)
00090         events = surgedict.setdefault(current_id, {})
00091         timestamps = events.setdefault(current_action, [])
00092         surge_detected = len(timestamps) > maxnum
00093 
00094         surge_indicator = surge_detected and "!" or ""
00095         timestamps.append((now, surge_indicator))
00096         if surge_detected:
00097             if len(timestamps) < maxnum * 2:
00098                 timestamps.append((now + request.cfg.surge_lockout_time, surge_indicator)) # continue like that and get locked out
00099 
00100         if current_action not in ('cache', 'AttachFile', ): # don't add cache/AttachFile accesses to all or picture galleries will trigger SP
00101             current_action = 'all' # put a total limit on user's requests
00102             maxnum, dt = limits.get(current_action, default_limit)
00103             events = surgedict.setdefault(current_id, {})
00104             timestamps = events.setdefault(current_action, [])
00105 
00106             if kick: # ban this guy, NOW
00107                 timestamps.extend([(now + request.cfg.surge_lockout_time, "!")] * (2 * maxnum))
00108 
00109             surge_detected = surge_detected or len(timestamps) > maxnum
00110 
00111             surge_indicator = surge_detected and "!" or ""
00112             timestamps.append((now, surge_indicator))
00113             if surge_detected:
00114                 if len(timestamps) < maxnum * 2:
00115                     timestamps.append((now + request.cfg.surge_lockout_time, surge_indicator)) # continue like that and get locked out
00116 
00117         data = []
00118         for id, events in surgedict.items():
00119             for action, timestamps in events.items():
00120                 for t, surge_indicator in timestamps:
00121                     data.append("%s\t%d\t%s\t%s" % (id, t, action, surge_indicator))
00122         data = "\n".join(data)
00123         cache.update(data)
00124     except StandardError:
00125         pass
00126 
00127     if surge_detected and validuser and request.user.auth_method in request.cfg.auth_methods_trusted:
00128         logging.info("Trusted user %s would have triggered surge protection if not trusted.", request.user.name)
00129         return False
00130     elif surge_detected:
00131         raise SurgeProtection(retry_after=request.cfg.surge_lockout_time)
00132     else:
00133         return False

Here is the caller graph for this function:

Create a response from MoinMoin.error.FatalError instances. 

Definition at line 237 of file utils.py.

00237 
00238 def fatal_response(error):
00239     """ Create a response from MoinMoin.error.FatalError instances. """
00240     html = FATALTMPL % dict(title=error.__class__.__name__,
00241                             body=str(error))
00242     return Response(html, status=500, mimetype='text/html')

Here is the caller graph for this function:

Definition at line 134 of file utils.py.

00134 
00135 def redirect_last_visited(request):
00136     pagetrail = request.user.getTrail()
00137     if pagetrail:
00138         # Redirect to last page visited
00139         last_visited = pagetrail[-1]
00140         wikiname, pagename = wikiutil.split_interwiki(last_visited)
00141         if wikiname != 'Self':
00142             wikitag, wikiurl, wikitail, error = wikiutil.resolve_interwiki(request, wikiname, pagename)
00143             url = wikiurl + wikiutil.quoteWikinameURL(wikitail)
00144         else:
00145             url = Page(request, pagename).url(request)
00146     else:
00147         # Or to localized FrontPage
00148         url = wikiutil.getFrontPage(request).url(request)
00149     url = request.getQualifiedURL(url)
00150     return abort(redirect(url))

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Initial value:
00001 """
00002 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
00003 <html>
00004 <head><title>%(title)s</title></head>
00005 <body><h1>%(title)s</h1>
00006 <pre>
00007 %(body)s
00008 </pre></body></html>
00009 """

Definition at line 228 of file utils.py.

Definition at line 19 of file utils.py.