lbry-sdk/lbry/extras/daemon/security.py

import logging
from aiohttp import web

log = logging.getLogger(__name__)


def ensure_request_allowed(request, conf):
    if is_request_allowed(request, conf):
        return
    if conf.allowed_origin:
        log.warning(
            "API requests with Origin '%s' are not allowed, "
            "configuration 'allowed_origin' limits requests to: '%s'",
            request.headers.get('Origin'), conf.allowed_origin
        )
    else:
        log.warning(
            "API requests with Origin '%s' are not allowed, "
            "update configuration 'allowed_origin' to enable this origin.",
            request.headers.get('Origin')
        )
    raise web.HTTPForbidden()


def is_request_allowed(request, conf) -> bool:
    origin = request.headers.get('Origin', 'null')
    if origin == 'null' or conf.allowed_origin in ('*', origin):
        return True
    return False
improve allowed_origin request handling 2020-06-03 19:55:20 +02:00			`import logging`
			`from aiohttp import web`

			`log = logging.getLogger(__name__)`


			`def ensure_request_allowed(request, conf):`
			`if is_request_allowed(request, conf):`
			`return`
			`if conf.allowed_origin:`
			`log.warning(`
			`"API requests with Origin '%s' are not allowed, "`
			`"configuration 'allowed_origin' limits requests to: '%s'",`
			`request.headers.get('Origin'), conf.allowed_origin`
			`)`
			`else:`
			`log.warning(`
			`"API requests with Origin '%s' are not allowed, "`
			`"update configuration 'allowed_origin' to enable this origin.",`
			`request.headers.get('Origin')`
			`)`
			`raise web.HTTPForbidden()`


backwards compatible allowed_origin, default browsers not allowed 2020-06-03 19:28:32 +02:00			`def is_request_allowed(request, conf) -> bool:`
			`origin = request.headers.get('Origin', 'null')`
			`if origin == 'null' or conf.allowed_origin in ('*', origin):`
			`return True`
			`return False`