Commit 58ccdb3b authored by Cédric Le Ninivin's avatar Cédric Le Ninivin

slaprunner: cors allow origin configurable with monitoring interface

parent 47c2fa64
......@@ -43,7 +43,7 @@ mode = 0644
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-runner.cfg
output = ${buildout:directory}/template-runner.cfg.in
md5sum = b5644037da14e79576840975415ee1a4
md5sum = a1987b36e64cc021cb0cee47eee7dde2
mode = 0644
[template-runner-import-script]
......@@ -103,7 +103,7 @@ mode = 0644
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/httpd_conf.in
download-only = true
md5sum = ffbf52ee43e64f58e7a3f64745fd9aab
md5sum = 94bc5d6f1afc4e075d530fed496f47c2
filename = httpd_conf.in
mode = 0644
......@@ -160,6 +160,15 @@ filename = listener_slapgrid.py.in
download-only = true
mode = 0644
[cors-domain-cgi]
recipe = hexagonit.recipe.download
url = ${:_profile_base_location_}/template/${:filename}
download-only = true
md5sum = 4c44d617d5bfd1db8695200e896480c0
destination = ${buildout:parts-directory}/monitor-template-cors-domain-cgi
filename = cors-domain.jinja
mode = 0644
[eggs]
recipe = z3c.recipe.scripts
eggs =
......
......@@ -46,8 +46,7 @@ SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLEngine On
SetEnvIf Origin "http(s)?://(www\.)?(.*)$" AccessControlAllowOrigin=$0$1
Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Include {{ parameters.httpd_cors_file }}
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"
......
......@@ -50,6 +50,7 @@ parts =
monitor-instance-log-access
## Monitor for runner
monitor-current-log-access
monitor-deploy-cors-domain-cgi
extends = ${monitor-template:output}
......@@ -328,6 +329,7 @@ project_public_folder = $${runnerdirectory:public-project}
runner_home = $${runnerdirectory:home}
git_http_backend = ${git:location}/libexec/git-core/git-http-backend
cgi_httpd_conf = $${monitor-httpd-configuration-file:rendered}
httpd_cors_file = $${monitor-httpd-cors:location}
[httpd-conf]
recipe = slapos.recipe.template:jinja2
......@@ -696,3 +698,25 @@ port = $${supervisord:port}
[monitor-current-log-access]
< = monitor-directory-access
source = $${directory:log}
[monitor-deploy-cors-domain-cgi]
recipe = slapos.recipe.template:jinja2
template = ${cors-domain-cgi:location}/${cors-domain-cgi:filename}
rendered = $${monitor-directory:knowledge0-cgi}/$${:filename}
filename = cors-domain.cgi
mode = 0744
context =
raw config_cfg $${buildout:directory}/knowledge0.cfg
raw timestamp $${buildout:directory}/.timestamp
raw python_executable ${buildout:executable}
key apache_file httpd-parameters:httpd_cors_file
key pwd monitor-directory:knowledge0-cgi
key this_file :filename
key httpd_graceful cgi-httpd-graceful-wrapper:rendered
[monitor-httpd-cors]
recipe = plone.recipe.command
command = if [ ! -f $${:location} ]; then touch $${:location}; fi
location = $${directory:etc}/$${:filename}
filename = httpd-cors.cfg
stop-on-error = true
#!{{ python_executable }}
import cgi
import cgitb
import ConfigParser
import os
import re
import subprocess
cgitb.enable(display=0, logdir="/tmp/cgi.log")
form = cgi.FieldStorage()
apache_file = "{{ apache_file }}"
config_file = "{{ config_cfg }}"
if not os.path.exists(config_file):
print "Your software does <b>not</b> embed 0-knowledge. \
This interface is useless in this case</body></html>"
exit(0)
parser = ConfigParser.ConfigParser()
parser.read(config_file)
if not parser.has_section("cors"):
parser.add_section("cors")
if not parser.has_option("cors", "cors-domain"):
parser.set("cors", "cors-domain", "")
if "cors-domain" in form:
parser.set("cors", "cors-domain", form["cors-domain"].value)
cors_domain_list = form["cors-domain"].value.split()
cors_string = ""
for domain in cors_domain_list:
if cors_string:
cors_string += '|'
cors_string += re.escape(domain)
with open(apache_file, 'w') as file:
file.write('SetEnvIf Origin "^http(s)?://(.+\.)?(%s)$" origin_is=$0\n' % cors_string)
file.write('Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is')
subprocess.call('{{ httpd_graceful }}')
cors_domain_parameter = parser.get("cors", "cors-domain")
with open(config_file, 'w') as file:
parser.write(file)
print "<html><head>"
print "<link rel=\"stylesheet\" href=\"static/pure-min.css\">"
print "<link rel=\"stylesheet\" href=\"static/style.css\">"
print "</head><body>"
print "<h1>Cors Domains :</h1>"
print "<p>Enter domain names separated by space to authorized CORS on your dav storage for these domains</p>"
print "<form action=\"/index.cgi\" method=\"post\" class=\"pure-form-aligned\">"
print "<input type=\"hidden\" name=\"posting-script\" value=\"{{ pwd }}/{{ this_file }}\">"
print "<div class=\"pure-control-group\">"
print '<label for="cors-domain">CORS Domains</label>'
print '<input type="text" name="cors-domain" value="%s">' % cors_domain_parameter
print "</div>"
print "<div class=\"pure-controls\"><button type=\"submit\" class=\"pure-button \
pure-button-primary\">Save</button></div></form>"
print "</body></html>"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment