You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/07/01 13:42:20 UTC
[GitHub] [airflow] mik-laj commented on a change in pull request #16754: Only allow webserver to request from the worker log server
mik-laj commented on a change in pull request #16754:
URL: https://github.com/apache/airflow/pull/16754#discussion_r662300548
##########
File path: airflow/utils/serve_logs.py
##########
@@ -17,25 +17,61 @@
"""Serve logs process"""
import os
+import time
-import flask
+from flask import Flask, abort, request, send_from_directory
+from itsdangerous import TimedJSONWebSignatureSerializer
from setproctitle import setproctitle
from airflow.configuration import conf
-def serve_logs():
- """Serves logs generated by Worker"""
- print("Starting flask")
- flask_app = flask.Flask(__name__)
- setproctitle("airflow serve-logs")
+def flask_app():
+ flask_app = Flask(__name__)
+ max_request_age = conf.getint('webserver', 'log_request_clock_grace', fallback=30)
+ log_directory = os.path.expanduser(conf.get('logging', 'BASE_LOG_FOLDER'))
+
+ signer = TimedJSONWebSignatureSerializer(
+ secret_key=conf.get('webserver', 'secret_key'),
Review comment:
I think we should pass the salt parameter here as well to prevent the token from being used in the wrong context e.g. using a token from the getCode API in this method. This shouldn't work, but it's better to still explicitly prevent it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org