From 6e1c91d5e66f8cd54fa22fc17a688f25839ca3ce Mon Sep 17 00:00:00 2001 From: Bryan Newbold Date: Thu, 17 Sep 2020 20:00:51 -0700 Subject: web: route constraints on fcids and UUIDs Instead of accepting any string for these parameters and throwing a 400 error if not the correct type, implement better route matching at the framework level and return more 404s. This resolves several outstanding sentry exceptions. The "flask-uuid" was imported and seems to have been configured for this purpose previously, but I guess I never finished configuring it. --- python/fatcat_web/routes.py | 194 +++++++++++++++++++-------------------- python/tests/web_entity_views.py | 10 +- 2 files changed, 103 insertions(+), 101 deletions(-) diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py index 4dfbc29c..4c37dc09 100644 --- a/python/fatcat_web/routes.py +++ b/python/fatcat_web/routes.py @@ -22,7 +22,7 @@ from fatcat_web.forms import SavePaperNowForm ### Generic Entity Views #################################################### -@app.route('/container//history', methods=['GET']) +@app.route('/container//history', methods=['GET']) def container_history(ident): try: entity = api.get_container(ident) @@ -35,7 +35,7 @@ def container_history(ident): entity=entity, history=history) -@app.route('/creator//history', methods=['GET']) +@app.route('/creator//history', methods=['GET']) def creator_history(ident): try: entity = api.get_creator(ident) @@ -47,7 +47,7 @@ def creator_history(ident): entity=entity, history=history) -@app.route('/file//history', methods=['GET']) +@app.route('/file//history', methods=['GET']) def file_history(ident): try: entity = api.get_file(ident) @@ -59,7 +59,7 @@ def file_history(ident): entity=entity, history=history) -@app.route('/fileset//history', methods=['GET']) +@app.route('/fileset//history', methods=['GET']) def fileset_history(ident): try: entity = api.get_fileset(ident) @@ -71,7 +71,7 @@ def fileset_history(ident): entity=entity, history=history) -@app.route('/webcapture//history', methods=['GET']) +@app.route('/webcapture//history', methods=['GET']) def webcapture_history(ident): try: entity = api.get_webcapture(ident) @@ -83,7 +83,7 @@ def webcapture_history(ident): entity=entity, history=history) -@app.route('/release//history', methods=['GET']) +@app.route('/release//history', methods=['GET']) def release_history(ident): try: entity = api.get_release(ident) @@ -95,7 +95,7 @@ def release_history(ident): entity=entity, history=history) -@app.route('/work//history', methods=['GET']) +@app.route('/work//history', methods=['GET']) def work_history(ident): try: entity = api.get_work(ident) @@ -238,241 +238,241 @@ def generic_editgroup_entity_view(editgroup_id, entity_type, ident, view_templat return render_template(view_template, entity_type=entity_type, entity=entity, editgroup=editgroup) -@app.route('/container/', methods=['GET']) +@app.route('/container/', methods=['GET']) def container_view(ident): return generic_entity_view('container', ident, 'container_view.html') -@app.route('/container_', methods=['GET']) +@app.route('/container_', methods=['GET']) def container_underscore_view(ident): return redirect('/container/{}'.format(ident)) -@app.route('/container//coverage', methods=['GET']) +@app.route('/container//coverage', methods=['GET']) def container_view_coverage(ident): # note: there is a special hack to add entity._type_preservation for this endpoint return generic_entity_view('container', ident, 'container_view_coverage.html') -@app.route('/container//metadata', methods=['GET']) +@app.route('/container//metadata', methods=['GET']) def container_view_metadata(ident): return generic_entity_view('container', ident, 'entity_view_metadata.html') -@app.route('/container/rev/', methods=['GET']) +@app.route('/container/rev/', methods=['GET']) def container_revision_view(revision_id): - return generic_entity_revision_view('container', revision_id, 'container_view.html') + return generic_entity_revision_view('container', str(revision_id), 'container_view.html') -@app.route('/container/rev//metadata', methods=['GET']) +@app.route('/container/rev//metadata', methods=['GET']) def container_revision_view_metadata(revision_id): - return generic_entity_revision_view('container', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('container', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//container/', methods=['GET']) +@app.route('/editgroup//container/', methods=['GET']) def container_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'container', ident, 'container_view.html') -@app.route('/editgroup//container//metadata', methods=['GET']) +@app.route('/editgroup//container//metadata', methods=['GET']) def container_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'container', ident, 'entity_view_metadata.html') -@app.route('/creator/', methods=['GET']) +@app.route('/creator/', methods=['GET']) def creator_view(ident): return generic_entity_view('creator', ident, 'creator_view.html') -@app.route('/creator_', methods=['GET']) +@app.route('/creator_', methods=['GET']) def creator_underscore_view(ident): return redirect('/creator/{}'.format(ident)) -@app.route('/creator//metadata', methods=['GET']) +@app.route('/creator//metadata', methods=['GET']) def creator_view_metadata(ident): return generic_entity_view('creator', ident, 'entity_view_metadata.html') -@app.route('/creator/rev/', methods=['GET']) +@app.route('/creator/rev/', methods=['GET']) def creator_revision_view(revision_id): - return generic_entity_revision_view('creator', revision_id, 'creator_view.html') + return generic_entity_revision_view('creator', str(revision_id), 'creator_view.html') -@app.route('/creator/rev//metadata', methods=['GET']) +@app.route('/creator/rev//metadata', methods=['GET']) def creator_revision_view_metadata(revision_id): - return generic_entity_revision_view('creator', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('creator', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//creator/', methods=['GET']) +@app.route('/editgroup//creator/', methods=['GET']) def creator_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'creator', ident, 'creator_view.html') -@app.route('/editgroup//creator//metadata', methods=['GET']) +@app.route('/editgroup//creator//metadata', methods=['GET']) def creator_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'creator', ident, 'entity_view_metadata.html') -@app.route('/file/', methods=['GET']) +@app.route('/file/', methods=['GET']) def file_view(ident): return generic_entity_view('file', ident, 'file_view.html') -@app.route('/file_', methods=['GET']) +@app.route('/file_', methods=['GET']) def file_underscore_view(ident): return redirect('/file/{}'.format(ident)) -@app.route('/file//metadata', methods=['GET']) +@app.route('/file//metadata', methods=['GET']) def file_view_metadata(ident): return generic_entity_view('file', ident, 'entity_view_metadata.html') -@app.route('/file/rev/', methods=['GET']) +@app.route('/file/rev/', methods=['GET']) def file_revision_view(revision_id): - return generic_entity_revision_view('file', revision_id, 'file_view.html') + return generic_entity_revision_view('file', str(revision_id), 'file_view.html') -@app.route('/file/rev//metadata', methods=['GET']) +@app.route('/file/rev//metadata', methods=['GET']) def file_revision_view_metadata(revision_id): - return generic_entity_revision_view('file', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('file', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//file/', methods=['GET']) +@app.route('/editgroup//file/', methods=['GET']) def file_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'file', ident, 'file_view.html') -@app.route('/editgroup//file//metadata', methods=['GET']) +@app.route('/editgroup//file//metadata', methods=['GET']) def file_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'file', ident, 'entity_view_metadata.html') -@app.route('/fileset/', methods=['GET']) +@app.route('/fileset/', methods=['GET']) def fileset_view(ident): return generic_entity_view('fileset', ident, 'fileset_view.html') -@app.route('/fileset_', methods=['GET']) +@app.route('/fileset_', methods=['GET']) def fileset_underscore_view(ident): return redirect('/fileset/{}'.format(ident)) -@app.route('/fileset//metadata', methods=['GET']) +@app.route('/fileset//metadata', methods=['GET']) def fileset_view_metadata(ident): return generic_entity_view('fileset', ident, 'entity_view_metadata.html') -@app.route('/fileset/rev/', methods=['GET']) +@app.route('/fileset/rev/', methods=['GET']) def fileset_revision_view(revision_id): - return generic_entity_revision_view('fileset', revision_id, 'fileset_view.html') + return generic_entity_revision_view('fileset', str(revision_id), 'fileset_view.html') -@app.route('/fileset/rev//metadata', methods=['GET']) +@app.route('/fileset/rev//metadata', methods=['GET']) def fileset_revision_view_metadata(revision_id): - return generic_entity_revision_view('fileset', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('fileset', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//fileset/', methods=['GET']) +@app.route('/editgroup//fileset/', methods=['GET']) def fileset_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'fileset', ident, 'fileset_view.html') -@app.route('/editgroup//fileset//metadata', methods=['GET']) +@app.route('/editgroup//fileset//metadata', methods=['GET']) def fileset_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'fileset', ident, 'entity_view_metadata.html') -@app.route('/webcapture/', methods=['GET']) +@app.route('/webcapture/', methods=['GET']) def webcapture_view(ident): return generic_entity_view('webcapture', ident, 'webcapture_view.html') -@app.route('/webcapture_', methods=['GET']) +@app.route('/webcapture_', methods=['GET']) def webcapture_underscore_view(ident): return redirect('/webcapture/{}'.format(ident)) -@app.route('/webcapture//metadata', methods=['GET']) +@app.route('/webcapture//metadata', methods=['GET']) def webcapture_view_metadata(ident): return generic_entity_view('webcapture', ident, 'entity_view_metadata.html') -@app.route('/webcapture/rev/', methods=['GET']) +@app.route('/webcapture/rev/', methods=['GET']) def webcapture_revision_view(revision_id): - return generic_entity_revision_view('webcapture', revision_id, 'webcapture_view.html') + return generic_entity_revision_view('webcapture', str(revision_id), 'webcapture_view.html') -@app.route('/webcapture/rev//metadata', methods=['GET']) +@app.route('/webcapture/rev//metadata', methods=['GET']) def webcapture_revision_view_metadata(revision_id): - return generic_entity_revision_view('webcapture', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('webcapture', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//webcapture/', methods=['GET']) +@app.route('/editgroup//webcapture/', methods=['GET']) def webcapture_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'webcapture', ident, 'webcapture_view.html') -@app.route('/editgroup//webcapture//metadata', methods=['GET']) +@app.route('/editgroup//webcapture//metadata', methods=['GET']) def webcapture_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'webcapture', ident, 'entity_view_metadata.html') -@app.route('/release/', methods=['GET']) +@app.route('/release/', methods=['GET']) def release_view(ident): return generic_entity_view('release', ident, 'release_view.html') -@app.route('/release_', methods=['GET']) +@app.route('/release_', methods=['GET']) def release_underscore_view(ident): return redirect('/release/{}'.format(ident)) -@app.route('/release//contribs', methods=['GET']) +@app.route('/release//contribs', methods=['GET']) def release_view_contribs(ident): return generic_entity_view('release', ident, 'release_view_contribs.html') -@app.route('/release//references', methods=['GET']) +@app.route('/release//references', methods=['GET']) def release_view_references(ident): return generic_entity_view('release', ident, 'release_view_references.html') -@app.route('/release//metadata', methods=['GET']) +@app.route('/release//metadata', methods=['GET']) def release_view_metadata(ident): return generic_entity_view('release', ident, 'entity_view_metadata.html') -@app.route('/release/rev/', methods=['GET']) +@app.route('/release/rev/', methods=['GET']) def release_revision_view(revision_id): - return generic_entity_revision_view('release', revision_id, 'release_view.html') + return generic_entity_revision_view('release', str(revision_id), 'release_view.html') -@app.route('/release/rev//contribs', methods=['GET']) +@app.route('/release/rev//contribs', methods=['GET']) def release_revision_view_contribs(revision_id): - return generic_entity_revision_view('release', revision_id, 'release_view_contribs.html') + return generic_entity_revision_view('release', str(revision_id), 'release_view_contribs.html') -@app.route('/release/rev//references', methods=['GET']) +@app.route('/release/rev//references', methods=['GET']) def release_revision_view_references(revision_id): - return generic_entity_revision_view('release', revision_id, 'release_view_references.html') + return generic_entity_revision_view('release', str(revision_id), 'release_view_references.html') -@app.route('/release/rev//metadata', methods=['GET']) +@app.route('/release/rev//metadata', methods=['GET']) def release_revision_view_metadata(revision_id): - return generic_entity_revision_view('release', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('release', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//release/', methods=['GET']) +@app.route('/editgroup//release/', methods=['GET']) def release_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'release', ident, 'release_view.html') -@app.route('/editgroup//release//contribs', methods=['GET']) +@app.route('/editgroup//release//contribs', methods=['GET']) def release_editgroup_view_contribs(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'release', ident, 'release_view_contribs.html') -@app.route('/editgroup//release//references', methods=['GET']) +@app.route('/editgroup//release//references', methods=['GET']) def release_editgroup_view_references(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'release', ident, 'release_view_references.html') -@app.route('/editgroup//release//metadata', methods=['GET']) +@app.route('/editgroup//release//metadata', methods=['GET']) def release_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'release', ident, 'entity_view_metadata.html') -@app.route('/work/', methods=['GET']) +@app.route('/work/', methods=['GET']) def work_view(ident): return generic_entity_view('work', ident, 'work_view.html') -@app.route('/work_', methods=['GET']) +@app.route('/work_', methods=['GET']) def work_underscore_view(ident): return redirect('/work/{}'.format(ident)) -@app.route('/work//metadata', methods=['GET']) +@app.route('/work//metadata', methods=['GET']) def work_view_metadata(ident): return generic_entity_view('work', ident, 'entity_view_metadata.html') -@app.route('/work/rev/', methods=['GET']) +@app.route('/work/rev/', methods=['GET']) def work_revision_view(revision_id): - return generic_entity_revision_view('work', revision_id, 'work_view.html') + return generic_entity_revision_view('work', str(revision_id), 'work_view.html') -@app.route('/work/rev//metadata', methods=['GET']) +@app.route('/work/rev//metadata', methods=['GET']) def work_revision_view_metadata(revision_id): - return generic_entity_revision_view('work', revision_id, 'entity_view_metadata.html') + return generic_entity_revision_view('work', str(revision_id), 'entity_view_metadata.html') -@app.route('/editgroup//work/', methods=['GET']) +@app.route('/editgroup//work/', methods=['GET']) def work_editgroup_view(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'work', ident, 'work_view.html') -@app.route('/editgroup//work//metadata', methods=['GET']) +@app.route('/editgroup//work//metadata', methods=['GET']) def work_editgroup_view_metadata(editgroup_id, ident): return generic_editgroup_entity_view(editgroup_id, 'work', ident, 'entity_view_metadata.html') ### Views ################################################################### -@app.route('/editgroup/', methods=['GET']) +@app.route('/editgroup/', methods=['GET']) def editgroup_view(ident): try: eg = api.get_editgroup(str(ident)) @@ -498,7 +498,7 @@ def editgroup_view(ident): return render_template('editgroup_view.html', editgroup=eg, auth_to=auth_to) -@app.route('/editgroup//annotation', methods=['POST']) +@app.route('/editgroup//annotation', methods=['POST']) @login_required def editgroup_create_annotation(ident): if not app.testing: @@ -523,7 +523,7 @@ def editgroup_create_annotation(ident): raise ae return redirect('/editgroup/{}'.format(ident)) -@app.route('/editgroup//accept', methods=['POST']) +@app.route('/editgroup//accept', methods=['POST']) @login_required def editgroup_accept(ident): if not app.testing: @@ -540,7 +540,7 @@ def editgroup_accept(ident): abort(ae.status) return redirect('/editgroup/{}'.format(ident)) -@app.route('/editgroup//unsubmit', methods=['POST']) +@app.route('/editgroup//unsubmit', methods=['POST']) @login_required def editgroup_unsubmit(ident): if not app.testing: @@ -557,7 +557,7 @@ def editgroup_unsubmit(ident): abort(ae.status) return redirect('/editgroup/{}'.format(ident)) -@app.route('/editgroup//submit', methods=['POST']) +@app.route('/editgroup//submit', methods=['POST']) @login_required def editgroup_submit(ident): if not app.testing: @@ -574,7 +574,7 @@ def editgroup_submit(ident): abort(ae.status) return redirect('/editgroup/{}'.format(ident)) -@app.route('/editor/', methods=['GET']) +@app.route('/editor/', methods=['GET']) def editor_view(ident): try: entity = api.get_editor(ident) @@ -582,7 +582,7 @@ def editor_view(ident): abort(ae.status) return render_template('editor_view.html', editor=entity) -@app.route('/editor//editgroups', methods=['GET']) +@app.route('/editor//editgroups', methods=['GET']) def editor_editgroups(ident): try: editor = api.get_editor(ident) @@ -595,7 +595,7 @@ def editor_editgroups(ident): return render_template('editor_editgroups.html', editor=editor, editgroups=editgroups) -@app.route('/editor//annotations', methods=['GET']) +@app.route('/editor//annotations', methods=['GET']) def editor_annotations(ident): try: editor = api.get_editor(ident) @@ -634,7 +634,7 @@ def reviewable_view(): abort(ae.status) return render_template('editgroup_reviewable.html', entries=entries) -@app.route('/release//save', methods=['GET', 'POST']) +@app.route('/release//save', methods=['GET', 'POST']) def release_save(ident): form = SavePaperNowForm() @@ -831,7 +831,7 @@ def container_issnl_stats(issnl): abort(503) return jsonify(stats) -@app.route('/container//stats.json', methods=['GET', 'OPTIONS']) +@app.route('/container//stats.json', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_stats(ident): try: @@ -845,7 +845,7 @@ def container_ident_stats(ident): abort(503) return jsonify(stats) -@app.route('/container//ia_coverage_years.json', methods=['GET', 'OPTIONS']) +@app.route('/container//ia_coverage_years.json', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_ia_coverage_years_json(ident): try: @@ -860,7 +860,7 @@ def container_ident_ia_coverage_years_json(ident): histogram = [dict(year=h[0], in_ia=h[1], count=h[2]) for h in histogram] return jsonify({'container_id': ident, "histogram": histogram}) -@app.route('/container//ia_coverage_years.svg', methods=['GET', 'OPTIONS']) +@app.route('/container//ia_coverage_years.svg', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_ia_coverage_years_svg(ident): try: @@ -874,7 +874,7 @@ def container_ident_ia_coverage_years_svg(ident): abort(503) return ia_coverage_histogram(histogram).render_response() -@app.route('/container//preservation_by_year.json', methods=['GET', 'OPTIONS']) +@app.route('/container//preservation_by_year.json', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_preservation_by_year_json(ident): try: @@ -889,7 +889,7 @@ def container_ident_preservation_by_year_json(ident): abort(503) return jsonify({'container_id': ident, "histogram": histogram}) -@app.route('/container//preservation_by_year.svg', methods=['GET', 'OPTIONS']) +@app.route('/container//preservation_by_year.svg', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_preservation_by_year_svg(ident): try: @@ -907,7 +907,7 @@ def container_ident_preservation_by_year_svg(ident): merge_shadows=Config.FATCAT_MERGE_SHADOW_PRESERVATION, ).render_response() -@app.route('/container//preservation_by_volume.json', methods=['GET', 'OPTIONS']) +@app.route('/container//preservation_by_volume.json', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_preservation_by_volume_json(ident): try: @@ -921,7 +921,7 @@ def container_ident_preservation_by_volume_json(ident): abort(503) return jsonify({'container_id': ident, "histogram": histogram}) -@app.route('/container//preservation_by_volume.svg', methods=['GET', 'OPTIONS']) +@app.route('/container//preservation_by_volume.svg', methods=['GET', 'OPTIONS']) @crossdomain(origin='*',headers=['access-control-allow-origin','Content-Type']) def container_ident_preservation_by_volume_svg(ident): try: @@ -938,7 +938,7 @@ def container_ident_preservation_by_volume_svg(ident): merge_shadows=Config.FATCAT_MERGE_SHADOW_PRESERVATION, ).render_response() -@app.route('/release/.bib', methods=['GET']) +@app.route('/release/.bib', methods=['GET']) def release_bibtex(ident): try: entity = api.get_release(ident) @@ -948,7 +948,7 @@ def release_bibtex(ident): bibtex = citeproc_csl(csl, 'bibtex') return Response(bibtex, mimetype="text/plain") -@app.route('/release//citeproc', methods=['GET']) +@app.route('/release//citeproc', methods=['GET']) def release_citeproc(ident): style = request.args.get('style', 'harvard1') is_html = request.args.get('html', False) diff --git a/python/tests/web_entity_views.py b/python/tests/web_entity_views.py index 7b973ef2..4068a0c7 100644 --- a/python/tests/web_entity_views.py +++ b/python/tests/web_entity_views.py @@ -48,7 +48,7 @@ def test_entity_basics(app, mocker): rv = app.get('/{}/rev/{}'.format(entity_type, revision)) assert rv.status_code == 200 rv = app.get('/{}/rev/{}_something'.format(entity_type, revision)) - assert rv.status_code == 400 + assert rv.status_code == 404 rv = app.get('/{}/rev/{}/metadata'.format(entity_type, revision)) assert rv.status_code == 200 print('/editgroup/aaaaaaaaaaaabo53aaaaaaaaaq/{}/{}'.format(entity_type, ident)) @@ -59,11 +59,13 @@ def test_entity_basics(app, mocker): # bad requests rv = app.get('/{}/9999999999'.format(entity_type)) - assert rv.status_code == 400 + assert rv.status_code == 404 rv = app.get('/{}/9999999999/history'.format(entity_type)) - assert rv.status_code == 400 + assert rv.status_code == 404 rv = app.get('/{}/f1f046a3-45c9-ffff-ffff-ffffffffffff'.format(entity_type)) - assert rv.status_code == 400 + assert rv.status_code == 404 + rv = app.get('/{}/rev/f1f046a3-45c9-ffff-ffff-fffffffff'.format(entity_type)) + assert rv.status_code == 404 rv = app.get('/{}/ccccccccccccccccccccccccca'.format(entity_type)) assert rv.status_code == 404 -- cgit v1.2.3