X-Git-Url: http://git.inspyration.org/?a=blobdiff_plain;f=addons%2Fweb%2Fhttp.py;h=3699b993521f6fa090abcd9a9ebb8733852d1dd4;hb=af68d40f6a52dea93e7b817a6db04ba669e15581;hp=cc3cf7d63b5c82d4c9bc3c203c6f785910efc269;hpb=609602c62cd4e317206d7d2a35d94b12d3f8a812;p=odoo%2Fodoo.git diff --git a/addons/web/http.py b/addons/web/http.py index cc3cf7d..3699b99 100644 --- a/addons/web/http.py +++ b/addons/web/http.py @@ -20,6 +20,7 @@ import traceback import urlparse import uuid import errno +import re import babel.core import simplejson @@ -29,10 +30,16 @@ import werkzeug.exceptions import werkzeug.utils import werkzeug.wrappers import werkzeug.wsgi +import werkzeug.routing as routing +import urllib +import urllib2 import openerp +import openerp.service.security as security +from openerp.tools import config -import session +import inspect +import functools _logger = logging.getLogger(__name__) @@ -54,8 +61,9 @@ class WebRequest(object): .. attribute:: httpsession - a :class:`~collections.Mapping` holding the HTTP session data for the - current http session + .. deprecated:: 8.0 + + Use ``self.session`` instead. .. attribute:: params @@ -70,60 +78,158 @@ class WebRequest(object): .. attribute:: session - :class:`~session.OpenERPSession` instance for the current request + a :class:`OpenERPSession` holding the HTTP session data for the + current http session .. attribute:: context :class:`~collections.Mapping` of context values for the current request - .. attribute:: debug + .. attribute:: db - ``bool``, indicates whether the debug mode is active on the client - """ - def __init__(self, request): - self.httprequest = request - self.httpresponse = None - self.httpsession = request.session + ``str``, the name of the database linked to the current request. Can be ``None`` + if the current request uses the ``none`` authentication. - def init(self, params): - self.params = dict(params) - # OpenERP session setup - self.session_id = self.params.pop("session_id", None) or uuid.uuid4().hex - self.session = self.httpsession.get(self.session_id) - if not self.session: - self.session = session.OpenERPSession() - self.httpsession[self.session_id] = self.session + .. attribute:: uid + ``int``, the id of the user related to the current request. Can be ``None`` + if the current request uses the ``none`` authenticatoin. + """ + def __init__(self, httprequest): + self.httprequest = httprequest + self.httpresponse = None + self.httpsession = httprequest.session + self.session = httprequest.session + self.session_id = httprequest.session.sid + self.disable_db = False + self.uid = None + self.func = None + self.auth_method = None + self._cr_cm = None + self._cr = None + self.func_request_type = None # set db/uid trackers - they're cleaned up at the WSGI # dispatching phase in openerp.service.wsgi_server.application - if self.session._db: - threading.current_thread().dbname = self.session._db - if self.session._uid: - threading.current_thread().uid = self.session._uid - - self.context = self.params.pop('context', {}) - self.debug = self.params.pop('debug', False) is not False - # Determine self.lang - lang = self.params.get('lang', None) - if lang is None: - lang = self.context.get('lang') - if lang is None: - lang = self.httprequest.cookies.get('lang') - if lang is None: - lang = self.httprequest.accept_languages.best - if not lang: - lang = 'en_US' - # tranform 2 letters lang like 'en' into 5 letters like 'en_US' - lang = babel.core.LOCALE_ALIASES.get(lang, lang) - # we use _ as seprator where RFC2616 uses '-' - self.lang = lang.replace('-', '_') - - @contextlib.contextmanager - def registry_cr(self): - dbname = self.session._db or openerp.addons.web.controllers.main.db_monodb(self) - registry = openerp.modules.registry.RegistryManager.get(dbname.lower()) - with registry.cursor() as cr: - yield (registry, cr) + if self.db: + threading.current_thread().dbname = self.db + if self.session.uid: + threading.current_thread().uid = self.session.uid + self.context = dict(self.session.context) + self.lang = self.context["lang"] + + def _authenticate(self): + if self.session.uid: + try: + self.session.check_security() + except SessionExpiredException, e: + self.session.logout() + raise SessionExpiredException("Session expired for request %s" % self.httprequest) + auth_methods[self.auth_method]() + @property + def registry(self): + """ + The registry to the database linked to this request. Can be ``None`` if the current request uses the + ``none'' authentication. + """ + return openerp.modules.registry.RegistryManager.get(self.db) if self.db else None + + @property + def db(self): + """ + The registry to the database linked to this request. Can be ``None`` if the current request uses the + ``none'' authentication. + """ + return self.session.db if not self.disable_db else None + + @property + def cr(self): + """ + The cursor initialized for the current method call. If the current request uses the ``none`` authentication + trying to access this property will raise an exception. + """ + # some magic to lazy create the cr + if not self._cr_cm: + self._cr_cm = self.registry.cursor() + self._cr = self._cr_cm.__enter__() + return self._cr + + def _call_function(self, *args, **kwargs): + self._authenticate() + try: + # ugly syntax only to get the __exit__ arguments to pass to self._cr + request = self + class with_obj(object): + def __enter__(self): + pass + def __exit__(self, *args): + if request._cr_cm: + request._cr_cm.__exit__(*args) + request._cr_cm = None + request._cr = None + + with with_obj(): + if self.func_request_type != self._request_type: + raise Exception("%s, %s: Function declared as capable of handling request of type '%s' but called with a request of type '%s'" \ + % (self.func, self.httprequest.path, self.func_request_type, self._request_type)) + return self.func(*args, **kwargs) + finally: + # just to be sure no one tries to re-use the request + self.disable_db = True + self.uid = None + + @property + def debug(self): + return 'debug' in self.httprequest.args + + +def auth_method_user(): + request.uid = request.session.uid + +def auth_method_admin(): + if not request.db: + raise SessionExpiredException("No valid database for request %s" % request.httprequest) + request.uid = openerp.SUPERUSER_ID + +def auth_method_none(): + request.disable_db = True + request.uid = None + +auth_methods = { + "user": auth_method_user, + "admin": auth_method_admin, + "none": auth_method_none, +} + +def route(route, type="http", auth="user"): + """ + Decorator marking the decorated method as being a handler for requests. The method must be part of a subclass + of ``Controller``. + + :param route: string or array. The route part that will determine which http requests will match the decorated + method. Can be a single string or an array of strings. See werkzeug's routing documentation for the format of + route expression ( http://werkzeug.pocoo.org/docs/routing/ ). + :param type: The type of request, can be ``'http'`` or ``'json'``. + :param auth: The type of authentication method, can on of the following: + + * ``user``: The user must be authenticated and the current request will perform using the rights of the + user. + * ``admin``: The user may not be authenticated and the current request will perform using the admin user. + * ``none``: The method is always active, even if there is no database. Mainly used by the framework and + authentication modules. There request code will not have any facilities to access the database nor have any + configuration indicating the current database nor the current user. + """ + assert type in ["http", "json"] + assert auth in auth_methods.keys() + def decorator(f): + if isinstance(route, list): + f.routes = route + else: + f.routes = [route] + f.exposed = type + if getattr(f, "auth", None) is None: + f.auth = auth + return f + return decorator def reject_nonliteral(dct): if '__ref' in dct: @@ -138,8 +244,7 @@ class JsonRequest(WebRequest): --> {"jsonrpc": "2.0", "method": "call", - "params": {"session_id": "SID", - "context": {}, + "params": {"context": {}, "arg1": "val1" }, "id": null} @@ -151,8 +256,7 @@ class JsonRequest(WebRequest): --> {"jsonrpc": "2.0", "method": "call", - "params": {"session_id": "SID", - "context": {}, + "params": {"context": {}, "arg1": "val1" }, "id": null} @@ -164,51 +268,57 @@ class JsonRequest(WebRequest): "id": null} """ - def dispatch(self, method): - """ Calls the method asked for by the JSON-RPC2 or JSONP request + _request_type = "json" - :param method: the method which received the request + def __init__(self, *args): + super(JsonRequest, self).__init__(*args) + + self.jsonp_handler = None - :returns: an utf8 encoded JSON-RPC2 or JSONP reply - """ args = self.httprequest.args jsonp = args.get('jsonp') - requestf = None + self.jsonp = jsonp request = None request_id = args.get('id') - + if jsonp and self.httprequest.method == 'POST': # jsonp 2 steps step1 POST: save call - self.init(args) - self.session.jsonp_requests[request_id] = self.httprequest.form['r'] - headers=[('Content-Type', 'text/plain; charset=utf-8')] - r = werkzeug.wrappers.Response(request_id, headers=headers) - return r + def handler(): + self.session.jsonp_requests[request_id] = self.httprequest.form['r'] + self.session.modified = True + headers=[('Content-Type', 'text/plain; charset=utf-8')] + r = werkzeug.wrappers.Response(request_id, headers=headers) + return r + self.jsonp_handler = handler + return elif jsonp and args.get('r'): # jsonp method GET request = args.get('r') elif jsonp and request_id: # jsonp 2 steps step2 GET: run and return result - self.init(args) request = self.session.jsonp_requests.pop(request_id, "") else: # regular jsonrpc2 - requestf = self.httprequest.stream + request = self.httprequest.stream.read() + + # Read POST content or POST Form Data named "request" + self.jsonrequest = simplejson.loads(request, object_hook=reject_nonliteral) + self.params = dict(self.jsonrequest.get("params", {})) + self.context = self.params.pop('context', self.session.context) + def dispatch(self): + """ Calls the method asked for by the JSON-RPC2 or JSONP request + """ + if self.jsonp_handler: + return self.jsonp_handler() response = {"jsonrpc": "2.0" } error = None + try: - # Read POST content or POST Form Data named "request" - if requestf: - self.jsonrequest = simplejson.load(requestf, object_hook=reject_nonliteral) - else: - self.jsonrequest = simplejson.loads(request, object_hook=reject_nonliteral) - self.init(self.jsonrequest.get("params", {})) - if _logger.isEnabledFor(logging.DEBUG): - _logger.debug("--> %s.%s\n%s", method.im_class.__name__, method.__name__, pprint.pformat(self.jsonrequest)) response['id'] = self.jsonrequest.get('id') - response["result"] = method(self, **self.params) - except session.AuthenticationError, e: + response["result"] = self._call_function(**self.params) + except AuthenticationError, e: + _logger.exception("Exception during JSON request handling.") se = serialize_exception(e) error = { 'code': 100, @@ -216,6 +326,7 @@ class JsonRequest(WebRequest): 'data': se } except Exception, e: + _logger.exception("Exception during JSON request handling.") se = serialize_exception(e) error = { 'code': 200, @@ -225,16 +336,13 @@ class JsonRequest(WebRequest): if error: response["error"] = error - if _logger.isEnabledFor(logging.DEBUG): - _logger.debug("<--\n%s", pprint.pformat(response)) - - if jsonp: + if self.jsonp: # If we use jsonp, that's mean we are called from another host # Some browser (IE and Safari) do no allow third party cookies # We need then to manage http sessions manually. - response['httpsessionid'] = self.httpsession.sid + response['session_id'] = self.session_id mime = 'application/javascript' - body = "%s(%s);" % (jsonp, simplejson.dumps(response),) + body = "%s(%s);" % (self.jsonp, simplejson.dumps(response),) else: mime = 'application/json' body = simplejson.dumps(response) @@ -273,35 +381,44 @@ def to_jsonable(o): return u"%s" % o def jsonrequest(f): - """ Decorator marking the decorated method as being a handler for a - JSON-RPC request (the exact request path is specified via the - ``$(Controller._cp_path)/$methodname`` combination. - - If the method is called, it will be provided with a :class:`JsonRequest` - instance and all ``params`` sent during the JSON-RPC request, apart from - the ``session_id``, ``context`` and ``debug`` keys (which are stripped out - beforehand) + """ + .. deprecated:: 8.0 + + Use the ``route()`` decorator instead. """ - f.exposed = 'json' - return f + f.combine = True + base = f.__name__.lstrip('/') + if f.__name__ == "index": + base = "" + return route([base, base + "/"], type="json", auth="none")(f) class HttpRequest(WebRequest): """ Regular GET/POST request """ - def dispatch(self, method): + _request_type = "http" + + def __init__(self, *args): + super(HttpRequest, self).__init__(*args) params = dict(self.httprequest.args) params.update(self.httprequest.form) params.update(self.httprequest.files) - self.init(params) + ex = set(["session_id"]) + for k in params.keys(): + if k in ex: + del params[k] + self.params = params + + def dispatch(self): akw = {} for key, value in self.httprequest.args.iteritems(): if isinstance(value, basestring) and len(value) < 1024: akw[key] = value else: akw[key] = type(value) - _logger.debug("%s --> %s.%s %r", self.httprequest.method, method.im_class.__name__, method.__name__, akw) try: - r = method(self, **self.params) + r = self._call_function(**self.params) + except werkzeug.exceptions.HTTPException, e: + r = e except Exception, e: _logger.exception("An exception occured during an http request") se = serialize_exception(e) @@ -311,11 +428,9 @@ class HttpRequest(WebRequest): 'data': se } r = werkzeug.exceptions.InternalServerError(cgi.escape(simplejson.dumps(error))) - if self.debug or 1: - if isinstance(r, (werkzeug.wrappers.BaseResponse, werkzeug.exceptions.HTTPException)): - _logger.debug('<-- %s', r) - else: - _logger.debug("<-- size: %s", len(r)) + else: + if not r: + r = werkzeug.wrappers.Response(status=204) # no content return r def make_response(self, data, headers=None, cookies=None): @@ -344,111 +459,336 @@ class HttpRequest(WebRequest): return werkzeug.exceptions.NotFound(description) def httprequest(f): - """ Decorator marking the decorated method as being a handler for a - normal HTTP request (the exact request path is specified via the - ``$(Controller._cp_path)/$methodname`` combination. - - If the method is called, it will be provided with a :class:`HttpRequest` - instance and all ``params`` sent during the request (``GET`` and ``POST`` - merged in the same dictionary), apart from the ``session_id``, ``context`` - and ``debug`` keys (which are stripped out beforehand) + """ + .. deprecated:: 8.0 + + Use the ``route()`` decorator instead. """ - f.exposed = 'http' - return f + f.combine = True + base = f.__name__.lstrip('/') + if f.__name__ == "index": + base = "" + return route([base, base + "/"], type="http", auth="none")(f) + +#---------------------------------------------------------- +# Local storage of requests +#---------------------------------------------------------- +from werkzeug.local import LocalStack + +_request_stack = LocalStack() + +def set_request(request): + class with_obj(object): + def __enter__(self): + _request_stack.push(request) + def __exit__(self, *args): + _request_stack.pop() + return with_obj() + +""" + A global proxy that always redirect to the current request object. +""" +request = _request_stack() #---------------------------------------------------------- # Controller registration with a metaclass #---------------------------------------------------------- addons_module = {} addons_manifest = {} -controllers_class = [] -controllers_class_path = {} -controllers_object = {} -controllers_object_path = {} -controllers_path = {} +controllers_per_module = {} class ControllerType(type): def __init__(cls, name, bases, attrs): super(ControllerType, cls).__init__(name, bases, attrs) + + # flag old-style methods with req as first argument + for k, v in attrs.items(): + if inspect.isfunction(v): + spec = inspect.getargspec(v) + first_arg = spec.args[1] if len(spec.args) >= 2 else None + if first_arg in ["req", "request"]: + v._first_arg_is_req = True + + # store the controller in the controllers list name_class = ("%s.%s" % (cls.__module__, cls.__name__), cls) - controllers_class.append(name_class) - path = attrs.get('_cp_path') - if path not in controllers_class_path: - controllers_class_path[path] = name_class + class_path = name_class[0].split(".") + if not class_path[:2] == ["openerp", "addons"]: + return + # we want to know all modules that have controllers + module = class_path[2] + # but we only store controllers directly inheriting from Controller + if not "Controller" in globals() or not Controller in bases: + return + controllers_per_module.setdefault(module, []).append(name_class) class Controller(object): __metaclass__ = ControllerType - def __new__(cls, *args, **kwargs): - subclasses = [c for c in cls.__subclasses__() if c._cp_path == cls._cp_path] - if subclasses: - name = "%s (extended by %s)" % (cls.__name__, ', '.join(sub.__name__ for sub in subclasses)) - cls = type(name, tuple(reversed(subclasses)), {}) +############################# +# OpenERP Sessions # +############################# - return object.__new__(cls) +class AuthenticationError(Exception): + pass -#---------------------------------------------------------- -# Session context manager -#---------------------------------------------------------- -@contextlib.contextmanager -def session_context(request, session_store, session_lock, sid): - with session_lock: - if sid: - request.session = session_store.get(sid) +class SessionExpiredException(Exception): + pass + +class Service(object): + """ + .. deprecated:: 8.0 + Use ``openerp.netsvc.dispatch_rpc()`` instead. + """ + def __init__(self, session, service_name): + self.session = session + self.service_name = service_name + + def __getattr__(self, method): + def proxy_method(*args): + result = openerp.netsvc.dispatch_rpc(self.service_name, method, args) + return result + return proxy_method + +class Model(object): + """ + .. deprecated:: 8.0 + Use the resistry and cursor in ``openerp.addons.web.http.request`` instead. + """ + def __init__(self, session, model): + self.session = session + self.model = model + self.proxy = self.session.proxy('object') + + def __getattr__(self, method): + self.session.assert_valid() + def proxy(*args, **kw): + # Can't provide any retro-compatibility for this case, so we check it and raise an Exception + # to tell the programmer to adapt his code + if not request.db or not request.uid or self.session.db != request.db \ + or self.session.uid != request.uid: + raise Exception("Trying to use Model with badly configured database or user.") + + mod = request.registry.get(self.model) + if method.startswith('_'): + raise Exception("Access denied") + meth = getattr(mod, method) + cr = request.cr + result = meth(cr, request.uid, *args, **kw) + # reorder read + if method == "read": + if isinstance(result, list) and len(result) > 0 and "id" in result[0]: + index = {} + for r in result: + index[r['id']] = r + result = [index[x] for x in args[0] if x in index] + return result + return proxy + +class OpenERPSession(werkzeug.contrib.sessions.Session): + def __init__(self, *args, **kwargs): + self.inited = False + self.modified = False + super(OpenERPSession, self).__init__(*args, **kwargs) + self.inited = True + self._default_values() + self.modified = False + + def __getattr__(self, attr): + return self.get(attr, None) + def __setattr__(self, k, v): + if getattr(self, "inited", False): + try: + object.__getattribute__(self, k) + except: + return self.__setitem__(k, v) + object.__setattr__(self, k, v) + + def authenticate(self, db, login=None, password=None, uid=None): + """ + Authenticate the current user with the given db, login and password. If successful, store + the authentication parameters in the current session and request. + + :param uid: If not None, that user id will be used instead the login to authenticate the user. + """ + + if uid is None: + wsgienv = request.httprequest.environ + env = dict( + base_location=request.httprequest.url_root.rstrip('/'), + HTTP_HOST=wsgienv['HTTP_HOST'], + REMOTE_ADDR=wsgienv['REMOTE_ADDR'], + ) + uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, login, password, env]) else: - request.session = session_store.new() - try: - yield request.session - finally: - # Remove all OpenERPSession instances with no uid, they're generated - # either by login process or by HTTP requests without an OpenERP - # session id, and are generally noise - removed_sessions = set() - for key, value in request.session.items(): - if not isinstance(value, session.OpenERPSession): - continue - if getattr(value, '_suicide', False) or ( - not value._uid - and not value.jsonp_requests - # FIXME do not use a fixed value - and value._creation_time + (60*5) < time.time()): - _logger.debug('remove session %s', key) - removed_sessions.add(key) - del request.session[key] - - with session_lock: - if sid: - # Re-load sessions from storage and merge non-literal - # contexts and domains (they're indexed by hash of the - # content so conflicts should auto-resolve), otherwise if - # two requests alter those concurrently the last to finish - # will overwrite the previous one, leading to loss of data - # (a non-literal is lost even though it was sent to the - # client and client errors) - # - # note that domains_store and contexts_store are append-only (we - # only ever add items to them), so we can just update one with the - # other to get the right result, if we want to merge the - # ``context`` dict we'll need something smarter - in_store = session_store.get(sid) - for k, v in request.session.iteritems(): - stored = in_store.get(k) - if stored and isinstance(v, session.OpenERPSession): - if hasattr(v, 'contexts_store'): - del v.contexts_store - if hasattr(v, 'domains_store'): - del v.domains_store - if not hasattr(v, 'jsonp_requests'): - v.jsonp_requests = {} - v.jsonp_requests.update(getattr( - stored, 'jsonp_requests', {})) - - # add missing keys - for k, v in in_store.iteritems(): - if k not in request.session and k not in removed_sessions: - request.session[k] = v - - session_store.save(request.session) + security.check(db, uid, password) + self.db = db + self.uid = uid + self.login = login + self.password = password + request.uid = uid + request.disable_db = False + + if uid: self.get_context() + return uid + + def check_security(self): + """ + Chech the current authentication parameters to know if those are still valid. This method + should be called at each request. If the authentication fails, a ``SessionExpiredException`` + is raised. + """ + if not self.db or not self.uid: + raise SessionExpiredException("Session expired") + security.check(self.db, self.uid, self.password) + + def logout(self): + for k in self.keys(): + del self[k] + self._default_values() + + def _default_values(self): + self.setdefault("db", None) + self.setdefault("uid", None) + self.setdefault("login", None) + self.setdefault("password", None) + self.setdefault("context", {'tz': "UTC", "uid": None}) + self.setdefault("jsonp_requests", {}) + + def get_context(self): + """ + Re-initializes the current user's session context (based on + his preferences) by calling res.users.get_context() with the old + context. + + :returns: the new context + """ + assert self.uid, "The user needs to be logged-in to initialize his context" + self.context = request.registry.get('res.users').context_get(request.cr, request.uid) or {} + self.context['uid'] = self.uid + self._fix_lang(self.context) + return self.context + + def _fix_lang(self, context): + """ OpenERP provides languages which may not make sense and/or may not + be understood by the web client's libraries. + + Fix those here. + + :param dict context: context to fix + """ + lang = context['lang'] + + # inane OpenERP locale + if lang == 'ar_AR': + lang = 'ar' + + # lang to lang_REGION (datejs only handles lang_REGION, no bare langs) + if lang in babel.core.LOCALE_ALIASES: + lang = babel.core.LOCALE_ALIASES[lang] + + context['lang'] = lang or 'en_US' + + """ + Damn properties for retro-compatibility. All of that is deprecated, all + of that. + """ + @property + def _db(self): + return self.db + @_db.setter + def _db(self, value): + self.db = value + @property + def _uid(self): + return self.uid + @_uid.setter + def _uid(self, value): + self.uid = value + @property + def _login(self): + return self.login + @_login.setter + def _login(self, value): + self.login = value + @property + def _password(self): + return self.password + @_password.setter + def _password(self, value): + self.password = value + + def send(self, service_name, method, *args): + """ + .. deprecated:: 8.0 + Use ``openerp.netsvc.dispatch_rpc()`` instead. + """ + return openerp.netsvc.dispatch_rpc(service_name, method, args) + + def proxy(self, service): + """ + .. deprecated:: 8.0 + Use ``openerp.netsvc.dispatch_rpc()`` instead. + """ + return Service(self, service) + + def assert_valid(self, force=False): + """ + .. deprecated:: 8.0 + Use ``check_security()`` instead. + + Ensures this session is valid (logged into the openerp server) + """ + if self.uid and not force: + return + # TODO use authenticate instead of login + self.uid = self.proxy("common").login(self.db, self.login, self.password) + if not self.uid: + raise AuthenticationError("Authentication failure") + + def ensure_valid(self): + """ + .. deprecated:: 8.0 + Use ``check_security()`` instead. + """ + if self.uid: + try: + self.assert_valid(True) + except Exception: + self.uid = None + + def execute(self, model, func, *l, **d): + """ + .. deprecated:: 8.0 + Use the resistry and cursor in ``openerp.addons.web.http.request`` instead. + """ + model = self.model(model) + r = getattr(model, func)(*l, **d) + return r + + def exec_workflow(self, model, id, signal): + """ + .. deprecated:: 8.0 + Use the resistry and cursor in ``openerp.addons.web.http.request`` instead. + """ + self.assert_valid() + r = self.proxy('object').exec_workflow(self.db, self.uid, self.password, model, signal, id) + return r + + def model(self, model): + """ + .. deprecated:: 8.0 + Use the resistry and cursor in ``openerp.addons.web.http.request`` instead. + + Get an RPC proxy for the object ``model``, bound to this session. + + :param model: an OpenERP model name + :type model: str + :rtype: a model object + """ + if not self.db: + raise SessionExpiredException("Session expired") + + return Model(self, model) def session_gc(session_store): if random.random() < 0.001: @@ -494,9 +834,13 @@ class DisableCacheMiddleware(object): def session_path(): try: - username = getpass.getuser() - except Exception: - username = "unknown" + import pwd + username = pwd.getpwuid(os.geteuid()).pw_name + except ImportError: + try: + username = getpass.getuser() + except Exception: + username = "unknown" path = os.path.join(tempfile.gettempdir(), "oe-sessions-" + username) try: os.mkdir(path, 0700) @@ -516,14 +860,17 @@ class Root(object): self.addons = {} self.statics = {} + self.db_routers = {} + self.db_routers_lock = threading.Lock() + self.load_addons() # Setup http sessions path = session_path() - self.session_store = werkzeug.contrib.sessions.FilesystemSessionStore(path) - self.session_lock = threading.Lock() + self.session_store = werkzeug.contrib.sessions.FilesystemSessionStore(path, session_class=OpenERPSession) _logger.debug('HTTP sessions stored in: %s', path) + def __call__(self, environ, start_response): """ Handle a WSGI request """ @@ -531,39 +878,79 @@ class Root(object): def dispatch(self, environ, start_response): """ - Performs the actual WSGI dispatching for the application, may be - wrapped during the initialization of the object. - - Call the object directly. + Performs the actual WSGI dispatching for the application. """ - request = werkzeug.wrappers.Request(environ) - request.parameter_storage_class = werkzeug.datastructures.ImmutableDict - request.app = self + try: + httprequest = werkzeug.wrappers.Request(environ) + httprequest.parameter_storage_class = werkzeug.datastructures.ImmutableDict + httprequest.app = self - handler = self.find_handler(*(request.path.split('/')[1:])) + session_gc(self.session_store) - if not handler: - response = werkzeug.exceptions.NotFound() - else: - sid = request.cookies.get('sid') + sid = httprequest.args.get('session_id') + explicit_session = True if not sid: - sid = request.args.get('sid') + sid = httprequest.headers.get("X-Openerp-Session-Id") + if not sid: + sid = httprequest.cookies.get('session_id') + explicit_session = False + if sid is None: + httprequest.session = self.session_store.new() + else: + httprequest.session = self.session_store.get(sid) - session_gc(self.session_store) + self._find_db(httprequest) + + if not "lang" in httprequest.session.context: + lang = httprequest.accept_languages.best or "en_US" + lang = babel.core.LOCALE_ALIASES.get(lang, lang).replace('-', '_') + httprequest.session.context["lang"] = lang + + request = self._build_request(httprequest) + db = request.db + + if db: + updated = openerp.modules.registry.RegistryManager.check_registry_signaling(db) + if updated: + with self.db_routers_lock: + del self.db_routers[db] + + with set_request(request): + self.find_handler() + result = request.dispatch() + + if db: + openerp.modules.registry.RegistryManager.signal_caches_change(db) + + if isinstance(result, basestring): + headers=[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', len(result))] + response = werkzeug.wrappers.Response(result, headers=headers) + else: + response = result - with session_context(request, self.session_store, self.session_lock, sid) as session: - result = handler(request) + if httprequest.session.should_save: + self.session_store.save(httprequest.session) + if not explicit_session and hasattr(response, 'set_cookie'): + response.set_cookie('session_id', httprequest.session.sid, max_age=90 * 24 * 60 * 60) - if isinstance(result, basestring): - headers=[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', len(result))] - response = werkzeug.wrappers.Response(result, headers=headers) - else: - response = result + return response(environ, start_response) + except werkzeug.exceptions.HTTPException, e: + return e(environ, start_response) - if hasattr(response, 'set_cookie'): - response.set_cookie('sid', session.sid) + def _find_db(self, httprequest): + db = db_monodb(httprequest) + if db != httprequest.session.db: + httprequest.session.logout() + httprequest.session.db = db - return response(environ, start_response) + def _build_request(self, httprequest): + if httprequest.args.get('jsonp'): + return JsonRequest(httprequest) + + if httprequest.mimetype == "application/json": + return JsonRequest(httprequest) + else: + return HttpRequest(httprequest) def load_addons(self): """ Load all addons from addons patch containg static files and @@ -586,50 +973,137 @@ class Root(object): addons_manifest[module] = manifest self.statics['/%s/static' % module] = path_static - for k, v in controllers_class_path.items(): - if k not in controllers_object_path and hasattr(v[1], '_cp_path'): - o = v[1]() - controllers_object[v[0]] = o - controllers_object_path[k] = o - if hasattr(o, '_cp_path'): - controllers_path[o._cp_path] = o - app = werkzeug.wsgi.SharedDataMiddleware(self.dispatch, self.statics) self.dispatch = DisableCacheMiddleware(app) - def find_handler(self, *l): - """ - Tries to discover the controller handling the request for the path - specified by the provided parameters - - :param l: path sections to a controller or controller method - :returns: a callable matching the path sections, or ``None`` - :rtype: ``Controller | None`` - """ - if l: - ps = '/' + '/'.join(filter(None, l)) - method_name = 'index' - while ps: - c = controllers_path.get(ps) - if c: - method = getattr(c, method_name, None) - if method: - exposed = getattr(method, 'exposed', False) - if exposed == 'json': - _logger.debug("Dispatch json to %s %s %s", ps, c, method_name) - return lambda request: JsonRequest(request).dispatch(method) - elif exposed == 'http': - _logger.debug("Dispatch http to %s %s %s", ps, c, method_name) - return lambda request: HttpRequest(request).dispatch(method) - if method_name != "index": - method_name = "index" - continue - ps, _slash, method_name = ps.rpartition('/') - if not ps and method_name: - ps = '/' - return None + def _build_router(self, db): + _logger.info("Generating routing configuration for database %s" % db) + routing_map = routing.Map() + + def gen(modules, nodb_only): + for module in modules: + for v in controllers_per_module[module]: + cls = v[1] + + subclasses = cls.__subclasses__() + subclasses = [c for c in subclasses if c.__module__.startswith('openerp.addons.') and + c.__module__.split(".")[2] in modules] + if subclasses: + name = "%s (extended by %s)" % (cls.__name__, ', '.join(sub.__name__ for sub in subclasses)) + cls = type(name, tuple(reversed(subclasses)), {}) + + o = cls() + members = inspect.getmembers(o) + for mk, mv in members: + if inspect.ismethod(mv) and getattr(mv, 'exposed', False) and \ + nodb_only == (getattr(mv, "auth", "none") == "none"): + for url in mv.routes: + if getattr(mv, "combine", False): + url = o._cp_path.rstrip('/') + '/' + url.lstrip('/') + if url.endswith("/") and len(url) > 1: + url = url[: -1] + routing_map.add(routing.Rule(url, endpoint=mv)) + + modules_set = set(controllers_per_module.keys()) - set(['web']) + # building all none methods + gen(["web"] + sorted(modules_set), True) + if not db: + return routing_map + + registry = openerp.modules.registry.RegistryManager.get(db) + with registry.cursor() as cr: + m = registry.get('ir.module.module') + ids = m.search(cr, openerp.SUPERUSER_ID, [('state', '=', 'installed'), ('name', '!=', 'web')]) + installed = set([x['name'] for x in m.read(cr, 1, ids, ['name'])]) + modules_set = modules_set.intersection(set(installed)) + modules = ["web"] + sorted(modules_set) + # building all other methods + gen(modules, False) + + return routing_map + + def get_db_router(self, db): + with self.db_routers_lock: + router = self.db_routers.get(db) + if not router: + router = self._build_router(db) + with self.db_routers_lock: + self.db_routers[db] = router + return router + + def find_handler(self): + """ + Tries to discover the controller handling the request for the path specified in the request. + """ + path = request.httprequest.path + urls = self.get_db_router(request.db).bind("") + func, arguments = urls.match(path) + arguments = dict([(k, v) for k, v in arguments.items() if not k.startswith("_ignored_")]) + + def nfunc(*args, **kwargs): + kwargs.update(arguments) + if getattr(func, '_first_arg_is_req', False): + args = (request,) + args + return func(*args, **kwargs) + + request.func = nfunc + request.auth_method = getattr(func, "auth", "user") + request.func_request_type = func.exposed + +root = None + +def db_list(force=False, httprequest=None): + httprequest = httprequest or request.httprequest + dbs = openerp.netsvc.dispatch_rpc("db", "list", [force]) + h = httprequest.environ['HTTP_HOST'].split(':')[0] + d = h.split('.')[0] + r = openerp.tools.config['dbfilter'].replace('%h', h).replace('%d', d) + dbs = [i for i in dbs if re.match(r, i)] + return dbs + +def db_monodb(httprequest=None): + """ + Magic function to find the current database. + + Implementation details: + + * Magic + * More magic + + Returns ``None`` if the magic is not magic enough. + """ + httprequest = httprequest or request.httprequest + db = None + redirect = None + + dbs = db_list(True, httprequest) + + # try the db already in the session + db_session = httprequest.session.db + if db_session in dbs: + return db_session + + # if dbfilters was specified when launching the server and there is + # only one possible db, we take that one + if openerp.tools.config['dbfilter'] != ".*" and len(dbs) == 1: + return dbs[0] + return None + +class CommonController(Controller): + + @route('/jsonrpc', type='json', auth="none") + def jsonrpc(self, service, method, args): + """ Method used by client APIs to contact OpenERP. """ + return openerp.netsvc.dispatch_rpc(service, method, args) + + @route('/gen_session_id', type='json', auth="none") + def gen_session_id(self): + nsession = root.session_store.new() + return nsession.sid def wsgi_postload(): - openerp.wsgi.register_wsgi_handler(Root()) + global root + root = Root() + openerp.wsgi.register_wsgi_handler(root) # vim:et:ts=4:sw=4: