[Calypso] [PATCH] log additional user-agent information

Guido Günther agx at sigxcpu.org
Sat Apr 9 11:01:59 PDT 2016


On Sat, Apr 09, 2016 at 05:32:00PM +0000, Jelmer Vernooij wrote:
> From: chrysn <chrysn at fsfe.org>
> 
> when a request comes from a web browser, the User-Agent in the request
> header is the user's web browser, but what's more important in this
> situation is which javascript program (ie web site) the browser had
> open. the relevant information is always encoded in the Origin header
> (for all modern browser's requests), and some clients set their own
> version etc in the X-Client header.
> ---
>  calypso/__init__.py |  7 ++++++-
>  calypso/webdav.py   | 16 +++++++++++-----
>  2 files changed, 17 insertions(+), 6 deletions(-)
> 
> diff --git a/calypso/__init__.py b/calypso/__init__.py
> index 38a08d7..18cb880 100644
> --- a/calypso/__init__.py
> +++ b/calypso/__init__.py
> @@ -83,7 +83,12 @@ def _check(request, function):
>      # Also send UNAUTHORIZED if there's no collection. Otherwise one
>      # could probe the server for (non-)existing collections.
>      if request.server.acl.has_right(owner, user, password):
> -        function(request, context={"user": user, "user-agent": request.headers.get("User-Agent", None)})
> +        function(request, context={
> +            "user": user,
> +            "user-agent": request.headers.get("User-Agent", None),
> +            "x-client": request.headers.get("X-client", None),
> +            "origin": request.headers.get("Origin", None),
> +            })

I wonder if it wouldn't be nicer to pass the whole request.headers into
context and treat is as opaque dictionary where we can pull out data
there instead of adding more and more fields to context?

>      else:
>          request.send_calypso_response(client.UNAUTHORIZED, 0)
>          request.send_header(
> diff --git a/calypso/webdav.py b/calypso/webdav.py
> index 1bcfecc..d181948 100644
> --- a/calypso/webdav.py
> +++ b/calypso/webdav.py
> @@ -329,7 +329,7 @@ class Collection(object):
>          args = ["git", "commit", "--allow-empty"]
>          env = {}
>  
> -        message = context.get('action', 'other action')
> +        message = context.get('action', 'other action') + "\n\n"
>  
>          if "user" in context:
>              # use environment variables instead of --author to avoid git
> @@ -340,10 +340,16 @@ class Collection(object):
>              # information explicitly in the config file. (slicing it in after
>              # the git command as position is important with git arguments)
>              args[1:1] = ["-c", "advice.implicitIdentity=false"]
> -        if "user-agent" in context:
> -            message += u"\n\nUser-Agent: %r"%context['user-agent']
> -
> -        args.extend(["-m", message.encode('utf8')])
> +        if context['user-agent']:
> +            message += u"User-Agent: %r\n" % context['user-agent']
> +        if context['x-client']:
> +            # set by web clients like carddavmate / caldavzap
> +            message += u"X-Client: %r\n" % context['x-client']
> +        if context['origin']:
> +            # set by everything that does CORS XHR
> +            message += u"Origin: %r\n" % context['origin']
> +
> +        args.extend(["-m", message.encode('utf8').rstrip("\n") + "\n"])
>  
>          subprocess.check_call(args, cwd=self.path, env=env)
>  

Looks good to me othewise (although it makes me rebase the GSSAPI
patch).

Cheers
 -- Guido


More information about the Calypso mailing list