X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/635c50159ffb630a3494c71576e6f38d37f95f19..de935728632b0969362c56e9f66d13295bde91f8:/cookbooks/tile/templates/default/export.erb diff --git a/cookbooks/tile/templates/default/export.erb b/cookbooks/tile/templates/default/export.erb index b3acb9223..7d1b8c5bf 100644 --- a/cookbooks/tile/templates/default/export.erb +++ b/cookbooks/tile/templates/default/export.erb @@ -3,12 +3,15 @@ import cairo import cgi +import Cookie import mapnik import os +import pyotp +import resource import shutil +import signal import sys import tempfile -import resource # Limit maximum CPU time # The Postscript output format can sometimes take hours @@ -37,7 +40,8 @@ def file_size(file): return os.fstat(file.fileno()).st_size # Routine to report an error -def output_error(message): +def output_error(message, status = "400 Bad Request"): + print "Status: %s" % status output_headers("text/html") print "" print "" @@ -49,26 +53,49 @@ def output_error(message): print "" print "" +# Create TOTP token validator +totp = pyotp.TOTP('<%= @totp_key %>', interval = 3600) + # Parse CGI parameters form = cgi.FieldStorage() +# Import cookies +cookies = Cookie.SimpleCookie(os.environ.get('HTTP_COOKIE')) + # Make sure we have a user agent if not os.environ.has_key('HTTP_USER_AGENT'): os.environ['HTTP_USER_AGENT'] = 'NONE' +# Make sure we have a referer +if not os.environ.has_key('HTTP_REFERER'): + os.environ['HTTP_REFERER'] = 'NONE' + +# Look for TOTP token +if cookies.has_key('_osm_totp_token'): + token = cookies['_osm_totp_token'].value +else: + token = None + # Get the load average -loadavg = float(open("/proc/loadavg").readline().split(" ")[0]) +cputimes = [float(n) for n in open("/proc/stat").readline().rstrip().split()[1:-1]] +idletime = cputimes[3] / sum(cputimes) # Process the request -if loadavg > 70.0: - # Abort if the load average on the machine is too high - print "Status: 503 Service Unavailable" - output_error("The load average on the server is too high at the moment. Please wait a few minutes before trying again.") +if not totp.verify(token, valid_window = 1): + # Abort if the request didn't have a valid TOTP token + output_error("Missing or invalid token") +elif idletime < 0.2: + # Abort if the CPU idle time on the machine is too low + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% @blocks["user_agents"].each do |user_agent| -%> elif os.environ['HTTP_USER_AGENT'] == '<%= user_agent %>': # Block scraper - print "Status: 503 Service Unavailable" - output_error("The load average on the server is too high at the moment. Please wait a few minutes before trying again.") + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") +<% end -%> +<% @blocks["referers"].each do |referer| -%> +elif os.environ['HTTP_REFERER'] == '<%= referer %>': + # Block scraper + output_error("The server is too busy at the moment. Please wait a few minutes before trying again.", "503 Service Unavailable") <% end -%> elif not form.has_key("bbox"): # No bounding box specified @@ -115,39 +142,51 @@ else: # Zoom the map to the bounding box map.zoom_to_box(bbox) + # Fork so that we can handle crashes rendering the map + pid = os.fork() + # Render the map - if form.getvalue("format") == "png": - image = mapnik.Image(map.width, map.height) - mapnik.render(map, image) - png = image.tostring("png") - output_headers("image/png", "map.png", len(png)) - sys.stdout.write(png) - elif form.getvalue("format") == "jpeg": - image = mapnik.Image(map.width, map.height) - mapnik.render(map, image) - jpeg = image.tostring("jpeg") - output_headers("image/jpeg", "map.jpg", len(jpeg)) - sys.stdout.write(jpeg) - elif form.getvalue("format") == "svg": - file = tempfile.NamedTemporaryFile(prefix = "export") - surface = cairo.SVGSurface(file.name, map.width, map.height) - mapnik.render(map, surface) - surface.finish() - output_headers("image/svg+xml", "map.svg", file_size(file)) - output_file(file) - elif form.getvalue("format") == "pdf": - file = tempfile.NamedTemporaryFile(prefix = "export") - surface = cairo.PDFSurface(file.name, map.width, map.height) - mapnik.render(map, surface) - surface.finish() - output_headers("application/pdf", "map.pdf", file_size(file)) - output_file(file) - elif form.getvalue("format") == "ps": - file = tempfile.NamedTemporaryFile(prefix = "export") - surface = cairo.PSSurface(file.name, map.width, map.height) - mapnik.render(map, surface) - surface.finish() - output_headers("application/postscript", "map.ps", file_size(file)) - output_file(file) + if pid == 0: + if form.getvalue("format") == "png": + image = mapnik.Image(map.width, map.height) + mapnik.render(map, image) + png = image.tostring("png") + output_headers("image/png", "map.png", len(png)) + sys.stdout.write(png) + elif form.getvalue("format") == "jpeg": + image = mapnik.Image(map.width, map.height) + mapnik.render(map, image) + jpeg = image.tostring("jpeg") + output_headers("image/jpeg", "map.jpg", len(jpeg)) + sys.stdout.write(jpeg) + elif form.getvalue("format") == "svg": + file = tempfile.NamedTemporaryFile(prefix = "export") + surface = cairo.SVGSurface(file.name, map.width, map.height) + mapnik.render(map, surface) + surface.finish() + output_headers("image/svg+xml", "map.svg", file_size(file)) + output_file(file) + elif form.getvalue("format") == "pdf": + file = tempfile.NamedTemporaryFile(prefix = "export") + surface = cairo.PDFSurface(file.name, map.width, map.height) + mapnik.render(map, surface) + surface.finish() + output_headers("application/pdf", "map.pdf", file_size(file)) + output_file(file) + elif form.getvalue("format") == "ps": + file = tempfile.NamedTemporaryFile(prefix = "export") + surface = cairo.PSSurface(file.name, map.width, map.height) + mapnik.render(map, surface) + surface.finish() + output_headers("application/postscript", "map.ps", file_size(file)) + output_file(file) + else: + output_error("Unknown format '%s'" % form.getvalue("format")) else: - output_error("Unknown format '%s'" % form.getvalue("format")) + pid, status = os.waitpid(pid, 0) + if status & 0xff == signal.SIGXCPU: + output_error("CPU time limit exceeded", "509 Resource Limit Exceeded") + elif status & 0xff == signal.SIGSEGV: + output_error("Memory limit exceeded", "509 Resource Limit Exceeded") + elif status != 0: + output_error("Internal server error", "500 Internal Server Error")