potiuk commented on a change in pull request #16754:
URL: https://github.com/apache/airflow/pull/16754#discussion_r662263443
##########
File path: airflow/utils/serve_logs.py
##########
@@ -17,25 +17,61 @@
"""Serve logs process"""
import os
+import time
-import flask
+from flask import Flask, abort, request, send_from_directory
+from itsdangerous import TimedJSONWebSignatureSerializer
from setproctitle import setproctitle
from airflow.configuration import conf
-def serve_logs():
- """Serves logs generated by Worker"""
- print("Starting flask")
- flask_app = flask.Flask(__name__)
- setproctitle("airflow serve-logs")
+def flask_app():
+ flask_app = Flask(__name__)
+ max_request_age = conf.getint('webserver', 'log_request_clock_grace',
fallback=30)
+ log_directory = os.path.expanduser(conf.get('logging', 'BASE_LOG_FOLDER'))
+
+ signer = TimedJSONWebSignatureSerializer(
+ secret_key=conf.get('webserver', 'secret_key'),
+ algorithm_name='HS512',
+ expires_in=max_request_age,
+ )
+
+ # Prevent direct access to the logs port
+ @flask_app.before_request
+ def validate_pre_signed_url():
+ try:
+ auth = request.headers['Authorization']
+
+ # We don't actually care about the payload, just that the signature
Review comment:
Not super strong about it, but seems easy to do with little to no
drawback
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
