X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/fd31d0bd32886ca4075d4938e374c5c7d72c9b8c..0d8030b3a7ec9eaa6bc96c7dd39d835a00a7ace0:/cookbooks/tile/templates/default/export.erb diff --git a/cookbooks/tile/templates/default/export.erb b/cookbooks/tile/templates/default/export.erb index dfd076252..0cd115271 100644 --- a/cookbooks/tile/templates/default/export.erb +++ b/cookbooks/tile/templates/default/export.erb @@ -3,13 +3,15 @@ import cairo import cgi +import Cookie import mapnik import os +import pyotp +import resource import shutil +import signal import sys import tempfile -import resource -import signal # Limit maximum CPU time # The Postscript output format can sometimes take hours @@ -51,19 +53,38 @@ def output_error(message, status = "400 Bad Request"): print "" print "" +# Create TOTP token validator +totp = pyotp.TOTP('<%= @totp_key %>', interval = 3600) + # Parse CGI parameters form = cgi.FieldStorage() +# Import cookies +cookies = Cookie.SimpleCookie(os.environ.get('HTTP_COOKIE')) + # Make sure we have a user agent if not os.environ.has_key('HTTP_USER_AGENT'): os.environ['HTTP_USER_AGENT'] = 'NONE' +# Make sure we have a referer +if not os.environ.has_key('HTTP_REFERER'): + os.environ['HTTP_REFERER'] = 'NONE' + +# Look for TOTP token +if cookies.has_key('_osm_totp_token'): + token = cookies['_osm_totp_token'].value +else: + token = None + # Get the load average cputimes = [float(n) for n in open("/proc/stat").readline().rstrip().split()[1:-1]] idletime = cputimes[3] / sum(cputimes) # Process the request -if idletime < 0.2: +if not totp.verify(token, valid_window = 1): + # Abort if the request didn't have a valid TOTP token + output_error("Missing or invalid token") +elif idletime < 0.2: # Abort if the CPU idle time on the machine is too low output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% @blocks["user_agents"].each do |user_agent| -%> @@ -71,6 +92,11 @@ elif os.environ['HTTP_USER_AGENT'] == '<%= user_agent %>': # Block scraper output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% end -%> +<% @blocks["referers"].each do |referer| -%> +elif os.environ['HTTP_REFERER'] == '<%= referer %>': + # Block scraper + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") +<% end -%> elif not form.has_key("bbox"): # No bounding box specified output_error("No bounding box specified") @@ -136,6 +162,7 @@ else: elif form.getvalue("format") == "svg": file = tempfile.NamedTemporaryFile(prefix = "export") surface = cairo.SVGSurface(file.name, map.width, map.height) + surface.restrict_to_version(cairo.SVG_VERSION_1_2) mapnik.render(map, surface) surface.finish() output_headers("image/svg+xml", "map.svg", file_size(file))