session creation and (super-non-concurrency friendly) tracking

2026-01-26 07:41:33 +03:00 · 2012-05-29 17:15:28 -07:00
parent bf157ecd5d
commit e243bb6bdf
1 changed files with 40 additions and 3 deletions
--- a/webserver/chocolate.py
+++ b/webserver/chocolate.py
@@ -1,7 +1,8 @@
 #!/usr/bin/env python

-import web
+import web, shelve, time
 from Crypto.Hash import SHA256, HMAC
+from Crypto import Random 
 from chocolate_protocol_pb2 import chocolatemessage
 from google.protobuf.message import DecodeError

@@ -12,6 +13,28 @@ urls = (
     '.*', 'index'
 )

+class sessionstore(object):
+    def __init__(self, f="/tmp/chocolate-sessions.shelve"):
+        self.f = shelve.open(f, "c")
+
+    def exists(self, session):
+        return session in self.f
+
+    def live(self, session):
+        return session in self.f and self.f[session]["live"]
+
+    def create(self, session, timestamp):
+        if session not in self.f:
+            self.f[session] = {"created": timestamp, "live": True}
+        else:
+            raise KeyError
+
+    def kill(self, session):
+        self.f[session]["live"] = False
+
+    def destroy(self, session):
+        del self.f[session]
+
 class index:
    def GET(self):
        web.header("Content-type", "text/html")
@@ -19,8 +42,9 @@ class index:

    def POST(self):
        web.header("Content-type", "application/x-protobuf")
-        web.setcookie("chocolate", hmac("foo", "bar"),
-                       secure=True) # , httponly=True)
+#        web.setcookie("chocolate", hmac("foo", "bar"),
+#                       secure=True) # , httponly=True)
+        self.sessions = sessionstore()
        m = chocolatemessage()
        r = chocolatemessage()
        r.chocolateversion = 1
@@ -31,11 +55,24 @@ class index:
        else:
            if m.chocolateversion != 1:
                r.failure.cause = r.UnsupportedVersion
+        if m.session == "":
+            # New session
+            r.session = SHA256.new(Random.get_random_bytes(32)).hexdigest()
+            session = r.session.encode("UTF8")
+            self.sessions.create(session, int(time.time()))
+        elif m.session and not r.failure.IsInitialized():
+            session = m.session.encode("UTF8")
+            r.session = session
+            if not self.sessions.exists(session):
+                r.failure.cause = r.StaleRequest
+            elif not self.sessions.live(session):
+                r.failure.cause = r.StaleRequest
        if m.debug:
            web.header("Content-type", "text/plain")
            return "SAW MESSAGE: %s\n" % str(r)
        else:
            return r.SerializeToString()
+            

 if __name__ == "__main__":
    app = web.application(urls, globals())