Commit Graph

71 Commits

Author SHA1 Message Date
Leo Franchi 0b5b1dafc4 Add a rate limiting system to our backend
(imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-06-04 09:43:09 -04:00
Tim Abbott c7f44f97d6 rest_dispatch: Apply process_as_post automatically.
(imported from commit 35a4710e2050efe268ed6d2e63a41eea1ebc1d24)
2013-05-17 01:02:33 -04:00
Tim Abbott 6664ac8014 Set request.user in API views.
(imported from commit f8cd82a60ef72055b595dfab88ab0058b120251c)
2013-05-14 15:18:21 -04:00
Tim Abbott f1b5d69622 decorators: Replace POST with REQ everywhere.
It's strictly more functional, and having a single arguments
extraction decorator makes our codebase less confusing.

(imported from commit 2a5618c04b486268a462a24a1481ac030f15eac4)
2013-05-09 10:35:49 -04:00
Tim Abbott 5b51705451 Fix logging of requesting user with REST API.
Fixes #1155.

(imported from commit b5becb7418ce9577a6bbaa20dcb68a02f1928b9f)
2013-04-30 11:54:16 -04:00
Luke Faraone 71a91197fa Enable absolute imports.
See PEP 328[1] for details. This feature was introduced in Python 2.5 and
will become mandatory in Python 3.

[1]: http://www.python.org/dev/peps/pep-0328

(imported from commit 7444eeba8a08d5f91b94c7921848f2274979bd76)
2013-04-23 09:51:17 -07:00
Leo Franchi 1d25f36554 Add a decorator for sending count information to statsd
(imported from commit 5263e39d8c235ac56517f0a69a1b1337e6f8942a)
2013-04-18 18:05:52 -04:00
Luke Faraone 3fd2bfa19e Don't convert to POST vars if POST is already populated.
Otherwise you could encounter errors if you POST to a method
with this decorator applied.

(imported from commit bcb31f336ea2a1eeee6b9e3e9dfeed1d205ae26a)
2013-04-03 15:35:59 -07:00
Luke Faraone 50809ca219 Rename process_patch_as_post to process_as_post for generality
(imported from commit c920216176a8b6d4b0172a60b6e65df6a58fc79a)
2013-04-03 15:35:58 -07:00
Tim Abbott 1cec86eb2d [manual] Remove now-unused User model.
I think all that one needs to do to deploy this commit is on developer
laptops, run `generate-fixtures --force`.

(imported from commit 34916341435fef0875b5a2c7f53c2f5606cd16cd)
2013-04-02 12:57:10 -04:00
Tim Abbott 5dbe8b4c17 [manual] Authenticate using a user_profile as request.user.
When this is deployed to staging, we need to run

./manage.py logout_all_users --realm=humbughq.com

When this is deployed to prod, we need to run

./manage.py logout_all_users

(imported from commit d6c6ea4b1c347f3d9122742db23c7b67767a7349)
2013-04-02 12:07:08 -04:00
Tim Abbott 1443edce00 Access the UserProfile's new email field rather than using User.
This is preparatory for stopping using the User model.

(imported from commit a1b0808c8cc2ddd19a25163f91c4f18620c9ce90)
2013-04-02 12:07:08 -04:00
Tim Abbott 198480ef99 Use get_user_profile_by_email more consistently.
The previous situation was bad for two reasons:

(1) It had a lot of copies of the code, some of them missing pieces:
  UserProfile.objects.get(user__email__iexact=foo)

This was in particular going to be inconvenient since we are dropping
the __user part of that.

(2) It didn't take advantage of our memcached caching.

(imported from commit 2325795f288a7cf306cdae191f5d3080aac0651a)
2013-03-29 16:18:38 -04:00
Luke Faraone 7eee9d4905 Implement generic REQ class which pulls from request.REQUEST.
This is to allow flexibility in functions that we think should be callable
via either GET or POST.

As part of this, POSTRequestMock was extended to populate the REQUEST
dict.

(imported from commit b9d32d2b65ff8a25885452992cf7dd37b9664246)
2013-03-28 07:53:39 -07:00
Luke Faraone 5d22ee9a76 Create update_subscriptions_backend to allow mass mutation of user subs.
This includes a process_patch_as_post decorator which enables this view
to be invoked as a PATCH on an object.

Hopefully this decorator can go away once POST values are correctly parsed
in Django for PATCH verb invocations.

(imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-28 07:53:39 -07:00
Luke Faraone a49c37917a Implement generic rest_dispatch method for new API.
(imported from commit 912ee803db03098f195d18648ab98401915fead6)
2013-03-28 07:53:38 -07:00
Luke Faraone bfb741c9bb Factor out client extraction and API key validation from authenticated_api_view
(imported from commit b8e3fc2f956b4de07ea0fe9b6f596dd353013935)
2013-03-28 07:53:36 -07:00
Luke Faraone 2be8f80f47 Make request._client a public member, dropping the '_'.
(imported from commit 5fc7ab57157ceb40c8bca9b0c97a47d8fac6745b)
2013-03-28 07:53:36 -07:00
Luke Faraone 9519484c8f Remove 'client' paramater from update_user_activity
(imported from commit 906bf35c1b6d056170bdf3472146e38dabce53bb)
2013-03-28 07:53:35 -07:00
Tim Abbott e8aa77c9b4 Set timeouts for our memcached caches.
The policy this implements is:
* 1 week for most persistent data (Clients, etc.)
* 1 day for messages

(imported from commit d57bb2c6b9626ffa2155c6d0ef9b60827d1f2381)
2013-03-28 07:36:10 -04:00
Zev Benjamin 5b4536172c Allow @has_request_variables on functions that don't actually use it
(imported from commit 3cf6db06c16d3d107a0fc4b11fc8c0f0258fc306)
2013-03-27 14:15:03 -04:00
Tim Abbott f3ad2d7a6b Centralize dispatch logic for which queue processor to use.
Previous we had around 4 copies of the logic for deciding whether we
should publish data via a SimpleQueueClient queue, a
TornadoQueueClient queue, or to directly handle the operation, which
resulted in their getting out of sync and buggy (see e.g. the previous
commit).

We need to add a lock around adding things to the queue to work around
a bug with pika's BlockingConnection.

I should note that the previous logic in some places had a bunch of
tests of the form "elif settings.TEST_SUITE" for doing the work that
would have been done by the queue processor directly; these should
have just been "else" clauses -- since we generally want that code to
run on development environments whether or not the test suite is
currently running.

(imported from commit 16bdbed4fff04b1bda6fde3b16bee7359917720b)
2013-03-27 08:19:27 -04:00
Leo Franchi 378a8939ec Use TornadoQueueClient for activity queue when in the tornado process
(imported from commit 93ca4295403786ae26a2f70be17410674e6d053c)
2013-03-22 15:55:49 -04:00
Tim Abbott b38a538f8c Rename userprofile_by_foo cache keys to user_profile_by_foo.
(imported from commit ef398abc48c9b81a3d339ffdce00bae274246d28)
2013-03-18 16:15:11 -04:00
Tim Abbott 9ae583b910 Use the User/UserProfile caches for Django requests too.
Previously we only used these caches for Tornado requests, because we
were not updating memcached when e.g. the user's pointer changed, and
so functions like update_pointer would not work correctly.

Now that we are updated memcached when the User and UserProfile
objects change, we can use these for all requests.

This saves 2 database queries on every Django request to the server.

(imported from commit aa5bffd885d14bde38b95e80a226bd5ab66f253d)
2013-03-15 18:09:34 -04:00
Tim Abbott 722918aa61 Use humbug_finish() wrapper for finish() with required arguments.
I think this is a little cleaner than the previous approach.

(imported from commit fa6233721f43c94003de643d7801a88a156affd2)
2013-03-15 12:53:07 -04:00
Tim Abbott c098520bbd Move the key functions for various caches to cache.py.
(imported from commit b04826533c32516cc2eef3b35263a40385ae7be4)
2013-03-14 15:07:41 -04:00
Tim Abbott cc4bcb97c4 Clean up naming for Tornado user_profile cache keys.
(imported from commit 8f401b563c9ef49c739c121c9dc5bffff09c986d)
2013-03-14 15:07:41 -04:00
Tim Abbott 1e9a85ff05 Fix use of case-sensitive comparisons on email addresses.
(imported from commit d420169640a9f9c034b3d9ded207e583691f6652)
2013-02-28 17:49:57 -05:00
Leo Franchi 49328c2551 Unify rabbitmq usage to use only one queue.
To work around the issue we're having with queue draining between
parallel blocking connections, use the same rabbitmq queue for both
activity and presence events, keyed on a 'type' flag in the message
itself.

(imported from commit 188e8fda1695734e52c5740db2195072cfc81479)
2013-02-15 11:43:17 -05:00
Tim Abbott c24e05f0e9 Log requestor email address for non-error requests too.
This should make it much easier to debug issues where a particular
user is hosing our API, for example.

(imported from commit cbea49fd1e11805cadf564bd9160d3d6bf7e0eca)
2013-02-12 11:07:36 -05:00
Leo Franchi 0a0c4bb9a0 [manual] Use rabbitmq for asynchronous presence updating
Note: When deploying, restarting the process-user-activity-commandline script is needed

(imported from commit 63ee795c9c7a7db4a40170cff5636dc1dd0b46a8)
2013-02-11 18:05:57 -05:00
Keegan McAllister d349de903b queue: Get rid of lazy initialization in SimpleQueue
Instead make it a singleton with a get_instance() class method.

(imported from commit e32cabf77b43361e74a11a23bba3a6d9fb32f82f)
2013-02-08 13:57:22 -05:00
Keegan McAllister f14db52f22 queue: Rename SimpleQueue to SimpleQueueClient
It doesn't represent a single queue; that's what the 'queue_name' arguments are
for.

(imported from commit 8382ae6793ca7c3ae4b5aacf2c128113a7a88fb6)
2013-02-08 13:57:22 -05:00
Tim Abbott a3a0880266 middleware: Improve logging of users causing 40x errors.
Previously we only got the user ID for /json requests, not /api
requests, and also only got the user ID, not the email address.

(imported from commit c3625f9c1a48430e35183be6c90a7855f3714948)
2013-02-05 14:36:48 -05:00
Jessica McKellar 85080f7ca5 decorator: deduplicate json_to_* logic.
(imported from commit d2470ebe38c391a8bb2e389a508f8b50d2e11fec)
2013-02-05 10:01:45 -05:00
Tim Abbott e592e71515 [manual] Use rabbitmq queue to process UserActivity.
Before this is deployed, we need to install rabbitmq and pika on the
target server (see the puppet part of this commit for how).

When this is deployed, we need to start the new user activity bot:

./manage.py process_user_activity

in the screen session on the relevant server, or user_activity logs
won't be processed (which will eventually result in all users getting
notifications about how their mirrors are out of date).

(imported from commit 44d605aca0290bef2c94fb99267e15e26b21673b)
2013-01-14 13:28:23 -05:00
Tim Abbott 6a2bf7c4f3 Move update_user_activity to actions.py.
(imported from commit a81669d01e699fbf809a02f91e6007b7f61e5518)
2013-01-14 13:28:23 -05:00
Zev Benjamin 7e62ef5a03 Add a common base class for the RequestVariable*Error classes.
Tweaked by tabbott to make it easier to use for one-off applications.

(imported from commit 6c8e3e6da87c431d9a21e6186fa8952bbaa9e5f6)
2013-01-11 16:11:07 -05:00
Tim Abbott 3b7d61e45f tornado: Get User and UserProfile objects from a memcached.
This commit has the effect of eliminating all of the non-UserActivity
database queries from the Tornado process -- at least in the uncached
case.

This is safe to do, if a bit fragile, since our Tornado code only
accesses these objects (as opposed to their IDs) in a few places that
are all fine with old data, and I don't expect us to add any new ones
soon:

* UserActivity logging, which I plan to move out of Tornado entirely

* Checking whether we're authenticated in our decorators (which could
  be simplified -- the actual security check is just whether the
  Django session object has a particular field)

* Checking the user realm for whether we should sync to the client
  notices about their Zephyr mirror being up to date, which is quite
  static and I think we can move out of this code path.

But implementation constraints around mapping the user_ids to
user_profile_ids mean that it makes sense to get the actual objects
for now.

This code is not what I want to do long-term.  I expect we'll be able
to clean up the dual User/UserProfile nonsense once we integrate the
upcoming Django 1.5 release, with its support for pluggable User
models, and after that I change, I expect it'll be fairly easy to make
the Tornado code only work with the user ID, not the actual objects.

(imported from commit 82e25b62fd0e3af7c86040600c63a4deec7bec06)
2013-01-11 16:11:07 -05:00
Tim Abbott 536027aa66 decorators: Use select_related() when getting the UserProfile objects.
This should save a database query when we later need to access fields
such as the user's realm name in format_updates_response.

(imported from commit ceef726db9e917cfb0b47061130d7299ee64890d)
2013-01-10 16:59:36 -05:00
Tim Abbott 83abc08315 Move tornado views to their own file.
(imported from commit e0d9182cbc89a16eedd2846fa17cfba482510565)
2013-01-08 16:53:53 -05:00
Reid Barton c5d37572a7 Document ordering constraint on has_request_variables
(imported from commit efb42cc8478f968ac0dcd390d73bd3d161274fe1)
2013-01-07 16:09:23 -05:00
Zev Benjamin bf5ce4783d Move @has_request_variables error responses to middleware
This will now allow us to use @has_request_variables on helper
functions.

(imported from commit 799d71477654eac7fd8192cfc5bb88b78053532d)
2012-12-20 14:26:36 -05:00
Jessica McKellar 1dbb2c6ed5 decorators: split authenticated_json_view into POST and non-POST versions.
(imported from commit cdcfdb51c379c07e94ebc763cf925e6a73747fc0)
2012-12-03 12:46:27 -05:00
Tim Abbott 988b0ce7ba Fix missing transaction decorator in get_user_activity.
The transaction.commit() line inside the except IntegrityError clause
doesn't work unless we've entered transaction management.

(imported from commit 2ae520e05c9a19ec35af7c244631b01d4b9598d6)
2012-12-03 12:30:13 -05:00
Tim Abbott 16b1f63800 decorators: Use @has_request_variables to extract client.
(imported from commit 8407a556fcc1922d69e593edee3897957742f3fb)
2012-11-28 17:41:39 -05:00
Tim Abbott a6841c7f12 decorators: Pass the parsed client to view functions as request._client.
(imported from commit e297cfc9c2c1c4d07f083a28ab3d85d32a8bc85b)
2012-11-28 17:41:38 -05:00
Keegan McAllister b5dccbfa87 Return a special value to initiate longpolling
Fixes #261.

(imported from commit dd0312c3574c9ca924ab76edcb2fb6c03085be32)
2012-11-28 15:28:14 -05:00
Keegan McAllister ca1b1b2974 Remove some unused @asynchronous-related code
(imported from commit aa332263777f26a29539ba55bec8853df59bbc07)
2012-11-28 15:28:14 -05:00