pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2025-12-23 22:11:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

okay fine

Browse Source
This commit is contained in:
pacnpal
2024-11-03 17:47:26 +00:00
parent 387c4740e7
commit 27f3326e22
10020 changed files with 1935769 additions and 2364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
.venv/lib/python3.12/site-packages/channels/security/__init__.py Normal file
View File

153
.venv/lib/python3.12/site-packages/channels/security/websocket.py Normal file
View File

@@ -0,0 +1,153 @@
from urllib.parse import urlparse
from django.conf import settings
from django.http.request import is_same_domain
from ..generic.websocket import AsyncWebsocketConsumer
class OriginValidator:
"""
Validates that the incoming connection has an Origin header that
is in an allowed list.
"""
def __init__(self, application, allowed_origins):
self.application = application
self.allowed_origins = allowed_origins
async def __call__(self, scope, receive, send):
# Make sure the scope is of type websocket
if scope["type"] != "websocket":
raise ValueError(
"You cannot use OriginValidator on a non-WebSocket connection"
)
# Extract the Origin header
parsed_origin = None
for header_name, header_value in scope.get("headers", []):
if header_name == b"origin":
try:
# Set ResultParse
parsed_origin = urlparse(header_value.decode("latin1"))
except UnicodeDecodeError:
pass
# Check to see if the origin header is valid
if self.valid_origin(parsed_origin):
# Pass control to the application
return await self.application(scope, receive, send)
else:
# Deny the connection
denier = WebsocketDenier()
return await denier(scope, receive, send)
def valid_origin(self, parsed_origin):
"""
Checks parsed origin is None.
Pass control to the validate_origin function.
Returns ``True`` if validation function was successful, ``False`` otherwise.
"""
# None is not allowed unless all hosts are allowed
if parsed_origin is None and "*" not in self.allowed_origins:
return False
return self.validate_origin(parsed_origin)
def validate_origin(self, parsed_origin):
"""
Validate the given origin for this site.
Check than the origin looks valid and matches the origin pattern in
specified list ``allowed_origins``. Any pattern begins with a scheme.
After the scheme there must be a domain. Any domain beginning with a
period corresponds to the domain and all its subdomains (for example,
``http://.example.com``). After the domain there must be a port,
but it can be omitted. ``*`` matches anything and anything
else must match exactly.
Note. This function assumes that the given origin has a schema, domain
and port, but port is optional.
Returns ``True`` for a valid host, ``False`` otherwise.
"""
return any(
pattern == "*" or self.match_allowed_origin(parsed_origin, pattern)
for pattern in self.allowed_origins
)
def match_allowed_origin(self, parsed_origin, pattern):
"""
Returns ``True`` if the origin is either an exact match or a match
to the wildcard pattern. Compares scheme, domain, port of origin and pattern.
Any pattern can be begins with a scheme. After the scheme must be a domain,
or just domain without scheme.
Any domain beginning with a period corresponds to the domain and all
its subdomains (for example, ``.example.com`` ``example.com``
and any subdomain). Also with scheme (for example, ``http://.example.com``
``http://exapmple.com``). After the domain there must be a port,
but it can be omitted.
Note. This function assumes that the given origin is either None, a
schema-domain-port string, or just a domain string
"""
if parsed_origin is None:
return False
# Get ResultParse object
parsed_pattern = urlparse(pattern.lower())
if parsed_origin.hostname is None:
return False
if not parsed_pattern.scheme:
pattern_hostname = urlparse("//" + pattern).hostname or pattern
return is_same_domain(parsed_origin.hostname, pattern_hostname)
# Get origin.port or default ports for origin or None
origin_port = self.get_origin_port(parsed_origin)
# Get pattern.port or default ports for pattern or None
pattern_port = self.get_origin_port(parsed_pattern)
# Compares hostname, scheme, ports of pattern and origin
if (
parsed_pattern.scheme == parsed_origin.scheme
and origin_port == pattern_port
and is_same_domain(parsed_origin.hostname, parsed_pattern.hostname)
):
return True
return False
def get_origin_port(self, origin):
"""
Returns the origin.port or port for this schema by default.
Otherwise, it returns None.
"""
if origin.port is not None:
# Return origin.port
return origin.port
# if origin.port doesn`t exists
if origin.scheme == "http" or origin.scheme == "ws":
# Default port return for http, ws
return 80
elif origin.scheme == "https" or origin.scheme == "wss":
# Default port return for https, wss
return 443
else:
return None
def AllowedHostsOriginValidator(application):
"""
Factory function which returns an OriginValidator configured to use
settings.ALLOWED_HOSTS.
"""
allowed_hosts = settings.ALLOWED_HOSTS
if settings.DEBUG and not allowed_hosts:
allowed_hosts = ["localhost", "127.0.0.1", "[::1]"]
return OriginValidator(application, allowed_hosts)
class WebsocketDenier(AsyncWebsocketConsumer):
"""
Simple application which denies all requests to it.
"""
async def connect(self):
await self.close()