Révision 417b8370
Ajouté par Jérôme Schneider il y a plus de 12 ans
README.rst | ||
---|---|---|
18 | 18 |
Features |
19 | 19 |
-------- |
20 | 20 |
|
21 |
TODO: improve this part
|
|
22 |
|
|
23 |
* Filters: You can filter the request or the response with one or many filters.
|
|
24 |
You can serve static response in a filter.
|
|
25 |
There 3 types of filters:
|
|
26 |
* on_request
|
|
27 |
* on_response
|
|
28 |
* reponse
|
|
29 |
* Dispatcher: This will call the right filters
|
|
30 |
* Authentification management
|
|
31 |
* Sql and ldap authentification
|
|
32 |
* Authentification through Authentic2 idp (SAML2 and CAS)
|
|
21 |
* Mapping / dispatching::
|
|
22 |
With Mandaye you can define your own mapping files. This allows you to call your own filters |
|
23 |
on the right HTTP requests. See the config part for more details.
|
|
24 |
* Filters::
|
|
25 |
You can define your own filters with Mandaye. This filter have access to the WSGI environment and
|
|
26 |
could modify the HTTP requests and / or responses.
|
|
27 |
* Local authentification::
|
|
28 |
Mandaye provide a sql local authentification but you can also implement your own
|
|
29 |
local authentification.
|
|
30 |
* Distant authentification::
|
|
31 |
At the moment Mandaye only support form replay for a distant authentification but we will provide
|
|
32 |
SAML 2.0, OpenID and CAS support.
|
|
33 | 33 |
|
34 | 34 |
|
35 | 35 |
Installation |
... | ... | |
40 | 40 |
|
41 | 41 |
You must install the following packages to use Mandaye |
42 | 42 |
|
43 |
* Gevent 0.13:: |
|
43 |
* Python >= 2.5:: http://python.org/ |
|
44 |
* Setuptools >= 0.6:: http://pypi.python.org/pypi/setuptools |
|
45 |
* Gunicorn >= 0.13:: http://pypi.python.org/pypi/gunicorn |
|
46 |
* Poster >= 0.8:: http://pypi.python.org/pypi/poster/ |
|
47 |
* SQLAlchemy >= 0.7:: http://pypi.python.org/pypi/SQLAlchemy |
|
48 |
* Beaker >= 1.6:: http://pypi.python.org/pypi/Beaker |
|
49 |
* Mako >= 0.4:: http://pypi.python.org/pypi/Mako |
|
50 |
* lxml >= 2.3:: http://pypi.python.org/pypi/lxml |
|
51 |
|
|
52 |
You can install all those dependencies quickly using pip:: |
|
44 | 53 |
|
45 |
From sources: http://pypi.python.org/pypi/gevent |
|
46 |
Debian based distribution: apt-get install python-gevent |
|
47 |
|
|
48 |
* Poster 0.8:: |
|
54 |
pip install gevent poster SQLAlchemy Beaker Mako lxml gunicorn |
|
49 | 55 |
|
50 |
From sources: http://pypi.python.org/pypi/poster/ |
|
51 |
Debian based distribution: apt-get install python-poster |
|
56 |
or easy_install:: |
|
52 | 57 |
|
53 |
* SQLAlchemy 0.7.2::
|
|
58 |
easy_install gevent poster SQLAlchemy Beaker Mako lxml gunicorn
|
|
54 | 59 |
|
55 |
From sources: http://pypi.python.org/pypi/SQLAlchemy
|
|
60 |
or apt-get (Debian based distributions)::
|
|
56 | 61 |
|
57 |
* Beaker 1.5.4::
|
|
62 |
apt-get install gunicorn python-poster python-sqlalchemy python-beaker python-mako python-lxml python-setuptools
|
|
58 | 63 |
|
59 |
From sources: http://pypi.python.org/pypi/Beaker
|
|
64 |
It's recommanded to install the following modules
|
|
60 | 65 |
|
61 |
* Mako 0.4.2:: |
|
66 |
* PyCrypto >= 2.3:: http://pypi.python.org/pypi/pycrypto |
|
67 |
* Static >= 0.4:: http://pypi.python.org/pypi/static |
|
62 | 68 |
|
63 |
From sources: http://pypi.python.org/pypi/Mako
|
|
69 |
You can install this Python modules with pip::
|
|
64 | 70 |
|
65 |
* lxml 2.3.1::
|
|
71 |
pip install pycrypto static
|
|
66 | 72 |
|
67 |
From sources: http://pypi.python.org/pypi/lxml |
|
73 |
Quick installation |
|
74 |
------------------ |
|
68 | 75 |
|
69 |
You can install all those dependencies quickly using pip::
|
|
76 |
Install at least Python >=2.5 and setuptools or distribute and enter this command in a shell::
|
|
70 | 77 |
|
71 |
pip install gevent poster SQLAlchemy Beaker Mako lxml
|
|
78 |
$ python setup.py install
|
|
72 | 79 |
|
73 |
or easy_install:: |
|
80 |
If you want to develop use this command line:: |
|
81 |
|
|
82 |
$ python setup.py develop |
|
74 | 83 |
|
75 |
easy_install gevent poster SQLAlchemy Beaker Mako lxml |
|
76 | 84 |
|
77 | 85 |
Quick Start |
78 | 86 |
----------- |
79 | 87 |
|
80 |
Configure mandaye/config.py |
|
88 |
Configure MANDAYE_PATH/mandaye/config.py with your own preferences. |
|
89 |
You must configure the database uri and the log file. |
|
90 |
|
|
91 |
First create your database:: |
|
92 |
|
|
93 |
$ mandaye_admin.py --createdb |
|
94 |
|
|
95 |
Launch mandaye server::: |
|
96 |
|
|
97 |
$ mandaye_server.py |
|
98 |
|
|
99 |
mandaye_server.py use gunicorn and gunicorn options (please read http://gunicorn.org/configure.html) |
|
81 | 100 |
|
82 |
Then launch the following commands::
|
|
101 |
You could alse use gunicorn.conf.py-sample (in the mandaye files)::
|
|
83 | 102 |
|
84 |
./mandayectl --createdb |
|
85 |
./mandayectl --start |
|
103 |
$ mandaye_server.py -c PATH_TO_THE_FILE/gunicorn.conf.py |
|
86 | 104 |
|
87 |
You should see the following output::
|
|
105 |
or::
|
|
88 | 106 |
|
89 |
Database created |
|
90 |
Starting Mandaye x.x.x.x:xx ... |
|
107 |
$ mandaye_server.py -c PATH_TO_THE_FILE/gunicorn.conf.py -b 0.0.0.0:4242 |
|
91 | 108 |
|
109 |
Configuration |
|
110 |
============= |
|
111 |
TODO |
crypt_pwd.py | ||
---|---|---|
1 |
#!/usr/bin/env python |
|
2 |
# -*- coding: utf-8 -*- |
|
3 |
|
|
4 |
""" Script to crypt mandaye passwords |
|
5 |
""" |
|
6 |
|
|
7 |
import base64 |
|
8 |
import logging |
|
9 |
|
|
10 |
from Crypto.Cipher import AES |
|
11 |
from mandaye import config |
|
12 |
from mandaye.models import ExtUser |
|
13 |
from mandaye.db import sql_session |
|
14 |
|
|
15 |
def encrypt_pwd(pwd): |
|
16 |
logging.debug("Encrypt password") |
|
17 |
enc_pwd = pwd |
|
18 |
if config.encrypt_secret: |
|
19 |
try: |
|
20 |
cipher = AES.new(config.encrypt_secret, AES.MODE_CFB) |
|
21 |
enc_pwd = cipher.encrypt(pwd) |
|
22 |
enc_pwd = base64.b64encode(enc_pwd) |
|
23 |
except Exception, e: |
|
24 |
if config.debug: |
|
25 |
traceback.print_exc() |
|
26 |
logging.warning('Password encrypting failed %s' % e) |
|
27 |
else: |
|
28 |
logging.warning("You must set a secret to use pwd encryption") |
|
29 |
return enc_pwd |
|
30 |
|
|
31 |
for user in sql_session().query(ExtUser).all(): |
|
32 |
user.password = encrypt_pwd(user.password) |
|
33 |
|
|
34 |
sql_session().commit() |
|
35 |
|
gunicorn.conf.py-sample | ||
---|---|---|
1 |
|
|
2 |
PID_DIR = '/var/run/' |
|
3 |
|
|
4 |
# Gunicorn configuration (http://gunicorn.org/configure.html) |
|
5 |
#bind = '127.0.0.1:8000' # Default bind |
|
6 |
#bind = 'unix:%s/mandaye.sock' % PID_DIR # Unix socket |
|
7 |
|
|
8 |
#pidfile = '%s/mandaye.pid' % PID_DIR |
|
9 |
timeout = 60 |
|
10 |
worker = 4 |
|
11 |
worker_class = 'sync' |
|
12 |
#worker_connections = 1000 # The maximum number of simultaneous clients |
|
13 |
#max_requests = 0 # The maximum number of requests a worker will process before restarting |
|
14 |
|
|
15 |
# User / Group |
|
16 |
#user = 'www-data' |
|
17 |
#group = 'www-data' |
|
18 |
|
|
19 |
# Log |
|
20 |
loglevel = "info" |
|
21 |
accesslog = '/var/log/mandaye/mandaye-access.log' |
|
22 |
errorlog = "/var/log/mandaye/mandaye-gunicorn.log" |
|
23 |
|
mandaye/__init__.py | ||
---|---|---|
1 |
VERSION=0.1
|
|
1 |
VERSION=0.2
|
|
2 | 2 |
|
3 | 3 |
import logging |
4 | 4 |
from logging import FileHandler |
mandaye/config.py | ||
---|---|---|
1 |
from logging import DEBUG
|
|
1 |
import logging
|
|
2 | 2 |
from mandaye.exceptions import ImproperlyConfigured |
3 | 3 |
|
4 |
# Mandaye configuration |
|
5 |
host = '127.0.0.1' |
|
6 |
port = 8088 |
|
7 |
|
|
8 | 4 |
# Needed if ssl is activated |
9 | 5 |
ssl = False |
10 | 6 |
keyfile = '' |
... | ... | |
13 | 9 |
# Log configuration |
14 | 10 |
debug = False |
15 | 11 |
syslog = False |
16 |
log_level = DEBUG
|
|
17 |
log_file = '/tmp/mandaye.log'
|
|
12 |
log_file = '/var/log/mandaye/mandaye.log'
|
|
13 |
log_level = logging.INFO
|
|
18 | 14 |
|
19 | 15 |
# Template directory |
20 | 16 |
template_directory = 'mandaye/templates' |
mandaye/server.py | ||
---|---|---|
1 | 1 |
|
2 |
# gevent patching |
|
3 |
#from gevent import monkey |
|
4 |
#monkey.patch_all() |
|
5 |
|
|
6 | 2 |
import Cookie |
7 | 3 |
import config |
8 | 4 |
import logging |
... | ... | |
16 | 12 |
|
17 | 13 |
from beaker.middleware import SessionMiddleware |
18 | 14 |
from cgi import escape |
19 |
from gevent.pywsgi import WSGIServer, WSGIHandler |
|
20 | 15 |
from static import Cling |
21 | 16 |
|
22 | 17 |
from mandaye.config import debug |
... | ... | |
172 | 167 |
response.headers.items()) |
173 | 168 |
return [response.msg] |
174 | 169 |
|
175 |
class ServerHandler(WSGIHandler): |
|
176 |
|
|
177 |
def log_request(self): |
|
178 |
logging.info(self.format_request()) |
|
179 |
|
|
180 |
def serve(): |
|
181 |
"""Convenience function to immediately start a server instance.""" |
|
182 |
wsgi_app = SessionMiddleware(MandayeApp(), config.session_opts) |
|
183 |
if config.ssl: |
|
184 |
s = WSGIServer((config.host, config.port), wsgi_app, |
|
185 |
keyfile=config.keyfile, certfile=config.certfile, |
|
186 |
handler_class=ServerHandler) |
|
187 |
else: |
|
188 |
s = WSGIServer((config.host, config.port), wsgi_app, |
|
189 |
handler_class=ServerHandler) |
|
190 |
try: |
|
191 |
s.serve_forever() |
|
192 |
except KeyboardInterrupt: |
|
193 |
s.stop() |
|
194 |
|
mandaye_admin.py | ||
---|---|---|
1 |
#!/usr/bin/env python |
|
2 |
# -*- coding: utf-8 -*- |
|
3 |
|
|
4 |
""" Script to administrate mandaye server |
|
5 |
""" |
|
6 |
|
|
7 |
import base64 |
|
8 |
import logging |
|
9 |
|
|
10 |
from optparse import OptionParser |
|
11 |
|
|
12 |
from Crypto.Cipher import AES |
|
13 |
from mandaye import config |
|
14 |
from mandaye.models import ExtUser |
|
15 |
from mandaye.db import sql_session |
|
16 |
|
|
17 |
|
|
18 |
def get_cmd_options(): |
|
19 |
usage = "usage: %prog --createdb|--cryptpwd" |
|
20 |
parser = OptionParser(usage=usage) |
|
21 |
parser.add_option("--createdb", |
|
22 |
dest="createdb", |
|
23 |
default=False, |
|
24 |
action="store_true", |
|
25 |
help="Create the Mandaye database" |
|
26 |
) |
|
27 |
parser.add_option("--cryptpwd", |
|
28 |
dest="cryptpwd", |
|
29 |
default=False, |
|
30 |
action="store_true", |
|
31 |
help="Crypt external password in Mandaye's database" |
|
32 |
) |
|
33 |
(options, args) = parser.parse_args() |
|
34 |
if not options.createdb: |
|
35 |
parser.error("You must use option --createdb") |
|
36 |
return options |
|
37 |
|
|
38 |
def encrypt_pwd(pwd): |
|
39 |
logging.debug("Encrypt password") |
|
40 |
enc_pwd = pwd |
|
41 |
if config.encrypt_secret: |
|
42 |
try: |
|
43 |
cipher = AES.new(config.encrypt_secret, AES.MODE_CFB) |
|
44 |
enc_pwd = cipher.encrypt(pwd) |
|
45 |
enc_pwd = base64.b64encode(enc_pwd) |
|
46 |
except Exception, e: |
|
47 |
if config.debug: |
|
48 |
traceback.print_exc() |
|
49 |
logging.warning('Password encrypting failed %s' % e) |
|
50 |
else: |
|
51 |
logging.warning("You must set a secret to use pwd encryption") |
|
52 |
return enc_pwd |
|
53 |
|
|
54 |
def main(): |
|
55 |
options = get_cmd_options() |
|
56 |
if options.createdb: |
|
57 |
logging.info("Creating database...") |
|
58 |
if config.db_url: |
|
59 |
from mandaye.models import Base |
|
60 |
from sqlalchemy import create_engine |
|
61 |
engine = create_engine(config.db_url) |
|
62 |
Base.metadata.create_all(engine) |
|
63 |
logging.info("Database created") |
|
64 |
if options.cryptpwd: |
|
65 |
for user in sql_session().query(ExtUser).all(): |
|
66 |
user.password = encrypt_pwd(user.password) |
|
67 |
sql_session().commit() |
|
68 |
|
|
69 |
if __name__ == "__main__": |
|
70 |
main() |
mandaye_server.py | ||
---|---|---|
1 |
#!/home/jschneider/temp/test/bin/python |
|
2 |
# -*- coding: utf-8 -*- |
|
3 |
|
|
4 |
""" Script to launch mandaye with gunicorn server |
|
5 |
""" |
|
6 |
|
|
7 |
import logging |
|
8 |
import sys |
|
9 |
import os |
|
10 |
|
|
11 |
from gunicorn.app.wsgiapp import WSGIApplication |
|
12 |
|
|
13 |
class WSGIApplication(WSGIApplication): |
|
14 |
|
|
15 |
def init(self, parser, opts, args): |
|
16 |
self.cfg.set("default_proc_name", "mandaye.wsgi:application") |
|
17 |
self.app_uri = "mandaye.wsgi:application" |
|
18 |
|
|
19 |
sys.path.insert(0, os.getcwd()) |
|
20 |
|
|
21 |
def main(): |
|
22 |
""" The ``gunicorn`` command line runner for launcing Gunicorn with |
|
23 |
generic WSGI applications. |
|
24 |
""" |
|
25 |
logging.info('Launching Mandaye ...') |
|
26 |
WSGIApplication("%prog [OPTIONS]").run() |
|
27 |
|
|
28 |
if __name__ == "__main__": |
|
29 |
main() |
mandayectl | ||
---|---|---|
1 |
#!/usr/bin/env python |
|
2 |
# -*- coding: utf-8 -*- |
|
3 |
|
|
4 |
""" Script to start and stop mandaye server |
|
5 |
""" |
|
6 |
|
|
7 |
import logging |
|
8 |
|
|
9 |
from optparse import OptionParser |
|
10 |
|
|
11 |
from mandaye import config |
|
12 |
from mandaye import server |
|
13 |
|
|
14 |
def get_cmd_options(): |
|
15 |
usage = "usage: %prog --start|--createdb" |
|
16 |
parser = OptionParser(usage=usage) |
|
17 |
parser.add_option("--start", |
|
18 |
dest="start", |
|
19 |
default=False, |
|
20 |
action="store_true", |
|
21 |
help="Start Mandaye server" |
|
22 |
) |
|
23 |
parser.add_option("--createdb", |
|
24 |
dest="createdb", |
|
25 |
default=False, |
|
26 |
action="store_true", |
|
27 |
help="Create the Mandaye database" |
|
28 |
) |
|
29 |
(options, args) = parser.parse_args() |
|
30 |
if not options.start and not options.createdb: |
|
31 |
parser.error("You must use option --start | --createdb") |
|
32 |
return options |
|
33 |
|
|
34 |
def main(): |
|
35 |
options = get_cmd_options() |
|
36 |
if options.createdb: |
|
37 |
logging.info("Creating database...") |
|
38 |
if config.db_url: |
|
39 |
from mandaye.models import Base |
|
40 |
from sqlalchemy import create_engine |
|
41 |
engine = create_engine(config.db_url) |
|
42 |
Base.metadata.create_all(engine) |
|
43 |
print "Database created" |
|
44 |
|
|
45 |
if options.start: |
|
46 |
print "Starting Mandaye %s:%d .." % (config.host, config.port) |
|
47 |
server.serve() |
|
48 |
|
|
49 |
if __name__ == "__main__": |
|
50 |
main() |
setup.py | ||
---|---|---|
17 | 17 |
author_email="info@entrouvert.org", |
18 | 18 |
maintainer="Jerome Schneider", |
19 | 19 |
maintainer_email="jschneider@entrouvert.com", |
20 |
scripts=['mandayectl'],
|
|
20 |
scripts=['mandaye_server.py', 'mandaye_admin.py'],
|
|
21 | 21 |
packages=find_packages(), |
22 | 22 |
package_data={}, |
23 | 23 |
install_requires=[ |
24 | 24 |
'beaker>=1.5', |
25 |
'gevent>=0.13',
|
|
25 |
'gunicorn>=0.13',
|
|
26 | 26 |
'mako>=0.3', |
27 | 27 |
'poster>=0.8', |
28 | 28 |
'pycrypto>=2.0', |
Formats disponibles : Unified diff
Fix #1154: replace gevent by gunicorn, improve README.txt and
create a mandaye_admin.py script