view MoinMoin/action/cache.py @ 6128:561b7a9c2bd9

fix wrong digestmod of hmac.new calls stdlib default is md5, but we need sha1. this bug was introduced when removing python_compatibility module usage in changeset 500f68d3e2fd594b2f4ea4a272b828a07d9eac1d.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 01 Nov 2016 17:56:32 +0100
parents 500f68d3e2fd
children
line wrap: on
line source
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - Send a raw object from the caching system (and offer utility
    functions to put data into cache, calculate cache key, etc.).

    Sample usage
    ------------
    Assume we have a big picture (bigpic) and we want to efficiently show some
    thumbnail (thumbpic) for it:

    # first calculate a (hard to guess) cache key (this key will change if the
    # original data (bigpic) changes):
    key = cache.key(..., attachname=bigpic, ...)

    # check if we don't have it in cache yet
    if not cache.exists(..., key):
        # if we don't have it in cache, we need to render it - this is an
        # expensive operation that we want to avoid by caching:
        thumbpic = render_thumb(bigpic)
        # put expensive operation's results into cache:
        cache.put(..., key, thumbpic, ...)

    url = cache.url(..., key)
    html = '<img src="%s">' % url

    @copyright: 2008 MoinMoin:ThomasWaldmann
    @license: GNU GPL, see COPYING for details.
"""

from datetime import datetime
import hmac, hashlib

from MoinMoin import log
logging = log.getLogger(__name__)

# keep both imports below as they are, order is important:
from MoinMoin import wikiutil
import mimetypes

from MoinMoin import config, caching
from MoinMoin.util import filesys
from MoinMoin.action import AttachFile

action_name = __name__.split('.')[-1]

# Do NOT get this directly from request.values or user would be able to read any cache!
cache_arena = 'sendcache'  # just using action_name is maybe rather confusing

# We maybe could use page local caching (not 'wiki' global) to have less directory entries.
# Local is easier to automatically cleanup if an item changes. Global is easier to manually cleanup.
# Local makes data_dir much larger, harder to backup.
cache_scope = 'wiki'

do_locking = False

def key(request, wikiname=None, itemname=None, attachname=None, content=None, secret=None):
    """
    Calculate a (hard-to-guess) cache key.

    Important key properties:
    * The key must be hard to guess (this is because do=get does no ACL checks,
      so whoever got the key [e.g. from html rendering of an ACL protected wiki
      page], will be able to see the cached content.
    * The key must change if the (original) content changes. This is because
      ACLs on some item may change and even if somebody was allowed to see some
      revision of some item, it does not implicate that he is allowed to see
      any other revision also. There will be no harm if he can see exactly the
      same content again, but there could be harm if he could access a revision
      with different content.

    If content is supplied, we will calculate and return a hMAC of the content.

    If wikiname, itemname, attachname is given, we don't touch the content (nor do
    we read it ourselves from the attachment file), but we just calculate a key
    from the given metadata values and some metadata we get from the filesystem.

    Hint: if you need multiple cache objects for the same source content (e.g.
          thumbnails of different sizes for the same image), calculate the key
          only once and then add some different prefixes to it to get the final
          cache keys.

    @param request: the request object
    @param wikiname: the name of the wiki (if not given, will be read from cfg)
    @param itemname: the name of the page
    @param attachname: the filename of the attachment
    @param content: content data as unicode object (e.g. for page content or
                    parser section content)
    @param secret: secret for hMAC calculation (default: use secret from cfg)
    """
    if secret is None:
        secret = request.cfg.secrets['action/cache']
    if content:
        hmac_data = content
    elif itemname is not None and attachname is not None:
        wikiname = wikiname or request.cfg.interwikiname or request.cfg.siteid
        fuid = filesys.fuid(AttachFile.getFilename(request, itemname, attachname))
        hmac_data = u''.join([wikiname, itemname, attachname, repr(fuid)])
    else:
        raise AssertionError('cache_key called with unsupported parameters')

    hmac_data = hmac_data.encode('utf-8')
    key = hmac.new(secret, hmac_data, digestmod=hashlib.sha1).hexdigest()
    return key


def put(request, key, data,
        filename=None,
        content_type=None,
        content_disposition=None,
        content_length=None,
        last_modified=None,
        original=None):
    """
    Put an object into the cache to send it with cache action later.

    @param request: the request object
    @param key: non-guessable key into cache (str)
    @param data: content data (str or open file-like obj)
    @param filename: filename for content-disposition header and for autodetecting
                     content_type (unicode, default: None)
    @param content_type: content-type header value (str, default: autodetect from filename)
    @param content_disposition: type for content-disposition header (str, default: None)
    @param content_length: data length for content-length header (int, default: autodetect)
    @param last_modified: last modified timestamp (int, default: autodetect)
    @param original: location of original object (default: None) - this is just written to
                     the metadata cache "as is" and could be used for cache cleanup,
                     use (wikiname, itemname, attachname or None))
    """
    import os.path
    from MoinMoin.util import timefuncs

    if filename:
        # make sure we just have a simple filename (without path)
        filename = os.path.basename(filename)

        if content_type is None:
            # try autodetect
            mt, enc = mimetypes.guess_type(filename)
            if mt:
                content_type = mt

    if content_type is None:
        content_type = 'application/octet-stream'

    data_cache = caching.CacheEntry(request, cache_arena, key+'.data', cache_scope, do_locking=do_locking)
    data_cache.update(data)
    content_length = content_length or data_cache.size()
    last_modified = last_modified or data_cache.mtime()

    httpdate_last_modified = timefuncs.formathttpdate(int(last_modified))
    headers = [('Content-Type', content_type),
               ('Last-Modified', httpdate_last_modified),
               ('Content-Length', content_length),
              ]
    if content_disposition and filename:
        # TODO: fix the encoding here, plain 8 bit is not allowed according to the RFCs
        # There is no solution that is compatible to IE except stripping non-ascii chars
        filename = filename.encode(config.charset)
        headers.append(('Content-Disposition', '%s; filename="%s"' % (content_disposition, filename)))

    meta_cache = caching.CacheEntry(request, cache_arena, key+'.meta', cache_scope, do_locking=do_locking, use_pickle=True)
    meta_cache.update({
        'httpdate_last_modified': httpdate_last_modified,
        'last_modified': last_modified,
        'headers': headers,
        'original': original,
    })


def exists(request, key, strict=False):
    """
    Check if a cached object for this key exists.

    @param request: the request object
    @param key: non-guessable key into cache (str)
    @param strict: if True, also check the data cache, not only meta (bool, default: False)
    @return: is object cached? (bool)
    """
    if strict:
        data_cache = caching.CacheEntry(request, cache_arena, key+'.data', cache_scope, do_locking=do_locking)
        data_cached = data_cache.exists()
    else:
        data_cached = True  # we assume data will be there if meta is there

    meta_cache = caching.CacheEntry(request, cache_arena, key+'.meta', cache_scope, do_locking=do_locking, use_pickle=True)
    meta_cached = meta_cache.exists()

    return meta_cached and data_cached


def remove(request, key):
    """ delete headers/data cache for key """
    meta_cache = caching.CacheEntry(request, cache_arena, key+'.meta', cache_scope, do_locking=do_locking, use_pickle=True)
    meta_cache.remove()
    data_cache = caching.CacheEntry(request, cache_arena, key+'.data', cache_scope, do_locking=do_locking)
    data_cache.remove()


def url(request, key, do='get'):
    """ return URL for the object cached for key """
    return request.href(action=action_name, do=do, key=key)

def _get_headers(request, key):
    """ get last_modified and headers cached for key """
    meta_cache = caching.CacheEntry(request, cache_arena, key+'.meta', cache_scope, do_locking=do_locking, use_pickle=True)
    meta = meta_cache.content()
    return meta['last_modified'], meta['headers']


def _get_datafile(request, key):
    """ get an open data file for the data cached for key """
    data_cache = caching.CacheEntry(request, cache_arena, key+'.data', cache_scope, do_locking=do_locking)
    data_cache.open(mode='r')
    return data_cache


def _do_get(request, key):
    """ send a complete http response with headers/data cached for key """
    try:
        last_modified, headers = _get_headers(request, key)
        if datetime.utcfromtimestamp(int(last_modified)) == request.if_modified_since:
            request.status_code = 304
        else:
            for k, v in headers:
                request.headers.add(k, v)
            data_file = _get_datafile(request, key)
            request.send_file(data_file)
    except caching.CacheError:
        request.status_code = 404


def _do_remove(request, key):
    """ delete headers/data cache for key """
    remove(request, key)


def _do(request, do, key):
    if do == 'get':
        _do_get(request, key)
    elif do == 'remove':
        _do_remove(request, key)

def execute(pagename, request):
    do = request.values.get('do')
    key = request.values.get('key')
    _do(request, do, key)