From c14a4f090c3a8be58a03c0295c9be6dca088edfb Mon Sep 17 00:00:00 2001 From: Timi Fasubaa Date: Thu, 30 Nov 2017 21:39:38 -0800 Subject: [PATCH 1/2] add line in config --- setup.py | 1 + superset/__init__.py | 16 +++++++++++++++- superset/config.py | 2 ++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index ec12deafb99a..3c1b4655036a 100644 --- a/setup.py +++ b/setup.py @@ -62,6 +62,7 @@ def get_git_sha(): 'gunicorn==19.7.1', 'idna==2.5', 'markdown==2.6.8', + 'pyopenssl==17.4.0', 'pandas==0.20.3', 'parsedatetime==2.0.0', 'pydruid==0.3.1', diff --git a/superset/__init__.py b/superset/__init__.py index 099edc133e15..ae7ab9b9eba7 100644 --- a/superset/__init__.py +++ b/superset/__init__.py @@ -8,12 +8,14 @@ import logging from logging.handlers import TimedRotatingFileHandler import os +import urllib -from flask import Flask, redirect +from flask import Flask, redirect, request from flask_appbuilder import AppBuilder, IndexView, SQLA from flask_appbuilder.baseviews import expose from flask_migrate import Migrate from flask_wtf.csrf import CSRFProtect +import OpenSSL from werkzeug.contrib.fixers import ProxyFix from superset.connectors.connector_registry import ConnectorRegistry @@ -160,4 +162,16 @@ def index(self): module_datasource_map.update(app.config.get('ADDITIONAL_MODULE_DS_MAP')) ConnectorRegistry.register_sources(module_datasource_map) +allowed_certs = conf.get('ALLOWED_CERT_COMMON_NAMES') +if allowed_certs: + @app.before_request + def is_valid_request(): + cert = request.headers.get('X-CLIENT-SSL-CERT') + if not cert: + raise Exception + cert = urllib.unquote(cert) + X509_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) + if X509_cert.get_subject().commonName not in allowed_certs: + raise Exception + from superset import views # noqa diff --git a/superset/config.py b/superset/config.py index 8f9058badacd..4c73bd8d51b9 100644 --- a/superset/config.py +++ b/superset/config.py @@ -322,6 +322,8 @@ class CeleryConfig(object): CONFIG_PATH_ENV_VAR = 'SUPERSET_CONFIG_PATH' +# Certificate common name for filtering requests. +ALLOWED_CERT_COMMON_NAMES = [] # smtp server configuration EMAIL_NOTIFICATIONS = False # all the emails are sent using dryrun From 69d5e5e251f9c4b82323323f87702208a7e9b851 Mon Sep 17 00:00:00 2001 From: Timi Fasubaa Date: Fri, 1 Dec 2017 14:48:32 -0800 Subject: [PATCH 2/2] make before_request generic --- setup.py | 1 - superset/__init__.py | 31 ++++++++++++++++--------------- superset/config.py | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/setup.py b/setup.py index 3c1b4655036a..ec12deafb99a 100644 --- a/setup.py +++ b/setup.py @@ -62,7 +62,6 @@ def get_git_sha(): 'gunicorn==19.7.1', 'idna==2.5', 'markdown==2.6.8', - 'pyopenssl==17.4.0', 'pandas==0.20.3', 'parsedatetime==2.0.0', 'pydruid==0.3.1', diff --git a/superset/__init__.py b/superset/__init__.py index ae7ab9b9eba7..943f7b4ca304 100644 --- a/superset/__init__.py +++ b/superset/__init__.py @@ -8,14 +8,12 @@ import logging from logging.handlers import TimedRotatingFileHandler import os -import urllib -from flask import Flask, redirect, request +from flask import Flask, redirect from flask_appbuilder import AppBuilder, IndexView, SQLA from flask_appbuilder.baseviews import expose from flask_migrate import Migrate from flask_wtf.csrf import CSRFProtect -import OpenSSL from werkzeug.contrib.fixers import ProxyFix from superset.connectors.connector_registry import ConnectorRegistry @@ -155,6 +153,21 @@ def index(self): sm = appbuilder.sm +before_request_functions = conf.get('BEFORE_REQUEST_FUNCTIONS') + + +@app.before_request +def before_request(): + for f in before_request_functions: + try: + f() + except Exception as e: + print( + 'Exception {} in before_request function {}' + .format(e, f.func_name)) + logging.exception(e) + + results_backend = app.config.get('RESULTS_BACKEND') # Registering sources @@ -162,16 +175,4 @@ def index(self): module_datasource_map.update(app.config.get('ADDITIONAL_MODULE_DS_MAP')) ConnectorRegistry.register_sources(module_datasource_map) -allowed_certs = conf.get('ALLOWED_CERT_COMMON_NAMES') -if allowed_certs: - @app.before_request - def is_valid_request(): - cert = request.headers.get('X-CLIENT-SSL-CERT') - if not cert: - raise Exception - cert = urllib.unquote(cert) - X509_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) - if X509_cert.get_subject().commonName not in allowed_certs: - raise Exception - from superset import views # noqa diff --git a/superset/config.py b/superset/config.py index 4c73bd8d51b9..cbf36b41de64 100644 --- a/superset/config.py +++ b/superset/config.py @@ -322,8 +322,8 @@ class CeleryConfig(object): CONFIG_PATH_ENV_VAR = 'SUPERSET_CONFIG_PATH' -# Certificate common name for filtering requests. -ALLOWED_CERT_COMMON_NAMES = [] +# List of functions that are executed before every request. Order may matter. +BEFORE_REQUEST_FUNCTIONS = [] # smtp server configuration EMAIL_NOTIFICATIONS = False # all the emails are sent using dryrun