pre-checkout commit
This commit is contained in:
parent
b4110d887d
commit
ee0dd61793
|
@ -58,6 +58,7 @@ def add_vhost(domain, ip_address):
|
||||||
body = {'ip_address': ip_address}
|
body = {'ip_address': ip_address}
|
||||||
if '/' in domain:
|
if '/' in domain:
|
||||||
raise Abort('invalid domain name')
|
raise Abort('invalid domain name')
|
||||||
|
click.echo('Please wait, this may take a while...')
|
||||||
resp = http_put('/api/cloud/vhosts/' + domain, json=body)
|
resp = http_put('/api/cloud/vhosts/' + domain, json=body)
|
||||||
handle_sync_response(resp)
|
handle_sync_response(resp)
|
||||||
click.echo('Done.')
|
click.echo('Done.')
|
||||||
|
|
|
@ -211,8 +211,19 @@ class CloudService:
|
||||||
else:
|
else:
|
||||||
d = {}
|
d = {}
|
||||||
now = int(utils.get_current_datetime().timestamp())
|
now = int(utils.get_current_datetime().timestamp())
|
||||||
if now - d.get(username, 0) < self.vhost_rate_limit_secs:
|
if username not in d:
|
||||||
raise RateLimitError(f'Please wait {self.vhost_rate_limit_secs} seconds')
|
return
|
||||||
|
time_passed = now - d[username]
|
||||||
|
if time_passed < self.vhost_rate_limit_secs:
|
||||||
|
time_remaining = self.vhost_rate_limit_secs - time_passed
|
||||||
|
raise RateLimitError(f'Please wait {time_remaining} seconds')
|
||||||
|
|
||||||
|
def _update_rate_limit_timestamp(self, username: str):
|
||||||
|
if os.path.exists(self.vhost_rate_limit_file):
|
||||||
|
d = json.load(open(self.vhost_rate_limit_file))
|
||||||
|
else:
|
||||||
|
d = {}
|
||||||
|
now = int(utils.get_current_datetime().timestamp())
|
||||||
d[username] = now
|
d[username] = now
|
||||||
json.dump(d, open(self.vhost_rate_limit_file, 'w'))
|
json.dump(d, open(self.vhost_rate_limit_file, 'w'))
|
||||||
|
|
||||||
|
@ -225,7 +236,11 @@ class CloudService:
|
||||||
if not self._is_valid_ip_address(ip_address):
|
if not self._is_valid_ip_address(ip_address):
|
||||||
raise InvalidIPError()
|
raise InvalidIPError()
|
||||||
self._check_rate_limit(username)
|
self._check_rate_limit(username)
|
||||||
|
# Wait for the vhost creation to succeed before updating the timestamp;
|
||||||
|
# we don't want to force people to wait if they had a typo in their
|
||||||
|
# domain or something.
|
||||||
self.vhost_mgr.create_vhost(username, domain, ip_address)
|
self.vhost_mgr.create_vhost(username, domain, ip_address)
|
||||||
|
self._update_rate_limit_timestamp(username)
|
||||||
|
|
||||||
def delete_vhost(self, username: str, domain: str):
|
def delete_vhost(self, username: str, domain: str):
|
||||||
if not self._is_valid_domain(username, domain):
|
if not self._is_valid_domain(username, domain):
|
||||||
|
|
|
@ -9,8 +9,8 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
server_name {{ domain }};
|
server_name {{ domain }};
|
||||||
ssl_certificate {{ ssl_cert_path }};
|
ssl_certificate {{ ssl_cert_path }};
|
||||||
ssl_certificate_key {{ ssl_key_path }};
|
ssl_certificate_key {{ ssl_key_path }};
|
||||||
|
@ -18,6 +18,7 @@ server {
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://{{ ip_address }};
|
proxy_pass http://{{ ip_address }};
|
||||||
}
|
}
|
||||||
|
include proxy_params;
|
||||||
|
|
||||||
access_log /var/log/nginx/member-{{ username }}-access.log;
|
access_log /var/log/nginx/member-{{ username }}-access.log;
|
||||||
error_log /var/log/nginx/member-{{ username }}-error.log;
|
error_log /var/log/nginx/member-{{ username }}-error.log;
|
||||||
|
|
|
@ -37,7 +37,10 @@ def test_cloud_vhosts(cli_setup, new_user, cfg):
|
||||||
runner = CliRunner()
|
runner = CliRunner()
|
||||||
with gssapi_token_ctx(uid):
|
with gssapi_token_ctx(uid):
|
||||||
result = runner.invoke(cli, ['cloud', 'vhosts', 'add', domain1, ip1])
|
result = runner.invoke(cli, ['cloud', 'vhosts', 'add', domain1, ip1])
|
||||||
expected = 'Done.\n'
|
expected = (
|
||||||
|
'Please wait, this may take a while...\n'
|
||||||
|
'Done.\n'
|
||||||
|
)
|
||||||
assert result.exit_code == 0
|
assert result.exit_code == 0
|
||||||
assert result.output == expected
|
assert result.output == expected
|
||||||
|
|
||||||
|
|
|
@ -80,7 +80,7 @@ vhost_dir = /run/ceod/member-vhosts
|
||||||
ssl_dir = /run/ceod/member-ssl
|
ssl_dir = /run/ceod/member-ssl
|
||||||
default_ssl_cert = /etc/ssl/private/csclub.cloud.chain
|
default_ssl_cert = /etc/ssl/private/csclub.cloud.chain
|
||||||
default_ssl_key = /etc/ssl/private/csclub.cloud.key
|
default_ssl_key = /etc/ssl/private/csclub.cloud.key
|
||||||
rate_limit_seconds = 10
|
rate_limit_seconds = 30
|
||||||
max_vhosts_per_account = 10
|
max_vhosts_per_account = 10
|
||||||
members_domain = csclub.cloud
|
members_domain = csclub.cloud
|
||||||
ip_range_min = 172.19.134.10
|
ip_range_min = 172.19.134.10
|
||||||
|
|
Loading…
Reference in New Issue