zulip/zerver/lib/redis_utils.py

from django.conf import settings
from typing import Any, Dict, Optional
from zerver.lib.utils import generate_random_token

import re
import redis
import ujson

# Redis accepts keys up to 512MB in size, but there's no reason for us to use such size,
# so we want to stay limited to 1024 characters.
MAX_KEY_LENGTH = 1024

class ZulipRedisError(Exception):
    pass

class ZulipRedisKeyTooLongError(ZulipRedisError):
    pass

class ZulipRedisKeyOfWrongFormatError(ZulipRedisError):
    pass

def get_redis_client() -> redis.StrictRedis:
    return redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT,
                             password=settings.REDIS_PASSWORD, db=0)

def put_dict_in_redis(redis_client: redis.StrictRedis, key_format: str,
                      data_to_store: Dict[str, Any],
                      expiration_seconds: int,
                      token_length: int=64,
                      token: Optional[str]=None) -> str:
    key_length = len(key_format) - len('{token}') + token_length
    if key_length > MAX_KEY_LENGTH:
        error_msg = "Requested key too long in put_dict_in_redis. Key format: %s, token length: %s"
        raise ZulipRedisKeyTooLongError(error_msg % (key_format, token_length))
    if token is None:
        token = generate_random_token(token_length)
    key = key_format.format(token=token)
    with redis_client.pipeline() as pipeline:
        pipeline.set(key, ujson.dumps(data_to_store))
        pipeline.expire(key, expiration_seconds)
        pipeline.execute()

    return key

def get_dict_from_redis(redis_client: redis.StrictRedis, key_format: str, key: str
                        ) -> Optional[Dict[str, Any]]:
    # This function requires inputting the intended key_format to validate
    # that the key fits it, as an additionally security measure. This protects
    # against bugs where a caller requests a key based on user input and doesn't
    # validate it - which could potentially allow users to poke around arbitrary redis keys.
    if len(key) > MAX_KEY_LENGTH:
        error_msg = "Requested key too long in get_dict_from_redis: %s"
        raise ZulipRedisKeyTooLongError(error_msg % (key,))
    validate_key_fits_format(key, key_format)

    data = redis_client.get(key)
    if data is None:
        return None
    return ujson.loads(data)

def validate_key_fits_format(key: str, key_format: str) -> None:
    assert "{token}" in key_format
    regex = key_format.format(token=r"[a-zA-Z0-9]+")

    if not re.fullmatch(regex, key):
        raise ZulipRedisKeyOfWrongFormatError("%s does not match format %s" % (key, key_format))
Add helper function for returning a Redis client (imported from commit 47f87d388d24343ac6b631181a55287eb8cd4a6d) 2014-02-05 00:35:32 +01:00			`from django.conf import settings`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`from typing import Any, Dict, Optional`
			`from zerver.lib.utils import generate_random_token`
Add helper function for returning a Redis client (imported from commit 47f87d388d24343ac6b631181a55287eb8cd4a6d) 2014-02-05 00:35:32 +01:00
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`import re`
Add helper function for returning a Redis client (imported from commit 47f87d388d24343ac6b631181a55287eb8cd4a6d) 2014-02-05 00:35:32 +01:00			`import redis`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`import ujson`
Add helper function for returning a Redis client (imported from commit 47f87d388d24343ac6b631181a55287eb8cd4a6d) 2014-02-05 00:35:32 +01:00
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`# Redis accepts keys up to 512MB in size, but there's no reason for us to use such size,`
			`# so we want to stay limited to 1024 characters.`
			`MAX_KEY_LENGTH = 1024`

redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`class ZulipRedisError(Exception):`
			`pass`

			`class ZulipRedisKeyTooLongError(ZulipRedisError):`
			`pass`

			`class ZulipRedisKeyOfWrongFormatError(ZulipRedisError):`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`pass`

zerver/lib: Use python 3 syntax for typing. With tweaks by tabbott to fix line spacing. 2017-11-05 11:15:10 +01:00			`def get_redis_client() -> redis.StrictRedis:`
settings: Add support for specifying a remote redis password. 2016-08-01 04:51:00 +02:00			`return redis.StrictRedis(host=settings.REDIS_HOST, port=settings.REDIS_PORT,`
			`password=settings.REDIS_PASSWORD, db=0)`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00
			`def put_dict_in_redis(redis_client: redis.StrictRedis, key_format: str,`
			`data_to_store: Dict[str, Any],`
auth: Use tokens, with data stored in redis, for log_into_subdomain. The desktop otp flow (to be added in next commits) will want to generate one-time tokens for the app that will allow it to obtain an authenticated session. log_into_subdomain will be the endpoint to pass the one-time token to. Currently it uses signed data as its input "tokens", which is not compatible with the otp flow, which requires simpler (and fixed-length) token. Thus the correct scheme to use is to store the authenticated data in redis and return a token tied to the data, which should be passed to the log_into_subdomain endpoint. In this commit, we replace the "pass signed data around" scheme with the redis scheme, because there's no point having both. 2020-01-23 12:21:55 +01:00			`expiration_seconds: int,`
redis_utils: Extend `put_dict_in_redis` to accept token as param. This extends `put_dict_in_redis` to take token as an argument and return that with the as a `key` with following key format. Also, edit regex for token to include uppercase letters as a token sent during apple authentication contains uppercase letters. Useful for Adding "Sign in with Apple" support. 2020-04-26 23:00:54 +02:00			`token_length: int=64,`
			`token: Optional[str]=None) -> str:`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`key_length = len(key_format) - len('{token}') + token_length`
			`if key_length > MAX_KEY_LENGTH:`
			`error_msg = "Requested key too long in put_dict_in_redis. Key format: %s, token length: %s"`
			`raise ZulipRedisKeyTooLongError(error_msg % (key_format, token_length))`
redis_utils: Extend `put_dict_in_redis` to accept token as param. This extends `put_dict_in_redis` to take token as an argument and return that with the as a `key` with following key format. Also, edit regex for token to include uppercase letters as a token sent during apple authentication contains uppercase letters. Useful for Adding "Sign in with Apple" support. 2020-04-26 23:00:54 +02:00			`if token is None:`
			`token = generate_random_token(token_length)`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`key = key_format.format(token=token)`
redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`with redis_client.pipeline() as pipeline:`
			`pipeline.set(key, ujson.dumps(data_to_store))`
			`pipeline.expire(key, expiration_seconds)`
			`pipeline.execute()`

			`return key`

redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`def get_dict_from_redis(redis_client: redis.StrictRedis, key_format: str, key: str`
			`) -> Optional[Dict[str, Any]]:`
			`# This function requires inputting the intended key_format to validate`
			`# that the key fits it, as an additionally security measure. This protects`
			`# against bugs where a caller requests a key based on user input and doesn't`
			`# validate it - which could potentially allow users to poke around arbitrary redis keys.`
redis_utils: Validate requested key length in helper functions. 2020-01-26 17:01:23 +01:00			`if len(key) > MAX_KEY_LENGTH:`
			`error_msg = "Requested key too long in get_dict_from_redis: %s"`
			`raise ZulipRedisKeyTooLongError(error_msg % (key,))`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00			`validate_key_fits_format(key, key_format)`

redis: Extract put_dict_in_redis and get_dict_from_redis helpers. 2020-01-20 14:17:53 +01:00			`data = redis_client.get(key)`
			`if data is None:`
			`return None`
			`return ujson.loads(data)`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00
			`def validate_key_fits_format(key: str, key_format: str) -> None:`
			`assert "{token}" in key_format`
redis_utils: Extend `put_dict_in_redis` to accept token as param. This extends `put_dict_in_redis` to take token as an argument and return that with the as a `key` with following key format. Also, edit regex for token to include uppercase letters as a token sent during apple authentication contains uppercase letters. Useful for Adding "Sign in with Apple" support. 2020-04-26 23:00:54 +02:00			`regex = key_format.format(token=r"[a-zA-Z0-9]+")`
redis_utils: Require key_format argument in get_dict_from_redis. 2020-01-26 19:01:56 +01:00
			`if not re.fullmatch(regex, key):`
			`raise ZulipRedisKeyOfWrongFormatError("%s does not match format %s" % (key, key_format))`