From 79b95b085e0878099af1fa0822413cd85679cc3a Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Sun, 14 Aug 2011 11:00:04 -0700 Subject: [PATCH] Add simple app for redirect validity checking. --- scripts/click_redirect.py | 55 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 scripts/click_redirect.py diff --git a/scripts/click_redirect.py b/scripts/click_redirect.py new file mode 100644 index 000000000..a5596da33 --- /dev/null +++ b/scripts/click_redirect.py @@ -0,0 +1,55 @@ +#!/usr/bin/python +""" +A simple raw WSGI app to take click-tracking requests, verify +the hash to make sure they're valid, and redirect the client +accordingly. +""" + +import time +import hashlib +import urlparse +from ConfigParser import RawConfigParser +from wsgiref.handlers import format_date_time + +config = RawConfigParser() +config.read(['production.ini']) +tracking_secret = config.get('DEFAULT', 'tracking_secret') + + +def click_redirect(environ, start_response): + if environ['REQUEST_METHOD'] != 'GET': + start_response('405 Method Not Allowed', []) + return + + if environ.get('PATH_INFO') != '/click': + start_response('404 Not Found', []) + return + + query = environ.get('QUERY_STRING', '') + params = urlparse.parse_qs(query) + + try: + destination = params['url'][0] + ip = environ['REMOTE_ADDR'] + except KeyError: + start_response('400 Bad Request', []) + return + + try: + hash = params['hash'][0] + fullname = params['id'][0] + expected_hash_text = ''.join((ip, fullname, tracking_secret)) + expected_hash = hashlib.sha1(expected_hash_text).hexdigest() + assert hash == expected_hash + except (KeyError, AssertionError): + start_response('403 Forbidden', []) + return + + now = format_date_time(time.time()) + start_response('301 Moved Permanently', [ + ('Location', destination), + ('Date', now), + ('Expires', now), + ('Cache-Control', 'no-cache'), + ('Pragma', 'no-cache'), + ])