third-party-mirrors/EDDN
1
0
Fork 0
mirror of https://github.com/EDCD/EDDN.git synced 2025-06-17 23:51:30 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Gateway: Remove all form-encoded support

Browse Source 
This causes issues, at the least, with compressed messages that 'look' like
they decompressed body is form-encoded.  18385 messages in the last month
rejected due to this.

No actually valid form-encoded messages in that time frame.
This commit is contained in:
Athanasius 2022-06-16 13:27:11 +01:00
parent a6fa60431a
commit ff83ede948
No known key found for this signature in database
GPG Key ID: AE3E527847057C7D
2 changed files with 4 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/Developers.md
View File

@ -127,14 +127,13 @@ The body of an EDDN message is a JSON object in UTF-8 encoding. If you do not
compress this body then you MUST set a `Content-Type` header of compress this body then you MUST set a `Content-Type` header of
`applicaton/json`. `applicaton/json`.
For historical reasons URL form-encoded data *is* supported, **but this is
deprecated and no new software should attempt this method**. We
purposefully do not further document the exact format for this.
You *MAY* use gzip compression on the body of the message, but it is not You *MAY* use gzip compression on the body of the message, but it is not
required. If you do compress the body then you **MUST* send a `Content-Type` required. If you do compress the body then you **MUST* send a `Content-Type`
header of `gzip` instead of `application/json`. header of `gzip` instead of `application/json`.
**Due to issues when messages are compressed, form-encoded data is NO LONGER
SUPPORTED as of 2022-06-16.**
You should be prepared to handle all scenarios where sending of a message You should be prepared to handle all scenarios where sending of a message
fails: fails:

35
src/eddn/Gateway.py
View File

@ -9,7 +9,6 @@ import gevent
import hashlib import hashlib
import logging import logging
import simplejson import simplejson
import urlparse
import zlib import zlib
import zmq.green as zmq import zmq.green as zmq
from datetime import datetime from datetime import datetime
@ -167,42 +166,10 @@ def get_decompressed_message():
message_body = zlib.decompress(request.body.read(), -15) message_body = zlib.decompress(request.body.read(), -15)
logger.debug('Resulting message_body:\n%s\n' % (message_body)) logger.debug('Resulting message_body:\n%s\n' % (message_body))
# At this point, we're not sure whether we're dealing with a straight
# un-encoded POST body, or a form-encoded POST. Attempt to parse the
# body. If it's not form-encoded, this will return an empty dict.
form_enc_parsed = urlparse.parse_qs(message_body)
if form_enc_parsed:
logger.info('Request is form-encoded, compressed, from %s' % (get_remote_address()))
# This is a form-encoded POST. The value of the data attrib will
# be the body we're looking for.
try:
message_body = form_enc_parsed['data'][0]
except (KeyError, IndexError):
logger.error('form-encoded, compressed, upload did not contain a "data" key. From %s', get_remote_address())
raise MalformedUploadError(
"No 'data' POST key/value found. Check your POST key "
"name for spelling, and make sure you're passing a value."
)
else:
logger.debug('Request is *NOT* form-encoded')
else: else:
logger.debug('Content-Encoding indicates *not* compressed...') logger.debug('Content-Encoding indicates *not* compressed...')
# Uncompressed request. Bottle handles all of the parsing of the message_body = request.body.read()
# POST key/vals, or un-encoded body.
data_key = request.forms.get('data')
if data_key:
logger.info('Request is form-encoded, uncompressed, from %s' % (get_remote_address()))
# This is a form-encoded POST. Support the silly people.
message_body = data_key
else:
logger.debug('Plain POST request detected...')
# This is a non form-encoded POST body.
message_body = request.body.read()
return message_body return message_body