From 5907154a593bf5fc02c1e0fbc8afe683ac7d3602 Mon Sep 17 00:00:00 2001 From: Elrond Date: Fri, 22 Mar 2013 18:46:47 +0100 Subject: [PATCH] Basic itsdangerous infrastructure. Implement the basic infrastructure for using itsdangerous in mediagoblin. Usage instructions will follow. --- mediagoblin/app.py | 3 ++ mediagoblin/config_spec.ini | 3 ++ mediagoblin/tools/crypto.py | 55 +++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 mediagoblin/tools/crypto.py diff --git a/mediagoblin/app.py b/mediagoblin/app.py index bb6be4d4..515b5b66 100644 --- a/mediagoblin/app.py +++ b/mediagoblin/app.py @@ -36,6 +36,7 @@ from mediagoblin.init import (get_jinja_loader, get_staticdirector, setup_global_and_app_config, setup_locales, setup_workbench, setup_database, setup_storage, setup_beaker_cache) from mediagoblin.tools.pluginapi import PluginManager +from mediagoblin.tools.crypto import setup_crypto _log = logging.getLogger(__name__) @@ -66,6 +67,8 @@ class MediaGoblinApp(object): # Open and setup the config global_config, app_config = setup_global_and_app_config(config_path) + setup_crypto() + ########################################## # Setup other connections / useful objects ########################################## diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index 44f6a68f..8c9c87c8 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -14,6 +14,9 @@ sql_engine = string(default="sqlite:///%(here)s/mediagoblin.db") # Where temporary files used in processing and etc are kept workbench_path = string(default="%(here)s/user_dev/media/workbench") +# Where to store cryptographic sensible data +crypto_path = string(default="%(here)s/user_dev/crypto") + # Where mediagoblin-builtin static assets are kept direct_remote_path = string(default="/mgoblin_static/") diff --git a/mediagoblin/tools/crypto.py b/mediagoblin/tools/crypto.py new file mode 100644 index 00000000..46752b55 --- /dev/null +++ b/mediagoblin/tools/crypto.py @@ -0,0 +1,55 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2013 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import os.path +import logging +import random +import itsdangerous +from mediagoblin import mg_globals + +_log = logging.getLogger(__name__) + + +# Use the system (hardware-based) random number generator if it exists. +# -- this optimization is lifted from Django +if hasattr(random, 'SystemRandom'): + getrandbits = random.SystemRandom().getrandbits +else: + getrandbits = random.getrandbits + + +__itsda_secret = None + + +def setup_crypto(): + global __itsda_secret + dir = mg_globals.app_config["crypto_path"] + if not os.path.isdir(dir): + _log.info("Creating %s", dir) + os.makedirs(dir) + name = os.path.join(dir, "itsdangeroussecret.bin") + if os.path.exists(name): + __itsda_secret = file(name, "r").read() + else: + __itsda_secret = str(getrandbits(192)) + file(name, "w").write(__itsda_secret) + _log.info("Created %s", name) + + +def get_timed_signer_url(namespace): + assert __itsda_secret is not None + return itsdangerous.URLSafeTimedSerializer(__itsda_secret, + salt=namespace) -- 2.25.1