swift 2.32.1__py2.py3-none-any.whl → 2.33.1__py2.py3-none-any.whl

swift/common/middleware/staticweb.py

@@ -59,7 +59,8 @@ requests for paths not found.
 
 For pseudo paths that have no <index.name>, this middleware can serve HTML file
 listings if you set the ``X-Container-Meta-Web-Listings: true`` metadata item
-on the container.
+on the container. Note that the listing must be authorized; you may want a
+container ACL like ``X-Container-Read: .r:*,.rlistings``.
 
 If listings are enabled, the listings can have a custom style sheet by setting
 the X-Container-Meta-Web-Listings-CSS header. For instance, setting
@@ -68,6 +69,17 @@ the .../listing.css style sheet. If you "view source" in your browser on a
 listing page, you will see the well defined document structure that can be
 styled.
 
+Additionally, prefix-based :ref:`tempurl` parameters may be used to authorize
+requests instead of making the whole container publicly readable. This gives
+clients dynamic discoverability of the objects available within that prefix.
+
+.. note::
+
+    ``temp_url_prefix`` values should typically end with a slash (``/``) when
+    used with StaticWeb. StaticWeb's redirects will not carry over any TempURL
+    parameters, as they likely indicate that the user created an overly-broad
+    TempURL.
+
 By default, the listings will be rendered with a label of
 "Listing of /v1/account/container/path".  This can be altered by
 setting a ``X-Container-Meta-Web-Listings-Label: <label>``.  For example,
@@ -137,6 +149,7 @@ from swift.common.wsgi import make_env, WSGIContext
 from swift.common.http import is_success, is_redirection, HTTP_NOT_FOUND
 from swift.common.swob import Response, HTTPMovedPermanently, HTTPNotFound, \
     Request, wsgi_quote, wsgi_to_str, str_to_wsgi
+from swift.common.middleware.tempurl import get_temp_url_info
 from swift.proxy.controllers.base import get_container_info
 
 
@@ -225,7 +238,7 @@ class _StaticWebContext(WSGIContext):
             self._dir_type = meta.get('web-directory-type', '').strip()
         return container_info
 
-    def _listing(self, env, start_response, prefix=None):
+    def _listing(self, env, start_response, prefix=''):
         """
         Sends an HTML object listing to the remote client.
 
@@ -240,8 +253,7 @@ class _StaticWebContext(WSGIContext):
                                      '/'.join(groups[4:]))
 
         if not config_true_value(self._listings):
-            body = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 ' \
-                'Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">\n' \
+            body = '<!DOCTYPE html>\n' \
                 '<html>\n' \
                 '<head>\n' \
                 '<title>Listing of %s</title>\n' % html_escape(label)
@@ -285,9 +297,28 @@ class _StaticWebContext(WSGIContext):
         if prefix and not listing:
             resp = HTTPNotFound()(env, self._start_response)
             return self._error_response(resp, env, start_response)
-        headers = {'Content-Type': 'text/html; charset=UTF-8'}
-        body = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 ' \
-               'Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">\n' \
+
+        tempurl_qs = tempurl_prefix = ''
+        if env.get('REMOTE_USER') == '.wsgi.tempurl':
+            sig, expires, tempurl_prefix, _filename, inline, ip_range = \
+                get_temp_url_info(env)
+            if tempurl_prefix is None:
+                tempurl_prefix = ''
+            else:
+                parts = [
+                    'temp_url_prefix=%s' % quote(tempurl_prefix),
+                    'temp_url_expires=%s' % quote(str(expires)),
+                    'temp_url_sig=%s' % sig,
+                ]
+                if ip_range:
+                    parts.append('temp_url_ip_range=%s' % quote(ip_range))
+                if inline:
+                    parts.append('inline')
+                tempurl_qs = '?' + '&amp;'.join(parts)
+
+        headers = {'Content-Type': 'text/html; charset=UTF-8',
+                   'X-Backend-Content-Generator': 'staticweb'}
+        body = '<!DOCTYPE html>\n' \
                '<html>\n' \
                ' <head>\n' \
                '  <title>Listing of %s</title>\n' % \
@@ -311,12 +342,12 @@ class _StaticWebContext(WSGIContext):
                 '    <th class="colsize">Size</th>\n' \
                 '    <th class="coldate">Date</th>\n' \
                 '   </tr>\n' % html_escape(label)
-        if prefix:
+        if len(prefix) > len(tempurl_prefix):
             body += '   <tr id="parent" class="item">\n' \
-                    '    <td class="colname"><a href="../">../</a></td>\n' \
+                    '    <td class="colname"><a href="../%s">../</a></td>\n' \
                     '    <td class="colsize">&nbsp;</td>\n' \
                     '    <td class="coldate">&nbsp;</td>\n' \
-                    '   </tr>\n'
+                    '   </tr>\n' % tempurl_qs
         for item in listing:
             if 'subdir' in item:
                 subdir = item['subdir'] if six.PY3 else  \
@@ -328,7 +359,7 @@ class _StaticWebContext(WSGIContext):
                         '    <td class="colsize">&nbsp;</td>\n' \
                         '    <td class="coldate">&nbsp;</td>\n' \
                         '   </tr>\n' % \
-                        (quote(subdir), html_escape(subdir))
+                        (quote(subdir) + tempurl_qs, html_escape(subdir))
         for item in listing:
             if 'name' in item:
                 name = item['name'] if six.PY3 else  \
@@ -349,7 +380,7 @@ class _StaticWebContext(WSGIContext):
                         '   </tr>\n' % \
                         (' '.join('type-' + html_escape(t.lower())
                                   for t in content_type.split('/')),
-                         quote(name), html_escape(name),
+                         quote(name) + tempurl_qs, html_escape(name),
                          bytes, last_modified)
         body += '  </table>\n' \
                 ' </body>\n' \
@@ -542,8 +573,8 @@ class StaticWeb(object):
             return self.app(env, start_response)
         if env['REQUEST_METHOD'] not in ('HEAD', 'GET'):
             return self.app(env, start_response)
-        if env.get('REMOTE_USER') and \
-                not config_true_value(env.get('HTTP_X_WEB_MODE', 'f')):
+        if env.get('REMOTE_USER') and env['REMOTE_USER'] != '.wsgi.tempurl' \
+                and not config_true_value(env.get('HTTP_X_WEB_MODE', 'f')):
             return self.app(env, start_response)
         if not container:
             return self.app(env, start_response)

swift/common/middleware/tempurl.py

@@ -309,13 +309,15 @@ from six.moves.urllib.parse import urlencode
 
 from swift.proxy.controllers.base import get_account_info, get_container_info
 from swift.common.header_key_dict import HeaderKeyDict
+from swift.common.http import is_success
 from swift.common.digest import get_allowed_digests, \
     extract_digest_and_algorithm, DEFAULT_ALLOWED_DIGESTS, get_hmac
 from swift.common.swob import header_to_environ_key, HTTPUnauthorized, \
     HTTPBadRequest, wsgi_to_str
 from swift.common.utils import split_path, get_valid_utf8_str, \
-    streq_const_time, quote, get_logger
+    streq_const_time, quote, get_logger, close_if_possible
 from swift.common.registry import register_swift_info, register_sensitive_param
+from swift.common.wsgi import WSGIContext
 
 
 DISALLOWED_INCOMING_HEADERS = 'x-object-manifest x-symlink-target'
@@ -364,6 +366,55 @@ def get_tempurl_keys_from_metadata(meta):
             if key.lower() in ('temp-url-key', 'temp-url-key-2')]
 
 
+def normalize_temp_url_expires(value):
+    """
+    Returns the normalized expiration value as an int
+
+    If not None, the value is converted to an int if possible or 0
+    if not, and checked for expiration (returns 0 if expired).
+    """
+    if value is None:
+        return value
+    try:
+        temp_url_expires = int(value)
+    except ValueError:
+        try:
+            temp_url_expires = timegm(strptime(
+                value, EXPIRES_ISO8601_FORMAT))
+        except ValueError:
+            temp_url_expires = 0
+    if temp_url_expires < time():
+        temp_url_expires = 0
+    return temp_url_expires
+
+
+def get_temp_url_info(env):
+    """
+    Returns the provided temporary URL parameters (sig, expires, prefix,
+    temp_url_ip_range), if given and syntactically valid.
+    Either sig, expires or prefix could be None if not provided.
+
+    :param env: The WSGI environment for the request.
+    :returns: (sig, expires, prefix, filename, inline,
+        temp_url_ip_range) as described above.
+    """
+    sig = expires = prefix = ip_range = filename = inline = None
+    qs = parse_qs(env.get('QUERY_STRING', ''), keep_blank_values=True)
+    if 'temp_url_ip_range' in qs:
+        ip_range = qs['temp_url_ip_range'][0]
+    if 'temp_url_sig' in qs:
+        sig = qs['temp_url_sig'][0]
+    if 'temp_url_expires' in qs:
+        expires = qs['temp_url_expires'][0]
+    if 'temp_url_prefix' in qs:
+        prefix = qs['temp_url_prefix'][0]
+    if 'filename' in qs:
+        filename = qs['filename'][0]
+    if 'inline' in qs:
+        inline = True
+    return (sig, expires, prefix, filename, inline, ip_range)
+
+
 def disposition_format(disposition_type, filename):
     # Content-Disposition in HTTP is defined in
     # https://tools.ietf.org/html/rfc6266 and references
@@ -495,9 +546,10 @@ class TempURL(object):
         """
         if env['REQUEST_METHOD'] == 'OPTIONS':
             return self.app(env, start_response)
-        info = self._get_temp_url_info(env)
-        temp_url_sig, temp_url_expires, temp_url_prefix, filename, \
+        info = get_temp_url_info(env)
+        temp_url_sig, client_temp_url_expires, temp_url_prefix, filename, \
             inline_disposition, temp_url_ip_range = info
+        temp_url_expires = normalize_temp_url_expires(client_temp_url_expires)
         if temp_url_sig is None and temp_url_expires is None:
             return self.app(env, start_response)
         if not temp_url_sig or not temp_url_expires:
@@ -511,7 +563,10 @@ class TempURL(object):
         if hash_algorithm not in self.allowed_digests:
             return self._invalid(env, start_response)
 
-        account, container, obj = self._get_path_parts(env)
+        account, container, obj = self._get_path_parts(
+            env, allow_container_root=(
+                env['REQUEST_METHOD'] in ('GET', 'HEAD') and
+                temp_url_prefix == ""))
         if not account:
             return self._invalid(env, start_response)
 
@@ -577,116 +632,102 @@ class TempURL(object):
         env['swift.authorize_override'] = True
         env['REMOTE_USER'] = '.wsgi.tempurl'
         qs = {'temp_url_sig': temp_url_sig,
-              'temp_url_expires': temp_url_expires}
+              'temp_url_expires': client_temp_url_expires}
         if temp_url_prefix is not None:
             qs['temp_url_prefix'] = temp_url_prefix
         if filename:
             qs['filename'] = filename
         env['QUERY_STRING'] = urlencode(qs)
 
-        def _start_response(status, headers, exc_info=None):
-            headers = self._clean_outgoing_headers(headers)
-            if env['REQUEST_METHOD'] in ('GET', 'HEAD') and status[0] == '2':
-                # figure out the right value for content-disposition
-                # 1) use the value from the query string
-                # 2) use the value from the object metadata
-                # 3) use the object name (default)
-                out_headers = []
-                existing_disposition = None
-                for h, v in headers:
-                    if h.lower() != 'content-disposition':
-                        out_headers.append((h, v))
-                    else:
-                        existing_disposition = v
-                if inline_disposition:
-                    if filename:
-                        disposition_value = disposition_format('inline',
-                                                               filename)
-                    else:
-                        disposition_value = 'inline'
-                elif filename:
-                    disposition_value = disposition_format('attachment',
+        ctx = WSGIContext(self.app)
+        app_iter = ctx._app_call(env)
+        ctx._response_headers = self._clean_outgoing_headers(
+            ctx._response_headers)
+        if env['REQUEST_METHOD'] in ('GET', 'HEAD') and \
+                is_success(ctx._get_status_int()):
+            # figure out the right value for content-disposition
+            # 1) use the value from the query string
+            # 2) use the value from the object metadata
+            # 3) use the object name (default)
+            out_headers = []
+            existing_disposition = None
+            content_generator = None
+            for h, v in ctx._response_headers:
+                if h.lower() == 'x-backend-content-generator':
+                    content_generator = v
+
+                if h.lower() != 'content-disposition':
+                    out_headers.append((h, v))
+                else:
+                    existing_disposition = v
+            if content_generator == 'staticweb':
+                inline_disposition = True
+            elif obj == "":
+                # Generally, tempurl requires an object. We carved out an
+                # exception to allow GETs at the container root for the sake
+                # of staticweb, but we can't tell whether we'll have a
+                # staticweb response or not until after we call the app
+                close_if_possible(app_iter)
+                return self._invalid(env, start_response)
+
+            if inline_disposition:
+                if filename:
+                    disposition_value = disposition_format('inline',
                                                            filename)
-                elif existing_disposition:
-                    disposition_value = existing_disposition
                 else:
-                    name = basename(wsgi_to_str(env['PATH_INFO']).rstrip('/'))
-                    disposition_value = disposition_format('attachment',
-                                                           name)
-                # this is probably just paranoia, I couldn't actually get a
-                # newline into existing_disposition
-                value = disposition_value.replace('\n', '%0A')
-                out_headers.append(('Content-Disposition', value))
-
-                # include Expires header for better cache-control
-                out_headers.append(('Expires', strftime(
-                    "%a, %d %b %Y %H:%M:%S GMT",
-                    gmtime(temp_url_expires))))
-                headers = out_headers
-            return start_response(status, headers, exc_info)
-
-        return self.app(env, _start_response)
-
-    def _get_path_parts(self, env):
+                    disposition_value = 'inline'
+            elif filename:
+                disposition_value = disposition_format('attachment',
+                                                       filename)
+            elif existing_disposition:
+                disposition_value = existing_disposition
+            else:
+                name = basename(wsgi_to_str(env['PATH_INFO']).rstrip('/'))
+                disposition_value = disposition_format('attachment',
+                                                       name)
+            # this is probably just paranoia, I couldn't actually get a
+            # newline into existing_disposition
+            value = disposition_value.replace('\n', '%0A')
+            out_headers.append(('Content-Disposition', value))
+
+            # include Expires header for better cache-control
+            out_headers.append(('Expires', strftime(
+                "%a, %d %b %Y %H:%M:%S GMT",
+                gmtime(temp_url_expires))))
+            ctx._response_headers = out_headers
+        start_response(
+            ctx._response_status,
+            ctx._response_headers,
+            ctx._response_exc_info)
+        return app_iter
+
+    def _get_path_parts(self, env, allow_container_root=False):
         """
         Return the account, container and object name for the request,
         if it's an object request and one of the configured methods;
         otherwise, None is returned.
 
+        If it's a container request and allow_root_container is true,
+        the object name returned will be the empty string.
+
         :param env: The WSGI environment for the request.
+        :param allow_container_root: Whether requests to the root of a
+            container should be allowed.
         :returns: (Account str, container str, object str) or
             (None, None, None).
         """
         if env['REQUEST_METHOD'] in self.conf['methods']:
             try:
-                ver, acc, cont, obj = split_path(env['PATH_INFO'], 4, 4, True)
+                ver, acc, cont, obj = split_path(
+                    env['PATH_INFO'], 3 if allow_container_root else 4,
+                    4, True)
             except ValueError:
                 return (None, None, None)
-            if ver == 'v1' and obj.strip('/'):
-                return (wsgi_to_str(acc), wsgi_to_str(cont), wsgi_to_str(obj))
+            if ver == 'v1' and (allow_container_root or obj.strip('/')):
+                return (wsgi_to_str(acc), wsgi_to_str(cont),
+                        wsgi_to_str(obj) if obj else '')
         return (None, None, None)
 
-    def _get_temp_url_info(self, env):
-        """
-        Returns the provided temporary URL parameters (sig, expires, prefix,
-        temp_url_ip_range), if given and syntactically valid.
-        Either sig, expires or prefix could be None if not provided.
-        If provided, expires is also converted to an int if possible or 0
-        if not, and checked for expiration (returns 0 if expired).
-
-        :param env: The WSGI environment for the request.
-        :returns: (sig, expires, prefix, filename, inline,
-            temp_url_ip_range) as described above.
-        """
-        temp_url_sig = temp_url_expires = temp_url_prefix = filename =\
-            inline = None
-        temp_url_ip_range = None
-        qs = parse_qs(env.get('QUERY_STRING', ''), keep_blank_values=True)
-        if 'temp_url_ip_range' in qs:
-            temp_url_ip_range = qs['temp_url_ip_range'][0]
-        if 'temp_url_sig' in qs:
-            temp_url_sig = qs['temp_url_sig'][0]
-        if 'temp_url_expires' in qs:
-            try:
-                temp_url_expires = int(qs['temp_url_expires'][0])
-            except ValueError:
-                try:
-                    temp_url_expires = timegm(strptime(
-                        qs['temp_url_expires'][0],
-                        EXPIRES_ISO8601_FORMAT))
-                except ValueError:
-                    temp_url_expires = 0
-            if temp_url_expires < time():
-                temp_url_expires = 0
-        if 'temp_url_prefix' in qs:
-            temp_url_prefix = qs['temp_url_prefix'][0]
-        if 'filename' in qs:
-            filename = qs['filename'][0]
-        if 'inline' in qs:
-            inline = True
-        return (temp_url_sig, temp_url_expires, temp_url_prefix, filename,
-                inline, temp_url_ip_range)
-
     def _get_keys(self, env):
         """
         Returns the X-[Account|Container]-Meta-Temp-URL-Key[-2] header values

swift/common/request_helpers.py

@@ -36,7 +36,8 @@ from swift.common.swob import HTTPBadRequest, \
     HTTPServiceUnavailable, Range, is_chunked, multi_range_iterator, \
     HTTPPreconditionFailed, wsgi_to_bytes, wsgi_unquote, wsgi_to_str
 from swift.common.utils import split_path, validate_device_partition, \
-    close_if_possible, maybe_multipart_byteranges_to_document_iters, \
+    close_if_possible, friendly_close, \
+    maybe_multipart_byteranges_to_document_iters, \
     multipart_byteranges_to_document_iters, parse_content_type, \
     parse_content_range, csv_append, list_from_csv, Spliterator, quote, \
     RESERVED, config_true_value, md5, CloseableChain, select_ip_port
@@ -460,15 +461,17 @@ class SegmentedIterable(object):
     :param app: WSGI application from which segments will come
 
     :param listing_iter: iterable yielding the object segments to fetch,
-        along with the byte subranges to fetch, in the form of a 5-tuple
-        (object-path, object-etag, object-size, first-byte, last-byte).
+        along with the byte sub-ranges to fetch. Each yielded item should be a
+        dict with the following keys: ``path`` or ``raw_data``,
+        ``first-byte``, ``last-byte``, ``hash`` (optional), ``bytes``
+        (optional).
 
-        If object-etag is None, no MD5 verification will be done.
+        If ``hash`` is None, no MD5 verification will be done.
 
-        If object-size is None, no length verification will be done.
+        If ``bytes`` is None, no length verification will be done.
 
-        If first-byte and last-byte are None, then the entire object will be
-        fetched.
+        If ``first-byte`` and ``last-byte`` are None, then the entire object
+        will be fetched.
 
     :param max_get_time: maximum permitted duration of a GET request (seconds)
     :param logger: logger object
@@ -740,7 +743,10 @@ class SegmentedIterable(object):
             for x in mri:
                 yield x
         finally:
-            self.close()
+            # Spliterator and multi_range_iterator can't possibly know we've
+            # consumed the whole of the app_iter, but we want to read/close the
+            # final segment response
+            friendly_close(self.app_iter)
 
     def validate_first_segment(self):
         """
@@ -900,6 +906,24 @@ def update_ignore_range_header(req, name):
     req.headers[hdr] = csv_append(req.headers.get(hdr), name)
 
 
+def resolve_ignore_range_header(req, metadata):
+    """
+    Helper function to remove Range header from request if metadata matching
+    the X-Backend-Ignore-Range-If-Metadata-Present header is found.
+
+    :param req: a swob Request
+    :param metadata: dictionary of object metadata
+    """
+    ignore_range_headers = set(
+        h.strip().lower()
+        for h in req.headers.get(
+            'X-Backend-Ignore-Range-If-Metadata-Present',
+            '').split(','))
+    if ignore_range_headers.intersection(
+            h.lower() for h in metadata):
+        req.headers.pop('Range', None)
+
+
 def is_use_replication_network(headers=None):
     """
     Determine if replication network should be used.

swift/common/storage_policy.py

@@ -160,7 +160,7 @@ class BaseStoragePolicy(object):
                  object_ring=None, aliases='',
                  diskfile_module='egg:swift#replication.fs'):
         # do not allow BaseStoragePolicy class to be instantiated directly
-        if type(self) == BaseStoragePolicy:
+        if type(self) is BaseStoragePolicy:
             raise TypeError("Can't instantiate BaseStoragePolicy directly")
         # policy parameter validation
         try:

swift/common/swob.py

@@ -55,7 +55,7 @@ from six.moves import urllib
 
 from swift.common.header_key_dict import HeaderKeyDict
 from swift.common.utils import UTC, reiterate, split_path, Timestamp, pairs, \
-    close_if_possible, closing_if_possible, config_true_value, drain_and_close
+    close_if_possible, closing_if_possible, config_true_value, friendly_close
 from swift.common.exceptions import InvalidTimestamp
 
 
@@ -1395,12 +1395,15 @@ class Response(object):
             if empty_resp is not None:
                 self.status = empty_resp
                 self.content_length = 0
+                # the existing successful response and it's app_iter have been
+                # determined to not meet the conditions of the reqeust, the
+                # response app_iter should be closed but not drained.
                 close_if_possible(app_iter)
                 return [b'']
 
         if self.request and self.request.method == 'HEAD':
             # We explicitly do NOT want to set self.content_length to 0 here
-            drain_and_close(app_iter)  # be friendly to our app_iter
+            friendly_close(app_iter)  # be friendly to our app_iter
             return [b'']
 
         if self.conditional_response and self.request and \