402 lines
17 KiB
Python
402 lines
17 KiB
Python
# -*- coding: utf-8 -*-
|
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
|
|
|
|
import logging
|
|
import os
|
|
import re
|
|
import traceback
|
|
|
|
import pytz
|
|
import werkzeug
|
|
import werkzeug.routing
|
|
import werkzeug.utils
|
|
|
|
import odoo
|
|
from odoo import api, models
|
|
from odoo import SUPERUSER_ID
|
|
from odoo.http import request
|
|
from odoo.tools import config, ustr
|
|
from odoo.exceptions import QWebException
|
|
from odoo.tools.safe_eval import safe_eval
|
|
|
|
from odoo.addons.base import ir
|
|
from odoo.addons.website.models.website import slug, url_for, _UNSLUG_RE
|
|
|
|
|
|
from ..geoipresolver import GeoIPResolver
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
# global resolver (GeoIP API is thread-safe, for multithreaded workers)
|
|
# This avoids blowing up open files limit
|
|
odoo._geoip_resolver = None
|
|
|
|
|
|
class RequestUID(object):
|
|
def __init__(self, **kw):
|
|
self.__dict__.update(kw)
|
|
|
|
|
|
class Http(models.AbstractModel):
|
|
_inherit = 'ir.http'
|
|
|
|
rerouting_limit = 10
|
|
_geoip_resolver = None # backwards-compatibility
|
|
|
|
@classmethod
|
|
def _get_converters(cls):
|
|
""" Get the converters list for custom url pattern werkzeug need to
|
|
match Rule. This override adds the website ones.
|
|
"""
|
|
return dict(
|
|
super(Http, cls)._get_converters(),
|
|
model=ModelConverter,
|
|
page=PageConverter,
|
|
)
|
|
|
|
@classmethod
|
|
def _auth_method_public(cls):
|
|
""" If no user logged, set the public user of current website, or default
|
|
public user as request uid.
|
|
After this method `request.env` can be called, since the `request.uid` is
|
|
set. The `env` lazy property of `request` will be correct.
|
|
"""
|
|
if not request.session.uid:
|
|
env = api.Environment(request.cr, SUPERUSER_ID, request.context)
|
|
website = env['website'].get_current_website()
|
|
if website and website.user_id:
|
|
request.uid = website.user_id.id
|
|
else:
|
|
request.uid = env.ref('base.public_user').id
|
|
else:
|
|
request.uid = request.session.uid
|
|
|
|
bots = "bot|crawl|slurp|spider|curl|wget|facebookexternalhit".split("|")
|
|
|
|
@classmethod
|
|
def is_a_bot(cls):
|
|
# We don't use regexp and ustr voluntarily
|
|
# timeit has been done to check the optimum method
|
|
user_agent = request.httprequest.environ.get('HTTP_USER_AGENT', '').lower()
|
|
try:
|
|
return any(bot in user_agent for bot in cls.bots)
|
|
except UnicodeDecodeError:
|
|
return any(bot in user_agent.encode('ascii', 'ignore') for bot in cls.bots)
|
|
|
|
@classmethod
|
|
def get_nearest_lang(cls, lang):
|
|
# Try to find a similar lang. Eg: fr_BE and fr_FR
|
|
short = lang.partition('_')[0]
|
|
short_match = False
|
|
for code, dummy in request.website.get_languages():
|
|
if code == lang:
|
|
return lang
|
|
if not short_match and code.startswith(short):
|
|
short_match = code
|
|
return short_match
|
|
|
|
@classmethod
|
|
def _geoip_setup_resolver(cls):
|
|
# Lazy init of GeoIP resolver
|
|
if cls._geoip_resolver is not None:
|
|
return
|
|
if odoo._geoip_resolver is not None:
|
|
cls._geoip_resolver = odoo._geoip_resolver
|
|
return
|
|
geofile = config.get('geoip_database')
|
|
try:
|
|
odoo._geoip_resolver = GeoIPResolver.open(geofile) or False
|
|
except Exception as e:
|
|
logger.warning('Cannot load GeoIP: %s', ustr(e))
|
|
|
|
@classmethod
|
|
def _geoip_resolve(cls):
|
|
if 'geoip' not in request.session:
|
|
record = {}
|
|
if odoo._geoip_resolver and request.httprequest.remote_addr:
|
|
record = odoo._geoip_resolver.resolve(request.httprequest.remote_addr) or {}
|
|
request.session['geoip'] = record
|
|
|
|
@classmethod
|
|
def get_page_key(cls):
|
|
return (cls._name, "cache", request.uid, request.lang, request.httprequest.full_path)
|
|
|
|
@classmethod
|
|
def _dispatch(cls):
|
|
""" Before executing the endpoint method, add website params on request, such as
|
|
- current website (record)
|
|
- multilang support (set on cookies)
|
|
- geoip dict data are added in the session
|
|
Then follow the parent dispatching.
|
|
Reminder : Do not use `request.env` before authentication phase, otherwise the env
|
|
set on request will be created with uid=None (and it is a lazy property)
|
|
"""
|
|
first_pass = not hasattr(request, 'website')
|
|
request.website = None
|
|
func = None
|
|
try:
|
|
if request.httprequest.method == 'GET' and '//' in request.httprequest.path:
|
|
new_url = request.httprequest.path.replace('//', '/') + '?' + request.httprequest.query_string
|
|
return werkzeug.utils.redirect(new_url, 301)
|
|
func, arguments = cls._find_handler()
|
|
request.website_enabled = func.routing.get('website', False)
|
|
except werkzeug.exceptions.NotFound:
|
|
# either we have a language prefixed route, either a real 404
|
|
# in all cases, website processes them
|
|
request.website_enabled = True
|
|
|
|
request.website_multilang = (
|
|
request.website_enabled and
|
|
func and func.routing.get('multilang', func.routing['type'] == 'http')
|
|
)
|
|
|
|
cls._geoip_setup_resolver()
|
|
cls._geoip_resolve()
|
|
|
|
# For website routes (only), add website params on `request`
|
|
cook_lang = request.httprequest.cookies.get('website_lang')
|
|
if request.website_enabled:
|
|
try:
|
|
if func:
|
|
cls._authenticate(func.routing['auth'])
|
|
elif request.uid is None:
|
|
cls._auth_method_public()
|
|
except Exception as e:
|
|
return cls._handle_exception(e)
|
|
|
|
request.redirect = lambda url, code=302: werkzeug.utils.redirect(url_for(url), code)
|
|
request.website = request.env['website'].get_current_website() # can use `request.env` since auth methods are called
|
|
context = dict(request.context)
|
|
context['website_id'] = request.website.id
|
|
langs = [lg[0] for lg in request.website.get_languages()]
|
|
path = request.httprequest.path.split('/')
|
|
if first_pass:
|
|
is_a_bot = cls.is_a_bot()
|
|
nearest_lang = not func and cls.get_nearest_lang(path[1])
|
|
url_lang = nearest_lang and path[1]
|
|
preferred_lang = ((cook_lang if cook_lang in langs else False)
|
|
or (not is_a_bot and cls.get_nearest_lang(request.lang))
|
|
or request.website.default_lang_code)
|
|
|
|
request.lang = context['lang'] = nearest_lang or preferred_lang
|
|
# if lang in url but not the displayed or default language --> change or remove
|
|
# or no lang in url, and lang to dispay not the default language --> add lang
|
|
# and not a POST request
|
|
# and not a bot or bot but default lang in url
|
|
if ((url_lang and (url_lang != request.lang or url_lang == request.website.default_lang_code))
|
|
or (not url_lang and request.website_multilang and request.lang != request.website.default_lang_code)
|
|
and request.httprequest.method != 'POST') \
|
|
and (not is_a_bot or (url_lang and url_lang == request.website.default_lang_code)):
|
|
if url_lang:
|
|
path.pop(1)
|
|
if request.lang != request.website.default_lang_code:
|
|
path.insert(1, request.lang)
|
|
path = '/'.join(path) or '/'
|
|
request.context = context
|
|
redirect = request.redirect(path + '?' + request.httprequest.query_string)
|
|
redirect.set_cookie('website_lang', request.lang)
|
|
return redirect
|
|
elif url_lang:
|
|
request.uid = None
|
|
path.pop(1)
|
|
request.context = context
|
|
return cls.reroute('/'.join(path) or '/')
|
|
if request.lang == request.website.default_lang_code:
|
|
context['edit_translations'] = False
|
|
if not context.get('tz'):
|
|
context['tz'] = request.session.get('geoip', {}).get('time_zone')
|
|
try:
|
|
pytz.timezone(context['tz'] or '')
|
|
except pytz.UnknownTimeZoneError:
|
|
context.pop('tz')
|
|
|
|
# bind modified context
|
|
request.context = context
|
|
request.website = request.website.with_context(context)
|
|
|
|
# removed cache for auth public
|
|
request.cache_save = False
|
|
resp = super(Http, cls)._dispatch()
|
|
|
|
if request.website_enabled and cook_lang != request.lang and hasattr(resp, 'set_cookie'):
|
|
resp.set_cookie('website_lang', request.lang)
|
|
return resp
|
|
|
|
@classmethod
|
|
def reroute(cls, path):
|
|
if not hasattr(request, 'rerouting'):
|
|
request.rerouting = [request.httprequest.path]
|
|
if path in request.rerouting:
|
|
raise Exception("Rerouting loop is forbidden")
|
|
request.rerouting.append(path)
|
|
if len(request.rerouting) > cls.rerouting_limit:
|
|
raise Exception("Rerouting limit exceeded")
|
|
request.httprequest.environ['PATH_INFO'] = path
|
|
# void werkzeug cached_property. TODO: find a proper way to do this
|
|
for key in ('path', 'full_path', 'url', 'base_url'):
|
|
request.httprequest.__dict__.pop(key, None)
|
|
|
|
return cls._dispatch()
|
|
|
|
@classmethod
|
|
def _postprocess_args(cls, arguments, rule):
|
|
super(Http, cls)._postprocess_args(arguments, rule)
|
|
|
|
for key, val in arguments.items():
|
|
# Replace uid placeholder by the current request.uid
|
|
if isinstance(val, models.BaseModel) and isinstance(val._uid, RequestUID):
|
|
arguments[key] = val.sudo(request.uid)
|
|
|
|
try:
|
|
_, path = rule.build(arguments)
|
|
assert path is not None
|
|
except Exception, e:
|
|
return cls._handle_exception(e, code=404)
|
|
|
|
if getattr(request, 'website_multilang', False) and request.httprequest.method in ('GET', 'HEAD'):
|
|
generated_path = werkzeug.url_unquote_plus(path)
|
|
current_path = werkzeug.url_unquote_plus(request.httprequest.path)
|
|
if generated_path != current_path:
|
|
if request.lang != request.website.default_lang_code:
|
|
path = '/' + request.lang + path
|
|
if request.httprequest.query_string:
|
|
path += '?' + request.httprequest.query_string
|
|
return werkzeug.utils.redirect(path, code=301)
|
|
|
|
@classmethod
|
|
def _handle_exception(cls, exception, code=500):
|
|
is_website_request = bool(getattr(request, 'website_enabled', False) and request.website)
|
|
if not is_website_request:
|
|
# Don't touch non website requests exception handling
|
|
return super(Http, cls)._handle_exception(exception)
|
|
else:
|
|
try:
|
|
response = super(Http, cls)._handle_exception(exception)
|
|
if isinstance(response, Exception):
|
|
exception = response
|
|
else:
|
|
# if parent excplicitely returns a plain response, then we don't touch it
|
|
return response
|
|
except Exception, e:
|
|
if 'werkzeug' in config['dev_mode'] and (not isinstance(exception, QWebException) or not exception.qweb.get('cause')):
|
|
raise
|
|
exception = e
|
|
|
|
values = dict(
|
|
exception=exception,
|
|
traceback=traceback.format_exc(exception),
|
|
)
|
|
|
|
if isinstance(exception, werkzeug.exceptions.HTTPException):
|
|
if exception.code is None:
|
|
# Hand-crafted HTTPException likely coming from abort(),
|
|
# usually for a redirect response -> return it directly
|
|
return exception
|
|
else:
|
|
code = exception.code
|
|
|
|
if isinstance(exception, odoo.exceptions.AccessError):
|
|
code = 403
|
|
|
|
if isinstance(exception, QWebException):
|
|
values.update(qweb_exception=exception)
|
|
if isinstance(exception.qweb.get('cause'), odoo.exceptions.AccessError):
|
|
code = 403
|
|
|
|
if code == 500:
|
|
logger.error("500 Internal Server Error:\n\n%s", values['traceback'])
|
|
if 'qweb_exception' in values:
|
|
view = request.env["ir.ui.view"]
|
|
views = view._views_get(exception.qweb['template'])
|
|
to_reset = views.filtered(lambda view: view.model_data_id.noupdate is True and not view.page)
|
|
values['views'] = to_reset
|
|
elif code == 403:
|
|
logger.warn("403 Forbidden:\n\n%s", values['traceback'])
|
|
|
|
values.update(
|
|
status_message=werkzeug.http.HTTP_STATUS_CODES[code],
|
|
status_code=code,
|
|
)
|
|
|
|
if not request.uid:
|
|
cls._auth_method_public()
|
|
|
|
try:
|
|
html = request.env['ir.ui.view'].render_template('website.%s' % code, values)
|
|
except Exception:
|
|
html = request.env['ir.ui.view'].render_template('website.http_error', values)
|
|
return werkzeug.wrappers.Response(html, status=code, content_type='text/html;charset=utf-8')
|
|
|
|
@classmethod
|
|
def binary_content(cls, xmlid=None, model='ir.attachment', id=None, field='datas', unique=False, filename=None, filename_field='datas_fname', download=False, mimetype=None, default_mimetype='application/octet-stream', env=None):
|
|
env = env or request.env
|
|
obj = None
|
|
if xmlid:
|
|
obj = env.ref(xmlid, False)
|
|
elif id and model in env:
|
|
obj = env[model].browse(int(id))
|
|
if obj and 'website_published' in obj._fields:
|
|
if env[obj._name].sudo().search([('id', '=', obj.id), ('website_published', '=', True)]):
|
|
env = env(user=SUPERUSER_ID)
|
|
return super(Http, cls).binary_content(xmlid=xmlid, model=model, id=id, field=field, unique=unique, filename=filename, filename_field=filename_field, download=download, mimetype=mimetype, default_mimetype=default_mimetype, env=env)
|
|
|
|
|
|
class ModelConverter(ir.ir_http.ModelConverter):
|
|
|
|
def __init__(self, url_map, model=False, domain='[]'):
|
|
super(ModelConverter, self).__init__(url_map, model)
|
|
self.domain = domain
|
|
self.regex = _UNSLUG_RE.pattern
|
|
|
|
def to_url(self, value):
|
|
return slug(value)
|
|
|
|
def to_python(self, value):
|
|
matching = re.match(self.regex, value)
|
|
_uid = RequestUID(value=value, match=matching, converter=self)
|
|
record_id = int(matching.group(2))
|
|
env = api.Environment(request.cr, _uid, request.context)
|
|
if record_id < 0:
|
|
# limited support for negative IDs due to our slug pattern, assume abs() if not found
|
|
if not env[self.model].browse(record_id).exists():
|
|
record_id = abs(record_id)
|
|
return env[self.model].browse(record_id)
|
|
|
|
def generate(self, query=None, args=None):
|
|
Model = request.env[self.model]
|
|
if request.context.get('use_public_user'):
|
|
Model = Model.sudo(request.website.user_id.id)
|
|
domain = safe_eval(self.domain, (args or {}).copy())
|
|
if query:
|
|
domain.append((Model._rec_name, 'ilike', '%' + query + '%'))
|
|
for record in Model.search_read(domain=domain, fields=['write_date', Model._rec_name]):
|
|
if record.get(Model._rec_name, False):
|
|
yield {'loc': (record['id'], record[Model._rec_name])}
|
|
|
|
|
|
class PageConverter(werkzeug.routing.PathConverter):
|
|
""" Only point of this converter is to bundle pages enumeration logic """
|
|
|
|
def generate(self, query=None, args={}):
|
|
View = request.env['ir.ui.view']
|
|
domain = [('page', '=', True)]
|
|
query = query and query.startswith('website.') and query[8:] or query
|
|
if query:
|
|
domain += [('key', 'like', query)]
|
|
website_id = request.context.get('website_id') or request.env['website'].search([], limit=1).id
|
|
domain += ['|', ('website_id', '=', website_id), ('website_id', '=', False)]
|
|
|
|
views = View.search_read(domain, fields=['key', 'priority', 'write_date'], order='name')
|
|
for view in views:
|
|
xid = view['key'].startswith('website.') and view['key'][8:] or view['key']
|
|
# the 'page/homepage' url is indexed as '/', avoid aving the same page referenced twice
|
|
# when we will have an url mapping mechanism, replace this by a rule: page/homepage --> /
|
|
if xid == 'homepage':
|
|
continue
|
|
record = {'loc': xid}
|
|
if view['priority'] != 16:
|
|
record['__priority'] = min(round(view['priority'] / 32.0, 1), 1)
|
|
if view['write_date']:
|
|
record['__lastmod'] = view['write_date'][:10]
|
|
yield record
|