use django session

seatable · Sep 9, 2020 · 5e8f4dc · 5e8f4dc
1 parent 4fb85dd
commit 5e8f4dc
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 57 deletions.
diff --git a/default b/default
@@ -32,4 +32,9 @@ server {
         proxy_set_header X-Forwarded-Host $server_name;
         }
 
+    # cloud.seatable.cn
+    # location /thumbnail/ {
+    #     proxy_pass https://thumbnail.seatable.cn/thumbnail/;
+    # }
+
 }
diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,4 @@
 uvicorn
-pyjwt
 pillow
 pymysql
 sqlalchemy

diff --git a/seatable_thumbnail/__init__.py b/seatable_thumbnail/__init__.py
@@ -11,5 +11,5 @@
 
 engine = create_engine(db_url, **db_kwargs)
 Base = declarative_base()
-Session = sessionmaker(bind=engine)
-session = Session()
+DBSession = sessionmaker(bind=engine)
+db_session = DBSession()
diff --git a/seatable_thumbnail/constants.py b/seatable_thumbnail/constants.py
@@ -3,14 +3,6 @@
 THUMBNAIL_CONTENT_TYPE = b'image/png'
 
 
-# jwt
-JWT_ALGORITHM = 'HS256'
-JWT_VERIFY = True
-JWT_LEEWAY = 0
-JWT_AUDIENCE = None
-JWT_ISSUER = None
-
-
 # permission
 PERMISSION_READ = 'r'
 PERMISSION_READ_WRITE = 'rw'

diff --git a/seatable_thumbnail/http_request.py b/seatable_thumbnail/http_request.py
@@ -10,6 +10,7 @@ def __init__(self, **scope):
 
     def parse(self):
         self.parse_headers()
+        self.parse_cookies()
         self.parse_url()
         self.parse_query_dict()
 
@@ -25,6 +26,16 @@ def parse_headers(self):
                 headers[k] = [v]
         self.headers = headers
 
+    def parse_cookies(self):
+        cookies = {}
+        if self.headers.get('cookie'):
+            cookie_string = self.headers.get('cookie')[0]
+            for item in cookie_string.split('; '):
+                k = item.split('=')[0]
+                v = item.split('=')[1]
+                cookies[k] = v
+        self.cookies = cookies
+
     def parse_url(self):
         self.url = self.path[len(settings.URL_PREFIX):]
 

diff --git a/seatable_thumbnail/models.py b/seatable_thumbnail/models.py
@@ -1,5 +1,5 @@
 from sqlalchemy import Column, Integer, String, ForeignKey, Index, DateTime, \
-    Boolean, BigInteger
+    Boolean, BigInteger, Text
 
 from seatable_thumbnail import Base
 
@@ -84,3 +84,10 @@ class DTableExternalLinks(Base):
     is_custom = Column(Boolean)
     password = Column(String(128), nullable=True)
     expire_date = Column(DateTime)
+
+
+class DjangoSession(Base):
+    __tablename__ = 'django_session'
+    session_key = Column(String(40), primary_key=True)
+    session_data = Column(Text)
+    expire_date = Column(DateTime)
diff --git a/seatable_thumbnail/permissions.py b/seatable_thumbnail/permissions.py
@@ -1,5 +1,5 @@
 from seaserv import ccnet_api
-from seatable_thumbnail import session
+from seatable_thumbnail import db_session
 from seatable_thumbnail.models import DTables, DTableShare, \
     DTableGroupShare, DTableViewUserShare, DTableViewGroupShare, \
     DTableExternalLinks
@@ -9,7 +9,7 @@
 class ThumbnailPermission(object):
     def __init__(self, **info):
         self.__dict__.update(info)
-        self.dtable = session.query(
+        self.dtable = db_session.query(
             DTables).filter_by(uuid=self.dtable_uuid).first()
 
     def check(self):
@@ -33,17 +33,7 @@ def has_dtable_asset_read_permission(self):
         return False
 
     def can_access_image_through_external_link(self):
-        external_link = session.query(
-            DTableExternalLinks).filter_by(token=self.external_link_token).first()
-        if not external_link:
-            return False
-
-        external_link_dtable = session.query(
-            DTables).filter_by(id=external_link.dtable_id).first()
-        if not external_link_dtable:
-            return False
-
-        return external_link_dtable.uuid == self.dtable_uuid
+        return self.external_link['dtable_uuid'] == self.dtable_uuid
 
     def check_dtable_permission(self):
         """Check workspace/dtable access permission of a user.
@@ -64,7 +54,7 @@ def check_dtable_permission(self):
                 return PERMISSION_READ_WRITE
 
         if dtable:  # check user's all permissions from `share`, `group-share` and checkout higher one
-            dtable_share = session.query(
+            dtable_share = db_session.query(
                 DTableShare).filter_by(dtable_id=dtable.id, to_user=username).first()
             if dtable_share and dtable_share.permission == PERMISSION_READ_WRITE:
                 return dtable_share.permission
@@ -75,7 +65,7 @@ def check_dtable_permission(self):
             else:
                 groups = ccnet_api.get_groups(username, return_ancestors=True)
             group_ids = [group.id for group in groups]
-            group_permissions = session.query(
+            group_permissions = db_session.query(
                 DTableGroupShare.permission).filter(DTableGroupShare.dtable_id == dtable.id, DTableGroupShare.group_id.in_(group_ids)).all()
 
             for group_permission in group_permissions:
@@ -101,7 +91,7 @@ def get_user_view_share_permission(self):
         username = self.username
         dtable = self.dtable
 
-        view_share = session.query(
+        view_share = db_session.query(
             DTableViewUserShare).filter_by(dtable_id=dtable.id, to_user=username).order_by(DTableViewUserShare.permission.desc()).first()
         if not view_share:
             return ''
@@ -113,7 +103,7 @@ def get_group_view_share_permission(self):
         username = self.username
         dtable = self.dtable
 
-        view_shares = session.query(
+        view_shares = db_session.query(
             DTableViewGroupShare).filter_by(dtable_id=dtable.id).order_by(DTableViewGroupShare.permission.desc()).all()
 
         target_view_share = None

diff --git a/seatable_thumbnail/serializers.py b/seatable_thumbnail/serializers.py
@@ -1,15 +1,15 @@
 import os
-import jwt
 import uuid
+import json
+import base64
 from email.utils import formatdate
 
 from seaserv import seafile_api
-from seatable_thumbnail import session
+from seatable_thumbnail import db_session
 import seatable_thumbnail.settings as settings
 from seatable_thumbnail.constants import FILE_EXT_TYPE_MAP, \
-    JWT_VERIFY, JWT_LEEWAY, JWT_AUDIENCE, JWT_ISSUER, JWT_ALGORITHM, \
     IMAGE, PSD, VIDEO, XMIND
-from seatable_thumbnail.models import Workspaces
+from seatable_thumbnail.models import Workspaces, DjangoSession
 
 
 class ThumbnailSerializer(object):
@@ -19,36 +19,38 @@ def __init__(self, request):
         self.gen_thumbnail_info()
 
     def check(self):
-        self.jwt_check()
         self.params_check()
+        db_session.commit()  # clear db session cache
+        self.session_check()
         self.resource_check()
         self.gen_thumbnail_info()
 
     def gen_thumbnail_info(self):
         thumbnail_info = {}
-        thumbnail_info.update(self.payload)
         thumbnail_info.update(self.params)
+        thumbnail_info.update(self.session_data)
         thumbnail_info.update(self.resource)
         self.thumbnail_info = thumbnail_info
 
-    def jwt_decode_handler(self, jwt_token):
-        options = {
-            'verify_exp': True,
-        }
-        return jwt.decode(
-            jwt_token,
-            settings.JWT_SECRET_KEY,
-            JWT_VERIFY,
-            options=options,
-            leeway=JWT_LEEWAY,
-            audience=JWT_AUDIENCE,
-            issuer=JWT_ISSUER,
-            algorithms=[JWT_ALGORITHM]
-        )
-
-    def jwt_check(self):
-        jwt_token = self.request.query_dict['token'][0]
-        self.payload = self.jwt_decode_handler(jwt_token)
+    def parse_django_session(self, session_data):
+        # only for django 1.11.x
+        encoded_data = base64.b64decode(session_data)
+        hash_key, serialized = encoded_data.split(b':', 1)
+        return json.loads(serialized.decode('latin-1'))
+
+    def session_check(self):
+        session_key = self.request.cookies[settings.SESSION_KEY]
+        django_session = db_session.query(
+            DjangoSession).filter_by(session_key=session_key).first()
+        self.session_data = self.parse_django_session(django_session.session_data)
+
+        username = self.session_data.get('_auth_user_name')
+        external_link = self.session_data.get('external_link')
+        if username:
+            self.session_data['username'] = username
+
+        if not username and not external_link:
+            raise AssertionError(400, 'django session invalid.')
 
     def get_enable_file_type(self):
         enable_file_type = [IMAGE]
@@ -100,8 +102,7 @@ def resource_check(self):
         file_path = self.params['file_path']
         size = self.params['size']
 
-        session.commit()  # clear session cache
-        workspace = session.query(
+        workspace = db_session.query(
             Workspaces).filter_by(id=workspace_id).first()
         repo_id = workspace.repo_id
         workspace_owner = workspace.owner

diff --git a/seatable_thumbnail/settings.py b/seatable_thumbnail/settings.py
@@ -14,8 +14,8 @@
 ENABLE_PSD_THUMBNAIL = False
 
 
-# jwt
-JWT_SECRET_KEY = '__Same as SeaTable JWT config __'
+# session key
+SESSION_KEY = 'sessionid'
 
 
 # url
-Original file line number
+Diff line change
@@ -1,5 +1,4 @@
     uvicorn
-    pyjwt
     pillow
     pymysql
     sqlalchemy
@@ Expand Down @@