← Back to branch summary

~citrix-openstack/nova/xenapi 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

#!/usr/bin/env python
# pylint: disable-msg=C0103
# vim: tabstop=4 shiftwidth=4 softtabstop=4

# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License");
#    you may not use this file except in compliance with the License.
#    You may obtain a copy of the License at
#
#        http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS,
#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#    See the License for the specific language governing permissions and
#    limitations under the License.

"""Ajax Console Proxy Server"""

from eventlet import greenthread
from eventlet.green import urllib2

import exceptions
import gettext
import os
import sys
import time
import urlparse

# If ../nova/__init__.py exists, add ../ to Python search path, so that
# it will override what happens to be installed in /usr/(local/)lib/python...
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
                                   os.pardir,
                                   os.pardir))
if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')):
    sys.path.insert(0, possible_topdir)

gettext.install('nova', unicode=1)

from nova import flags
from nova import log as logging
from nova import rpc
from nova import utils
from nova import wsgi

FLAGS = flags.FLAGS
flags.DEFINE_integer('ajax_console_idle_timeout', 300,
                     'Seconds before idle connection destroyed')
flags.DEFINE_flag(flags.HelpFlag())
flags.DEFINE_flag(flags.HelpshortFlag())
flags.DEFINE_flag(flags.HelpXMLFlag())

LOG = logging.getLogger('nova.ajax_console_proxy')
LOG.setLevel(logging.DEBUG)
LOG.addHandler(logging.StreamHandler())


class AjaxConsoleProxy(object):
    tokens = {}

    def __call__(self, env, start_response):
        try:
            if 'QUERY_STRING' in env:
                req_url = '%s://%s%s?%s' % (env['wsgi.url_scheme'],
                                            env['HTTP_HOST'],
                                            env['PATH_INFO'],
                                            env['QUERY_STRING'])
            else:
                req_url = '%s://%s%s' % (env['wsgi.url_scheme'],
                                         env['HTTP_HOST'],
                                         env['PATH_INFO'])

            if 'HTTP_REFERER' in env:
                auth_url = env['HTTP_REFERER']
            else:
                auth_url = req_url

            auth_params = urlparse.parse_qs(urlparse.urlparse(auth_url).query)
            parsed_url = urlparse.urlparse(req_url)

            auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]]
            args = auth_info['args']
            auth_info['last_activity'] = time.time()

            remote_url = ("http://%s:%s%s?token=%s" % (
                          str(args['host']),
                          str(args['port']),
                          parsed_url.path,
                          str(args['token'])))

            opener = urllib2.urlopen(remote_url, env['wsgi.input'].read())
            body = opener.read()
            info = opener.info()

            start_response("200 OK", info.dict.items())
            return body
        except (exceptions.KeyError):
            if env['PATH_INFO'] != '/favicon.ico':
                LOG.audit("Unauthorized request %s, %s"
                          % (req_url, str(env)))
            start_response("401 NOT AUTHORIZED", [])
            return "Not Authorized"
        except Exception:
            start_response("500 ERROR", [])
            return "Server Error"

    def register_listeners(self):
        class Callback:
            def __call__(self, data, message):
                if data['method'] == 'authorize_ajax_console':
                    AjaxConsoleProxy.tokens[data['args']['token']] =  \
                        {'args': data['args'], 'last_activity': time.time()}

        conn = rpc.Connection.instance(new=True)
        consumer = rpc.TopicConsumer(
                        connection=conn,
                        topic=FLAGS.ajax_console_proxy_topic)
        consumer.register_callback(Callback())

        def delete_expired_tokens():
            now = time.time()
            to_delete = []
            for k, v in AjaxConsoleProxy.tokens.items():
                if now - v['last_activity'] > FLAGS.ajax_console_idle_timeout:
                    to_delete.append(k)

            for k in to_delete:
                del AjaxConsoleProxy.tokens[k]

        utils.LoopingCall(consumer.fetch, auto_ack=True,
                          enable_callbacks=True).start(0.1)
        utils.LoopingCall(delete_expired_tokens).start(1)

if __name__ == '__main__':
    utils.default_flagfile()
    FLAGS(sys.argv)
    logging.setup()
    server = wsgi.Server()
    acp = AjaxConsoleProxy()
    acp.register_listeners()
    server.start(acp, FLAGS.ajax_console_proxy_port, host='0.0.0.0')
    server.wait()