)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a662e066be3fbb8337cc103536d05d96346a8172","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d48011b6_932773bc","updated":"2022-01-19 19:45:46.000000000","message":"Now I want to write a recursive downloader! wget --recursive *works*, but it leaves the query strings on the downloaded files...\n\nIf you want to see what it looks like in practice, check out https://storage.tburke.duckdns.org/v1/TEMP_burke/pictures/old-desktop/pics/200606%20-%20France/?temp_url_sig\u003d34a23ef95dd50a4d25f41d28eb242dd7c3d117a8\u0026temp_url_expires\u003d2022-01-31T08:00:00Z\u0026temp_url_prefix\u003dold-desktop/pics/200606%20-%20France/","commit_id":"302a920e2c8fce8cacb144eabba5017a7fcb5342"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"fa456e9744daa1f4098076dc0641311aadc0b113","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"2ec110fa_72bb4ea0","updated":"2022-01-21 04:54:29.000000000","message":"working through the code. Think it mostly makes sense so far. But definitely want to run it and test it out for myself.\n\nJust ran out of time for the moment, this comment if more for me ;) \n\n","commit_id":"302a920e2c8fce8cacb144eabba5017a7fcb5342"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"f787b7633f1211e13241d33ce07427d6edd685c1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"491b858a_cc592fe7","updated":"2022-03-15 05:17:44.000000000","message":"I\u0027m\u0027a just put this out there: https://gist.github.com/tipabu/0af6df223aaf418271f31e5428fa1cd1","commit_id":"71cd8f784fe0263b5ef0b3d62d5cbdb09d0a7947"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a3521ff7831301c8b4cbfa9d13190477c217b8ff","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"98e788cc_e16a5825","updated":"2022-02-19 04:45:52.000000000","message":"recheck","commit_id":"71cd8f784fe0263b5ef0b3d62d5cbdb09d0a7947"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"3b0c12742fa8d8d7c5b2375e47aad69bae458a9e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"c151ddce_32b66d74","updated":"2022-08-16 06:20:41.000000000","message":"Had a closer look at this today. And is looking pretty great. I wonder if the static web doc could talk about this as an option? Otherwise we support it, but never talk about it.","commit_id":"f9b9820713a4bcec7c0029b1550afd13642b3137"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"64a0c89abfb6d158a7608d24784ad02adb619fa8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"e30ea82f_3af5808d","updated":"2023-02-23 21:02:08.000000000","message":"recheck\n\nNo obvious reason for the timeouts; tests seemed to be making progress fine.","commit_id":"c964c8f788deec985983e0bf4944391e321e7a0b"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"5bfb6ddbd12672d32d6f83b1a95808fc61e0cd38","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"a28cc9a8_0909ba85","updated":"2023-02-26 05:30:56.000000000","message":"recheck\n\nTempest failure in identity; nothing to do with us.","commit_id":"c964c8f788deec985983e0bf4944391e321e7a0b"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"6e4838d8a324fe421c53b2f1fd6a55120cb6e200","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"6bfd1efd_c50b0127","updated":"2024-02-02 21:45:32.000000000","message":"OK, addressed the two concerns, but realized that I\u0027ve got two open questions I\u0027d like some input on. I\u0027m not opposed to us merging _without_ addressing them, but I\u0027d appreciate some feedback.","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"330da609484ca2ad3687dd70b83fe3b68e68b38a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"dad39a63_1ba679f8","updated":"2024-02-02 06:32:16.000000000","message":"This is looking really awesome. Just 2 really nits, but I mention them anyway.\nOtherwise looking awesome and I\u0027m almost ready to +2!","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"b72a8dbbece9fc74b8bc8f6795f2aed04996449a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"238c5b66_4419ddc9","updated":"2024-02-05 05:17:38.000000000","message":"This is great! Finally got it working for myself in my VSAIO. Because we\u0027re talking staticweb the prefix has to be a psuedo container ending in \u0027/\u0027. If pointing to the root container I needed to have the path end in / with a prefix of \u0027\u0027.\nFinally, it _ONLY_ supports prefix tempurls, which you do say :face_palm:, but when I originally tested just the conainer it wasn\u0027t working (tip for those testing this patch).\n\nWe probably should mention these parcularities, unless it\u0027s just my inexperence with staticweb?\n\nIf others don\u0027t agree, happy to change my vote 😊","commit_id":"46707dae28733e2a734bc57bbfcc57e46680a81a"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"d2f1b355714b8f47cb73bd7d7f4434c40fbb64b2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"765d91aa_27d2efd4","updated":"2024-02-28 06:15:36.000000000","message":"Let\u0027s land this thing. Great work Tim!","commit_id":"8c4e65a6b5cf14dc0335674cfe8018c1825987e1"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"0ea1f888fcf0905d62f513928e77ebe8a73df7fe","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":14,"id":"aec42cd5_4c7aeab2","updated":"2024-02-20 06:00:55.000000000","message":"Yup I agree, I\u0027d rather us document (like you\u0027ve now done) the use of pseudo folders for prefix tempurls for static web, so you have to know what your doing.\n\nSo I think this is ready to go!","commit_id":"8c4e65a6b5cf14dc0335674cfe8018c1825987e1"}],"swift/common/middleware/staticweb.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a662e066be3fbb8337cc103536d05d96346a8172","unresolved":false,"context_lines":[{"line_number":291,"context_line":"            sig, expires, tempurl_prefix, _filename, _inline, ip_range \u003d \\"},{"line_number":292,"context_line":"                get_temp_url_info(env)"},{"line_number":293,"context_line":"            if tempurl_prefix:"},{"line_number":294,"context_line":"                tempurl_qs \u003d \u0027?\u0027 + \u0027\u0026\u0027.join(["},{"line_number":295,"context_line":"                    \u0027temp_url_prefix\u003d%s\u0027 % quote(tempurl_prefix),"},{"line_number":296,"context_line":"                    \u0027temp_url_expires\u003d%s\u0027 % expires,"},{"line_number":297,"context_line":"                    \u0027temp_url_sig\u003d%s\u0027 % sig,"}],"source_content_type":"text/x-python","patch_set":1,"id":"003b9940_5d751400","line":294,"range":{"start_line":294,"start_character":36,"end_line":294,"end_character":37},"updated":"2022-01-19 19:45:46.000000000","message":"This should probably get HTML-escaped.","commit_id":"ee8d44700efed9da849569fc0868c6f7509a2a9d"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4aa2b967a954d65947e6c5e383cf35b0dce5864c","unresolved":true,"context_lines":[{"line_number":289,"context_line":""},{"line_number":290,"context_line":"        tempurl_qs \u003d tempurl_prefix \u003d \u0027\u0027"},{"line_number":291,"context_line":"        if env.get(\u0027REMOTE_USER\u0027) \u003d\u003d \u0027.wsgi.tempurl\u0027:"},{"line_number":292,"context_line":"            sig, expires, tempurl_prefix, _filename, _inline, ip_range \u003d \\"},{"line_number":293,"context_line":"                get_temp_url_info(env)"},{"line_number":294,"context_line":"            if tempurl_prefix is not None:"},{"line_number":295,"context_line":"                tempurl_qs \u003d \u0027?\u0027 + \u0027\u0026amp;\u0027.join(["}],"source_content_type":"text/x-python","patch_set":7,"id":"6f3163c1_a8279986","line":292,"range":{"start_line":292,"start_character":17,"end_line":292,"end_character":24},"updated":"2022-08-03 06:10:17.000000000","message":"Hrm. So if a client brings an expiry like 2023-01-01T08:00:00Z, it comes out as 1672560000 here...\n\nNot a deal-breaker, but a bit of a rough edge.","commit_id":"e2bf4d557e2575973c851a9b6068fedaabca24f8"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"8ba424fca936c4cb16eabcdfd45ab93550dca57c","unresolved":false,"context_lines":[{"line_number":289,"context_line":""},{"line_number":290,"context_line":"        tempurl_qs \u003d tempurl_prefix \u003d \u0027\u0027"},{"line_number":291,"context_line":"        if env.get(\u0027REMOTE_USER\u0027) \u003d\u003d \u0027.wsgi.tempurl\u0027:"},{"line_number":292,"context_line":"            sig, expires, tempurl_prefix, _filename, _inline, ip_range \u003d \\"},{"line_number":293,"context_line":"                get_temp_url_info(env)"},{"line_number":294,"context_line":"            if tempurl_prefix is not None:"},{"line_number":295,"context_line":"                tempurl_qs \u003d \u0027?\u0027 + \u0027\u0026amp;\u0027.join(["}],"source_content_type":"text/x-python","patch_set":7,"id":"806523b8_20f4c78a","line":292,"range":{"start_line":292,"start_character":17,"end_line":292,"end_character":24},"in_reply_to":"6f3163c1_a8279986","updated":"2022-08-15 19:36:12.000000000","message":"Done","commit_id":"e2bf4d557e2575973c851a9b6068fedaabca24f8"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"6e4838d8a324fe421c53b2f1fd6a55120cb6e200","unresolved":true,"context_lines":[{"line_number":293,"context_line":""},{"line_number":294,"context_line":"        tempurl_qs \u003d tempurl_prefix \u003d \u0027\u0027"},{"line_number":295,"context_line":"        if env.get(\u0027REMOTE_USER\u0027) \u003d\u003d \u0027.wsgi.tempurl\u0027:"},{"line_number":296,"context_line":"            sig, expires, tempurl_prefix, _filename, _inline, ip_range \u003d \\"},{"line_number":297,"context_line":"                get_temp_url_info(env)"},{"line_number":298,"context_line":"            if tempurl_prefix is not None:"},{"line_number":299,"context_line":"                tempurl_qs \u003d \u0027?\u0027 + \u0027\u0026amp;\u0027.join(["}],"source_content_type":"text/x-python","patch_set":12,"id":"9d659b1e_a38a7ad2","line":296,"range":{"start_line":296,"start_character":53,"end_line":296,"end_character":60},"updated":"2024-02-02 21:45:32.000000000","message":"Open question: should we maintain `inline`-ness?","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"26d821e667f0bef07d7bbd9ff5be495cf9e1180d","unresolved":true,"context_lines":[{"line_number":293,"context_line":""},{"line_number":294,"context_line":"        tempurl_qs \u003d tempurl_prefix \u003d \u0027\u0027"},{"line_number":295,"context_line":"        if env.get(\u0027REMOTE_USER\u0027) \u003d\u003d \u0027.wsgi.tempurl\u0027:"},{"line_number":296,"context_line":"            sig, expires, tempurl_prefix, _filename, _inline, ip_range \u003d \\"},{"line_number":297,"context_line":"                get_temp_url_info(env)"},{"line_number":298,"context_line":"            if tempurl_prefix is not None:"},{"line_number":299,"context_line":"                tempurl_qs \u003d \u0027?\u0027 + \u0027\u0026amp;\u0027.join(["}],"source_content_type":"text/x-python","patch_set":12,"id":"7277e049_28ad92d0","line":296,"range":{"start_line":296,"start_character":53,"end_line":296,"end_character":60},"in_reply_to":"8a6419aa_74c87bc2","updated":"2024-02-05 21:44:30.000000000","message":"So staticweb listings will always be inline due to the carve-out:\n```\nif content_generator \u003d\u003d \u0027staticweb\u0027:\n    inline_disposition \u003d True\n```\nWhat I was debating about was whether to preserve the `inline` param (if present) on the links staticweb generates. So, for example, https://storage.tburke.duckdns.org/v1/TEMP_burke/pictures/old-desktop/pics/201106%20-%20Japan/?temp_url_sig\u003dc71e8fb0fe374b733f7d74c750b3f516b1d04c63\u0026temp_url_expires\u003d2024-03-01T08:00:00Z\u0026temp_url_prefix\u003dold-desktop/pics/201106%20-%20Japan/\u0026inline would have the pictures show in-browser when you click through to each, while dropping the `\u0026inline` from the listing link would generate download links.\n\nI\u0027m torn -- I see a real utility with `inline`, but I lump it together with `filename` (which definitely *shouldn\u0027t* be preserved) as being more of a client option (in no small part because it\u0027s not baked into the signature). As a result, you *can\u0027t* actually\n\n\u003e give access to something that you want to ensure is viewed in the broser\n\nsince the user could always drop the `\u0026inline` (or just use `curl` to download).","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"b72a8dbbece9fc74b8bc8f6795f2aed04996449a","unresolved":true,"context_lines":[{"line_number":293,"context_line":""},{"line_number":294,"context_line":"        tempurl_qs \u003d tempurl_prefix \u003d \u0027\u0027"},{"line_number":295,"context_line":"        if env.get(\u0027REMOTE_USER\u0027) \u003d\u003d \u0027.wsgi.tempurl\u0027:"},{"line_number":296,"context_line":"            sig, expires, tempurl_prefix, _filename, _inline, ip_range \u003d \\"},{"line_number":297,"context_line":"                get_temp_url_info(env)"},{"line_number":298,"context_line":"            if tempurl_prefix is not None:"},{"line_number":299,"context_line":"                tempurl_qs \u003d \u0027?\u0027 + \u0027\u0026amp;\u0027.join(["}],"source_content_type":"text/x-python","patch_set":12,"id":"8a6419aa_74c87bc2","line":296,"range":{"start_line":296,"start_character":53,"end_line":296,"end_character":60},"in_reply_to":"9d659b1e_a38a7ad2","updated":"2024-02-05 05:17:38.000000000","message":"in regards too what? inline disposition? I guess it makes sense for tempurl if you want to give access to something that you want to ensure is viewed in the broser.. and static web we so always want.\n\nOr are you talking about how relevent it really is to tempurl, ie just get browsers do what they want?","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"330da609484ca2ad3687dd70b83fe3b68e68b38a","unresolved":true,"context_lines":[{"line_number":305,"context_line":"                    tempurl_qs +\u003d \u0027temp_url_ip_range\u003d%s\u0027 % quote(ip_range)"},{"line_number":306,"context_line":""},{"line_number":307,"context_line":"        headers \u003d {\u0027Content-Type\u0027: \u0027text/html; charset\u003dUTF-8\u0027,"},{"line_number":308,"context_line":"                   \u0027X-Backend-Content-Generator\u0027: \u0027staticweb\u0027}"},{"line_number":309,"context_line":"        body \u003d \u0027\u003c!DOCTYPE html\u003e\\n\u0027 \\"},{"line_number":310,"context_line":"               \u0027\u003chtml\u003e\\n\u0027 \\"},{"line_number":311,"context_line":"               \u0027 \u003chead\u003e\\n\u0027 \\"}],"source_content_type":"text/x-python","patch_set":12,"id":"60f82cfd_54cf3019","line":308,"updated":"2024-02-02 06:32:16.000000000","message":"And this is where we add the backend response header to tell tempurl that the content is from staticweb and to let it through.","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"b72a8dbbece9fc74b8bc8f6795f2aed04996449a","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Additionally, prefix-based :ref:`tempurl` parameters may be used to authorize"},{"line_number":73,"context_line":"requests instead of making the whole container publicly readable. This gives"},{"line_number":74,"context_line":"clients dynamic discoverability of the objects available within that prefix."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"By default, the listings will be rendered with a label of"},{"line_number":77,"context_line":"\"Listing of /v1/account/container/path\".  This can be altered by"}],"source_content_type":"text/x-python","patch_set":13,"id":"16a7b960_8f0167dc","line":74,"updated":"2024-02-05 05:17:38.000000000","message":"In testing the prfix needs to be \"\" (for the container) or a pseudo folder path ending in a \u0027/\u0027. Because that\u0027s what static web needs to drill down on the listing.\n\nMaybe we need to add an additional line to the paragraph above to mention that, because it took be a while to get this working (also because we don\u0027t add staticweb to vsaio and python-swiftliecnt needs to support making these container level tempurls sigs):\n\n    The prefix needs to be \u0027\u0027 when pointing to the container or pseudo container\n    ending in a \u0027/\u0027.\n\nOh I guess the container path also would need to end in a \u0027/\u0027 or do we fix that edgecase?","commit_id":"46707dae28733e2a734bc57bbfcc57e46680a81a"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"26d821e667f0bef07d7bbd9ff5be495cf9e1180d","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Additionally, prefix-based :ref:`tempurl` parameters may be used to authorize"},{"line_number":73,"context_line":"requests instead of making the whole container publicly readable. This gives"},{"line_number":74,"context_line":"clients dynamic discoverability of the objects available within that prefix."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"By default, the listings will be rendered with a label of"},{"line_number":77,"context_line":"\"Listing of /v1/account/container/path\".  This can be altered by"}],"source_content_type":"text/x-python","patch_set":13,"id":"4e865031_3e36bf05","line":74,"in_reply_to":"16a7b960_8f0167dc","updated":"2024-02-05 21:44:30.000000000","message":"\u003e or a pseudo folder path ending in a \u0027/\u0027.\n\nAh, right -- the redirect doesn\u0027t include params... I\u0027m torn about whether that\u0027s a bug or a security feature.\n\nIn general though, yeah, you want to end your prefix with `/` so you don\u0027t accidentally expose more than you meant. For instance, if you make a tempurl for `/v1/acct/cont/path` intending to expose it to users as `/v1/acct/cont/path/`, you might not realize that you\u0027ve also exposed everything under `/v1/acct/cont/path-and-then-some/`. And it\u0027s even _less_ likely you\u0027d notice if we plumbed params through the redirect...","commit_id":"46707dae28733e2a734bc57bbfcc57e46680a81a"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"26d821e667f0bef07d7bbd9ff5be495cf9e1180d","unresolved":true,"context_lines":[{"line_number":397,"context_line":"        if self.url_host:"},{"line_number":398,"context_line":"            env[\u0027HTTP_HOST\u0027] \u003d self.url_host"},{"line_number":399,"context_line":"        resp \u003d HTTPMovedPermanently("},{"line_number":400,"context_line":"            location\u003dwsgi_quote(env[\u0027PATH_INFO\u0027] + \u0027/\u0027))"},{"line_number":401,"context_line":"        return resp(env, start_response)"},{"line_number":402,"context_line":""},{"line_number":403,"context_line":"    def handle_container(self, env, start_response):"}],"source_content_type":"text/x-python","patch_set":13,"id":"4e051dd5_dada9980","line":400,"updated":"2024-02-05 21:44:30.000000000","message":"This should probably also include tempurl params if provided...","commit_id":"46707dae28733e2a734bc57bbfcc57e46680a81a"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"b8f92545b9d691748338e9e8bb65d0dd582457b4","unresolved":true,"context_lines":[{"line_number":397,"context_line":"        if self.url_host:"},{"line_number":398,"context_line":"            env[\u0027HTTP_HOST\u0027] \u003d self.url_host"},{"line_number":399,"context_line":"        resp \u003d HTTPMovedPermanently("},{"line_number":400,"context_line":"            location\u003dwsgi_quote(env[\u0027PATH_INFO\u0027] + \u0027/\u0027))"},{"line_number":401,"context_line":"        return resp(env, start_response)"},{"line_number":402,"context_line":""},{"line_number":403,"context_line":"    def handle_container(self, env, start_response):"}],"source_content_type":"text/x-python","patch_set":13,"id":"ec575a27_2b1c4529","line":400,"in_reply_to":"4e051dd5_dada9980","updated":"2024-02-05 23:13:55.000000000","message":"Er... maybe? Actually, I wrote this before I fleshed out my other response up in the docs -- maybe we *don\u0027t* want the redirect working, to tip users off that the URL probably isn\u0027t quite what they wanted.","commit_id":"46707dae28733e2a734bc57bbfcc57e46680a81a"}],"swift/common/middleware/tempurl.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"a662e066be3fbb8337cc103536d05d96346a8172","unresolved":false,"context_lines":[{"line_number":695,"context_line":"        \"\"\""},{"line_number":696,"context_line":"        if env[\u0027REQUEST_METHOD\u0027] in self.conf[\u0027methods\u0027]:"},{"line_number":697,"context_line":"            try:"},{"line_number":698,"context_line":"                ver, acc, cont, obj \u003d split_path(env[\u0027PATH_INFO\u0027], 4, 4, True)"},{"line_number":699,"context_line":"            except ValueError:"},{"line_number":700,"context_line":"                return (None, None, None)"},{"line_number":701,"context_line":"            if ver \u003d\u003d \u0027v1\u0027 and obj.strip(\u0027/\u0027):"}],"source_content_type":"text/x-python","patch_set":1,"id":"9ab5b774_726f2623","line":698,"updated":"2022-01-19 19:45:46.000000000","message":"I see some utility in allowing requests to the container root. At least, if temp_url_prefix scopes it to the full container...","commit_id":"ee8d44700efed9da849569fc0868c6f7509a2a9d"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"fa456e9744daa1f4098076dc0641311aadc0b113","unresolved":true,"context_lines":[{"line_number":707,"context_line":"            ctx._response_exc_info)"},{"line_number":708,"context_line":"        return app_iter"},{"line_number":709,"context_line":""},{"line_number":710,"context_line":"    def _get_path_parts(self, env, allow_container_root\u003dFalse):"},{"line_number":711,"context_line":"        \"\"\""},{"line_number":712,"context_line":"        Return the account, container and object name for the request,"},{"line_number":713,"context_line":"        if it\u0027s an object request and one of the configured methods;"}],"source_content_type":"text/x-python","patch_set":2,"id":"ba3e7f4b_b6291cd1","line":710,"range":{"start_line":710,"start_character":35,"end_line":710,"end_character":55},"updated":"2022-01-21 04:54:29.000000000","message":"Needs to be added to doc string.","commit_id":"302a920e2c8fce8cacb144eabba5017a7fcb5342"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"ee6245798e536beca702087644074085c4e249a3","unresolved":false,"context_lines":[{"line_number":707,"context_line":"            ctx._response_exc_info)"},{"line_number":708,"context_line":"        return app_iter"},{"line_number":709,"context_line":""},{"line_number":710,"context_line":"    def _get_path_parts(self, env, allow_container_root\u003dFalse):"},{"line_number":711,"context_line":"        \"\"\""},{"line_number":712,"context_line":"        Return the account, container and object name for the request,"},{"line_number":713,"context_line":"        if it\u0027s an object request and one of the configured methods;"}],"source_content_type":"text/x-python","patch_set":2,"id":"ce4f5f43_f7e136c9","line":710,"range":{"start_line":710,"start_character":35,"end_line":710,"end_character":55},"in_reply_to":"ba3e7f4b_b6291cd1","updated":"2024-02-02 00:54:15.000000000","message":"Done","commit_id":"302a920e2c8fce8cacb144eabba5017a7fcb5342"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"330da609484ca2ad3687dd70b83fe3b68e68b38a","unresolved":true,"context_lines":[{"line_number":400,"context_line":"    \"\"\""},{"line_number":401,"context_line":"    temp_url_sig \u003d temp_url_expires \u003d temp_url_prefix \u003d filename \u003d\\"},{"line_number":402,"context_line":"        inline \u003d None"},{"line_number":403,"context_line":"    temp_url_ip_range \u003d None"},{"line_number":404,"context_line":"    qs \u003d parse_qs(env.get(\u0027QUERY_STRING\u0027, \u0027\u0027), keep_blank_values\u003dTrue)"},{"line_number":405,"context_line":"    if \u0027temp_url_ip_range\u0027 in qs:"},{"line_number":406,"context_line":"        temp_url_ip_range \u003d qs[\u0027temp_url_ip_range\u0027][0]"}],"source_content_type":"text/x-python","patch_set":12,"id":"eddcb66d_ea4426cc","line":403,"updated":"2024-02-02 06:32:16.000000000","message":"Not sure why `temp_url_ip_range` isn\u0027t added to the None assigned line above?","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"6e4838d8a324fe421c53b2f1fd6a55120cb6e200","unresolved":false,"context_lines":[{"line_number":400,"context_line":"    \"\"\""},{"line_number":401,"context_line":"    temp_url_sig \u003d temp_url_expires \u003d temp_url_prefix \u003d filename \u003d\\"},{"line_number":402,"context_line":"        inline \u003d None"},{"line_number":403,"context_line":"    temp_url_ip_range \u003d None"},{"line_number":404,"context_line":"    qs \u003d parse_qs(env.get(\u0027QUERY_STRING\u0027, \u0027\u0027), keep_blank_values\u003dTrue)"},{"line_number":405,"context_line":"    if \u0027temp_url_ip_range\u0027 in qs:"},{"line_number":406,"context_line":"        temp_url_ip_range \u003d qs[\u0027temp_url_ip_range\u0027][0]"}],"source_content_type":"text/x-python","patch_set":12,"id":"6b2bb51c_87199ecb","line":403,"in_reply_to":"eddcb66d_ea4426cc","updated":"2024-02-02 21:45:32.000000000","message":"IDK -- it was that way in the original. #willfix tho","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"330da609484ca2ad3687dd70b83fe3b68e68b38a","unresolved":true,"context_lines":[{"line_number":569,"context_line":"        account, container, obj \u003d self._get_path_parts("},{"line_number":570,"context_line":"            env, allow_container_root\u003d("},{"line_number":571,"context_line":"                env[\u0027REQUEST_METHOD\u0027] in (\u0027GET\u0027, \u0027HEAD\u0027) and"},{"line_number":572,"context_line":"                temp_url_prefix \u003d\u003d \"\"))"},{"line_number":573,"context_line":"        if not account:"},{"line_number":574,"context_line":"            return self._invalid(env, start_response)"},{"line_number":575,"context_line":""}],"source_content_type":"text/x-python","patch_set":12,"id":"bf342a5a_9d064858","line":572,"updated":"2024-02-02 06:32:16.000000000","message":"So here is the crux of the change here.. we only allow GET or HEAD to containers and if there is no prefix. Thereby allowing static webified containers to be accessed via tempurl. So as a security whole, we\u0027re really opening up the ability to list containers if granted via the tempurl.\n\nUPDATE: We\u0027re not opening up the ability to list containers. Only if it\u0027s staticweb! See my comment later.","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"330da609484ca2ad3687dd70b83fe3b68e68b38a","unresolved":true,"context_lines":[{"line_number":671,"context_line":"                # of staticweb, but we can\u0027t tell whether we\u0027ll have a"},{"line_number":672,"context_line":"                # staticweb response or not until after we call the app"},{"line_number":673,"context_line":"                close_if_possible(app_iter)"},{"line_number":674,"context_line":"                return self._invalid(env, start_response)"},{"line_number":675,"context_line":""},{"line_number":676,"context_line":"            if inline_disposition:"},{"line_number":677,"context_line":"                if filename:"}],"source_content_type":"text/x-python","patch_set":12,"id":"47591f05_323bae25","line":674,"updated":"2024-02-02 06:32:16.000000000","message":"Oh actually this means you can\u0027t list containers, only list containers in staticweb! Nice.\nI think I\u0027m ok with this opening of allowing listings via staticweb out. Because someone needs to make a concius effort to enable static web _AND_ they\u0027ve enabled static web because they want people to list their container","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"6e4838d8a324fe421c53b2f1fd6a55120cb6e200","unresolved":true,"context_lines":[{"line_number":671,"context_line":"                # of staticweb, but we can\u0027t tell whether we\u0027ll have a"},{"line_number":672,"context_line":"                # staticweb response or not until after we call the app"},{"line_number":673,"context_line":"                close_if_possible(app_iter)"},{"line_number":674,"context_line":"                return self._invalid(env, start_response)"},{"line_number":675,"context_line":""},{"line_number":676,"context_line":"            if inline_disposition:"},{"line_number":677,"context_line":"                if filename:"}],"source_content_type":"text/x-python","patch_set":12,"id":"8d7697db_acada329","line":674,"in_reply_to":"47591f05_323bae25","updated":"2024-02-02 21:45:32.000000000","message":"Yup -- and it seems unlikely that anyone would enable staticweb today without *also* making the container publicly readable and listable.\n\nMaybe I should force a `?limit\u003d1` so if we\u0027re _wrong_ and the response _isn\u0027t_ from staticweb, it\u0027s minimally backend-intensive?\n\nAlternatively, LBYL and check container info before the app call -- then we wouldn\u0027t need the new header... I think I didn\u0027t do that originally because\n\n1. I didn\u0027t want to bleed staticweb details into tempurl like that and\n2. I wanted to avoid any questions about whether staticweb got disabled between the check and the call\n\nbut now I realize that the header already causes some bleedover, and the in-env caching should ensure we can trust the check...","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"b72a8dbbece9fc74b8bc8f6795f2aed04996449a","unresolved":true,"context_lines":[{"line_number":671,"context_line":"                # of staticweb, but we can\u0027t tell whether we\u0027ll have a"},{"line_number":672,"context_line":"                # staticweb response or not until after we call the app"},{"line_number":673,"context_line":"                close_if_possible(app_iter)"},{"line_number":674,"context_line":"                return self._invalid(env, start_response)"},{"line_number":675,"context_line":""},{"line_number":676,"context_line":"            if inline_disposition:"},{"line_number":677,"context_line":"                if filename:"}],"source_content_type":"text/x-python","patch_set":12,"id":"77865ec6_e13a37d4","line":674,"in_reply_to":"8d7697db_acada329","updated":"2024-02-05 05:17:38.000000000","message":"there is a little bit of bleed over. But I like that staticweb is just returning a backend header saying it generated it. So others can look or not at that.. So I think that\u0027s ok. I mean this feature is specically for tempurl to allow static web, bit it isn\u0027t too tight a coupling. You can still run one without the other.","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"}],"test/unit/common/middleware/test_tempurl.py":[{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"330da609484ca2ad3687dd70b83fe3b68e68b38a","unresolved":true,"context_lines":[{"line_number":1226,"context_line":"            self.tempurl._get_path_parts("},{"line_number":1227,"context_line":"                {\u0027REQUEST_METHOD\u0027: \u0027GET\u0027, \u0027PATH_INFO\u0027: \u0027/v1/a/c/\u0027},"},{"line_number":1228,"context_line":"                allow_container_root\u003dTrue),"},{"line_number":1229,"context_line":"            (\u0027a\u0027, \u0027c\u0027, \u0027\u0027))"},{"line_number":1230,"context_line":"        self.assertEqual(self.tempurl._get_path_parts({"},{"line_number":1231,"context_line":"            \u0027REQUEST_METHOD\u0027: \u0027GET\u0027, \u0027PATH_INFO\u0027: \u0027/v1/a/c//////\u0027}),"},{"line_number":1232,"context_line":"            (None, None, None))"}],"source_content_type":"text/x-python","patch_set":12,"id":"41626818_e3df12f3","line":1229,"updated":"2024-02-02 06:32:16.000000000","message":"I know the test above this one basically tests it, but maybe we should explictly test with allow_container_root\u003dFalse (which I know is the default) but just for completeness:\n\n    self.assertEqual(\n            self.tempurl._get_path_parts(\n                {\u0027REQUEST_METHOD\u0027: \u0027GET\u0027, \u0027PATH_INFO\u0027: \u0027/v1/a/c/\u0027},\n                allow_container_root\u003dFalse),\n            (None, None, None))","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"6e4838d8a324fe421c53b2f1fd6a55120cb6e200","unresolved":false,"context_lines":[{"line_number":1226,"context_line":"            self.tempurl._get_path_parts("},{"line_number":1227,"context_line":"                {\u0027REQUEST_METHOD\u0027: \u0027GET\u0027, \u0027PATH_INFO\u0027: \u0027/v1/a/c/\u0027},"},{"line_number":1228,"context_line":"                allow_container_root\u003dTrue),"},{"line_number":1229,"context_line":"            (\u0027a\u0027, \u0027c\u0027, \u0027\u0027))"},{"line_number":1230,"context_line":"        self.assertEqual(self.tempurl._get_path_parts({"},{"line_number":1231,"context_line":"            \u0027REQUEST_METHOD\u0027: \u0027GET\u0027, \u0027PATH_INFO\u0027: \u0027/v1/a/c//////\u0027}),"},{"line_number":1232,"context_line":"            (None, None, None))"}],"source_content_type":"text/x-python","patch_set":12,"id":"29fad1d9_437f36aa","line":1229,"in_reply_to":"41626818_e3df12f3","updated":"2024-02-02 21:45:32.000000000","message":"Done","commit_id":"a5307a057e7eeaa2cc6a8278b8f8de66c09a33d3"}]}