1 # -*- coding: utf-8 -*-
10 import werkzeug.routing
14 from openerp.addons.base import ir
15 from openerp.addons.base.ir import ir_qweb
16 from openerp.addons.website.models.website import slug, url_for, _UNSLUG_RE
17 from openerp.http import request
18 from openerp.tools import config
19 from openerp.osv import orm
21 logger = logging.getLogger(__name__)
23 class RequestUID(object):
24 def __init__(self, **kw):
25 self.__dict__.update(kw)
27 class ir_http(orm.AbstractModel):
31 geo_ip_resolver = None
33 def _get_converters(self):
35 super(ir_http, self)._get_converters(),
40 def _auth_method_public(self):
41 # TODO: select user_id from matching website
42 if not request.session.uid:
43 request.uid = self.pool['ir.model.data'].xmlid_to_res_id(request.cr, openerp.SUPERUSER_ID, 'base.public_user')
45 request.uid = request.session.uid
48 first_pass = not hasattr(request, 'website')
49 request.website = None
52 func, arguments = self._find_handler()
53 request.website_enabled = func.routing.get('website', False)
54 except werkzeug.exceptions.NotFound:
55 # either we have a language prefixed route, either a real 404
56 # in all cases, website processes them
57 request.website_enabled = True
59 request.website_multilang = request.website_enabled and func and func.routing.get('multilang', True)
61 if 'geoip' not in request.session:
63 if self.geo_ip_resolver is None:
66 # updated database can be downloaded on MaxMind website
67 # http://dev.maxmind.com/geoip/legacy/install/city/
68 geofile = config.get('geoip_database')
69 if os.path.exists(geofile):
70 self.geo_ip_resolver = GeoIP.open(geofile, GeoIP.GEOIP_STANDARD)
72 self.geo_ip_resolver = False
73 logger.warning('GeoIP database file %r does not exists', geofile)
75 self.geo_ip_resolver = False
76 if self.geo_ip_resolver and request.httprequest.remote_addr:
77 record = self.geo_ip_resolver.record_by_addr(request.httprequest.remote_addr) or {}
78 request.session['geoip'] = record
80 if request.website_enabled:
83 self._authenticate(func.routing['auth'])
85 self._auth_method_public()
86 except Exception as e:
87 return self._handle_exception(e)
89 request.redirect = lambda url, code=302: werkzeug.utils.redirect(url_for(url), code)
90 request.website = request.registry['website'].get_current_website(request.cr, request.uid, context=request.context)
91 request.context['website_id'] = request.website.id
92 langs = [lg[0] for lg in request.website.get_languages()]
93 path = request.httprequest.path.split('/')
95 if request.website_multilang:
96 # If the url doesn't contains the lang and that it's the first connection, we to retreive the user preference if it exists.
97 if not path[1] in langs and not request.httprequest.cookies.get('session_id'):
98 if request.lang not in langs:
99 # Try to find a similar lang. Eg: fr_BE and fr_FR
100 short = request.lang.split('_')[0]
101 langs_withshort = [lg[0] for lg in request.website.get_languages() if lg[0].startswith(short)]
102 if len(langs_withshort):
103 request.lang = langs_withshort[0]
105 request.lang = request.website.default_lang_code
106 # We redirect with the right language in url
107 if request.lang != request.website.default_lang_code:
108 path.insert(1, request.lang)
109 path = '/'.join(path) or '/'
110 return request.redirect(path + '?' + request.httprequest.query_string)
112 request.lang = request.website.default_lang_code
114 request.context['lang'] = request.lang
115 if not request.context.get('tz'):
116 request.context['tz'] = request.session['geoip'].get('time_zone')
119 request.lang = request.context['lang'] = path.pop(1)
120 path = '/'.join(path) or '/'
121 if request.lang == request.website.default_lang_code:
122 # If language is in the url and it is the default language, redirect
123 # to url without language so google doesn't see duplicate content
124 return request.redirect(path + '?' + request.httprequest.query_string, code=301)
125 return self.reroute(path)
126 # bind modified context
127 request.website = request.website.with_context(request.context)
128 return super(ir_http, self)._dispatch()
130 def reroute(self, path):
131 if not hasattr(request, 'rerouting'):
132 request.rerouting = [request.httprequest.path]
133 if path in request.rerouting:
134 raise Exception("Rerouting loop is forbidden")
135 request.rerouting.append(path)
136 if len(request.rerouting) > self.rerouting_limit:
137 raise Exception("Rerouting limit exceeded")
138 request.httprequest.environ['PATH_INFO'] = path
139 # void werkzeug cached_property. TODO: find a proper way to do this
140 for key in ('path', 'full_path', 'url', 'base_url'):
141 request.httprequest.__dict__.pop(key, None)
143 return self._dispatch()
145 def _postprocess_args(self, arguments, rule):
146 super(ir_http, self)._postprocess_args(arguments, rule)
148 for key, val in arguments.items():
149 # Replace uid placeholder by the current request.uid
150 if isinstance(val, orm.BaseModel) and isinstance(val._uid, RequestUID):
151 arguments[key] = val.sudo(request.uid)
154 _, path = rule.build(arguments)
155 assert path is not None
157 return self._handle_exception(e, code=404)
159 if getattr(request, 'website_multilang', False) and request.httprequest.method in ('GET', 'HEAD'):
160 generated_path = werkzeug.url_unquote_plus(path)
161 current_path = werkzeug.url_unquote_plus(request.httprequest.path)
162 if generated_path != current_path:
163 if request.lang != request.website.default_lang_code:
164 path = '/' + request.lang + path
165 if request.httprequest.query_string:
166 path += '?' + request.httprequest.query_string
167 return werkzeug.utils.redirect(path, code=301)
169 def _serve_attachment(self):
170 domain = [('type', '=', 'binary'), ('url', '=', request.httprequest.path)]
171 attach = self.pool['ir.attachment'].search_read(request.cr, openerp.SUPERUSER_ID, domain, ['__last_update', 'datas', 'mimetype'], context=request.context)
173 wdate = attach[0]['__last_update']
174 datas = attach[0]['datas']
175 response = werkzeug.wrappers.Response()
176 server_format = openerp.tools.misc.DEFAULT_SERVER_DATETIME_FORMAT
178 response.last_modified = datetime.datetime.strptime(wdate, server_format + '.%f')
180 # just in case we have a timestamp without microseconds
181 response.last_modified = datetime.datetime.strptime(wdate, server_format)
183 response.set_etag(hashlib.sha1(datas).hexdigest())
184 response.make_conditional(request.httprequest)
186 if response.status_code == 304:
189 response.mimetype = attach[0]['mimetype'] or 'application/octet-stream'
190 response.data = datas.decode('base64')
193 def _handle_exception(self, exception, code=500):
194 # This is done first as the attachment path may
195 # not match any HTTP controller, so the request
196 # may not be website-enabled.
197 attach = self._serve_attachment()
201 is_website_request = bool(getattr(request, 'website_enabled', False) and request.website)
202 if not is_website_request:
203 # Don't touch non website requests exception handling
204 return super(ir_http, self)._handle_exception(exception)
207 response = super(ir_http, self)._handle_exception(exception)
208 if isinstance(response, Exception):
211 # if parent excplicitely returns a plain response, then we don't touch it
214 if openerp.tools.config['dev_mode'] and (not isinstance(exception, ir_qweb.QWebException) or not exception.qweb.get('cause')):
220 traceback=traceback.format_exc(exception),
223 if isinstance(exception, werkzeug.exceptions.HTTPException):
224 if exception.code is None:
225 # Hand-crafted HTTPException likely coming from abort(),
226 # usually for a redirect response -> return it directly
229 code = exception.code
231 if isinstance(exception, openerp.exceptions.AccessError):
234 if isinstance(exception, ir_qweb.QWebException):
235 values.update(qweb_exception=exception)
236 if isinstance(exception.qweb.get('cause'), openerp.exceptions.AccessError):
240 logger.error("500 Internal Server Error:\n\n%s", values['traceback'])
241 if 'qweb_exception' in values:
242 view = request.registry.get("ir.ui.view")
243 views = view._views_get(request.cr, request.uid, exception.qweb['template'], request.context)
244 to_reset = [v for v in views if v.model_data_id.noupdate is True and not v.page]
245 values['views'] = to_reset
247 logger.warn("403 Forbidden:\n\n%s", values['traceback'])
250 status_message=werkzeug.http.HTTP_STATUS_CODES[code],
255 self._auth_method_public()
258 html = request.website._render('website.%s' % code, values)
260 html = request.website._render('website.http_error', values)
261 return werkzeug.wrappers.Response(html, status=code, content_type='text/html;charset=utf-8')
263 class ModelConverter(ir.ir_http.ModelConverter):
264 def __init__(self, url_map, model=False, domain='[]'):
265 super(ModelConverter, self).__init__(url_map, model)
267 self.regex = _UNSLUG_RE.pattern
269 def to_url(self, value):
272 def to_python(self, value):
273 m = re.match(self.regex, value)
274 _uid = RequestUID(value=value, match=m, converter=self)
275 record_id = int(m.group(2))
277 # limited support for negative IDs due to our slug pattern, assume abs() if not found
278 if not request.registry[self.model].exists(request.cr, _uid, [record_id]):
279 record_id = abs(record_id)
280 return request.registry[self.model].browse(
281 request.cr, _uid, record_id, context=request.context)
283 def generate(self, cr, uid, query=None, args=None, context=None):
284 obj = request.registry[self.model]
285 domain = eval( self.domain, (args or {}).copy())
287 domain.append((obj._rec_name, 'ilike', '%'+query+'%'))
288 for record in obj.search_read(cr, uid, domain=domain, fields=['write_date',obj._rec_name], context=context):
289 if record.get(obj._rec_name, False):
290 yield {'loc': (record['id'], record[obj._rec_name])}
292 class PageConverter(werkzeug.routing.PathConverter):
293 """ Only point of this converter is to bundle pages enumeration logic """
294 def generate(self, cr, uid, query=None, args={}, context=None):
295 View = request.registry['ir.ui.view']
296 views = View.search_read(cr, uid, [['page', '=', True]],
297 fields=['xml_id','priority','write_date'], order='name', context=context)
299 xid = view['xml_id'].startswith('website.') and view['xml_id'][8:] or view['xml_id']
300 # the 'page/homepage' url is indexed as '/', avoid aving the same page referenced twice
301 # when we will have an url mapping mechanism, replace this by a rule: page/homepage --> /
302 if xid=='homepage': continue
303 if query and query.lower() not in xid.lower():
305 record = {'loc': xid}
306 if view['priority'] <> 16:
307 record['__priority'] = min(round(view['priority'] / 32.0,1), 1)
308 if view['write_date']:
309 record['__lastmod'] = view['write_date'][:10]