lbry-sdk/lbry/extras/daemon/security.py

import logging
from aiohttp import web

log = logging.getLogger(__name__)


def ensure_request_allowed(request, conf):
    if is_request_allowed(request, conf):
        return
    if conf.allowed_origin:
        log.warning(
            "API requests with Origin '%s' are not allowed, "
            "configuration 'allowed_origin' limits requests to: '%s'",
            request.headers.get('Origin'), conf.allowed_origin
        )
    else:
        log.warning(
            "API requests with Origin '%s' are not allowed, "
            "update configuration 'allowed_origin' to enable this origin.",
            request.headers.get('Origin')
        )
    raise web.HTTPForbidden()


def is_request_allowed(request, conf) -> bool:
    origin = request.headers.get('Origin')
    return (
        origin is None or
        origin == conf.allowed_origin or
        conf.allowed_origin == '*'
    )
improve allowed_origin request handling 2020-06-03 19:55:20 +02:00			`import logging`
			`from aiohttp import web`

			`log = logging.getLogger(__name__)`


			`def ensure_request_allowed(request, conf):`
			`if is_request_allowed(request, conf):`
			`return`
			`if conf.allowed_origin:`
			`log.warning(`
			`"API requests with Origin '%s' are not allowed, "`
			`"configuration 'allowed_origin' limits requests to: '%s'",`
			`request.headers.get('Origin'), conf.allowed_origin`
			`)`
			`else:`
			`log.warning(`
			`"API requests with Origin '%s' are not allowed, "`
			`"update configuration 'allowed_origin' to enable this origin.",`
			`request.headers.get('Origin')`
			`)`
			`raise web.HTTPForbidden()`


backwards compatible allowed_origin, default browsers not allowed 2020-06-03 19:28:32 +02:00			`def is_request_allowed(request, conf) -> bool:`
Origin: null no longer allowed 2020-06-03 20:19:16 +02:00			`origin = request.headers.get('Origin')`
			`return (`
			`origin is None or`
			`origin == conf.allowed_origin or`
			`conf.allowed_origin == '*'`
			`)`