journal/views: manage both nginx and haproxy vars in ssl_client_verify; raise exception on insert error

2020-09-08 14:07:53 +02:00 · 2020-09-08 14:07:53 +02:00 · e4566af515
parent 4a877b340f
commit e4566af515
3 changed files with 22 additions and 13 deletions
--- a/logtracker/journal/journalstream.py
+++ b/logtracker/journal/journalstream.py
@ -10,7 +10,11 @@ field_multiline_pattern = re.compile(r'^([A-Z_][A-Z0-9_]+)\n([\w\W]*)$')
 def handle_journal_upload_stream(journal_stream, debug=False):
    tail = ''
    while True:
-        line = journal_stream.readline().decode('utf-8', errors='replace').rstrip('\n')
+        try:
+            rline = journal_stream.readline()
+        except AttributeError:
+            break
+        line = rline.decode('utf-8', errors='replace').rstrip('\n')
        if line.endswith('\r'):
            line = line.rstrip('\r')
            if not line:
--- a/logtracker/journal/views.py
+++ b/logtracker/journal/views.py
@ -59,8 +59,16 @@ def ssl_client_verify(view):
    @wraps(view)
    def wrapper(request, *args, **kwargs):
        headers = request.META
-        if headers.get('X-SSL') == 1 and headers.get('X-SSL-Client-Verify') == 0:
-            request.host_verified = headers.get('X-SSL-Client-CN')
+        if headers.get('HTTP_X_SSL') == "1" and (
+            headers.get('HTTP_X_SSL_CLIENT_VERIFY') == "0"
+            or headers.get('HTTP_X_SSL_CLIENT_VERIFY') == "SUCCESS"
+        ):
+            cn = headers.get('HTTP_X_SSL_CLIENT_CN')
+            dn = headers.get('HTTP_X_SSL_CLIENT_DN')
+            if cn:
+                request.host_verified = cn
+            else:
+                request.host_verified = dn.split(',')[0].split('=')[1]
        else:
            if settings.DEBUG:
                request.host_verified = 'test_host'
@ -94,14 +102,11 @@ def UploadView(request, debug=False):
                count += 1
                if debug and count % 1000 == 0:
                    print(count, timestamp)
-            try:
-                Entry.objects.bulk_create(new_entries)
-                new_entries = []
-            except:
-                # todo: log errors or raise?
-                continue
+            Entry.objects.bulk_create(new_entries)
+            new_entries = []
        if debug:
-            elapsed = datetime.datetime.now() - start_timestamp
+            elapsed = datetime.datetime.now() - now
            print('elapsed: %s' % elapsed)
            print('count: %s' % count)
-    return HttpResponse('')
+        return HttpResponse('added %s' % count)
+    raise PermissionDenied
--- a/tests/test_journalstream.py
+++ b/tests/test_journalstream.py
@ -94,13 +94,13 @@ _SOURCE_REALTIME_TIMESTAMP=1596449391625441


 def test_journal_stream_auth(client):
-    page = client.get('/upload')
+    page = client.post('/upload')
    assert page.status_code == 403


@override_settings(DEBUG=True)
 def test_journal_stream_auth_debug(client):
-    page = client.get('/upload')
+    page = client.post('/upload')
    assert page.status_code == 200