diff options
| author | mmcardle <mark.mcardle@sohonet.com> | 2018-07-10 14:45:32 +0100 |
|---|---|---|
| committer | mmcardle <mark.mcardle@sohonet.com> | 2018-07-10 15:23:30 +0100 |
| commit | 47fb18c41b4851ba6071f0215e96e222b8ccef29 (patch) | |
| tree | 424c38feb86558a61beb6b502f9608b0cd5011fb /swiftclient/utils.py | |
| parent | c2c5af603f8ae25be052a20b02dc109b0f8f014a (diff) | |
| download | python-swiftclient-47fb18c41b4851ba6071f0215e96e222b8ccef29.tar.gz | |
Add ability to generate a temporary URL with an
IP range restriction
Change-Id: I4734599886e4f4a563162390d0ff3bb1ef639db4
Diffstat (limited to 'swiftclient/utils.py')
| -rw-r--r-- | swiftclient/utils.py | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/swiftclient/utils.py b/swiftclient/utils.py index 8afcde9..5c17c61 100644 --- a/swiftclient/utils.py +++ b/swiftclient/utils.py @@ -69,7 +69,7 @@ def prt_bytes(num_bytes, human_flag): def generate_temp_url(path, seconds, key, method, absolute=False, - prefix=False, iso8601=False): + prefix=False, iso8601=False, ip_range=None): """Generates a temporary URL that gives unauthenticated access to the Swift object. @@ -92,6 +92,8 @@ def generate_temp_url(path, seconds, key, method, absolute=False, :param prefix: if True then a prefix-based temporary URL will be generated. :param iso8601: if True, a URL containing an ISO 8601 UTC timestamp instead of a UNIX timestamp will be created. + :param ip_range: if a valid ip range, restricts the temporary URL to the + range of ips. :raises ValueError: if timestamp or path is not in valid format. :return: the path portion of a temporary URL """ @@ -155,8 +157,21 @@ def generate_temp_url(path, seconds, key, method, absolute=False, expiration = int(time.time() + timestamp) else: expiration = timestamp - hmac_body = u'\n'.join([method.upper(), str(expiration), - ('prefix:' if prefix else '') + path_for_body]) + + hmac_parts = [method.upper(), str(expiration), + ('prefix:' if prefix else '') + path_for_body] + + if ip_range: + if isinstance(ip_range, six.binary_type): + try: + ip_range = ip_range.decode('utf-8') + except UnicodeDecodeError: + raise ValueError( + 'ip_range must be representable as UTF-8' + ) + hmac_parts.insert(0, "ip=%s" % ip_range) + + hmac_body = u'\n'.join(hmac_parts) # Encode to UTF-8 for py3 compatibility if not isinstance(key, six.binary_type): @@ -169,6 +184,10 @@ def generate_temp_url(path, seconds, key, method, absolute=False, temp_url = u'{path}?temp_url_sig={sig}&temp_url_expires={exp}'.format( path=path_for_body, sig=sig, exp=expiration) + + if ip_range: + temp_url += u'&temp_url_ip_range={}'.format(ip_range) + if prefix: temp_url += u'&temp_url_prefix={}'.format(parts[4]) # Have return type match path from caller |