ó
;^c           @   s\  d  d l  Z  d  d l Z d  d l Z y  d  d l m Z m Z m Z Wn- e k
 rs d  d l m Z m Z m Z n Xd  d l Z d  d l	 m
 Z
 d  d l m Z m Z y d  d l Z e Z Wn e k
 rÕ e Z n Xd  d l Z d  d l m Z e j d ƒ Z d Z d „  Z d d	 „ Z d
 „  Z d „  Z e e ƒ d „  ƒ Z d „  Z i  d „ Z  d S(   iÿÿÿÿN(   t   urlparset
   urlunparset   urljoin(   t   Response(   t
   NewRequestt
   subscriber(   t
   _JSONErrort
   syncservers*   syncserver.staticnode.StaticNodeAssignmentc         C   sÃ  t  j d ƒ t r, t j j j j j ƒ  n  |  j	 j
 } t | ƒ | j d ƒ } | dA k rl t d ƒ ‚ n  | j d ƒ } | | d <| j d ƒ } | dA k r¯ t d ƒ } n  | j d ƒ } | dA k rt  j j t  j j t  j j t ƒ ƒ ƒ } d t  j j | d	 ƒ } n  | j d
 ƒ } | dA k	 rot j t | d ƒ ƒ } | j ƒ  | j ƒ  } t | d ƒ j }	 n  | j d dA ƒ d | k r˜t | d <n  | d t k röd | k rÁ| | d <n  d | k rÚ| | d <n  d | k röd | d <qön  d | k rt | d <n  d | k r(d | d <n  d | k rNd | d <| g | d <n  d | k r…| j d ƒ }
 |
 dA k	 r…|
 | d <q…n  d | k rßxK | j ƒ  D]: } | j d ƒ ržd | t  d ƒ } | | | | <qžqžWn  d | k rd  | d <| | d! <t! | d" <n  d# | k r%t! | d# <n  d$ | k r»| j d% ƒ } | sSd& | d$ <n d' | d$ <| | d( <t" t | ƒ j# d) d* ƒ ƒ } | | d+ <| dA k	 r»|	 g | d, <|	 g | d- <q»n  d. | k rûd/ | d. <| dA k	 rû| d0 | d1 <|	 | d2 <qûn  d3 | k r8t$ j% d* ƒ } | j& s8t$ j' d4 t$ j( ƒ q8n  d5 | k rWt d6 ƒ | d5 <n  |  j) d7 d8 d9 g ƒ|  j* d: d; d< ƒ|  j* d d; d= ƒd> „  } |  j+ d? d ƒ |  j, | d@ d? ƒdA S(B   sC   Install SyncServer application into the given Pyramid configurator.i?   s   syncserver.public_urls(   you must configure syncserver.public_urlt   /s   syncserver.secreti@   s   syncserver.sqluris
   sqlite:///s   syncserver.dbs   syncserver.identity_providers%   /.well-known/fxa-client-configurationt   auth_server_base_urlt   configs   tokenserver.backends   tokenserver.sqluris   tokenserver.node_urls   endpoints.sync-1.5s   {node}/storage/1.5/{uid}s   tokenserver.monkey_patch_gevents   tokenserver.applicationss   sync-1.5s   tokenserver.secrets.backends   mozsvc.secrets.FixedSecretss   tokenserver.secrets.secretss   tokenserver.allow_new_userss   syncserver.allow_new_userss   hawkauth.secrets.backends   tokenserver.secrets.t   hawkautht   tokenservers   storage.backends"   syncstorage.storage.sql.SQLStorages   storage.sqluris   storage.create_tabless   storage.batch_upload_enableds   browserid.backends   syncserver.browserid_verifiers,   tokenserver.verifiers.LocalBrowserIdVerifiers-   tokenserver.verifiers.RemoteBrowserIdVerifiers   browserid.verifier_urlt   patht    s   browserid.audiencess   browserid.trusted_issuerss   browserid.allowed_issuerss   oauth.backends)   tokenserver.verifiers.RemoteOAuthVerifiert   oauth_server_base_urls   oauth.server_urls   oauth.default_issuert   loggerst   levels   fxa.metrics_uid_secret_keyi    R   t   ignores   syncserver.wsgi_appt   syncstoraget   route_prefixs   /storages   /tokenc         S   s
   t  d ƒ S(   Ns	   it works!(   R   (   t   request(    (    s*   /var/www/syncserver/syncserver/__init__.pyt   itworks™   s    R   t
   route_nameN(-   t   ost   umaskt   HAS_PYOPENSSLt   requestst   packagest   urllib3t   contribt	   pyopensslt   inject_into_urllib3t   registryt   settingst*   import_settings_from_environment_variablest   gett   Nonet   RuntimeErrort   rstript   generate_random_hex_keyR   t   abspatht   dirnamet   __file__t   joinR   t   raise_for_statust   jsonR    t   netloct   popt   DEFAULT_TOKENSERVER_BACKENDt   Falset   keyst
   startswitht   lent   TrueR   t   _replacet   loggingt	   getLoggert   handlerst   basicConfigt   WARNt   scant   includet	   add_routet   add_view(   R
   R"   t
   public_urlt   secrett   sqlurit   rootdirt   idpt   rt
   idp_configt
   idp_issuert   allow_new_userst   keyt   newkeyt   verifier_urlt   audiencet   root_loggerR   (    (    s*   /var/www/syncserver/syncserver/__init__.pyt	   includeme"   s¦    

*







		c      
   C   s÷   | d k r t j } n  d d t f d d t f d d t f d d t f d	 d
 t f d d t f d d t f d d t f f } d | k r­ t | d ƒ j ƒ  j ƒ  |  d <n  xC | D]; \ } } } y | | | ƒ |  | <Wq´ t k
 rî q´ Xq´ Wd S(   s6  Helper function to import settings from environment variables.

    This helper exists to allow the most commonly-changed settings to be
    configured via environment variables, which is useful when deploying
    with docker.  For more complex configuration needs you should write
    a .ini config file.
    t   SYNCSERVER_PUBLIC_URLs   syncserver.public_urlt   SYNCSERVER_SECRETs   syncserver.secrett   SYNCSERVER_SQLURIs   syncserver.sqlurit   SYNCSERVER_IDENTITY_PROVIDERs   syncserver.identity_providert   SYNCSERVER_BROWSERID_VERIFIERs   syncserver.browserid_verifiert   SYNCSERVER_ALLOW_NEW_USERSs   syncserver.allow_new_userst   SYNCSERVER_FORCE_WSGI_ENVIRONs   syncserver.force_wsgi_environt   SYNCSERVER_BATCH_UPLOAD_ENABLEDs   storage.batch_upload_enabledt   SYNCSERVER_SECRET_FILEN(	   R%   R   t   environt   strt   str_to_boolt   opent   readt   stript   KeyError(   R"   RY   t   SETTINGS_FROM_ENVIRONRJ   t   namet   convert(    (    s*   /var/www/syncserver/syncserver/__init__.pyR#       s2    #c         C   sC   |  j  ƒ  d k r t S|  j  ƒ  d k r, t St d	 |  f ƒ ‚ d
 S(   s=   Helper to convert textual boolean strings to actual booleans.t   truet   ont   1t   yest   falset   offt   0t   nos   unable to parse boolean from %rN(   Rc   Rd   Re   Rf   (   Rg   Rh   Ri   Rj   (   t   lowerR6   R2   t
   ValueError(   t   value(    (    s*   /var/www/syncserver/syncserver/__init__.pyR[   Æ   s
    c         C   s   t  j t j |  d ƒ ƒ S(   Ni   (   t   binasciit   hexlifyR   t   urandom(   t   length(    (    s*   /var/www/syncserver/syncserver/__init__.pyR(   Ï   s    c         C   sø   |  j  } | j j d } t | ƒ } | j sF | j j d ƒ | _ n  | j } | | k rô | j j j d ƒ sÄ d j	 d d d | f d | f d	 d
 f ƒ } t
 j | ƒ t | g d d ƒ‚ n  | j | _ | j | _ | j j d ƒ | _ n  d S(   sY  Event-listener that checks and tweaks WSGI environ based on public_url.

    This is a simple trick to help ensure that the configured public_url
    matches the actual deployed address.  It fixes fixes parts of the WSGI
    environ where it makes sense (e.g. SCRIPT_NAME) and warns about any parts
    that seem obviously mis-configured (e.g. http:// versus https://).

    It's very important to get public_url and WSGI environ matching exactly,
    since they're used for browserid audience checking and HAWK signature
    validation, so mismatches can easily cause strange and cryptic errors.
    s   syncserver.public_urlR   s   syncserver.force_wsgi_environs   
s9   The public_url setting doesn't match the application url.s9   This will almost certainly cause authentication failures!s       public_url setting is: %ss       application url is:    %ss<   You can disable this check by setting the force_wsgi_environs7   option in your config file, but do so at your own risk.t   status_codeiô  N(   R   R!   R"   R    t   script_nameR   R'   t   application_urlR$   R,   t   loggert   errorR   t   schemeR/   t   host(   t   eventR   RA   t   p_public_urlRt   t   msg(    (    s*   /var/www/syncserver/syncserver/__init__.pyt&   reconcile_wsgi_environ_with_public_urlÓ   s(    			

c         K   sB   t  j j |  |  } | j ƒ  z | j t ƒ Wd | j ƒ  X| S(   s?   Load a SyncStorge configurator object from deployment settings.N(   t   mozsvcR
   t   get_configuratort   beginR>   RO   t   end(   t   global_configR"   R
   (    (    s*   /var/www/syncserver/syncserver/__init__.pyR~   ÿ   s    
c         K   s   t  |  |  } | j ƒ  S(   s5   Load a SyncStorage WSGI app from deployment settings.(   R~   t   make_wsgi_app(   R   R"   R
   (    (    s*   /var/www/syncserver/syncserver/__init__.pyt   main
  s    (!   Rn   R   R8   R    R   R   t   ImportErrort   urllib.parseR   t   pyramid.responseR   t   pyramid.eventsR   R   t+   requests.packages.urllib3.contrib.pyopensslR6   R   R2   t   mozsvc.configR}   t   tokenserver.utilR   R9   Ru   R1   RO   R%   R#   R[   R(   R|   R~   Rƒ   (    (    (    s*   /var/www/syncserver/syncserver/__init__.pyt   <module>   s2     

	~&			,	