-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathasset_security.py
More file actions
149 lines (107 loc) · 3.76 KB
/
asset_security.py
File metadata and controls
149 lines (107 loc) · 3.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
###########################################################
#
# Copyright (c) 2005, Southpaw Technology
# All Rights Reserved
#
# PROPRIETARY INFORMATION. This software is proprietary to
# Southpaw Technology, and is not to be reproduced, transmitted,
# or disclosed in any way without written permission.
#
#
#
import tacticenv
from pyasm.security import Batch
Batch('admin')
from tactic_client_lib import TacticServerStub
import os, sys, xmlrpclib
from mod_python import apache, Cookie
# This will ensure that any asset requires a valid ticket
def accesshandler(request):
#return apache.OK
cookies = Cookie.get_cookies(request)
# if login ticket cookie does not exist, then deny
if not cookies.has_key('login_ticket'):
# just refuse access
return apache.HTTP_FORBIDDEN
ticket = cookies['login_ticket'].value
if not ticket:
return apache.HTTP_FORBIDDEN
#search = Search("sthpw/ticket")
#search.add_filter("ticket", ticket)
#return apache.HTTP_FORBIDDEN
request.add_common_vars()
path = str(request.subprocess_env['REQUEST_URI'])
if path == None:
return apache.HTTP_FORBIDDEN
# FIXME: find some mechanism which is more acceptable ... like /icons
if path.find("_icon_") != -1:
return apache.OK
server = TacticServerStub.get(protocol='local')
return apache.OK
#return apache.HTTP_FORBIDDEN
# go to webware and see if this is allowed
#server = xmlrpclib.Server(xmlrpc_url)
#if server.is_allowed(ticket, path) == False:
# return apache.HTTP_FORBIDDEN
#else:
# return apache.OK
def outputfilter_example(filter):
s = filter.read()
while s:
filter.write(s.upper())
s = filter.read()
if s is None:
filter.close()
from PIL import Image, ImageChops, ImageFont, ImageDraw
from cStringIO import StringIO
from pyasm.security import Ticket
from pyasm.security.watermark import Watermark
from datetime import datetime
def outputfilter_watermark(filter):
s_in = None
s_out = None
try:
s_in = StringIO(filter.read())
im_in = Image.open(s_in)
if im_in.size[0] <= 240 and im_in.size[1] <= 120:
filter.write(s_in.getvalue())
return
# if this is a sub request, then don't process again
req = filter.req
if req.main:
filter.write(s_in.getvalue())
return
cookies = Cookie.get_cookies(req)
ticket = cookies['login_ticket'].value
query = req.parsed_uri[apache.URI_QUERY]
if query == "watermark=false":
filter.write(s_in.getvalue())
ticket_sobj = Ticket.get_by_valid_key(ticket)
# if this is not a valid ticket, then just exit with no image
if not ticket_sobj:
return
# TODO: need fancier algorithm here
if ticket_sobj.get_value("login") == 'admin':
filter.write(s_in.getvalue())
return
sizex = im_in.size[0]
sizey = im_in.size[1]
max_res = 240
max_width = 640
im_in = im_in.resize( (max_res, int(sizey/(sizex/float(max_res)))) )
im_in = im_in.resize( (max_width, int(sizey/(sizex/float(max_width)))) )
# add the watermark
watermark = Watermark()
now = datetime.today().strftime("%Y/%m/%d, %H:%M")
texts = ['Do Not Copy', ticket, now]
sizes = [20, 10, 10, 20, 20]
mark = watermark.generate(texts, sizes)
im_out = watermark.execute(im_in, mark, 'tile', 0.5)
s_out = StringIO()
im_out.save(s_out, format='jpeg')
filter.write(s_out.getvalue())
finally:
if s_in:
s_in.close()
if s_out:
s_out.close()