[seiscomp, scanloc] Install, add .gitignore

2025-10-09 15:07:02 +02:00
commit 20f5301bb1
2848 changed files with 1315858 additions and 0 deletions
--- a/lib/python/seiscomp/fdsnws/authresource.py
+++ b/lib/python/seiscomp/fdsnws/authresource.py
@ -0,0 +1,85 @@
+################################################################################
+# Copyright (C) 2013-2014 by gempa GmbH
+#
+# HTTP -- Utility methods which generate HTTP result strings
+#
+# Author:  Stephan Herrnkind
+# Email:   herrnkind@gempa.de
+################################################################################
+
+import base64
+import datetime
+import hashlib
+import json
+import time
+import dateutil.parser
+
+from twisted.web import http
+
+import gnupg
+
+import seiscomp.logging
+
+from .utils import accessLog, u_str
+
+from .http import BaseResource
+
+
+################################################################################
+class AuthResource(BaseResource):
+    isLeaf = True
+
+    def __init__(self, version, gnupghome, userdb):
+        super().__init__(version)
+
+        self.__gpg = gnupg.GPG(gnupghome=gnupghome)
+        self.__userdb = userdb
+
+    # ---------------------------------------------------------------------------
+    def render_POST(self, request):
+        request.setHeader("Content-Type", "text/plain; charset=utf-8")
+
+        try:
+            verified = self.__gpg.decrypt(request.content.getvalue())
+
+        except OSError as e:
+            msg = "gpg decrypt error"
+            seiscomp.logging.warning(f"{msg}: {e}")
+            return self.renderErrorPage(request, http.INTERNAL_SERVER_ERROR, msg)
+
+        except Exception as e:
+            msg = "invalid token"
+            seiscomp.logging.warning(f"{msg}: {e}")
+            return self.renderErrorPage(request, http.BAD_REQUEST, msg)
+
+        if verified.trust_level is None or verified.trust_level < verified.TRUST_FULLY:
+            msg = "token has invalid signature"
+            seiscomp.logging.warning(msg)
+            return self.renderErrorPage(request, http.BAD_REQUEST, msg)
+
+        try:
+            attributes = json.loads(u_str(verified.data))
+            td = dateutil.parser.parse(
+                attributes["valid_until"]
+            ) - datetime.datetime.now(dateutil.tz.tzutc())
+            lifetime = td.seconds + td.days * 24 * 3600
+
+        except Exception as e:
+            msg = "token has invalid validity"
+            seiscomp.logging.warning(f"{msg}: {e}")
+            return self.renderErrorPage(request, http.BAD_REQUEST, msg)
+
+        if lifetime <= 0:
+            msg = "token is expired"
+            seiscomp.logging.warning(msg)
+            return self.renderErrorPage(request, http.BAD_REQUEST, msg)
+
+        userid = base64.urlsafe_b64encode(hashlib.sha256(verified.data).digest()[:18])
+        password = self.__userdb.addUser(
+            u_str(userid),
+            attributes,
+            time.time() + min(lifetime, 24 * 3600),
+            u_str(verified.data),
+        )
+        accessLog(request, None, http.OK, len(userid) + len(password) + 1, None)
+        return userid + b":" + password