Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/lib/rest.py

214 lines
8.8 KiB
Python
Raw Normal View History

rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
from functools import wraps
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
from typing import Callable, Dict, Set, Tuple, Union
[i18n] Make Json error messages translatable.
2016-06-01 14:39:58 +02:00
uploads: Set X-Accel-Redirect manually, without using django-sendfile2. The `django-sendfile2` module unfortunately only supports a single `SENDFILE` root path -- an invariant which subsequent commits need to break. Especially as Zulip only runs with a single webserver, and thus sendfile backend, the functionality is simple to inline. It is worth noting that the following headers from the initial Django response are _preserved_, if present, and sent unmodified to the client; all other headers are overridden by those supplied by the internal redirect[^1]: - Content-Type - Content-Disposition - Accept-Ranges - Set-Cookie - Cache-Control - Expires As such, we explicitly unset the Content-type header to allow nginx to set it from the static file, but set Content-Disposition and Cache-Control as we want them to be. [^1]: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/
2022-12-06 22:26:39 +01:00
from django.http import HttpRequest, HttpResponse, HttpResponseBase
rest: Add rest_path shortcut for path with rest_dispatch. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-22 06:04:45 +02:00
from django.urls import path
from django.urls.resolvers import URLPattern
rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
from django.utils.cache import add_never_cache_headers
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
from django.views.decorators.csrf import csrf_exempt, csrf_protect
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
from typing_extensions import Concatenate, ParamSpec
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.decorator import (
authenticated_json_view,
authenticated_rest_api_view,
authenticated_uploads_api_view,
process_as_post,
decorator: Extract public_json_view. This refactoring is necessary to separate the expected type annotation for view functions with different authentication methods. Currently the signature aren't actually check against view functions because `rest_path` does not support type checking parameter types, but it will become useful once we do. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-01 20:46:23 +02:00
public_json_view,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
)
exceptions: Extract json_unauths into MissingAuthenticationError. We raise two types of json_unauthorized when MissingAuthenticationError is raised. Raising the one with www_authenticate let's the client know that user needs to be logged in to access the requested content. Sending `www_authenticate='session'` header with the response also stops modern web-browsers from showing a login form to the user and let's the client handle it completely. Structurally, this moves the handling of common authentication errors to a single shared middleware exception handler.
2020-08-22 20:20:42 +02:00
from zerver.lib.exceptions import MissingAuthenticationError
request: Refactor ZulipRequestNotes to RequestNotes. This utilizes the generic `BaseNotes` we added for multipurpose patching. With this migration as an example, we can further support more types of notes to replace the monkey-patching approach we have used throughout the codebase for type safety.
2021-08-21 19:24:20 +02:00
from zerver.lib.request import RequestNotes
exceptions: Extract json_unauths into MissingAuthenticationError. We raise two types of json_unauthorized when MissingAuthenticationError is raised. Raising the one with www_authenticate let's the client know that user needs to be logged in to access the requested content. Sending `www_authenticate='session'` header with the response also stops modern web-browsers from showing a login form to the user and let's the client handle it completely. Structurally, this moves the handling of common authentication errors to a single shared middleware exception handler.
2020-08-22 20:20:42 +02:00
from zerver.lib.response import json_method_not_allowed
Make rest_dispatch errors cleaner for requests from browsers. If you don't have a cookie or basic auth and the request looks like a top-level page in the browser, redirect to the login page. (imported from commit fc1bcb1080591522bd1b694664255f7049a5d443)
2013-10-30 16:33:08 +01:00
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
ParamT = ParamSpec("ParamT")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
METHODS = ("GET", "HEAD", "POST", "PUT", "DELETE", "PATCH")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
def default_never_cache_responses(
python: Reformat with Ruff formatter. https://docs.astral.sh/ruff/formatter/ Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-05 18:45:07 +01:00
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
upload: Fix browser caching of uploads with local uploads backend. Apparently, our change in b8a1050fc4135b2d2921052c3f1ef55b53dbb028 to stop caching responses on API endpoints accidentally ended up affecting uploaded files as well. Fix this by explicitly setting a Cache-Control header in our Sendfile responses, as well as changing our outer API caching code to only set the never cache headers if the view function didn't explicitly specify them itself. This is not directly related to #13088, as that is a similar issue with the S3 backend. Thanks to Gert Burger for the report.
2019-10-02 00:10:30 +02:00
"""Patched version of the standard Django never_cache_responses
decorator that adds headers to a response so that it will never be
cached, unless the view code has already set a Cache-Control
header.
rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
"""
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
@wraps(view_func)
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
def _wrapped_view_func(
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
) -> HttpResponse:
rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
response = view_func(request, *args, **kwargs)
tornado: Rewrite Django integration to duplicate less code. Since essentially the first use of Tornado in Zulip, we've been maintaining our Tornado+Django system, AsyncDjangoHandler, with several hundred lines of Django code copied into it. The goal for that code was simple: We wanted a way to use our Django middleware (for code sharing reasons) inside a Tornado process (since we wanted to use Tornado for our async events system). As part of the Django 2.2.x upgrade, I looked at upgrading this implementation to be based off modern Django, and it's definitely possible to do that: * Continue forking load_middleware to save response middleware. * Continue manually running the Django response middleware. * Continue working out a hack involving copying all of _get_response to change a couple lines allowing us our Tornado code to not actually return the Django HttpResponse so we can long-poll. The previous hack of returning None stopped being viable with the Django 2.2 MiddlewareMixin.__call__ implementation. But I decided to take this opportunity to look at trying to avoid copying material Django code, and there is a way to do it: * Replace RespondAsynchronously with a response.asynchronous attribute on the HttpResponse; this allows Django to run its normal plumbing happily in a way that should be stable over time, and then we proceed to discard the response inside the Tornado `get()` method to implement long-polling. (Better yet might be raising an exception?). This lets us eliminate maintaining a patched copy of _get_response. * Removing the @asynchronous decorator, which didn't add anything now that we only have one API endpoint backend (with two frontend call points) that could call into this. Combined with the last bullet, this lets us remove a significant hack from our never_cache_responses function. * Calling the normal Django `get_response` method from zulip_finish after creating a duplicate request to process, rather than writing totally custom code to do that. This lets us eliminate maintaining a patched copy of Django's load_middleware. * Adding detailed comments explaining how this is supposed to work, what problems we encounter, and how we solve various problems, which is critical to being able to modify this code in the future. A key advantage of these changes is that the exact same code should work on Django 1.11, Django 2.2, and Django 3.x, because we're no longer copying large blocks of core Django code and thus should be much less vulnerable to refactors. There may be a modest performance downside, in that we now run both request and response middleware twice when longpolling (once for the request we discard). We may be able to avoid the expensive part of it, Zulip's own request/response middleware, with a bit of additional custom code to save work for requests where we're planning to discard the response. Profiling will be important to understanding what's worth doing here.
2020-02-06 22:09:10 +01:00
if response.has_header("Cache-Control"):
upload: Fix browser caching of uploads with local uploads backend. Apparently, our change in b8a1050fc4135b2d2921052c3f1ef55b53dbb028 to stop caching responses on API endpoints accidentally ended up affecting uploaded files as well. Fix this by explicitly setting a Cache-Control header in our Sendfile responses, as well as changing our outer API caching code to only set the never cache headers if the view function didn't explicitly specify them itself. This is not directly related to #13088, as that is a similar issue with the S3 backend. Thanks to Gert Burger for the report.
2019-10-02 00:10:30 +02:00
return response
add_never_cache_headers(response)
rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
return response
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
return _wrapped_view_func
rest: Disable caching for all REST API endpoints. Investigation into #12876, a mysterious bug where users were seeing messages reappear as unread, determined that the root cause was missing headers to disable client-side caching for Zulip's REST API endpoints. This manifested, in particular, for `GET /messages`, which is essentially the only API GET endpoint used by the webapp at all. When using the `Ctrl+Shift+T` feature of browsers to restore a recently closed tab (and potentially other code paths), the browser would return from its disk cache a cached copy of the GET /messages results. Because we include message flags on messages fetched from the server, this in particular meant that those tabs would get a stale version of the unread flag for the batches of the most recent ~1200 messages that Zulip fetches upon opening a new browser tab. The issue took same care to reproduce as well, in large part because the arguments to those initial GET /messages requests will vary as one reads messages (because the `pointer` moves forward) and then enters the "All messages" view; the disk cache is only used for GET requests with the exact same URL parameters. We will probably still want to merge the events error-handling changes we had previously proposed for this, but the conclusion of this being a straightforward case of missing cache-control headers is much more satisfying than the "badly behaving Chrome" theory discussed in the issue thread. Fixes #12876.
2019-07-25 21:03:35 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
def get_target_view_function_or_response(
typing: Tighten type annotation of zerver.lib.rest. By replacing Any with object we enforce type narrowing before using the kwargs when a more specific type is required. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-16 03:45:43 +02:00
request: HttpRequest, rest_dispatch_kwargs: Dict[str, object]
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
) -> Union[Tuple[Callable[..., HttpResponse], Set[str]], HttpResponse]:
"""Helper for REST API request dispatch. The rest_dispatch_kwargs
parameter is expected to be a dictionary mapping HTTP methods to
a mix of view functions and (view_function, {view_flags}) tuples.
Add comments on how rest_dispatch authenticates.
2016-06-23 02:26:47 +02:00
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
* Returns an error HttpResponse for unsupported HTTP methods.
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
* Otherwise, returns a tuple containing the view function
corresponding to the request's HTTP method, as well as the
appropriate set of view flags.
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
HACK: Mutates the passed rest_dispatch_kwargs, removing the HTTP
method details but leaving any other parameters for the caller to
pass directly to the view function. We should see if we can remove
this feature; it's not clear it's actually used.
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
"""
typing: Tighten type annotation of zerver.lib.rest. By replacing Any with object we enforce type narrowing before using the kwargs when a more specific type is required. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-16 03:45:43 +02:00
supported_methods: Dict[str, object] = {}
request: Refactor ZulipRequestNotes to RequestNotes. This utilizes the generic `BaseNotes` we added for multipurpose patching. With this migration as an example, we can further support more types of notes to replace the monkey-patching approach we have used throughout the codebase for type safety.
2021-08-21 19:24:20 +02:00
request_notes = RequestNotes.get_notes(request)
request: Move miscellaneous attributes to ZulipRequestNotes. This includes the migration of fields that require trivial changes to be migrated to be stored with ZulipRequestNotes. Specifically _requestor_for_logs, _set_language, _query, error_format, placeholder_open_graph_description, saveed_response, which were all previously set on the HttpRequest object at some point. This migration allows them to be typed.
2021-07-09 15:17:33 +02:00
if request_notes.saved_response is not None:
tornado: Rewrite Django integration to duplicate less code. Since essentially the first use of Tornado in Zulip, we've been maintaining our Tornado+Django system, AsyncDjangoHandler, with several hundred lines of Django code copied into it. The goal for that code was simple: We wanted a way to use our Django middleware (for code sharing reasons) inside a Tornado process (since we wanted to use Tornado for our async events system). As part of the Django 2.2.x upgrade, I looked at upgrading this implementation to be based off modern Django, and it's definitely possible to do that: * Continue forking load_middleware to save response middleware. * Continue manually running the Django response middleware. * Continue working out a hack involving copying all of _get_response to change a couple lines allowing us our Tornado code to not actually return the Django HttpResponse so we can long-poll. The previous hack of returning None stopped being viable with the Django 2.2 MiddlewareMixin.__call__ implementation. But I decided to take this opportunity to look at trying to avoid copying material Django code, and there is a way to do it: * Replace RespondAsynchronously with a response.asynchronous attribute on the HttpResponse; this allows Django to run its normal plumbing happily in a way that should be stable over time, and then we proceed to discard the response inside the Tornado `get()` method to implement long-polling. (Better yet might be raising an exception?). This lets us eliminate maintaining a patched copy of _get_response. * Removing the @asynchronous decorator, which didn't add anything now that we only have one API endpoint backend (with two frontend call points) that could call into this. Combined with the last bullet, this lets us remove a significant hack from our never_cache_responses function. * Calling the normal Django `get_response` method from zulip_finish after creating a duplicate request to process, rather than writing totally custom code to do that. This lets us eliminate maintaining a patched copy of Django's load_middleware. * Adding detailed comments explaining how this is supposed to work, what problems we encounter, and how we solve various problems, which is critical to being able to modify this code in the future. A key advantage of these changes is that the exact same code should work on Django 1.11, Django 2.2, and Django 3.x, because we're no longer copying large blocks of core Django code and thus should be much less vulnerable to refactors. There may be a modest performance downside, in that we now run both request and response middleware twice when longpolling (once for the request we discard). We may be able to avoid the expensive part of it, Zulip's own request/response middleware, with a bit of additional custom code to save work for requests where we're planning to discard the response. Profiling will be important to understanding what's worth doing here.
2020-02-06 22:09:10 +01:00
# For completing long-polled Tornado requests, we skip the
# view function logic and just return the response.
request: Move miscellaneous attributes to ZulipRequestNotes. This includes the migration of fields that require trivial changes to be migrated to be stored with ZulipRequestNotes. Specifically _requestor_for_logs, _set_language, _query, error_format, placeholder_open_graph_description, saveed_response, which were all previously set on the HttpRequest object at some point. This migration allows them to be typed.
2021-07-09 15:17:33 +02:00
return request_notes.saved_response
tornado: Rewrite Django integration to duplicate less code. Since essentially the first use of Tornado in Zulip, we've been maintaining our Tornado+Django system, AsyncDjangoHandler, with several hundred lines of Django code copied into it. The goal for that code was simple: We wanted a way to use our Django middleware (for code sharing reasons) inside a Tornado process (since we wanted to use Tornado for our async events system). As part of the Django 2.2.x upgrade, I looked at upgrading this implementation to be based off modern Django, and it's definitely possible to do that: * Continue forking load_middleware to save response middleware. * Continue manually running the Django response middleware. * Continue working out a hack involving copying all of _get_response to change a couple lines allowing us our Tornado code to not actually return the Django HttpResponse so we can long-poll. The previous hack of returning None stopped being viable with the Django 2.2 MiddlewareMixin.__call__ implementation. But I decided to take this opportunity to look at trying to avoid copying material Django code, and there is a way to do it: * Replace RespondAsynchronously with a response.asynchronous attribute on the HttpResponse; this allows Django to run its normal plumbing happily in a way that should be stable over time, and then we proceed to discard the response inside the Tornado `get()` method to implement long-polling. (Better yet might be raising an exception?). This lets us eliminate maintaining a patched copy of _get_response. * Removing the @asynchronous decorator, which didn't add anything now that we only have one API endpoint backend (with two frontend call points) that could call into this. Combined with the last bullet, this lets us remove a significant hack from our never_cache_responses function. * Calling the normal Django `get_response` method from zulip_finish after creating a duplicate request to process, rather than writing totally custom code to do that. This lets us eliminate maintaining a patched copy of Django's load_middleware. * Adding detailed comments explaining how this is supposed to work, what problems we encounter, and how we solve various problems, which is critical to being able to modify this code in the future. A key advantage of these changes is that the exact same code should work on Django 1.11, Django 2.2, and Django 3.x, because we're no longer copying large blocks of core Django code and thus should be much less vulnerable to refactors. There may be a modest performance downside, in that we now run both request and response middleware twice when longpolling (once for the request we discard). We may be able to avoid the expensive part of it, Zulip's own request/response middleware, with a bit of additional custom code to save work for requests where we're planning to discard the response. Profiling will be important to understanding what's worth doing here.
2020-02-06 22:09:10 +01:00
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
# The list() duplicates rest_dispatch_kwargs, since this loop
# mutates the original.
for arg in list(rest_dispatch_kwargs):
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
if arg in METHODS:
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
supported_methods[arg] = rest_dispatch_kwargs[arg]
del rest_dispatch_kwargs[arg]
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
if "GET" in supported_methods:
supported_methods.setdefault("HEAD", supported_methods["GET"])
zerver: Accept HEAD requests wherever GET requests are accepted. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-08-12 05:44:35 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
if request.method == "OPTIONS":
pep8: Add compliance with rule E261 to rest.py.
2017-05-07 17:09:39 +02:00
response = HttpResponse(status=204) # No content
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
response["Allow"] = ", ".join(sorted(supported_methods.keys()))
Return correct OPTIONS in rest_dispatch (imported from commit 095175cad4df982d2bf5603f3b927a3aa6d7f41f)
2014-07-17 02:51:24 +02:00
return response
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
# Override requested method if magic method=??? parameter exists
method_to_use = request.method
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
if request.POST and "method" in request.POST:
method_to_use = request.POST["method"]
Make rest_dispatch accept a list of globals and move it into its own file. We're going to be using this from other views, so make it more generic. (imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-17 19:21:18 +02:00
python3: Fix usage of .keys()/.values() to handle iterators. This fixes the places where we use the result of .keys(), .items(), and .values() that wouldn't work with an iterator to wrap them with list().
2016-01-25 01:27:18 +01:00
if method_to_use in supported_methods:
Modify rest_dispatch to support method specific flags. [simplified substantially by tabbott]
2016-06-25 12:48:33 +02:00
entry = supported_methods[method_to_use]
if isinstance(entry, tuple):
rest: Add assertions for entries from supported methods. Mypy considers that "Tuple[Any, ...]" is incompatible with "Union[Tuple[Callable[..., HttpResponse], Set[str]], HttpResponse]". handler, view_flags = entry is sufficient to suppress the error, but we also add assertions for full measure. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-15 20:58:15 +02:00
handler, view_flags = entry
assert callable(handler)
assert isinstance(view_flags, set)
return handler, view_flags
typing: Tighten type annotation of zerver.lib.rest. By replacing Any with object we enforce type narrowing before using the kwargs when a more specific type is required. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-16 03:45:43 +02:00
assert callable(entry)
return entry, set()
Have rest_dispatch return JSON when exceptions are thrown. (imported from commit 587a8f46d406c6358480db9e0ebd5afb69e12abf)
2013-12-13 21:52:20 +01:00
python3: Fix usage of .keys()/.values() to handle iterators. This fixes the places where we use the result of .keys(), .items(), and .values() that wouldn't work with an iterator to wrap them with list().
2016-01-25 01:27:18 +01:00
return json_method_not_allowed(list(supported_methods.keys()))
rest: Add rest_path shortcut for path with rest_dispatch. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-22 06:04:45 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
@default_never_cache_responses
@csrf_exempt
typing: Remove ViewFuncT. This removes ViewFuncT and all the associated type casts with ParamSpec and Concatenate. This provides more accurate type annotation for decorators at the cost of making the concatenated parameters positional-only. This change does not intend to introduce any other behavioral difference. Note that we retype args in process_view as List[object] because the view functions can not only be called with arguments of type str. Note that the first argument of rest_dispatch needs to be made positional-only because of the presence of **kwargs. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-21 04:03:39 +02:00
def rest_dispatch(request: HttpRequest, /, **kwargs: object) -> HttpResponse:
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
"""Dispatch to a REST API endpoint.
Authentication is verified in the following ways:
* for paths beginning with /api, HTTP basic auth
* for paths beginning with /json (used by the web client), the session token
Unauthenticated requests may use this endpoint only with the
allow_anonymous_user_web view flag.
This calls the function named in kwargs[request.method], if that request
method is supported, and after wrapping that function to:
* protect against CSRF (if the user is already authenticated through
a Django session)
* authenticate via an API key (otherwise)
* coerce PUT/PATCH/DELETE into having POST-like semantics for
retrieving variables
Any keyword args that are *not* HTTP methods are passed through to the
target function.
Never make a urls.py pattern put user input into a variable called GET, POST,
etc, as that is where we route HTTP verbs to target functions.
"""
result = get_target_view_function_or_response(request, kwargs)
if isinstance(result, HttpResponse):
return result
target_function, view_flags = result
request_notes = RequestNotes.get_notes(request)
# Set request_notes.query for update_activity_user(), which is called
# by some of the later wrappers.
request_notes.query = target_function.__name__
# We want to support authentication by both cookies (web client)
# and API keys (API clients). In the former case, we want to
# do a check to ensure that CSRF etc is honored, but in the latter
# we can skip all of that.
#
# Security implications of this portion of the code are minimal,
# as we should worst-case fail closed if we miscategorize a request.
# for some special views (e.g. serving a file that has been
# uploaded), we support using the same URL for web and API clients.
if "override_api_url_scheme" in view_flags and "Authorization" in request.headers:
# This request uses standard API based authentication.
# For override_api_url_scheme views, we skip our normal
# rate limiting, because there are good reasons clients
# might need to (e.g.) request a large number of uploaded
# files or avatars in quick succession.
target_function = authenticated_rest_api_view(skip_rate_limiting=True)(target_function)
elif "override_api_url_scheme" in view_flags and request.GET.get("api_key") is not None:
# This request uses legacy API authentication. We
# unfortunately need that in the React Native mobile apps,
# because there's no way to set the Authorization header in
# React Native. See last block for rate limiting notes.
target_function = authenticated_uploads_api_view(skip_rate_limiting=True)(target_function)
# /json views (web client) validate with a session token (cookie)
elif not request.path.startswith("/api") and request.user.is_authenticated:
# Authenticated via sessions framework, only CSRF check needed
auth_kwargs = {}
if "override_api_url_scheme" in view_flags:
auth_kwargs["skip_rate_limiting"] = True
target_function = csrf_protect(authenticated_json_view(target_function, **auth_kwargs))
# most clients (mobile, bots, etc) use HTTP basic auth and REST calls, where instead of
# username:password, we use email:apiKey
rest: Restrict access to json views via basic auth. Previously, test cases or clients accessing /json/ views using HTTP Basic Auth would be accepted, while we intended to only allow clients authenticated with a session cookie to access these views. This adds a check on the accessed path to avoid this possibility. It seems unlikely that any API clients clients were taking advantage of this unintended quirk; so we're not going to bother documenting this bug fix as an API change. In any case, it should be trivial for anyone affected to consult the documentation and then switch their /json/foo URL to a correct /api/v1/foo URL. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-04 20:26:18 +01:00
elif request.path.startswith("/api") and "Authorization" in request.headers:
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
# Wrap function with decorator to authenticate the user before
# proceeding
target_function = authenticated_rest_api_view(
allow_webhook_access="allow_incoming_webhooks" in view_flags,
)(target_function)
elif (
request.path.startswith(("/json", "/avatar", "/user_uploads", "/thumbnail"))
and "allow_anonymous_user_web" in view_flags
):
# For endpoints that support anonymous web access, we do that.
# TODO: Allow /api calls when this is stable enough.
target_function = csrf_protect(public_json_view(target_function))
else:
# Otherwise, throw an authentication error; our middleware
# will generate the appropriate HTTP response.
ruff: Fix RSE102 Unnecessary parentheses on raised exception. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-04 02:07:20 +01:00
raise MissingAuthenticationError
rest: Implement get_target_view_function_or_response. As noted in the docstring, this is a temporary helper function that separates routing for paths that support multiple HTTP methods from `rest_dispatch` itself. We will need to replace this helper with class-based views in the future. The helper will also be handy to reduce duplication when splitting up `rest_dispatch` by authentication methods. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-02 00:21:20 +02:00
if request.method in ["DELETE", "PATCH", "PUT"]:
# process_as_post needs to be the outer decorator, because
# otherwise we might access and thus cache a value for
# request.POST.
target_function = process_as_post(target_function)
return target_function(request, **kwargs)
rest: Add rest_path shortcut for path with rest_dispatch. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-22 06:04:45 +02:00
def rest_path(
route: str,
uploads: Set X-Accel-Redirect manually, without using django-sendfile2. The `django-sendfile2` module unfortunately only supports a single `SENDFILE` root path -- an invariant which subsequent commits need to break. Especially as Zulip only runs with a single webserver, and thus sendfile backend, the functionality is simple to inline. It is worth noting that the following headers from the initial Django response are _preserved_, if present, and sent unmodified to the client; all other headers are overridden by those supplied by the internal redirect[^1]: - Content-Type - Content-Disposition - Accept-Ranges - Set-Cookie - Cache-Control - Expires As such, we explicitly unset the Content-type header to allow nginx to set it from the static file, but set Content-Disposition and Cache-Control as we want them to be. [^1]: https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/
2022-12-06 22:26:39 +01:00
**handlers: Union[
Callable[..., HttpResponseBase],
Tuple[Callable[..., HttpResponseBase], Set[str]],
],
rest: Add rest_path shortcut for path with rest_dispatch. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-22 06:04:45 +02:00
) -> URLPattern:
rest: Remove kwargs from rest_path. The only caller that passes the kwargs argument is the avatar rest_path. The application of kwargs can be rewritten with a wrapper. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-15 21:50:30 +02:00
return path(route, rest_dispatch, handlers)