Skip to content
Snippets Groups Projects
Normal view Permalink
rproxy.py 2.44 KiB
Newer Older
Sébastien DA ROCHA's avatar
First version of rproxy
Sébastien DA ROCHA committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 
# Copyright (c) 2021-2022 Neogeo-Technologies.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


import logging

from django.conf import settings
from drfreverseproxy.views import ProxyView
m431m's avatar
Define SessionCsrfExemptAuthentication  
m431m committed
21 22 
from rest_framework.authentication import BasicAuthentication
from rest_framework.authentication import SessionAuthentication
m431m's avatar
Force accept all */* [REDMINE_ISSUE-16761]  
m431m committed
23 
from rest_framework.negotiation import DefaultContentNegotiation
Sébastien DA ROCHA's avatar
First version of rproxy
Sébastien DA ROCHA committed
24 25 26 27 28 29 30 31 32 33 
from rest_framework import permissions


logger = logging.getLogger(__name__)


ONEGEOSUITE_MAPSTORE_UPSTREAM = settings.ONEGEOSUITE_MAPSTORE_UPSTREAM
ONEGEOSUITE_MAPSTORE_AUTH_HEADER = settings.ONEGEOSUITE_MAPSTORE_AUTH_HEADER
m431m's avatar
Define SessionCsrfExemptAuthentication  
m431m committed
34 35 36 37 38 
class SessionCsrfExemptAuthentication(SessionAuthentication):
    def enforce_csrf(self, request):
        pass
m431m's avatar
Force accept all */* [REDMINE_ISSUE-16761]  
m431m committed
39 40 41 42 43 
class MapstoreProxyContentNegotiation(DefaultContentNegotiation):
    def get_accept_list(self, _):
        return ['*/*']  # Force accept all
Sébastien DA ROCHA's avatar
First version of rproxy
Sébastien DA ROCHA committed
44 45 46 
class MapstoreProxyView(ProxyView):
    upstream = ONEGEOSUITE_MAPSTORE_UPSTREAM
m431m's avatar
Define SessionCsrfExemptAuthentication  
m431m committed
47 48 49 50 51 
    authentication_classes = [
        SessionCsrfExemptAuthentication,
        BasicAuthentication,
    ]
Sébastien DA ROCHA's avatar
First version of rproxy
Sébastien DA ROCHA committed
52 53 54 55 
    permission_classes = [
        permissions.AllowAny,
    ]
m431m's avatar
Force accept all */* [REDMINE_ISSUE-16761]  
m431m committed
56 57 
    content_negotiation_class = MapstoreProxyContentNegotiation
Sébastien DA ROCHA's avatar
First version of rproxy
Sébastien DA ROCHA committed
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 
    def get_request_headers(self):
        """
        Place le nom utilisateur dans un Header HTTP pour que Mapstore puisse
        l'autentifier. Ne positionne pas ce header si l'utilisateur est
        anonyme.

        Supprime le contenu de ce header si il existe déjà pour éviter qu'un
        attaquant externe puisse prendre l'identité d'un utilisateur.
        """
        # Les headers du META ont le prefix HTTP_ et sont en uppercase
        auth_user = 'HTTP_' + ONEGEOSUITE_MAPSTORE_AUTH_HEADER.replace('-', '_').upper()
        self.request.META.pop(auth_user, None)

        headers = super().get_request_headers()
        if not self.request.user.is_anonymous:
            headers[ONEGEOSUITE_MAPSTORE_AUTH_HEADER] = self.request.user.username

        return headers