Skip to content

Commit

Permalink
handled a trick for api web auth
Browse files Browse the repository at this point in the history
  • Loading branch information
mose committed Jan 18, 2016
1 parent 1fb58f9 commit b215236
Show file tree
Hide file tree
Showing 9 changed files with 73 additions and 10 deletions.
34 changes: 34 additions & 0 deletions app/apiv1.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,44 +12,78 @@
module HieravizApp
class ApiV1 < Common

configure do
set :session_secret, settings.configdata['session_seed']
enable :sessions
end

helpers do
def check_authorization
if !session['access_token'] && !request.env['HTTP_X_AUTH']
redirect '/v1/not_logged'
else
token = session['access_token'] || request.env['HTTP_X_AUTH']
session_info = Hieraviz::Store.get(token, settings.configdata['session_renew'])
if !session_info
redirect '/v1/unauthorized'
end
end
end
end

get '/test' do
json data: Time.new
end

get '/nodes' do
check_authorization
json Hieracles::Registry.nodes(settings.config)
end

get '/node/:n/info' do |node|
check_authorization
node = Hieracles::Node.new(node, settings.config)
json node.info
end

get '/node/:n/params' do |node|
check_authorization
node = Hieracles::Node.new(node, settings.config)
json node.params
end

get '/node/:n/allparams' do |node|
check_authorization
node = Hieracles::Node.new(node, settings.config)
json node.params(false)
end

get '/node/:n' do |node|
check_authorization
node = Hieracles::Node.new(node, settings.config)
json node.params
end

get '/farms' do
check_authorization
json Hieracles::Registry.farms(settings.config)
end

get '/farm/:n' do |farm|
check_authorization
req = Hieracles::Puppetdb::Request.new(settings.configdata['puppetdb'])
farm_nodes = req.facts('farm', farm)
json farm_nodes.data
end

get '/not_logged' do
json({ error: "Not connected." })
end

get '/unauthorized' do
json({ error: "Unauthorized" })
end

not_found do
json({ error: "data not found" })
end
Expand Down
6 changes: 4 additions & 2 deletions app/public/css/main.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,10 @@ input {
width: 100%;
height: 90%;
}

/* ----- Sidebar ---- */
.error {
padding: 2em;
}
/* ----- Sidebar ---- */
.side {
background-color: #eee;
display: inline-block;
Expand Down
2 changes: 1 addition & 1 deletion app/public/js/farms.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ ready( () => {
item.addEventListener('click', (ev) => {
addClass(meat, 'wait');
el = ev.target;
fetch('/v1/farm/' + el.dataset.item).
fetch('/v1/farm/' + el.dataset.item, {'X-AUTH': session_key}).
then(res => res.json()).
then(j => {
build_list(meat, el.dataset.item, j);
Expand Down
1 change: 1 addition & 0 deletions app/public/js/main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,4 +110,5 @@ ready( () => {
ev.target.style.display = 'none';
});
});

});
28 changes: 21 additions & 7 deletions app/public/js/nodes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,25 +92,39 @@ ready( () => {
});
}

function show_error(meat, message) {
meat.innerHTML = "<div class=\"error\">" + message + "</div>\n";
}

function auth_header() {
var h = new Headers({"x-auth": session_key});
return { headers: h }
}

var Node = {
params: function(el) {
start_wait(meat);
title = el.dataset.item;
fetch('/v1/node/' + title).
fetch('/v1/node/' + title, auth_header()).
then(res => res.json()).
then(j => {
build_top(title);
build_params(meat, title, j);
rebuild_nav(title);
update_footer('/v1/node/' + title);
console.log(auth_header().headers.getAll('x-auth'));
if (j.error != undefined) {
show_error(meat, j['error']);
} else {
build_top(title);
build_params(meat, title, j);
rebuild_nav(title);
update_footer('/v1/node/' + title);
}
end_wait(meat);
});
},

info: function(el) {
start_wait(meat);
title = el.dataset.item;
fetch('/v1/node/' + title + '/info').
fetch('/v1/node/' + title + '/info', auth_header()).
then(res => res.json()).
then(j => {
build_top(title);
Expand All @@ -124,7 +138,7 @@ ready( () => {
allparams: function(el) {
start_wait(meat);
title = el.dataset.item;
fetch('/v1/node/' + title + '/all').
fetch('/v1/node/' + title + '/all', auth_header()).
then(res => res.json()).
then(j => {
build_top(title);
Expand Down
3 changes: 3 additions & 0 deletions app/views/farms.erb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
<% content_for :more_js do %>
<% if session['access_token'] -%>
<script>var session_key = "<%= session['access_token'] %>";</script>
<% end -%>
<script src="js/farms.js"></script>
<% end %>

Expand Down
3 changes: 3 additions & 0 deletions app/views/modules.erb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
<% content_for :more_js do %>
<% if session['access_token'] -%>
<script>var session_key = "<%= session['access_token'] %>";</script>
<% end -%>
<script async="async" src="js/modules.js"></script>
<% end %>

Expand Down
3 changes: 3 additions & 0 deletions app/views/nodes.erb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
<% content_for :more_js do %>
<% if session['access_token'] -%>
<script>var session_key = "<%= session['access_token'] %>";</script>
<% end -%>
<script src="js/nodes.js"></script>
<% end %>

Expand Down
3 changes: 3 additions & 0 deletions app/views/resources.erb
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
<% content_for :more_js do %>
<% if session['access_token'] -%>
<script>var session_key = "<%= session['access_token'] %>";</script>
<% end -%>
<script src="js/resources.js"></script>
<% end %>

Expand Down

0 comments on commit b215236

Please sign in to comment.