Allow components to register reserved paths, then perform reserved
path validation it upon request. Reserved paths may be registered as
read-only or no access. Any request to modify an file/folder that is
either reserved or a child of a reserved path is rejected.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This prevents a scenario where a request handler mutates
the arguments of a WebRequest, which could result in
changing the default "request_arguments" in
"InternalTransport.call_method()".
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Move the KlippyConnection class into its own module. Refactor
init to use loops rather than callbacks, this reduces complexity
of tracking and cancelling callback handles.
All Klippy state previously tracked by the Server is now in the
KlippyConnection. This improves testing and makes the code
less ambiguous, ie: the `server.make_request()` method is not
as clear as `klippy.request()`.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Allow base modules to register themselves as components during
initialization. This makes them accessible via lookup_component()
across the entire application.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
If a dynamic request handler returns None with "wrap_result"
disabled, set the return status to 204.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Move upload handler registration out of the file manager.
Register the primary hander in the app module, and the
Octoprint Comptaiblity handler in octoprint_compat.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Move logging setup to the Server class and enable asyncio debugging.
Sanitize debug logging for all "/access" endpoints so tokens and
passwords are not logged.
SIgned-off-by: Eric Callahan <arksine.code@gmail.com>
Rather than add these arguments to the config, use a method to access them from the server object.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Perform reads in a thread so File I/O does not block.
This patch also disables ETags for static files. Tornado's default behavior of caching file hashes will not work as many of Moonraker's can be updated. The previous workaround to this was to recalculate the checksum if the modified date changed. This is inefficient as its behavior is not much different than using "If-Modified-Since".
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This should prevent large file uploads from blocking the asyncio event loop for a long period of time.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This allows eligible components to register themselves as API transports. By default the WebsocketManager is registered.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Clients can use this in situations where a browser may
prompt the user to take action prior to sending the
request. After the user accepts, Moonraker will redirect the user to the url provided in the request.
SIgned-off-by: Eric Callahan <arksine.code@gmail.com>
Image files (.png) are still granted unauthorized access, however all other files require that the request be authorized.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Clients may pass a json web token via the query string's "access_token" argument to authorize requests that do not allow modified headers.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Replace non-ASCII characters with "?" and add escaped unicode version of the file name to the "Content-Disposition" header to fix problems with thumbnails and downloading for the gcode file with non-ASCII characters in filename.
Signed-off-by: Uladzimir Palekh <visor.rti@gmail.com>
Generally speaking static files do not require authorization, so there should be little harm in bypassing auth checks. This allows clients to retrieve assets without XHRs or requesting tokens.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Log the current user for each request. Dont' log requests that return with 200, 204, 206, or 304 in release mode.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
CONFIG CHANGE: This deprecates the "enabled" option in the [authorization] section. Authorization will be enabled if the section is included in moonraker.conf, otherwise it will be disabled.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Force an update to cached file hashes should the modified time change. Re-enable the "should_return_304" check so clients can re-implement caching.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Some static files, such as logs, can change size during a request. This results in a content length mismatch and error. Cap the amount read based on the original content length.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
