mirrors/lnbits-legend
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits-legend.git synced 2025-01-19 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
e9d6160f4d
lnbits-legend/lnbits/middleware.py

233 lines
8.2 KiB
Python
Raw Normal View History

Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
from http import HTTPStatus
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
from typing import Any, List, Tuple, Union
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
[CHORE] cleanup ip block middle workaround for older fastapi (#1981)
2023-10-09 07:57:13 +02:00
from fastapi import FastAPI, Request
feat: install wizard on first launch (#1977) * Login form loading * add first install middleware and settings * updates * Login form loading * add first install middleware and settings * updates * only set first install when superuser is created * refactor first install * only show if first install * cleanup * set password * update calls * login superuser on first install * fix * fixup! * fixup! * fixup! * fixup! * fixup! * last fixup! * fix mypy and prettier CI errors * disable first install * add random super user * set first install after startup * remove user id from form * Update lnbits/core/views/auth_api.py Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com> * Update lnbits/core/views/auth_api.py Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com> * Update lnbits/middleware.py Co-authored-by: dni ⚡ <office@dnilabs.com> * addressing Vlad's comments * remove super user * move to transient settings * fix: show `first_install` page even after a server restart * fix: do not add `user_id` in the auth token * fix: `make check` errors * fix: `username` is not optional for `UpdateSuperuserPassword` * feat: nicer error message --------- Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: Tiago Vasconcelos <talvasconcelos@gmail.com> Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com>
2024-01-25 14:33:40 +01:00
from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
from slowapi import _rate_limit_exceeded_handler
from slowapi.errors import RateLimitExceeded
from slowapi.middleware import SlowAPIMiddleware
[REFACTOR] payments sse endpoint (#1781) * exclude sse from gzip * refactor sse endpoint * cleanup imports
2023-08-18 12:05:14 +02:00
from starlette.middleware.gzip import GZipMiddleware
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
from starlette.types import ASGIApp, Receive, Scope, Send
[REFACTOR] core/__init__ to not have circular import issues (#1876) * F541 fix remove unused workflow and combine linters into one add lnbits/static to ruff ignore remote setupnode ignore upgrades for mypy ignore F401 for __init__ files unused noqa ignore upgrades for black F821: undefine name disabled and logged webhook_listener for opennode and lnpay because they are obvisouly not working E402: module level import not at top of file fixup revert breaking changes wait for PR #1876 https://github.com/lnbits/lnbits/pull/1876 E721 fixes, only popped up for python3.9 not 3.10 [REFACTOR] core/__init__ to not have circular import issues WIP add db for backwards compat fix pyright make mypy happy again pyright did not catch those, i think mypy got confused with relative imports. maybe we should use absolute ones everywhere E402: module level import not at top of file dont forget to add core_app rebase on ruff pr f remo format * fix clnrest * ignore E402 in conftest * refactoring issues --------- Co-authored-by: jacksn <jkranawetter05@gmail.com>
2023-09-12 12:25:05 +02:00
from lnbits.core.db import core_app_extra
fix: block access admin extensions to normal users
2023-04-05 16:40:08 +02:00
from lnbits.helpers import template_renderer
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
from lnbits.settings import settings
class InstalledExtensionMiddleware:
# This middleware class intercepts calls made to the extensions API and:
# - it blocks the calls if the extension has been disabled or uninstalled.
[CHORE] string formatting default length 88 (#1887) * [CHORE] string formatting default length 88 uses blacks default off 88 and enabled autostringformatting * formatting * nitpicks jackstar fix
2023-08-24 11:26:09 +02:00
# - it redirects the calls to the latest version of the extension
# if the extension has been upgraded.
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
# - otherwise it has no effect
def __init__(self, app: ASGIApp) -> None:
self.app = app
async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
fix: redirect for all paths of the extension (not only for `/api`) (#2120) * fix: redirect for all paths of the extension (not only for `/api`) * refactor: rename variable * fix: corner case for root path * refactor: rename var * doc: update comment * fix: do not redirect for static resources
2023-11-24 21:13:19 +01:00
full_path = scope.get("path", "/")
if full_path == "/":
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
await self.app(scope, receive, send)
return
chore: adhere to ruff's `UP` basically use `list` and `type` instead of `List` and `Type` this is save to use for python3.9 and has been deprecated. also has some performance drawbacks. read more here: https://docs.astral.sh/ruff/rules/non-pep585-annotation/
2024-04-01 18:50:21 +02:00
top_path, *rest = (p for p in full_path.split("/") if p)
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
headers = scope.get("headers", [])
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
# block path for all users if the extension is disabled
fix: redirect for all paths of the extension (not only for `/api`) (#2120) * fix: redirect for all paths of the extension (not only for `/api`) * refactor: rename variable * fix: corner case for root path * refactor: rename var * doc: update comment * fix: do not redirect for static resources
2023-11-24 21:13:19 +01:00
if top_path in settings.lnbits_deactivated_extensions:
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
response = self._response_by_accepted_type(
test: remove warnings for `TemplateResponse` (#2368) * test: remove warnings for `TemplateResponse` removes warnings ``` tests/core/views/test_generic.py::test_core_views_generic tests/core/views/test_generic.py::test_get_wallet_with_user_and_wallet tests/core/views/test_generic.py::test_get_extensions tests/core/views/test_public_api.py::test_core_views_generic /home/dni/.cache/pypoetry/virtualenvs/lnbits-XeqO4Z-j-py3.10/lib/python3.10/site-packages/starlette/templating.py:178: DeprecationWarning: The `name` is not the first para meter anymore. The first parameter should be the `Request` instance. Replace `TemplateResponse(name, {"request": request})` by `TemplateResponse(request, name)`. warnings.warn( ```
2024-03-29 12:22:14 +01:00
scope, headers, f"Extension '{top_path}' disabled", HTTPStatus.NOT_FOUND
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
)
await response(scope, receive, send)
return
fix: redirect for all paths of the extension (not only for `/api`) (#2120) * fix: redirect for all paths of the extension (not only for `/api`) * refactor: rename variable * fix: corner case for root path * refactor: rename var * doc: update comment * fix: do not redirect for static resources
2023-11-24 21:13:19 +01:00
# static resources do not require redirect
if rest[0:1] == ["static"]:
await self.app(scope, receive, send)
return
upgrade_path = next(
(
e
for e in settings.lnbits_upgraded_extensions
if e.endswith(f"/{top_path}")
),
None,
)
# re-route all trafic if the extension has been upgraded
if upgrade_path:
tail = "/".join(rest)
scope["path"] = f"/upgrades/{upgrade_path}/{tail}"
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
await self.app(scope, receive, send)
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
def _response_by_accepted_type(
test: remove warnings for `TemplateResponse` (#2368) * test: remove warnings for `TemplateResponse` removes warnings ``` tests/core/views/test_generic.py::test_core_views_generic tests/core/views/test_generic.py::test_get_wallet_with_user_and_wallet tests/core/views/test_generic.py::test_get_extensions tests/core/views/test_public_api.py::test_core_views_generic /home/dni/.cache/pypoetry/virtualenvs/lnbits-XeqO4Z-j-py3.10/lib/python3.10/site-packages/starlette/templating.py:178: DeprecationWarning: The `name` is not the first para meter anymore. The first parameter should be the `Request` instance. Replace `TemplateResponse(name, {"request": request})` by `TemplateResponse(request, name)`. warnings.warn( ```
2024-03-29 12:22:14 +01:00
self, scope: Scope, headers: List[Any], msg: str, status_code: HTTPStatus
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
) -> Union[HTMLResponse, JSONResponse]:
doc: add comments
2023-04-06 11:32:23 +02:00
"""
[CHORE] string formatting default length 88 (#1887) * [CHORE] string formatting default length 88 uses blacks default off 88 and enabled autostringformatting * formatting * nitpicks jackstar fix
2023-08-24 11:26:09 +02:00
Build an HTTP response containing the `msg` as HTTP body and the `status_code`
as HTTP code. If the `accept` HTTP header is present int the request and
contains the value of `text/html` then return an `HTMLResponse`,
otherwise return an `JSONResponse`.
doc: add comments
2023-04-06 11:32:23 +02:00
"""
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
accept_header: str = next(
(
h[1].decode("UTF-8")
for h in headers
if len(h) >= 2 and h[0].decode("UTF-8") == "accept"
),
"",
)
chore: adhere to ruff's `C` (#2379)
2024-04-03 17:56:05 +02:00
if "text/html" in accept_header.split(","):
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
return HTMLResponse(
status_code=status_code,
content=template_renderer()
test: remove warnings for `TemplateResponse` (#2368) * test: remove warnings for `TemplateResponse` removes warnings ``` tests/core/views/test_generic.py::test_core_views_generic tests/core/views/test_generic.py::test_get_wallet_with_user_and_wallet tests/core/views/test_generic.py::test_get_extensions tests/core/views/test_public_api.py::test_core_views_generic /home/dni/.cache/pypoetry/virtualenvs/lnbits-XeqO4Z-j-py3.10/lib/python3.10/site-packages/starlette/templating.py:178: DeprecationWarning: The `name` is not the first para meter anymore. The first parameter should be the `Request` instance. Replace `TemplateResponse(name, {"request": request})` by `TemplateResponse(request, name)`. warnings.warn( ```
2024-03-29 12:22:14 +01:00
.TemplateResponse(Request(scope), "error.html", {"err": msg})
feat: show content by accepted type
2023-04-05 17:54:54 +02:00
.body,
)
return JSONResponse(
status_code=status_code,
content={"detail": msg},
)
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
[REFACTOR] payments sse endpoint (#1781) * exclude sse from gzip * refactor sse endpoint * cleanup imports
2023-08-18 12:05:14 +02:00
class CustomGZipMiddleware(GZipMiddleware):
def __init__(self, *args, exclude_paths=None, **kwargs):
super().__init__(*args, **kwargs)
self.exclude_paths = exclude_paths or []
async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
if "path" in scope and scope["path"] in self.exclude_paths:
await self.app(scope, receive, send)
return
await super().__call__(scope, receive, send)
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
class ExtensionsRedirectMiddleware:
[CHORE] string formatting default length 88 (#1887) * [CHORE] string formatting default length 88 uses blacks default off 88 and enabled autostringformatting * formatting * nitpicks jackstar fix
2023-08-24 11:26:09 +02:00
# Extensions are allowed to specify redirect paths. A call to a path outside the
# scope of the extension can be redirected to one of the extension's endpoints.
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
# Eg: redirect `GET /.well-known` to `GET /lnurlp/api/v1/well-known`
def __init__(self, app: ASGIApp) -> None:
self.app = app
async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
if "path" not in scope:
await self.app(scope, receive, send)
return
req_headers = scope["headers"] if "headers" in scope else []
redirect = self._find_redirect(scope["path"], req_headers)
if redirect:
scope["path"] = self._new_path(redirect, scope["path"])
await self.app(scope, receive, send)
def _find_redirect(self, path: str, req_headers: List[Tuple[bytes, bytes]]):
return next(
(
r
for r in settings.lnbits_extensions_redirects
if self._redirect_matches(r, path, req_headers)
),
None,
)
def _redirect_matches(
self, redirect: dict, path: str, req_headers: List[Tuple[bytes, bytes]]
) -> bool:
if "from_path" not in redirect:
return False
header_filters = (
fix newly introduced pyright issue from rebase
2023-02-27 16:20:47 +01:00
redirect["header_filters"] if "header_filters" in redirect else {}
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
)
return self._has_common_path(redirect["from_path"], path) and self._has_headers(
header_filters, req_headers
)
def _has_headers(
self, filter_headers: dict, req_headers: List[Tuple[bytes, bytes]]
) -> bool:
for h in filter_headers:
if not self._has_header(req_headers, (str(h), str(filter_headers[h]))):
return False
return True
def _has_header(
self, req_headers: List[Tuple[bytes, bytes]], header: Tuple[str, str]
) -> bool:
for h in req_headers:
if (
h[0].decode().lower() == header[0].lower()
and h[1].decode() == header[1]
):
return True
return False
def _has_common_path(self, redirect_path: str, req_path: str) -> bool:
redirect_path_elements = redirect_path.split("/")
req_path_elements = req_path.split("/")
if len(redirect_path) > len(req_path):
return False
sub_path = req_path_elements[: len(redirect_path_elements)]
return redirect_path == "/".join(sub_path)
def _new_path(self, redirect: dict, req_path: str) -> str:
from_path = redirect["from_path"].split("/")
redirect_to = redirect["redirect_to_path"].split("/")
req_tail_path = req_path.split("/")[len(from_path) :]
elements = [
chore: adhere to ruff's `RUF` rules, 2nd try (#2420) * chore: adhere to ruff's `RUF` rules, 2nd try closes #2382
2024-04-17 07:36:22 +02:00
e for e in ([redirect["ext_id"], *redirect_to, *req_tail_path]) if e != ""
Add redirect paths for extensions (#1532) * feat: basic redirect to extension endpoint * feat: filter by headers * refactor: extract `middleware.py` * fix: do not add twice the same extension to redirects * chore: code clean-up
2023-02-22 10:12:16 +01:00
]
return "/" + "/".join(elements)
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
def add_ratelimit_middleware(app: FastAPI):
core_app_extra.register_new_ratelimiter()
chore: update to latest fastapi (#2240) security alert https://github.com/lnbits/lnbits/security/dependabot/46
2024-02-06 15:47:36 +01:00
# latest https://slowapi.readthedocs.io/en/latest/
# shows this as a valid way to add the handler
app.add_exception_handler(
RateLimitExceeded,
_rate_limit_exceeded_handler, # type: ignore
)
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
app.add_middleware(SlowAPIMiddleware)
def add_ip_block_middleware(app: FastAPI):
@app.middleware("http")
async def block_allow_ip_middleware(request: Request, call_next):
if not request.client:
return JSONResponse(
ip blocker only call next after validation (#1791) * only call next after validation * lets the blocked ips wait :) * calles suggestion :)
2023-07-03 10:26:35 +02:00
status_code=403, # Forbidden
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
content={"detail": "No request client"},
)
ip blocker only call next after validation (#1791) * only call next after validation * lets the blocked ips wait :) * calles suggestion :)
2023-07-03 10:26:35 +02:00
if (
request.client.host in settings.lnbits_blocked_ips
and request.client.host not in settings.lnbits_allowed_ips
):
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
return JSONResponse(
ip blocker only call next after validation (#1791) * only call next after validation * lets the blocked ips wait :) * calles suggestion :)
2023-07-03 10:26:35 +02:00
status_code=403, # Forbidden
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
content={"detail": "IP is blocked"},
)
[CHORE] cleanup ip block middle workaround for older fastapi (#1981)
2023-10-09 07:57:13 +02:00
return await call_next(request)
Adds security tools, such as a rate limiter, IP block/allow, server logs (#1606) * added ratelimiter * Adds server logs to admin ui * Added IP allow/ban list * fixed remove ips * Split rate limit number and unit * security tab and background tasks for killswitch * fix test for auditor api --------- Co-authored-by: dni ⚡ <office@dnilabs.com>
2023-06-20 11:26:33 +02:00
app.middleware("http")(block_allow_ip_middleware)
feat: install wizard on first launch (#1977) * Login form loading * add first install middleware and settings * updates * Login form loading * add first install middleware and settings * updates * only set first install when superuser is created * refactor first install * only show if first install * cleanup * set password * update calls * login superuser on first install * fix * fixup! * fixup! * fixup! * fixup! * fixup! * last fixup! * fix mypy and prettier CI errors * disable first install * add random super user * set first install after startup * remove user id from form * Update lnbits/core/views/auth_api.py Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com> * Update lnbits/core/views/auth_api.py Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com> * Update lnbits/middleware.py Co-authored-by: dni ⚡ <office@dnilabs.com> * addressing Vlad's comments * remove super user * move to transient settings * fix: show `first_install` page even after a server restart * fix: do not add `user_id` in the auth token * fix: `make check` errors * fix: `username` is not optional for `UpdateSuperuserPassword` * feat: nicer error message --------- Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: Tiago Vasconcelos <talvasconcelos@gmail.com> Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com>
2024-01-25 14:33:40 +01:00
def add_first_install_middleware(app: FastAPI):
@app.middleware("http")
async def first_install_middleware(request: Request, call_next):
if (
settings.first_install
and request.url.path != "/api/v1/auth/first_install"
and request.url.path != "/first_install"
and not request.url.path.startswith("/static")
):
return RedirectResponse("/first_install")
return await call_next(request)
app.middleware("http")(first_install_middleware)
Reference in New Issue Copy Permalink