swift kilo版代码更新
今天重新搭建swift服务器,git下代码后一时好奇,进入kilo/stable branch后,与四个月前下载的swift/kilo版本做了个比较。使用diff命令完成。发现代码还是略有区别。
diff -r -u -N --new-file swift/swift/common/bufferedhttp.py swift-kilo/swift/common/bufferedhttp.py
--- swift/swift/common/bufferedhttp.py 2015-09-18 15:30:03.730723515 +0800
+++ swift-kilo/swift/common/bufferedhttp.py 2015-09-18 16:43:36.283386102 +0800
@@ -27,19 +27,14 @@
"""
from swift import gettext_ as _
-from swift.common import constraints
from urllib import quote
import logging
import time
import socket
-import eventlet
from eventlet.green.httplib import CONTINUE, HTTPConnection, HTTPMessage, \
HTTPResponse, HTTPSConnection, _UNKNOWN
-httplib = eventlet.import_patched('httplib')
-httplib._MAXHEADERS = constraints.MAX_HEADER_COUNT
-
class BufferedHTTPResponse(HTTPResponse):
"""HTTPResponse class that buffers reading of headers"""
diff -r -u -N --new-file swift/swift/common/constraints.py swift-kilo/swift/common/constraints.py
--- swift/swift/common/constraints.py 2015-09-18 15:30:03.730723515 +0800
+++ swift-kilo/swift/common/constraints.py 2015-09-18 16:43:36.259385971 +0800
@@ -36,7 +36,6 @@
MAX_ACCOUNT_NAME_LENGTH = 256
MAX_CONTAINER_NAME_LENGTH = 256
VALID_API_VERSIONS = ["v1", "v1.0"]
-EXTRA_HEADER_COUNT = 0
# If adding an entry to DEFAULT_CONSTRAINTS, note that
# these constraints are automatically published by the
@@ -55,7 +54,6 @@
'max_account_name_length': MAX_ACCOUNT_NAME_LENGTH,
'max_container_name_length': MAX_CONTAINER_NAME_LENGTH,
'valid_api_versions': VALID_API_VERSIONS,
- 'extra_header_count': EXTRA_HEADER_COUNT,
}
SWIFT_CONSTRAINTS_LOADED = False
@@ -107,13 +105,6 @@
'xml': 'application/xml'}
-# By default the maximum number of allowed headers depends on the number of max
-# allowed metadata settings plus a default value of 32 for regular http
-# headers. If for some reason this is not enough (custom middleware for
-# example) it can be increased with the extra_header_count constraint.
-MAX_HEADER_COUNT = MAX_META_COUNT + 32 + max(EXTRA_HEADER_COUNT, 0)
-
-
def check_metadata(req, target_type):
"""
Check metadata sent in the request headers. This should only check
diff -r -u -N --new-file swift/swift/common/middleware/tempurl.py swift-kilo/swift/common/middleware/tempurl.py
--- swift/swift/common/middleware/tempurl.py 2015-09-18 15:30:03.738723545 +0800
+++ swift-kilo/swift/common/middleware/tempurl.py 2015-09-18 16:43:36.243385885 +0800
@@ -122,13 +122,11 @@
from urlparse import parse_qs
from swift.proxy.controllers.base import get_account_info, get_container_info
-from swift.common.swob import HeaderKeyDict, HTTPUnauthorized, HTTPBadRequest
+from swift.common.swob import HeaderKeyDict, HTTPUnauthorized
from swift.common.utils import split_path, get_valid_utf8_str, \
register_swift_info, get_hmac, streq_const_time, quote
-DISALLOWED_INCOMING_HEADERS = 'x-object-manifest'
-
#: Default headers to remove from incoming requests. Simply a whitespace
#: delimited list of header names and names can optionally end with '*' to
#: indicate a prefix match. DEFAULT_INCOMING_ALLOW_HEADERS is a list of
@@ -152,10 +150,6 @@
DEFAULT_OUTGOING_ALLOW_HEADERS = 'x-object-meta-public-*'
-CONTAINER_SCOPE = 'container'
-ACCOUNT_SCOPE = 'account'
-
-
def get_tempurl_keys_from_metadata(meta):
"""
Extracts the tempurl keys from metadata.
@@ -176,38 +170,6 @@
quote(filename, safe=' /'), quote(filename))
-def authorize_same_account(account_to_match):
-
- def auth_callback_same_account(req):
- try:
- _ver, acc, _rest = req.split_path(2, 3, True)
- except ValueError:
- return HTTPUnauthorized(request=req)
-
- if acc == account_to_match:
- return None
- else:
- return HTTPUnauthorized(request=req)
-
- return auth_callback_same_account
-
-
-def authorize_same_container(account_to_match, container_to_match):
-
- def auth_callback_same_container(req):
- try:
- _ver, acc, con, _rest = req.split_path(3, 4, True)
- except ValueError:
- return HTTPUnauthorized(request=req)
-
- if acc == account_to_match and con == container_to_match:
- return None
- else:
- return HTTPUnauthorized(request=req)
-
- return auth_callback_same_container
-
-
class TempURL(object):
"""
WSGI Middleware to grant temporary URLs specific access to Swift
@@ -268,10 +230,6 @@
#: The methods allowed with Temp URLs.
self.methods = methods
- self.disallowed_headers = set(
- 'HTTP_' + h.upper().replace('-', '_')
- for h in DISALLOWED_INCOMING_HEADERS.split())
-
headers = DEFAULT_INCOMING_REMOVE_HEADERS
if 'incoming_remove_headers' in conf:
headers = conf['incoming_remove_headers']
@@ -340,10 +298,10 @@
return self.app(env, start_response)
if not temp_url_sig or not temp_url_expires:
return self._invalid(env, start_response)
- account, container = self._get_account_and_container(env)
+ account = self._get_account(env)
if not account:
return self._invalid(env, start_response)
- keys = self._get_keys(env)
+ keys = self._get_keys(env, account)
if not keys:
return self._invalid(env, start_response)
if env['REQUEST_METHOD'] == 'HEAD':
@@ -358,32 +316,15 @@
else:
hmac_vals = self._get_hmacs(env, temp_url_expires, keys)
- is_valid_hmac = False
- hmac_scope = None
- for hmac, scope in hmac_vals:
- # While it's true that we short-circuit, this doesn't affect the
- # timing-attack resistance since the only way this will
- # short-circuit is when a valid signature is passed in.
- if streq_const_time(temp_url_sig, hmac):
- is_valid_hmac = True
- hmac_scope = scope
- break
+ # While it's true that any() will short-circuit, this doesn't affect
+ # the timing-attack resistance since the only way this will
+ # short-circuit is when a valid signature is passed in.
+ is_valid_hmac = any(streq_const_time(temp_url_sig, hmac)
+ for hmac in hmac_vals)
if not is_valid_hmac:
return self._invalid(env, start_response)
- # disallowed headers prevent accidently allowing upload of a pointer
- # to data that the PUT tempurl would not otherwise allow access for.
- # It should be safe to provide a GET tempurl for data that an
- # untrusted client just uploaded with a PUT tempurl.
- resp = self._clean_disallowed_headers(env, start_response)
- if resp:
- return resp
self._clean_incoming_headers(env)
-
- if hmac_scope == ACCOUNT_SCOPE:
- env['swift.authorize'] = authorize_same_account(account)
- else:
- env['swift.authorize'] = authorize_same_container(account,
- container)
+ env['swift.authorize'] = lambda req: None
env['swift.authorize_override'] = True
env['REMOTE_USER'] = '.wsgi.tempurl'
qs = {'temp_url_sig': temp_url_sig,
@@ -424,23 +365,22 @@
return self.app(env, _start_response)
- def _get_account_and_container(self, env):
+ def _get_account(self, env):
"""
- Returns just the account and container for the request, if it's an
- object request and one of the configured methods; otherwise, None is
+ Returns just the account for the request, if it's an object
+ request and one of the configured methods; otherwise, None is
returned.
:param env: The WSGI environment for the request.
- :returns: (Account str, container str) or (None, None).
+ :returns: Account str or None.
"""
if env['REQUEST_METHOD'] in self.methods:
try:
ver, acc, cont, obj = split_path(env['PATH_INFO'], 4, 4, True)
except ValueError:
- return (None, None)
+ return None
if ver == 'v1' and obj.strip('/'):
- return (acc, cont)
- return (None, None)
+ return acc
def _get_temp_url_info(self, env):
"""
@@ -470,23 +410,18 @@
inline = True
return temp_url_sig, temp_url_expires, filename, inline
- def _get_keys(self, env):
+ def _get_keys(self, env, account):
"""
Returns the X-[Account|Container]-Meta-Temp-URL-Key[-2] header values
- for the account or container, or an empty list if none are set. Each
- value comes as a 2-tuple (key, scope), where scope is either
- CONTAINER_SCOPE or ACCOUNT_SCOPE.
+ for the account or container, or an empty list if none are set.
Returns 0-4 elements depending on how many keys are set in the
account's or container's metadata.
:param env: The WSGI environment for the request.
- :returns: [
- (X-Account-Meta-Temp-URL-Key str value, ACCOUNT_SCOPE) if set,
- (X-Account-Meta-Temp-URL-Key-2 str value, ACCOUNT_SCOPE if set,
- (X-Container-Meta-Temp-URL-Key str value, CONTAINER_SCOPE) if set,
- (X-Container-Meta-Temp-URL-Key-2 str value, CONTAINER_SCOPE if set,
- ]
+ :param account: Account str.
+ :returns: [X-Account-Meta-Temp-URL-Key str value if set,
+ X-Account-Meta-Temp-URL-Key-2 str value if set]
"""
account_info = get_account_info(env, self.app, swift_source='TU')
account_keys = get_tempurl_keys_from_metadata(account_info['meta'])
@@ -495,28 +430,25 @@
container_keys = get_tempurl_keys_from_metadata(
container_info.get('meta', []))
- return ([(ak, ACCOUNT_SCOPE) for ak in account_keys] +
- [(ck, CONTAINER_SCOPE) for ck in container_keys])
+ return account_keys + container_keys
- def _get_hmacs(self, env, expires, scoped_keys, request_method=None):
+ def _get_hmacs(self, env, expires, keys, request_method=None):
"""
:param env: The WSGI environment for the request.
:param expires: Unix timestamp as an int for when the URL
expires.
- :param scoped_keys: (key, scope) tuples like _get_keys() returns
+ :param keys: Key strings, from the X-Account-Meta-Temp-URL-Key[-2] of
+ the account.
:param request_method: Optional override of the request in
the WSGI env. For example, if a HEAD
does not match, you may wish to
override with GET to still allow the
HEAD.
-
- :returns: a list of (hmac, scope) 2-tuples
"""
if not request_method:
request_method = env['REQUEST_METHOD']
- return [
- (get_hmac(request_method, env['PATH_INFO'], expires, key), scope)
- for (key, scope) in scoped_keys]
+ return [get_hmac(
+ request_method, env['PATH_INFO'], expires, key) for key in keys]
def _invalid(self, env, start_response):
"""
@@ -533,22 +465,6 @@
body = '401 Unauthorized: Temp URL invalid\n'
return HTTPUnauthorized(body=body)(env, start_response)
- def _clean_disallowed_headers(self, env, start_response):
- """
- Validate the absense of disallowed headers for "unsafe" operations.
-
- :returns: None for safe operations or swob.HTTPBadResponse if the
- request includes disallowed headers.
- """
- if env['REQUEST_METHOD'] in ('GET', 'HEAD', 'OPTIONS'):
- return
- for h in env:
- if h in self.disallowed_headers:
- return HTTPBadRequest(
- body='The header %r is not allowed in this tempurl' %
- h[len('HTTP_'):].title().replace('_', '-'))(
- env, start_response)
-
def _clean_incoming_headers(self, env):
"""
Removes any headers from the WSGI environment as per the
diff -r -u -N --new-file swift/swift/proxy/server.py swift-kilo/swift/proxy/server.py
--- swift/swift/proxy/server.py 2015-09-18 15:30:03.754723606 +0800
+++ swift-kilo/swift/proxy/server.py 2015-09-18 16:43:36.111385171 +0800
@@ -378,7 +378,6 @@
allowed_methods = getattr(controller, 'allowed_methods', set())
return HTTPMethodNotAllowed(
request=req, headers={'Allow': ', '.join(allowed_methods)})
- old_authorize = None
if 'swift.authorize' in req.environ:
# We call authorize before the handler, always. If authorized,
# we remove the swift.authorize hook so isn't ever called
@@ -389,7 +388,7 @@
if not resp and not req.headers.get('X-Copy-From-Account') \
and not req.headers.get('Destination-Account'):
# No resp means authorized, no delayed recheck required.
- old_authorize = req.environ['swift.authorize']
+ del req.environ['swift.authorize']
else:
# Response indicates denial, but we might delay the denial
# and recheck later. If not delayed, return the error now.
@@ -399,13 +398,7 @@
# gets mutated during handling. This way logging can display the
# method the client actually sent.
req.environ['swift.orig_req_method'] = req.method
- try:
- if old_authorize:
- req.environ.pop('swift.authorize', None)
- return handler(req)
- finally:
- if old_authorize:
- req.environ['swift.authorize'] = old_authorize
+ return handler(req)
except HTTPException as error_response:
return error_response
except (Exception, Timeout):
其中,swift目录为最新版本的swift kilo/stable中源码;swift-kilo目录为四个月前下载的源码。
从上面的比较中,可以看出两个时段的代码略有区别,差异在百来行左右,主要集中于tempurl中间件代码中。这部分,与我动手修改的部分关系不大。唯一稍稍有关的代码更新,可能就是proxy server中代码更新。但仔细研究后发现,就是对旧的认证入口函数做了一个保存,在返回产生异常时,利用旧认证函数对env中认证函数进行赋值。相当于对代码逻辑的小小完善,对整体大流程不会有影响。
我想,我可以放心在最新kilo分支代码上进行修改,并利用它搭建系统,进行压力测试。
swift kilo版代码更新的更多相关文章
- Unity手游之路<十三>手游代码更新策略探讨
http://blog.csdn.net/janeky/article/details/25923151 这几个月公司项目非常忙,加上家里事情也多,所以blog更新一直搁置了.最近在项目开发上线过程中 ...
- openstack【Kilo】汇总:包括20英文文档、各个组件新增功能及Kilo版部署
OpenStack Kilo版本发布 20英文文档OpenStack Kilo版本文档汇总:各个操作系统安装部署.配置文档.用户指南等文档 Kilo版部署 openstack[Kilo]入门 [准备篇 ...
- Unity手游之路手游代码更新策略探讨
版权声明: https://blog.csdn.net/janeky/article/details/25923151 这几个月公司项目非常忙.加上家里事情也多,所以blog更新一直搁置了. 近期在项 ...
- OpenStack Kilo版加CEPH部署手册
OpenStack Kilo版加CEPH部署手册 作者: yz联系方式: QQ: 949587200日期: 2015-7-13版本: Kilo 转载地址: http://mp.weixin.qq.co ...
- Win10桌面预览版14316更新内容大全
下载更新: 安装之后右下角: Win10桌面预览版14316更新内容: Windows上运行乌班图Bash:通过设置开启开发者模式,更新和安全>面向开发人员.然后搜索"Wi ...
- 理解JavaScript设计模式与开发应用中发布-订阅模式的最终版代码
最近拜读了曾探所著的<JavaScript设计模式与开发应用>一书,在读到发布-订阅模式一章时,作者不仅给出了基本模式的通用版本的发布-订阅模式的代码,最后还做出了扩展,给该模式增加了离线 ...
- WebGIS中以version方式实现代码更新后前端自动读取更新代码的方法
文章版权由作者李晓晖和博客园共有,若转载请于明显处标明出处:http://www.cnblogs.com/naaoveGIS/ 1. 前言 GIS代码进行更新后,由于用户前端已有缓存,导致更新的功能不 ...
- 【剑指offer】Java版代码(完整版)
原文地址:https://blog.csdn.net/baiye_xing/article/details/78428561 一.引言 <剑指offer>可谓是程序猿面试的神书了,在面试中 ...
- git如何merge github forked repository里的代码更新?(转)
参考内容:git如何merge github forked repository里的代码更新? [refer to ]http://www.haojii.com/2011/08/how-to-git- ...
随机推荐
- 记录从数据库把数据初始化mongodb缓存的一些坑
在项目启动时,需要做一些项目启动后的预操作,比如初始化数据进缓存等等. 这时就需要写listener,等监听.在项目启动时把数据缓存进mongodb. 但是这会有一个问题.项目一般都是把各种bean交 ...
- 309 Best Time to Buy and Sell Stock with Cooldown 买股票的最佳时间含冷冻期
Say you have an array for which the ith element is the price of a given stock on day i.Design an alg ...
- VS2013使用单元测试
一.开发环境 开发工具:VS2013 二.开发流程 1.添加一个控制台项目UnitDemo namespace UnitDemo { public class Program { static voi ...
- NodeJs学习记录(四)初学阶段关于app.js里的一些重要配置
app.set('views', path.join(__dirname, 'views')); 以上代码用于配置页面文件(例如 .ejs 文件)的根目录, 设置之后 访问 ./index 则等同于访 ...
- 在C语言中模仿java的LinkedList集合的使用(不要错过哦)
在C语言中,多个数据的储存通常会用到数组.但是C语言的数组有个缺陷,就是固定长度,超过数组的最大长度就会溢出.怎样实现N个数储存起来而不被溢出呢. 学过java的都知道,java.util包里有一个L ...
- 图标文件ico制作以及使用说明
今天说一个图标文件——ico.我们在pc端浏览网页的时候网页栏那块都会显示一个本网站特有的图片,就是我们说的ico了.示例:<link href="image/favicon.ico& ...
- es6数值扩展
1. 二进制和八进制表示法 从 ES5 开始,在严格模式之中,八进制就不再允许使用前缀0表示,ES6 进一步明确,要使用前缀0o表示. ES6 提供了二进制和八进制数值的新的写法,分别用前缀0b(或0 ...
- C++帮助文档(自己写的)
以下所有记录几乎都是摘抄自<C++ primer 5th 中文> auto 类型说明符 P61 特点: 1. 定义的变量必须有初始值 2. 通过初始值来推算变量的类 ...
- 安卓开发常用网络请求框架OkHttp、Volley、XUtils、Retrofit对比
网络请求框架总结1.xutils 此框架庞大而周全,这个框架可以网络请求,同时可以图片加载,又可以数据存储,又可以 View 注解,使用这种框架很方便,这样会使得你整个项目对它依赖性太强,万一 ...
- git 删除分支如何恢复
强制删除了一个分支而后又想重新使用这个分支,该怎么找回该分支上的代码呢? 一:问题描述: 今天师父说上线几个功能,让我把开发的分支推送到远程.当打开git就傻眼了,之前开发好的分支被我删除了,就连推送 ...