Permalink
Browse files

Implements CTK_COOKIE

git-svn-id: svn://cherokee-project.com/CTK/trunk@6211 5dc97367-97f1-0310-9951-d761b3857238
  • Loading branch information...
1 parent 8595b0f commit b497d21e0a2dc0ff9686eccee6ae5048a6686243 @alobbs alobbs committed Jan 31, 2011
Showing with 29 additions and 6 deletions.
  1. +29 −6 CTK/Server.py
View
@@ -92,6 +92,23 @@ def _do_handle (self):
# Get a copy of the server (it did fork!)
server = get_server()
+ # Check security cookie
+ sec_error = False
+
+ if server.use_sec_cookie:
+ if not self.env['CTK_COOKIE']:
+ sec_error = True
+ elif not server.sec_cookie:
+ server.sec_cookie = self.env['CTK_COOKIE'][:]
+ else:
+ if server.sec_cookie != self.env['CTK_COOKIE']:
+ sec_error = True
+
+ if sec_error:
+ response = HTTP_Response (error=403, body="Cookie check failed")
+ self.send (str(response))
+ return
+
# Refer SCGI object by thread
my_thread = threading.currentThread()
my_thread.scgi_conn = self
@@ -174,19 +191,25 @@ def manage_exception():
class Server:
def __init__ (self):
- self._web_paths = []
- self._scgi = None
- self._is_init = False
- self.lock = threading.RLock()
- self.plugin_paths = []
- self.exiting = False
+ self._web_paths = []
+ self._scgi = None
+ self._is_init = False
+ self.lock = threading.RLock()
+ self.plugin_paths = []
+ self.exiting = False
+ self.use_sec_cookie = False
+ self.sec_cookie = None
def init_server (self, *args, **kwargs):
# Is it already init?
if self._is_init:
return
self._is_init = True
+ # Security cookie
+ if 'sec_cookie' in kwargs:
+ self.use_sec_cookie = kwargs.pop('sec_cookie')
+
# Instance SCGI server
self._scgi = pyscgi.ServerFactory (*args, **kwargs)

0 comments on commit b497d21

Please sign in to comment.