From 65ae7d992a42db125f83e899ac5284b4ec3c2241 Mon Sep 17 00:00:00 2001 From: Ben Graham Date: Thu, 2 Aug 2012 14:58:17 +1000 Subject: [PATCH 1/4] initial hacking --- headphones/webfilters.py | 50 ++++++++++++++++++++++++++++++++++++++++ headphones/webserve.py | 6 +++-- 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 headphones/webfilters.py diff --git a/headphones/webfilters.py b/headphones/webfilters.py new file mode 100644 index 00000000..50d369c3 --- /dev/null +++ b/headphones/webfilters.py @@ -0,0 +1,50 @@ +# This file is part of Headphones. +# +# Headphones is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Headphones is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Headphones. If not, see . + +from cherrypy.filters.basefilter import BaseFilter +import cherrypy + + + +class HTTPSFilter(BaseFilter): + + """This filter is based on a guide at http://www.turbogears.org/1.0/docs/Install/RedirectHttpsRequests.html + + It's purpose is to allow Headphones to issue redirects with the + correct protocol (HTTP/HTTPS) when being served behind a + HTTPS-handling proxy. + """ + + def before_request_body(self): + forwarded_ssl_triggers = { + 'X-Forwarded-Protocol': 'SSL', + 'X-Forwarded-Ssl': 'On', + } + request = cherrypy.request + headers = request.headers + forwarded_ssl = reduce( + lambda x, y: x | headers.get(y).lower() == forwarded_ssl_triggers[y].lower(), + forwarded_ssl_triggers.keys(), + False + ) + if forwarded_ssl: + # base = config.get('https_filter.secure_base_url') + # if base is None: + # if config.get('base_url_filter.use_x_forwarded_host', False): + # base = headers.get('X-Forwarded-Host', 'localhost') + # else: + # base = 'localhost' + # request.base = 'https://' + base + request.headers['X-ForwardedSslDetected'] = Yes diff --git a/headphones/webserve.py b/headphones/webserve.py index 2b2e89fd..ec2045e4 100644 --- a/headphones/webserve.py +++ b/headphones/webserve.py @@ -25,7 +25,7 @@ import threading import headphones -from headphones import logger, searcher, db, importer, mb, lastfm, librarysync +from headphones import logger, searcher, db, importer, mb, lastfm, librarysync, webfilters from headphones.helpers import checked, radio import lib.simplejson as simplejson @@ -46,7 +46,9 @@ def serve_template(templatename, **kwargs): return exceptions.html_error_template().render() class WebInterface(object): - + + _cp_filters = [webfilters.HTTPSFilter()] + def index(self): raise cherrypy.HTTPRedirect("home") index.exposed=True From 8ce64e551eeffff4b2c78856a6d6585a06c72c2e Mon Sep 17 00:00:00 2001 From: Ben Graham Date: Thu, 2 Aug 2012 17:16:28 +1000 Subject: [PATCH 2/4] OK, so that turned out to be easier than I expected --- headphones/webstart.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/headphones/webstart.py b/headphones/webstart.py index b3659f55..13465bff 100644 --- a/headphones/webstart.py +++ b/headphones/webstart.py @@ -35,7 +35,8 @@ def initialize(options={}): conf = { '/': { - 'tools.staticdir.root': os.path.join(headphones.PROG_DIR, 'data') + 'tools.staticdir.root': os.path.join(headphones.PROG_DIR, 'data'), + 'tools.proxy.on': True, # pay attention to X-Forwarded-Proto header }, '/interfaces':{ 'tools.staticdir.on': True, From 6c157a8c034efcde01150243e83b026aa0fdb187 Mon Sep 17 00:00:00 2001 From: Ben Graham Date: Thu, 2 Aug 2012 17:21:49 +1000 Subject: [PATCH 3/4] This file is no longer needed --- headphones/webfilters.py | 50 ---------------------------------------- 1 file changed, 50 deletions(-) delete mode 100644 headphones/webfilters.py diff --git a/headphones/webfilters.py b/headphones/webfilters.py deleted file mode 100644 index 50d369c3..00000000 --- a/headphones/webfilters.py +++ /dev/null @@ -1,50 +0,0 @@ -# This file is part of Headphones. -# -# Headphones is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Headphones is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Headphones. If not, see . - -from cherrypy.filters.basefilter import BaseFilter -import cherrypy - - - -class HTTPSFilter(BaseFilter): - - """This filter is based on a guide at http://www.turbogears.org/1.0/docs/Install/RedirectHttpsRequests.html - - It's purpose is to allow Headphones to issue redirects with the - correct protocol (HTTP/HTTPS) when being served behind a - HTTPS-handling proxy. - """ - - def before_request_body(self): - forwarded_ssl_triggers = { - 'X-Forwarded-Protocol': 'SSL', - 'X-Forwarded-Ssl': 'On', - } - request = cherrypy.request - headers = request.headers - forwarded_ssl = reduce( - lambda x, y: x | headers.get(y).lower() == forwarded_ssl_triggers[y].lower(), - forwarded_ssl_triggers.keys(), - False - ) - if forwarded_ssl: - # base = config.get('https_filter.secure_base_url') - # if base is None: - # if config.get('base_url_filter.use_x_forwarded_host', False): - # base = headers.get('X-Forwarded-Host', 'localhost') - # else: - # base = 'localhost' - # request.base = 'https://' + base - request.headers['X-ForwardedSslDetected'] = Yes From 18fcd4d15d5bc505599705de2ceab2b3c1ffe9b3 Mon Sep 17 00:00:00 2001 From: Ben Graham Date: Thu, 2 Aug 2012 17:23:56 +1000 Subject: [PATCH 4/4] reverse-merge earlier changes to this file, they are no longer needed --- headphones/webserve.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/headphones/webserve.py b/headphones/webserve.py index ec2045e4..2b2e89fd 100644 --- a/headphones/webserve.py +++ b/headphones/webserve.py @@ -25,7 +25,7 @@ import threading import headphones -from headphones import logger, searcher, db, importer, mb, lastfm, librarysync, webfilters +from headphones import logger, searcher, db, importer, mb, lastfm, librarysync from headphones.helpers import checked, radio import lib.simplejson as simplejson @@ -46,9 +46,7 @@ def serve_template(templatename, **kwargs): return exceptions.html_error_template().render() class WebInterface(object): - - _cp_filters = [webfilters.HTTPSFilter()] - + def index(self): raise cherrypy.HTTPRedirect("home") index.exposed=True