2020-06-03 13:55:20 -04:00
|
|
|
import logging
|
|
|
|
from aiohttp import web
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
def ensure_request_allowed(request, conf):
|
|
|
|
if is_request_allowed(request, conf):
|
|
|
|
return
|
|
|
|
if conf.allowed_origin:
|
|
|
|
log.warning(
|
|
|
|
"API requests with Origin '%s' are not allowed, "
|
|
|
|
"configuration 'allowed_origin' limits requests to: '%s'",
|
|
|
|
request.headers.get('Origin'), conf.allowed_origin
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
log.warning(
|
|
|
|
"API requests with Origin '%s' are not allowed, "
|
|
|
|
"update configuration 'allowed_origin' to enable this origin.",
|
|
|
|
request.headers.get('Origin')
|
|
|
|
)
|
|
|
|
raise web.HTTPForbidden()
|
|
|
|
|
|
|
|
|
2020-06-03 13:28:32 -04:00
|
|
|
def is_request_allowed(request, conf) -> bool:
|
2020-06-03 14:19:16 -04:00
|
|
|
origin = request.headers.get('Origin')
|
|
|
|
return (
|
|
|
|
origin is None or
|
|
|
|
origin == conf.allowed_origin or
|
|
|
|
conf.allowed_origin == '*'
|
|
|
|
)
|