Support various paths for signed URLs

Adds an extra parameter to signed urls creation allowing signing for underlying paths of the queue, like claims and subscriptions. Change-Id: I8e53e67064a5cec02dda29f2e129fddc3ed56f5d
2015-08-21 15:22:35 +02:00
parent eac5a25e13
commit f66f1b96f0
7 changed files with 127 additions and 51 deletions
--- a/zaqar/common/transport/wsgi/helpers.py
+++ b/zaqar/common/transport/wsgi/helpers.py
@@ -35,6 +35,7 @@ def verify_pre_signed_url(key, req, resp, params):
    project = headers.get('X-PROJECT-ID')
    expires = headers.get('URL-EXPIRES')
    methods = headers.get('URL-METHODS', '').split(',')
+    paths = headers.get('URL-PATHS', '').split(',')
    signature = headers.get('URL-SIGNATURE')

    if not signature:
@@ -43,8 +44,11 @@ def verify_pre_signed_url(key, req, resp, params):
    if req.method not in methods:
        raise falcon.HTTPNotFound()

+    if req.path not in paths:
+        raise falcon.HTTPNotFound()
+
    try:
-        verified = urls.verify_signed_headers_data(key, req.path,
+        verified = urls.verify_signed_headers_data(key, paths,
                                                   project=project,
                                                   methods=methods,
                                                   expires=expires,