X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/635c50159ffb630a3494c71576e6f38d37f95f19..9198700edaa62858cbc8f07cc883b2d4283831a6:/cookbooks/tile/templates/default/export.erb?ds=sidebyside diff --git a/cookbooks/tile/templates/default/export.erb b/cookbooks/tile/templates/default/export.erb index b3acb9223..b8075a17a 100644 --- a/cookbooks/tile/templates/default/export.erb +++ b/cookbooks/tile/templates/default/export.erb @@ -1,14 +1,17 @@ -#!/usr/bin/python -u +#!/usr/bin/python3 -u # -*- coding: utf-8 -*- import cairo import cgi +import http.cookies import mapnik import os +import pyotp +import resource import shutil +import signal import sys import tempfile -import resource # Limit maximum CPU time # The Postscript output format can sometimes take hours @@ -20,63 +23,87 @@ resource.setrlimit(resource.RLIMIT_AS,(4000000000, 4000000000)) # Routine to output HTTP headers def output_headers(content_type, filename = "", length = 0): - print "Content-Type: %s" % content_type + print("Content-Type: %s" % content_type) if filename: - print "Content-Disposition: attachment; filename=\"%s\"" % filename + print("Content-Disposition: attachment; filename=\"%s\"" % filename) if length: - print "Content-Length: %d" % length - print "" + print("Content-Length: %d" % length) + print("") # Routine to output the contents of a file def output_file(file): file.seek(0) - shutil.copyfileobj(file, sys.stdout) + shutil.copyfileobj(file, sys.stdout.buffer) # Routine to get the size of a file def file_size(file): return os.fstat(file.fileno()).st_size # Routine to report an error -def output_error(message): +def output_error(message, status = "400 Bad Request"): + print("Status: %s" % status) output_headers("text/html") - print "" - print "" - print "Error" - print "" - print "" - print "

Error

" - print "

%s

" % message - print "" - print "" + print("") + print("") + print("Error") + print("") + print("") + print("

Error

") + print("

%s

" % message) + print("") + print("") + +# Create TOTP token validator +totp = pyotp.TOTP('<%= @totp_key %>', interval = 3600) # Parse CGI parameters form = cgi.FieldStorage() +# Import cookies +cookies = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE')) + # Make sure we have a user agent -if not os.environ.has_key('HTTP_USER_AGENT'): +if 'HTTP_USER_AGENT' not in os.environ: os.environ['HTTP_USER_AGENT'] = 'NONE' +# Make sure we have a referer +if 'HTTP_REFERER' not in os.environ: + os.environ['HTTP_REFERER'] = 'NONE' + +# Look for TOTP token +if '_osm_totp_token' in cookies: + token = cookies['_osm_totp_token'].value +else: + token = None + # Get the load average -loadavg = float(open("/proc/loadavg").readline().split(" ")[0]) +cputimes = [float(n) for n in open("/proc/stat").readline().rstrip().split()[1:-1]] +idletime = cputimes[3] / sum(cputimes) # Process the request -if loadavg > 70.0: - # Abort if the load average on the machine is too high - print "Status: 503 Service Unavailable" - output_error("The load average on the server is too high at the moment. Please wait a few minutes before trying again.") +if not totp.verify(token, valid_window = 1): + # Abort if the request didn't have a valid TOTP token + output_error("Missing or invalid token") +elif idletime < 0.2: + # Abort if the CPU idle time on the machine is too low + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% @blocks["user_agents"].each do |user_agent| -%> elif os.environ['HTTP_USER_AGENT'] == '<%= user_agent %>': # Block scraper - print "Status: 503 Service Unavailable" - output_error("The load average on the server is too high at the moment. Please wait a few minutes before trying again.") + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") +<% end -%> +<% @blocks["referers"].each do |referer| -%> +elif os.environ['HTTP_REFERER'] == '<%= referer %>': + # Block scraper + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% end -%> -elif not form.has_key("bbox"): +elif "bbox" not in form: # No bounding box specified output_error("No bounding box specified") -elif not form.has_key("scale"): +elif "scale" not in form: # No scale specified output_error("No scale specified") -elif not form.has_key("format"): +elif "format" not in form: # No format specified output_error("No format specified") else: @@ -115,39 +142,52 @@ else: # Zoom the map to the bounding box map.zoom_to_box(bbox) + # Fork so that we can handle crashes rendering the map + pid = os.fork() + # Render the map - if form.getvalue("format") == "png": - image = mapnik.Image(map.width, map.height) - mapnik.render(map, image) - png = image.tostring("png") - output_headers("image/png", "map.png", len(png)) - sys.stdout.write(png) - elif form.getvalue("format") == "jpeg": - image = mapnik.Image(map.width, map.height) - mapnik.render(map, image) - jpeg = image.tostring("jpeg") - output_headers("image/jpeg", "map.jpg", len(jpeg)) - sys.stdout.write(jpeg) - elif form.getvalue("format") == "svg": - file = tempfile.NamedTemporaryFile(prefix = "export") - surface = cairo.SVGSurface(file.name, map.width, map.height) - mapnik.render(map, surface) - surface.finish() - output_headers("image/svg+xml", "map.svg", file_size(file)) - output_file(file) - elif form.getvalue("format") == "pdf": - file = tempfile.NamedTemporaryFile(prefix = "export") - surface = cairo.PDFSurface(file.name, map.width, map.height) - mapnik.render(map, surface) - surface.finish() - output_headers("application/pdf", "map.pdf", file_size(file)) - output_file(file) - elif form.getvalue("format") == "ps": - file = tempfile.NamedTemporaryFile(prefix = "export") - surface = cairo.PSSurface(file.name, map.width, map.height) - mapnik.render(map, surface) - surface.finish() - output_headers("application/postscript", "map.ps", file_size(file)) - output_file(file) + if pid == 0: + if form.getvalue("format") == "png": + image = mapnik.Image(map.width, map.height) + mapnik.render(map, image) + png = image.tostring("png") + output_headers("image/png", "map.png", len(png)) + sys.stdout.buffer.write(png) + elif form.getvalue("format") == "jpeg": + image = mapnik.Image(map.width, map.height) + mapnik.render(map, image) + jpeg = image.tostring("jpeg") + output_headers("image/jpeg", "map.jpg", len(jpeg)) + sys.stdout.buffer.write(jpeg) + elif form.getvalue("format") == "svg": + file = tempfile.NamedTemporaryFile(prefix = "export") + surface = cairo.SVGSurface(file.name, map.width, map.height) + surface.restrict_to_version(cairo.SVG_VERSION_1_2) + mapnik.render(map, surface) + surface.finish() + output_headers("image/svg+xml", "map.svg", file_size(file)) + output_file(file) + elif form.getvalue("format") == "pdf": + file = tempfile.NamedTemporaryFile(prefix = "export") + surface = cairo.PDFSurface(file.name, map.width, map.height) + mapnik.render(map, surface) + surface.finish() + output_headers("application/pdf", "map.pdf", file_size(file)) + output_file(file) + elif form.getvalue("format") == "ps": + file = tempfile.NamedTemporaryFile(prefix = "export") + surface = cairo.PSSurface(file.name, map.width, map.height) + mapnik.render(map, surface) + surface.finish() + output_headers("application/postscript", "map.ps", file_size(file)) + output_file(file) + else: + output_error("Unknown format '%s'" % form.getvalue("format")) else: - output_error("Unknown format '%s'" % form.getvalue("format")) + pid, status = os.waitpid(pid, 0) + if status & 0xff == signal.SIGXCPU: + output_error("CPU time limit exceeded", "509 Resource Limit Exceeded") + elif status & 0xff == signal.SIGSEGV: + output_error("Memory limit exceeded", "509 Resource Limit Exceeded") + elif status != 0: + output_error("Internal server error", "500 Internal Server Error")