ホーム エクスプローラ ヘルプ
サインイン
LiuFan
/
PrivacyScanData
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: c7f56cb0b5
ブランチ タグ
PrivacyScanD...
/
S3
/
new2
/
django-s3file-main
/
s3file
/
middleware.py

middleware.py 2.5 KB
履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. import logging
    2. 

  2. import pathlib
    3. 

  3. 

  4. from django.core import signing
    5. 

  5. from django.core.exceptions import PermissionDenied, SuspiciousFileOperation
    6. 

  6. from django.utils.crypto import constant_time_compare
    7. 

  7. 

  8. from . import views
    9. 

  9. from .storages import get_aws_location, local_dev, storage
    10. 

  10. 

  11. logger = logging.getLogger("s3file")
    12. 

  12. 

  13. 

  14. class S3FileMiddleware:
    15. 

  15.     def __init__(self, get_response):
    16. 

  16.         self.get_response = get_response
    17. 

  17. 

  18.     def __call__(self, request):
    19. 

  19.         file_fields = request.POST.getlist("s3file")
    20. 

  20.         for field_name in file_fields:
    21. 

  21. 

  22.             paths = request.POST.getlist(field_name)
    23. 

  23.             if paths:
    24. 

  24.                 try:
    25. 

  25.                     signature = request.POST[f"{field_name}-s3f-signature"]
    26. 

  26.                 except KeyError:
    27. 

  27.                     raise PermissionDenied("No signature provided.")
    28. 

  28.                 try:
    29. 

  29.                     request.FILES.setlist(
    30. 

  30.                         field_name, list(self.get_files_from_storage(paths, signature))
    31. 

  31.                     )
    32. 

  32.                 except SuspiciousFileOperation as e:
    33. 

  33.                     raise PermissionDenied("Illegal file name!") from e
    34. 

  34. 

  35.         if local_dev and request.path == "/__s3_mock__/":
    36. 

  36.             return views.S3MockView.as_view()(request)
    37. 

  37. 

  38.         return self.get_response(request)
    39. 

  39. 

  40.     @classmethod
    41. 

  41.     def get_files_from_storage(cls, paths, signature):
    42. 

  42.         """Return S3 file where the name does not include the path."""
    43. 

  43.         location = get_aws_location()
    44. 

  44.         for path in paths:
    45. 

  45.             path = pathlib.PurePosixPath(path)
    46. 

  46.             if not constant_time_compare(
    47. 

  47.                 cls.sign_s3_key_prefix(path.parent), signature
    48. 

  48.             ):
    49. 

  49.                 raise PermissionDenied("Illegal signature!")
    50. 

  50.             try:
    51. 

  51.                 relative_path = str(path.relative_to(location))
    52. 

  52.             except ValueError as e:
    53. 

  53.                 raise SuspiciousFileOperation(
    54. 

  54.                     f"Path is outside the storage location: {path}"
    55. 

  55.                 ) from e
    56. 

  56. 

  57.             try:
    58. 

  58.                 f = storage.open(relative_path)
    59. 

  59.                 f.name = path.name
    60. 

  60.                 yield f
    61. 

  61.             except (OSError, ValueError):
    62. 

  62.                 logger.exception("File not found: %s", path)
    63. 

  63. 

  64.     @classmethod
    65. 

  65.     def sign_s3_key_prefix(cls, path):
    66. 

  66.         """
    67. 

  67.         Signature to validate the S3 keys passed the middleware before fetching files.
    68. 

  68. 

  69.         Return a base64-encoded HMAC-SHA256 of the upload folder aka the S3 key-prefix.
    70. 

  70.         """
    71. 

  71.         return signing.Signer(salt="s3file.middleware.S3FileMiddleware").signature(path)
    72.