path: root/paste/__init__.py

from base64 import b64decode, b64encode
from functools import wraps
from wsgiref.util import request_uri
from typing import Optional, Any, Protocol
from collections.abc import Callable, Iterable
import binascii
import traceback
from sqlite3 import Connection

from . import db
from . import store


class StartResponse(Protocol):
    def __call__(
        self,
        status: str,
        headers: list[tuple[str, str]],
        exc_info: Optional[tuple] = ...,
        /,
    ) -> Callable[[bytes], object]:
        ...


Env = dict[str, Any]
App = Callable[[Env, StartResponse], Iterable[bytes]]
Response = Iterable[bytes]

DB_PATH = "paste.sqlite3"


def simple_response(start_response: StartResponse, status: str) -> Response:
    body = (status + "\n").encode()
    start_response(
        status,
        [
            ("Content-Type", "text/plain"),
            ("Content-Length", str(len(body))),
        ],
    )
    return [body]


def redirect(start_response: StartResponse, location: bytes, typ: str) -> Response:
    status = {
        "text/x.redirect.301": "301 Moved Permanently",
        "text/x.redirect.302": "302 Found",
    }.get(typ)
    if not status:
        return simple_response(start_response, "500 Internal Server Error")
    body = location
    start_response(
        status,
        [
            ("Location", location.decode()),
            ("Content-Type", "text/plain"),
            ("Content-Length", str(len(body))),
        ],
    )
    return [body]


ProtoMiddleware = Callable[[App, Env, StartResponse], Response]
Middleware = Callable[[App], App]


def middleware(f: ProtoMiddleware) -> Middleware:
    @wraps(f)
    def outer(app: App):
        @wraps(app)
        def inner(environ: Env, start_response: StartResponse):
            return f(app, environ, start_response)

        return inner

    return outer


@middleware
def catch_exceptions(app: App, environ: Env, start_response: StartResponse) -> Response:
    try:
        return app(environ, start_response)
    except Exception as e:
        print("".join(traceback.format_exception(type(e), e, e.__traceback__)))
        return simple_response(start_response, "500 Internal Server Error")


@middleware
def validate_method(app: App, environ: Env, start_response: StartResponse) -> Response:
    if environ["REQUEST_METHOD"] in {"GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"}:
        return app(environ, start_response)
    if environ["REQUEST_METHOD"] in {"CONNECT", "TRACE", "PATCH"}:
        return simple_response(start_response, "405 Method Not Allowed")
    return simple_response(start_response, "501 Not Implemented")


@middleware
def options(app: App, environ: Env, start_response: StartResponse) -> Response:
    if environ["REQUEST_METHOD"] != "OPTIONS":
        return app(environ, start_response)
    start_response(
        "204 No Content",
        [
            ("Allow", "GET, HEAD, POST, PUT, DELETE, OPTIONS"),
        ],
    )
    return []


@middleware
def open_database(app: App, environ: Env, start_response: StartResponse) -> Response:
    db_path = environ.get("PASTE_DB", DB_PATH)
    with db.connect(db_path) as conn:
        environ["paste.db_conn"] = conn
        return app(environ, start_response)


def check_auth(conn: Connection, auth: Optional[str]) -> bool:
    if not auth or not auth.startswith("Bearer "):
        return False
    try:
        token = b64decode(auth.removeprefix("Bearer ").encode())
    except binascii.Error:
        return False
    (count,) = conn.execute(
        "SELECT COUNT(*) FROM token WHERE hash = sha256(?)", (token,)
    ).fetchone()
    return count == 1


@middleware
def authenticate(app: App, environ: Env, start_response: StartResponse) -> Response:
    conn = environ["paste.db_conn"]
    token = environ.get("HTTP_AUTHORIZATION")
    if environ["REQUEST_METHOD"] in {"GET", "HEAD"} or check_auth(conn, token):
        return app(environ, start_response)
    return simple_response(start_response, "401 Unauthorized")


@catch_exceptions
@validate_method
@options
@open_database
@authenticate
def application(environ: Env, start_response: StartResponse) -> Response:
    conn = environ["paste.db_conn"]
    name = environ["PATH_INFO"]
    if environ["REQUEST_METHOD"] == "GET":
        row = store.get(conn, name)
        if not row:
            return simple_response(start_response, "404 Not Found")
        content_type, content_hash, content = row
        if content_type.startswith("text/x.redirect"):
            return redirect(start_response, content, content_type)
        start_response(
            "200 OK",
            [
                ("Content-Type", content_type),
                ("Content-Length", str(len(content))),
                ("ETag", b64encode(content_hash).decode()),
            ],
        )
        return [content]
    elif environ["REQUEST_METHOD"] == "HEAD":
        row = store.head(conn, name)
        if not row:
            return simple_response(start_response, "404 Not Found")
        content_type, content_hash, content_length, opt_content = row
        if content_type.startswith("text/x.redirect"):
            return redirect(start_response, opt_content, content_type)
        start_response(
            "200 OK",
            [
                ("Content-Type", content_type),
                ("Content-Length", content_length),
                ("ETag", b64encode(content_hash).decode()),
            ],
        )
        return []
    elif environ["REQUEST_METHOD"] in {"POST", "PUT"}:
        content_type = environ.get("CONTENT_TYPE", "text/plain")
        content_length = int(environ["CONTENT_LENGTH"])
        content = environ["wsgi.input"].read(content_length)
        store.put(conn, name, content, content_type)
        return redirect(
            start_response, request_uri(environ).encode(), "text/x.redirect.302"
        )
    elif environ["REQUEST_METHOD"] == "DELETE":
        store.delete(conn, name)
        return simple_response(start_response, "204 No Content")
    return simple_response(start_response, "500 Internal Server Error")