crafty-4/app/classes/web/websocket_handler.py

import json
import logging

from urllib.parse import parse_qsl
import tornado.websocket
from app.classes.shared.models import Users, db_helper
from app.classes.shared.helpers import helper
from app.classes.web.websocket_helper import websocket_helper

logger = logging.getLogger(__name__)


class SocketHandler(tornado.websocket.WebSocketHandler):

    def initialize(self, controller=None, tasks_manager=None, translator=None):
        self.controller = controller
        self.tasks_manager = tasks_manager
        self.translator = translator

    def get_remote_ip(self):
        remote_ip = self.request.headers.get("X-Real-IP") or \
                    self.request.headers.get("X-Forwarded-For") or \
                    self.request.remote_ip
        return remote_ip

    def check_auth(self):
        user_data_cookie_raw = self.get_secure_cookie('user_data')

        if user_data_cookie_raw and user_data_cookie_raw.decode('utf-8'):
            user_data_cookie = user_data_cookie_raw.decode('utf-8')
            user_id = json.loads(user_data_cookie)['user_id']
            query = Users.select().where(Users.user_id == user_id)
            if query.exists():
                return True
        return False


    def open(self):
        logger.debug('Checking WebSocket authentication')
        if self.check_auth():
            self.handle()
        else:
            websocket_helper.send_message(self, 'notification', 'Not authenticated for WebSocket connection')
            self.close()
            db_helper.add_to_audit_log_raw('unknown', 0, 0, 'Someone tried to connect via WebSocket without proper authentication', self.get_remote_ip())
            websocket_helper.broadcast('notification', 'Someone tried to connect via WebSocket without proper authentication')
            logger.warning('Someone tried to connect via WebSocket without proper authentication')

    def handle(self):
        self.page = self.get_query_argument('page')
        self.page_query_params = dict(parse_qsl(helper.remove_prefix(
            self.get_query_argument('page_query_params'),
            '?'
        )))
        websocket_helper.add_client(self)
        logger.debug('Opened WebSocket connection')
        # websocket_helper.broadcast('notification', 'New client connected')

    def on_message(self, rawMessage):

        logger.debug('Got message from WebSocket connection {}'.format(rawMessage))
        message = json.loads(rawMessage)
        logger.debug('Event Type: {}, Data: {}'.format(message['event'], message['data']))

    def on_close(self):
        websocket_helper.remove_client(self)
        logger.debug('Closed WebSocket connection')
        # websocket_helper.broadcast('notification', 'Client disconnected')