X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/fd31d0bd32886ca4075d4938e374c5c7d72c9b8c..79409f0ab79d2377ea3777a262329ec6e70d326e:/cookbooks/tile/templates/default/export.erb?ds=inline diff --git a/cookbooks/tile/templates/default/export.erb b/cookbooks/tile/templates/default/export.erb index dfd076252..b8075a17a 100644 --- a/cookbooks/tile/templates/default/export.erb +++ b/cookbooks/tile/templates/default/export.erb @@ -1,15 +1,17 @@ -#!/usr/bin/python -u +#!/usr/bin/python3 -u # -*- coding: utf-8 -*- import cairo import cgi +import http.cookies import mapnik import os +import pyotp +import resource import shutil +import signal import sys import tempfile -import resource -import signal # Limit maximum CPU time # The Postscript output format can sometimes take hours @@ -21,17 +23,17 @@ resource.setrlimit(resource.RLIMIT_AS,(4000000000, 4000000000)) # Routine to output HTTP headers def output_headers(content_type, filename = "", length = 0): - print "Content-Type: %s" % content_type + print("Content-Type: %s" % content_type) if filename: - print "Content-Disposition: attachment; filename=\"%s\"" % filename + print("Content-Disposition: attachment; filename=\"%s\"" % filename) if length: - print "Content-Length: %d" % length - print "" + print("Content-Length: %d" % length) + print("") # Routine to output the contents of a file def output_file(file): file.seek(0) - shutil.copyfileobj(file, sys.stdout) + shutil.copyfileobj(file, sys.stdout.buffer) # Routine to get the size of a file def file_size(file): @@ -39,31 +41,50 @@ def file_size(file): # Routine to report an error def output_error(message, status = "400 Bad Request"): - print "Status: %s" % status + print("Status: %s" % status) output_headers("text/html") - print "" - print "
" - print "%s
" % message - print "" - print "" + print("") + print("") + print("%s
" % message) + print("") + print("") + +# Create TOTP token validator +totp = pyotp.TOTP('<%= @totp_key %>', interval = 3600) # Parse CGI parameters form = cgi.FieldStorage() +# Import cookies +cookies = http.cookies.SimpleCookie(os.environ.get('HTTP_COOKIE')) + # Make sure we have a user agent -if not os.environ.has_key('HTTP_USER_AGENT'): +if 'HTTP_USER_AGENT' not in os.environ: os.environ['HTTP_USER_AGENT'] = 'NONE' +# Make sure we have a referer +if 'HTTP_REFERER' not in os.environ: + os.environ['HTTP_REFERER'] = 'NONE' + +# Look for TOTP token +if '_osm_totp_token' in cookies: + token = cookies['_osm_totp_token'].value +else: + token = None + # Get the load average cputimes = [float(n) for n in open("/proc/stat").readline().rstrip().split()[1:-1]] idletime = cputimes[3] / sum(cputimes) # Process the request -if idletime < 0.2: +if not totp.verify(token, valid_window = 1): + # Abort if the request didn't have a valid TOTP token + output_error("Missing or invalid token") +elif idletime < 0.2: # Abort if the CPU idle time on the machine is too low output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% @blocks["user_agents"].each do |user_agent| -%> @@ -71,13 +92,18 @@ elif os.environ['HTTP_USER_AGENT'] == '<%= user_agent %>': # Block scraper output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% end -%> -elif not form.has_key("bbox"): +<% @blocks["referers"].each do |referer| -%> +elif os.environ['HTTP_REFERER'] == '<%= referer %>': + # Block scraper + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") +<% end -%> +elif "bbox" not in form: # No bounding box specified output_error("No bounding box specified") -elif not form.has_key("scale"): +elif "scale" not in form: # No scale specified output_error("No scale specified") -elif not form.has_key("format"): +elif "format" not in form: # No format specified output_error("No format specified") else: @@ -126,16 +152,17 @@ else: mapnik.render(map, image) png = image.tostring("png") output_headers("image/png", "map.png", len(png)) - sys.stdout.write(png) + sys.stdout.buffer.write(png) elif form.getvalue("format") == "jpeg": image = mapnik.Image(map.width, map.height) mapnik.render(map, image) jpeg = image.tostring("jpeg") output_headers("image/jpeg", "map.jpg", len(jpeg)) - sys.stdout.write(jpeg) + sys.stdout.buffer.write(jpeg) elif form.getvalue("format") == "svg": file = tempfile.NamedTemporaryFile(prefix = "export") surface = cairo.SVGSurface(file.name, map.width, map.height) + surface.restrict_to_version(cairo.SVG_VERSION_1_2) mapnik.render(map, surface) surface.finish() output_headers("image/svg+xml", "map.svg", file_size(file))