Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

The API can now accept auth-less write if PUBLIC_WRITES is True

  • Loading branch information...
commit 485f9b37f20445dc9aae2b4cd66f3035a8ace8ad 1 parent 8631ccd
@dcramer authored
Showing with 27 additions and 21 deletions.
  1. +3 −0  sentry/conf/__init__.py
  2. +24 −21 sentry/web/api.py
View
3  sentry/conf/__init__.py
@@ -68,6 +68,9 @@ class SentryConfig(object):
# Allow access to Sentry without authentication.
PUBLIC = False
+
+ # Allow writes without authentication (including the API)
+ PUBLIC_WRITES = False
# Maximum length of variables before they get truncated
MAX_LENGTH_LIST = 50
View
45 sentry/web/api.py
@@ -20,35 +20,38 @@
@app.route('/api/store/', methods=['POST'])
def store():
- if not request.environ.get('AUTHORIZATION', '').startswith('Sentry'):
+ has_header = request.environ.get('AUTHORIZATION', '').startswith('Sentry')
+ if not (app.config['PUBLIC_WRITES'] or has_header):
abort(401,'Unauthorized')
-
- auth_vars = parse_auth_header(request.META['AUTHORIZATION'])
-
- signature = auth_vars.get('signature')
- timestamp = auth_vars.get('timestamp')
- nonce = auth_vars.get('nonce')
data = request.data
- # TODO: check nonce
+
+ if has_header:
+ auth_vars = parse_auth_header(request.META['AUTHORIZATION'])
+
+ signature = auth_vars.get('signature')
+ timestamp = auth_vars.get('timestamp')
+ nonce = auth_vars.get('nonce')
- # Signed data packet
- if signature and timestamp:
- try:
- timestamp = float(timestamp)
- except ValueError:
- abort(400, 'Invalid Timestamp')
+ # TODO: check nonce
- if timestamp < time.time() - 3600: # 1 hour
- abort(410, 'Message has expired')
+ # Signed data packet
+ if signature and timestamp:
+ try:
+ timestamp = float(timestamp)
+ except ValueError:
+ abort(400, 'Invalid Timestamp')
- if signature != get_mac_signature(app.config['KEY'], data, timestamp, nonce):
- abort(403, 'Invalid signature')
- else:
- abort(401,'Unauthorized')
+ if timestamp < time.time() - 3600: # 1 hour
+ abort(410, 'Message has expired')
+
+ if signature != get_mac_signature(app.config['KEY'], data, timestamp, nonce):
+ abort(403, 'Invalid signature')
+ else:
+ abort(401,'Unauthorized')
- logger = logging.getLogger('sentry.server')
+ logger = logging.getLogger('sentry.web.api.store')
try:
data = base64.b64decode(data).decode('zlib')
Please sign in to comment.
Something went wrong with that request. Please try again.