U1DB

Merge lp:~pedronis/u1db/cors-middleware into lp:u1db

cors-middleware
Merge into trunk

Proposed by Samuele Pedroni on 2012-10-10

Status:	Merged
Approved by:	Samuele Pedroni on 2012-10-10
Approved revision:	426
Merged at revision:	426
Proposed branch:	lp:~pedronis/u1db/cors-middleware
Merge into:	lp:u1db
Diff against target:	153 lines (+114/-2) 3 files modified u1db/remote/cors_middleware.py (+42/-0) u1db/tests/test_cors_middleware.py (+66/-0) u1db/tests/test_remote_sync_target.py (+6/-2)
To merge this branch:	bzr merge lp:~pedronis/u1db/cors-middleware
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Stuart Langridge (community)		Approve on 2012-10-10
Lucio Torre (community)	2012-10-10	Approve on 2012-10-10
Review via email: mp+128991@code.launchpad.net

Commit message

add CORS middleware

Description of the change

- CORS middleware
- tweak to allow passing all tests with u1db.js under different origin conditions

testing beyond unit tests/trying:

get lp:~pedronis/u1db/u1db-js-different-origin

run in it:

TEST_BROWSER=firefox PYTHONPATH=../cors-middleware/:. unit2 tests.test_bridged

atm there should be only 1 unrelated failure there

Revision history for this message

Samuele Pedroni (pedronis) wrote on 2012-10-10:

confirmed working against: chromium, safari, and firefox

Revision history for this message

Lucio Torre (lucio.torre) wrote on 2012-10-10:

code looks sane.

review: Approve

Revision history for this message

Stuart Langridge (sil) wrote on 2012-10-10:

Serving correct CORS headers, and u1db.js will sync with a u1db-serve which provides these headers.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Christina A Reitbauer

Lucio Torre

Samuele Pedroni

Ubuntu One hackers

 === added file 'u1db/remote/cors_middleware.py'
 --- u1db/remote/cors_middleware.py	1970-01-01 00:00:00 +0000
 +++ u1db/remote/cors_middleware.py	2012-10-10 16:31:57 +0000
@@ -0,0 +1,42 @@
++# Copyright 2012 Canonical Ltd.
++#
++# This file is part of u1db.
++#
++# u1db is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3
++# as published by the Free Software Foundation.
++#
++# u1db is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with u1db.  If not, see <http://www.gnu.org/licenses/>.
++"""U1DB Cross-Origin Resource Sharing WSGI middleware."""
++
++
++class CORSMiddleware(object):
++    """U1DB Cross-Origin Resource Sharing WSGI middleware."""
++
++    def __init__(self, app, accept_cors_connections):
++        self.origins = ' '.join(accept_cors_connections)
++        self.app = app
++
++    def _cors_headers(self):
++        return [('access-control-allow-origin', self.origins),
++                ('access-control-allow-headers',
++                 'authorization, content-type'),
++                ('access-control-allow-methods',
++                 'GET, POST, PUT, DELETE, OPTIONS')]
++
++    def __call__(self, environ, start_response):
++        def wrap_start_response(status, headers, exc_info=None):
++            headers += self._cors_headers()
++            return start_response(status, headers, exc_info)
++
++        if environ['REQUEST_METHOD'].lower() == 'options':
++            wrap_start_response("200 OK", [('content-type', 'text/plain')])
++            return ['']
++
++        return self.app(environ, wrap_start_response)
 === added file 'u1db/tests/test_cors_middleware.py'
 --- u1db/tests/test_cors_middleware.py	1970-01-01 00:00:00 +0000
 +++ u1db/tests/test_cors_middleware.py	2012-10-10 16:31:57 +0000
@@ -0,0 +1,66 @@
++# Copyright 2012 Canonical Ltd.
++#
++# This file is part of u1db.
++#
++# u1db is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3
++# as published by the Free Software Foundation.
++#
++# u1db is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with u1db.  If not, see <http://www.gnu.org/licenses/>.
++
++"""Test CORS wsgi middleware"""
++import paste.fixture
++
++from u1db import tests
++
++from u1db.remote.cors_middleware import CORSMiddleware
++
++
++class TestCORSMiddleware(tests.TestCase):
++
++    def setUp(self):
++        super(TestCORSMiddleware, self).setUp()
++
++    def app(self, accept_cors_connections):
++
++        def base_app(environ, start_response):
++            start_response("200 OK", [("content-type", "application/json")])
++            return ['{}']
++
++        return paste.fixture.TestApp(CORSMiddleware(base_app,
++                                                    accept_cors_connections))
++
++    def _check_cors_headers(self, resp, expect):
++        self.assertEqual(expect, resp.header('access-control-allow-origin'))
++        self.assertEqual("GET, POST, PUT, DELETE, OPTIONS",
++                         resp.header('access-control-allow-methods'))
++        self.assertEqual("authorization, content-type",
++                         resp.header('access-control-allow-headers'))
++
++    def test_options(self):
++        app = self.app(['*'])
++        resp = app._gen_request('OPTIONS', '/')
++        self.assertEqual(200, resp.status)
++        self._check_cors_headers(resp, '*')
++        self.assertEqual('', resp.body)
++
++        app = self.app(['http://bar.example', 'http://foo.example'])
++        resp = app._gen_request('OPTIONS', '/db1')
++        self.assertEqual(200, resp.status)
++        self._check_cors_headers(resp, 'http://bar.example http://foo.example')
++        self.assertEqual('', resp.body)
++
++    def test_pass_through(self):
++        app = self.app(['*'])
++        resp = app.get('/db0')
++        self.assertEqual(200, resp.status)
++        self._check_cors_headers(resp, '*')
++        self.assertEqual('application/json', resp.header('content-type'))
++        self.assertEqual('{}', resp.body)
++
 === modified file 'u1db/tests/test_remote_sync_target.py'
 --- u1db/tests/test_remote_sync_target.py	2012-09-25 20:04:08 +0000
 +++ u1db/tests/test_remote_sync_target.py	2012-10-10 16:31:57 +0000
@@ -177,9 +177,13 @@
          self.assertGetDoc(
              db, 'doc-here', 'replica:1', '{"value": "here"}', False)
++    failure_scenario_exceptions = (Exception, errors.HTTPError)
++
      def test_sync_exchange_send_failure_and_retry_scenario(self):
          self.startServer()
++        server_side_exc, client_side_exc = self.failure_scenario_exceptions
++
          def blackhole_getstderr(inst):
              return cStringIO.StringIO()
@@ -193,7 +197,7 @@
                                    replica_uid=None, replica_gen=None,
                                    replica_trans_id=None):
              if doc.doc_id in trigger_ids:
--                raise Exception
++                raise server_side_exc
              return _put_doc_if_newer(doc, save_conflict=save_conflict,
                  replica_uid=replica_uid, replica_gen=replica_gen,
                  replica_trans_id=replica_trans_id)
@@ -209,7 +213,7 @@
          doc2 = self.make_document('doc-here2', 'replica:1',
                                    '{"value": "here2"}')
          self.assertRaises(
--            errors.HTTPError,
++            client_side_exc,
              remote_target.sync_exchange,
              [(doc1, 10, 'T-sid'), (doc2, 11, 'T-sud')],
              'replica', last_known_generation=0, last_known_trans_id=None,