Révision 417b8370
Ajouté par Jérôme Schneider il y a plus de 12 ans
| README.rst | ||
|---|---|---|
| 18 | 18 |
Features |
| 19 | 19 |
-------- |
| 20 | 20 |
|
| 21 |
TODO: improve this part
|
|
| 22 |
|
|
| 23 |
* Filters: You can filter the request or the response with one or many filters.
|
|
| 24 |
You can serve static response in a filter.
|
|
| 25 |
There 3 types of filters:
|
|
| 26 |
* on_request
|
|
| 27 |
* on_response
|
|
| 28 |
* reponse
|
|
| 29 |
* Dispatcher: This will call the right filters
|
|
| 30 |
* Authentification management
|
|
| 31 |
* Sql and ldap authentification
|
|
| 32 |
* Authentification through Authentic2 idp (SAML2 and CAS)
|
|
| 21 |
* Mapping / dispatching::
|
|
| 22 |
With Mandaye you can define your own mapping files. This allows you to call your own filters |
|
| 23 |
on the right HTTP requests. See the config part for more details.
|
|
| 24 |
* Filters::
|
|
| 25 |
You can define your own filters with Mandaye. This filter have access to the WSGI environment and
|
|
| 26 |
could modify the HTTP requests and / or responses.
|
|
| 27 |
* Local authentification::
|
|
| 28 |
Mandaye provide a sql local authentification but you can also implement your own
|
|
| 29 |
local authentification.
|
|
| 30 |
* Distant authentification::
|
|
| 31 |
At the moment Mandaye only support form replay for a distant authentification but we will provide
|
|
| 32 |
SAML 2.0, OpenID and CAS support.
|
|
| 33 | 33 |
|
| 34 | 34 |
|
| 35 | 35 |
Installation |
| ... | ... | |
| 40 | 40 |
|
| 41 | 41 |
You must install the following packages to use Mandaye |
| 42 | 42 |
|
| 43 |
* Gevent 0.13:: |
|
| 43 |
* Python >= 2.5:: http://python.org/ |
|
| 44 |
* Setuptools >= 0.6:: http://pypi.python.org/pypi/setuptools |
|
| 45 |
* Gunicorn >= 0.13:: http://pypi.python.org/pypi/gunicorn |
|
| 46 |
* Poster >= 0.8:: http://pypi.python.org/pypi/poster/ |
|
| 47 |
* SQLAlchemy >= 0.7:: http://pypi.python.org/pypi/SQLAlchemy |
|
| 48 |
* Beaker >= 1.6:: http://pypi.python.org/pypi/Beaker |
|
| 49 |
* Mako >= 0.4:: http://pypi.python.org/pypi/Mako |
|
| 50 |
* lxml >= 2.3:: http://pypi.python.org/pypi/lxml |
|
| 51 |
|
|
| 52 |
You can install all those dependencies quickly using pip:: |
|
| 44 | 53 |
|
| 45 |
From sources: http://pypi.python.org/pypi/gevent |
|
| 46 |
Debian based distribution: apt-get install python-gevent |
|
| 47 |
|
|
| 48 |
* Poster 0.8:: |
|
| 54 |
pip install gevent poster SQLAlchemy Beaker Mako lxml gunicorn |
|
| 49 | 55 |
|
| 50 |
From sources: http://pypi.python.org/pypi/poster/ |
|
| 51 |
Debian based distribution: apt-get install python-poster |
|
| 56 |
or easy_install:: |
|
| 52 | 57 |
|
| 53 |
* SQLAlchemy 0.7.2::
|
|
| 58 |
easy_install gevent poster SQLAlchemy Beaker Mako lxml gunicorn
|
|
| 54 | 59 |
|
| 55 |
From sources: http://pypi.python.org/pypi/SQLAlchemy
|
|
| 60 |
or apt-get (Debian based distributions)::
|
|
| 56 | 61 |
|
| 57 |
* Beaker 1.5.4::
|
|
| 62 |
apt-get install gunicorn python-poster python-sqlalchemy python-beaker python-mako python-lxml python-setuptools
|
|
| 58 | 63 |
|
| 59 |
From sources: http://pypi.python.org/pypi/Beaker
|
|
| 64 |
It's recommanded to install the following modules
|
|
| 60 | 65 |
|
| 61 |
* Mako 0.4.2:: |
|
| 66 |
* PyCrypto >= 2.3:: http://pypi.python.org/pypi/pycrypto |
|
| 67 |
* Static >= 0.4:: http://pypi.python.org/pypi/static |
|
| 62 | 68 |
|
| 63 |
From sources: http://pypi.python.org/pypi/Mako
|
|
| 69 |
You can install this Python modules with pip::
|
|
| 64 | 70 |
|
| 65 |
* lxml 2.3.1::
|
|
| 71 |
pip install pycrypto static
|
|
| 66 | 72 |
|
| 67 |
From sources: http://pypi.python.org/pypi/lxml |
|
| 73 |
Quick installation |
|
| 74 |
------------------ |
|
| 68 | 75 |
|
| 69 |
You can install all those dependencies quickly using pip::
|
|
| 76 |
Install at least Python >=2.5 and setuptools or distribute and enter this command in a shell::
|
|
| 70 | 77 |
|
| 71 |
pip install gevent poster SQLAlchemy Beaker Mako lxml
|
|
| 78 |
$ python setup.py install
|
|
| 72 | 79 |
|
| 73 |
or easy_install:: |
|
| 80 |
If you want to develop use this command line:: |
|
| 81 |
|
|
| 82 |
$ python setup.py develop |
|
| 74 | 83 |
|
| 75 |
easy_install gevent poster SQLAlchemy Beaker Mako lxml |
|
| 76 | 84 |
|
| 77 | 85 |
Quick Start |
| 78 | 86 |
----------- |
| 79 | 87 |
|
| 80 |
Configure mandaye/config.py |
|
| 88 |
Configure MANDAYE_PATH/mandaye/config.py with your own preferences. |
|
| 89 |
You must configure the database uri and the log file. |
|
| 90 |
|
|
| 91 |
First create your database:: |
|
| 92 |
|
|
| 93 |
$ mandaye_admin.py --createdb |
|
| 94 |
|
|
| 95 |
Launch mandaye server::: |
|
| 96 |
|
|
| 97 |
$ mandaye_server.py |
|
| 98 |
|
|
| 99 |
mandaye_server.py use gunicorn and gunicorn options (please read http://gunicorn.org/configure.html) |
|
| 81 | 100 |
|
| 82 |
Then launch the following commands::
|
|
| 101 |
You could alse use gunicorn.conf.py-sample (in the mandaye files)::
|
|
| 83 | 102 |
|
| 84 |
./mandayectl --createdb |
|
| 85 |
./mandayectl --start |
|
| 103 |
$ mandaye_server.py -c PATH_TO_THE_FILE/gunicorn.conf.py |
|
| 86 | 104 |
|
| 87 |
You should see the following output::
|
|
| 105 |
or::
|
|
| 88 | 106 |
|
| 89 |
Database created |
|
| 90 |
Starting Mandaye x.x.x.x:xx ... |
|
| 107 |
$ mandaye_server.py -c PATH_TO_THE_FILE/gunicorn.conf.py -b 0.0.0.0:4242 |
|
| 91 | 108 |
|
| 109 |
Configuration |
|
| 110 |
============= |
|
| 111 |
TODO |
|
| crypt_pwd.py | ||
|---|---|---|
| 1 |
#!/usr/bin/env python |
|
| 2 |
# -*- coding: utf-8 -*- |
|
| 3 |
|
|
| 4 |
""" Script to crypt mandaye passwords |
|
| 5 |
""" |
|
| 6 |
|
|
| 7 |
import base64 |
|
| 8 |
import logging |
|
| 9 |
|
|
| 10 |
from Crypto.Cipher import AES |
|
| 11 |
from mandaye import config |
|
| 12 |
from mandaye.models import ExtUser |
|
| 13 |
from mandaye.db import sql_session |
|
| 14 |
|
|
| 15 |
def encrypt_pwd(pwd): |
|
| 16 |
logging.debug("Encrypt password")
|
|
| 17 |
enc_pwd = pwd |
|
| 18 |
if config.encrypt_secret: |
|
| 19 |
try: |
|
| 20 |
cipher = AES.new(config.encrypt_secret, AES.MODE_CFB) |
|
| 21 |
enc_pwd = cipher.encrypt(pwd) |
|
| 22 |
enc_pwd = base64.b64encode(enc_pwd) |
|
| 23 |
except Exception, e: |
|
| 24 |
if config.debug: |
|
| 25 |
traceback.print_exc() |
|
| 26 |
logging.warning('Password encrypting failed %s' % e)
|
|
| 27 |
else: |
|
| 28 |
logging.warning("You must set a secret to use pwd encryption")
|
|
| 29 |
return enc_pwd |
|
| 30 |
|
|
| 31 |
for user in sql_session().query(ExtUser).all(): |
|
| 32 |
user.password = encrypt_pwd(user.password) |
|
| 33 |
|
|
| 34 |
sql_session().commit() |
|
| 35 |
|
|
| gunicorn.conf.py-sample | ||
|---|---|---|
| 1 |
|
|
| 2 |
PID_DIR = '/var/run/' |
|
| 3 |
|
|
| 4 |
# Gunicorn configuration (http://gunicorn.org/configure.html) |
|
| 5 |
#bind = '127.0.0.1:8000' # Default bind |
|
| 6 |
#bind = 'unix:%s/mandaye.sock' % PID_DIR # Unix socket |
|
| 7 |
|
|
| 8 |
#pidfile = '%s/mandaye.pid' % PID_DIR |
|
| 9 |
timeout = 60 |
|
| 10 |
worker = 4 |
|
| 11 |
worker_class = 'sync' |
|
| 12 |
#worker_connections = 1000 # The maximum number of simultaneous clients |
|
| 13 |
#max_requests = 0 # The maximum number of requests a worker will process before restarting |
|
| 14 |
|
|
| 15 |
# User / Group |
|
| 16 |
#user = 'www-data' |
|
| 17 |
#group = 'www-data' |
|
| 18 |
|
|
| 19 |
# Log |
|
| 20 |
loglevel = "info" |
|
| 21 |
accesslog = '/var/log/mandaye/mandaye-access.log' |
|
| 22 |
errorlog = "/var/log/mandaye/mandaye-gunicorn.log" |
|
| 23 |
|
|
| mandaye/__init__.py | ||
|---|---|---|
| 1 |
VERSION=0.1
|
|
| 1 |
VERSION=0.2
|
|
| 2 | 2 |
|
| 3 | 3 |
import logging |
| 4 | 4 |
from logging import FileHandler |
| mandaye/config.py | ||
|---|---|---|
| 1 |
from logging import DEBUG
|
|
| 1 |
import logging
|
|
| 2 | 2 |
from mandaye.exceptions import ImproperlyConfigured |
| 3 | 3 |
|
| 4 |
# Mandaye configuration |
|
| 5 |
host = '127.0.0.1' |
|
| 6 |
port = 8088 |
|
| 7 |
|
|
| 8 | 4 |
# Needed if ssl is activated |
| 9 | 5 |
ssl = False |
| 10 | 6 |
keyfile = '' |
| ... | ... | |
| 13 | 9 |
# Log configuration |
| 14 | 10 |
debug = False |
| 15 | 11 |
syslog = False |
| 16 |
log_level = DEBUG
|
|
| 17 |
log_file = '/tmp/mandaye.log'
|
|
| 12 |
log_file = '/var/log/mandaye/mandaye.log'
|
|
| 13 |
log_level = logging.INFO
|
|
| 18 | 14 |
|
| 19 | 15 |
# Template directory |
| 20 | 16 |
template_directory = 'mandaye/templates' |
| mandaye/server.py | ||
|---|---|---|
| 1 | 1 |
|
| 2 |
# gevent patching |
|
| 3 |
#from gevent import monkey |
|
| 4 |
#monkey.patch_all() |
|
| 5 |
|
|
| 6 | 2 |
import Cookie |
| 7 | 3 |
import config |
| 8 | 4 |
import logging |
| ... | ... | |
| 16 | 12 |
|
| 17 | 13 |
from beaker.middleware import SessionMiddleware |
| 18 | 14 |
from cgi import escape |
| 19 |
from gevent.pywsgi import WSGIServer, WSGIHandler |
|
| 20 | 15 |
from static import Cling |
| 21 | 16 |
|
| 22 | 17 |
from mandaye.config import debug |
| ... | ... | |
| 172 | 167 |
response.headers.items()) |
| 173 | 168 |
return [response.msg] |
| 174 | 169 |
|
| 175 |
class ServerHandler(WSGIHandler): |
|
| 176 |
|
|
| 177 |
def log_request(self): |
|
| 178 |
logging.info(self.format_request()) |
|
| 179 |
|
|
| 180 |
def serve(): |
|
| 181 |
"""Convenience function to immediately start a server instance.""" |
|
| 182 |
wsgi_app = SessionMiddleware(MandayeApp(), config.session_opts) |
|
| 183 |
if config.ssl: |
|
| 184 |
s = WSGIServer((config.host, config.port), wsgi_app, |
|
| 185 |
keyfile=config.keyfile, certfile=config.certfile, |
|
| 186 |
handler_class=ServerHandler) |
|
| 187 |
else: |
|
| 188 |
s = WSGIServer((config.host, config.port), wsgi_app, |
|
| 189 |
handler_class=ServerHandler) |
|
| 190 |
try: |
|
| 191 |
s.serve_forever() |
|
| 192 |
except KeyboardInterrupt: |
|
| 193 |
s.stop() |
|
| 194 |
|
|
| mandaye_admin.py | ||
|---|---|---|
| 1 |
#!/usr/bin/env python |
|
| 2 |
# -*- coding: utf-8 -*- |
|
| 3 |
|
|
| 4 |
""" Script to administrate mandaye server |
|
| 5 |
""" |
|
| 6 |
|
|
| 7 |
import base64 |
|
| 8 |
import logging |
|
| 9 |
|
|
| 10 |
from optparse import OptionParser |
|
| 11 |
|
|
| 12 |
from Crypto.Cipher import AES |
|
| 13 |
from mandaye import config |
|
| 14 |
from mandaye.models import ExtUser |
|
| 15 |
from mandaye.db import sql_session |
|
| 16 |
|
|
| 17 |
|
|
| 18 |
def get_cmd_options(): |
|
| 19 |
usage = "usage: %prog --createdb|--cryptpwd" |
|
| 20 |
parser = OptionParser(usage=usage) |
|
| 21 |
parser.add_option("--createdb",
|
|
| 22 |
dest="createdb", |
|
| 23 |
default=False, |
|
| 24 |
action="store_true", |
|
| 25 |
help="Create the Mandaye database" |
|
| 26 |
) |
|
| 27 |
parser.add_option("--cryptpwd",
|
|
| 28 |
dest="cryptpwd", |
|
| 29 |
default=False, |
|
| 30 |
action="store_true", |
|
| 31 |
help="Crypt external password in Mandaye's database" |
|
| 32 |
) |
|
| 33 |
(options, args) = parser.parse_args() |
|
| 34 |
if not options.createdb: |
|
| 35 |
parser.error("You must use option --createdb")
|
|
| 36 |
return options |
|
| 37 |
|
|
| 38 |
def encrypt_pwd(pwd): |
|
| 39 |
logging.debug("Encrypt password")
|
|
| 40 |
enc_pwd = pwd |
|
| 41 |
if config.encrypt_secret: |
|
| 42 |
try: |
|
| 43 |
cipher = AES.new(config.encrypt_secret, AES.MODE_CFB) |
|
| 44 |
enc_pwd = cipher.encrypt(pwd) |
|
| 45 |
enc_pwd = base64.b64encode(enc_pwd) |
|
| 46 |
except Exception, e: |
|
| 47 |
if config.debug: |
|
| 48 |
traceback.print_exc() |
|
| 49 |
logging.warning('Password encrypting failed %s' % e)
|
|
| 50 |
else: |
|
| 51 |
logging.warning("You must set a secret to use pwd encryption")
|
|
| 52 |
return enc_pwd |
|
| 53 |
|
|
| 54 |
def main(): |
|
| 55 |
options = get_cmd_options() |
|
| 56 |
if options.createdb: |
|
| 57 |
logging.info("Creating database...")
|
|
| 58 |
if config.db_url: |
|
| 59 |
from mandaye.models import Base |
|
| 60 |
from sqlalchemy import create_engine |
|
| 61 |
engine = create_engine(config.db_url) |
|
| 62 |
Base.metadata.create_all(engine) |
|
| 63 |
logging.info("Database created")
|
|
| 64 |
if options.cryptpwd: |
|
| 65 |
for user in sql_session().query(ExtUser).all(): |
|
| 66 |
user.password = encrypt_pwd(user.password) |
|
| 67 |
sql_session().commit() |
|
| 68 |
|
|
| 69 |
if __name__ == "__main__": |
|
| 70 |
main() |
|
| mandaye_server.py | ||
|---|---|---|
| 1 |
#!/home/jschneider/temp/test/bin/python |
|
| 2 |
# -*- coding: utf-8 -*- |
|
| 3 |
|
|
| 4 |
""" Script to launch mandaye with gunicorn server |
|
| 5 |
""" |
|
| 6 |
|
|
| 7 |
import logging |
|
| 8 |
import sys |
|
| 9 |
import os |
|
| 10 |
|
|
| 11 |
from gunicorn.app.wsgiapp import WSGIApplication |
|
| 12 |
|
|
| 13 |
class WSGIApplication(WSGIApplication): |
|
| 14 |
|
|
| 15 |
def init(self, parser, opts, args): |
|
| 16 |
self.cfg.set("default_proc_name", "mandaye.wsgi:application")
|
|
| 17 |
self.app_uri = "mandaye.wsgi:application" |
|
| 18 |
|
|
| 19 |
sys.path.insert(0, os.getcwd()) |
|
| 20 |
|
|
| 21 |
def main(): |
|
| 22 |
""" The ``gunicorn`` command line runner for launcing Gunicorn with |
|
| 23 |
generic WSGI applications. |
|
| 24 |
""" |
|
| 25 |
logging.info('Launching Mandaye ...')
|
|
| 26 |
WSGIApplication("%prog [OPTIONS]").run()
|
|
| 27 |
|
|
| 28 |
if __name__ == "__main__": |
|
| 29 |
main() |
|
| mandayectl | ||
|---|---|---|
| 1 |
#!/usr/bin/env python |
|
| 2 |
# -*- coding: utf-8 -*- |
|
| 3 |
|
|
| 4 |
""" Script to start and stop mandaye server |
|
| 5 |
""" |
|
| 6 |
|
|
| 7 |
import logging |
|
| 8 |
|
|
| 9 |
from optparse import OptionParser |
|
| 10 |
|
|
| 11 |
from mandaye import config |
|
| 12 |
from mandaye import server |
|
| 13 |
|
|
| 14 |
def get_cmd_options(): |
|
| 15 |
usage = "usage: %prog --start|--createdb" |
|
| 16 |
parser = OptionParser(usage=usage) |
|
| 17 |
parser.add_option("--start",
|
|
| 18 |
dest="start", |
|
| 19 |
default=False, |
|
| 20 |
action="store_true", |
|
| 21 |
help="Start Mandaye server" |
|
| 22 |
) |
|
| 23 |
parser.add_option("--createdb",
|
|
| 24 |
dest="createdb", |
|
| 25 |
default=False, |
|
| 26 |
action="store_true", |
|
| 27 |
help="Create the Mandaye database" |
|
| 28 |
) |
|
| 29 |
(options, args) = parser.parse_args() |
|
| 30 |
if not options.start and not options.createdb: |
|
| 31 |
parser.error("You must use option --start | --createdb")
|
|
| 32 |
return options |
|
| 33 |
|
|
| 34 |
def main(): |
|
| 35 |
options = get_cmd_options() |
|
| 36 |
if options.createdb: |
|
| 37 |
logging.info("Creating database...")
|
|
| 38 |
if config.db_url: |
|
| 39 |
from mandaye.models import Base |
|
| 40 |
from sqlalchemy import create_engine |
|
| 41 |
engine = create_engine(config.db_url) |
|
| 42 |
Base.metadata.create_all(engine) |
|
| 43 |
print "Database created" |
|
| 44 |
|
|
| 45 |
if options.start: |
|
| 46 |
print "Starting Mandaye %s:%d .." % (config.host, config.port) |
|
| 47 |
server.serve() |
|
| 48 |
|
|
| 49 |
if __name__ == "__main__": |
|
| 50 |
main() |
|
| setup.py | ||
|---|---|---|
| 17 | 17 |
author_email="info@entrouvert.org", |
| 18 | 18 |
maintainer="Jerome Schneider", |
| 19 | 19 |
maintainer_email="jschneider@entrouvert.com", |
| 20 |
scripts=['mandayectl'],
|
|
| 20 |
scripts=['mandaye_server.py', 'mandaye_admin.py'],
|
|
| 21 | 21 |
packages=find_packages(), |
| 22 | 22 |
package_data={},
|
| 23 | 23 |
install_requires=[ |
| 24 | 24 |
'beaker>=1.5', |
| 25 |
'gevent>=0.13',
|
|
| 25 |
'gunicorn>=0.13',
|
|
| 26 | 26 |
'mako>=0.3', |
| 27 | 27 |
'poster>=0.8', |
| 28 | 28 |
'pycrypto>=2.0', |
Formats disponibles : Unified diff
Fix #1154: replace gevent by gunicorn, improve README.txt and
create a mandaye_admin.py script