support for using stored apisecret in denied mode and add auth header…

…s to report requests
nightscout · Sep 9, 2016 · 93d1611 · 93d1611
1 parent d86a0c1
commit 93d1611
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 9 deletions.
diff --git a/static/index.html b/static/index.html
@@ -590,12 +590,12 @@
             <audio src="/audio/alarm2.mp3" preload="auto" loop="true" class="urgent alarm2 mp3" type="audio/mp3"></audio>
         </div>
 
-        <script src="/js/init.js"></script>
         <script src="/public/js/bundle.js?v=0.9.0-beta3"></script>
         <script src="/socket.io/socket.io.js"></script>
         <script src="/bower_components/jQuery-Storage-API/jquery.storageapi.min.js"></script>
         <script src="/bower_components/tipsy-jmalonzo/src/javascripts/jquery.tipsy.js"></script>
         <script src="/bower_components/jquery-ui/jquery-ui.min.js"></script>
+        <script src="/js/init.js"></script>
         <script src="/js/client.js"></script>
     </body>
 </html>
diff --git a/static/js/init.js b/static/js/init.js
@@ -19,10 +19,14 @@ if (window.location.search) {
 }
 
 var token = params.token;
+var secret = $.localStorage.get('apisecrethash');
 
 var script = window.document.createElement('script');
 var src = '/api/v1/status.js?t=' + new Date().getTime();
-if (token) {
+
+if (secret) {
+  src += '&secret=' + secret;
+} else if (token) {
   src += '&token=' + token;
 }
 script.setAttribute('src', src);

diff --git a/static/report/index.html b/static/report/index.html
@@ -116,7 +116,6 @@ <h1><img src="/images/logo1.png"><span class="translate">Nightscout reporting</s
     <hr>
     <b><span class="translate">Authentication status</span>: </b><span id="authentication_placeholder"></span>
 
-    <script src="/api/v1/status.js?v=0.9.0-beta3"></script>
     <script src="/public/js/bundle.js?v=0.9.0-beta3"></script>
     <script src="/socket.io/socket.io.js"></script>
     <script src="/bower_components/jQuery-Storage-API/jquery.storageapi.min.js"></script>
@@ -126,6 +125,7 @@ <h1><img src="/images/logo1.png"><span class="translate">Nightscout reporting</s
     <script src="/bower_components/jquery-flot/jquery.flot.time.js"></script>
     <script src="/bower_components/jquery-flot/jquery.flot.fillbetween.js"></script>
     <script src="/bower_components/jquery-ui/jquery-ui.min.js"></script>
+    <script src="/js/init.js"></script>
     <script src="/report/js/report.js?v=0.9.0-beta3"></script>
     <script src="/report/js/flotcandle.js"></script>
     </body>

diff --git a/static/report/js/report.js b/static/report/js/report.js
@@ -265,7 +265,8 @@
           var treatmentData;
           var tquery = '?find[boluscalc.foods._id]=' + _id + timerange;
           $.ajax('/api/v1/treatments.json'+tquery, {
-            success: function (xhr) {
+            headers: client.headers()
+            , success: function (xhr) {
               treatmentData = xhr.map(function (treatment) {
                 return moment.tz(treatment.created_at,zone).format('YYYY-MM-DD');
               });
@@ -338,7 +339,8 @@
           var treatmentData;
           var tquery = '?find[eventType]=/' + eventtype + '/i';
           $.ajax('/api/v1/treatments.json' + tquery + timerange, {
-            success: function (xhr) {
+            headers: client.headers()
+            , success: function (xhr) {
               treatmentData = xhr.map(function (treatment) {
                 return moment.tz(treatment.created_at,zone).format('YYYY-MM-DD');
               });
@@ -560,7 +562,8 @@
       $('#info-' + day).html('<b>'+translate('Loading CGM data of')+' '+day+' ...</b>');
       var query = '?find[date][$gte]='+from+'&find[date][$lt]='+to+'&count=10000';
       return $.ajax('/api/v1/entries.json'+query, {
-        success: function (xhr) {
+        headers: client.headers()
+        , success: function (xhr) {
           xhr.forEach(function (element) {
             if (element) {
               if (element.mbg) {
@@ -614,7 +617,8 @@
       $('#info-' + day).html('<b>'+translate('Loading treatments data of')+' '+day+' ...</b>');
       var tquery = '?find[created_at][$gte]='+new Date(from).toISOString()+'&find[created_at][$lt]='+new Date(to).toISOString();
       return $.ajax('/api/v1/treatments.json'+tquery, {
-        success: function (xhr) {
+        headers: client.headers()
+        , success: function (xhr) {
           treatmentData = xhr.map(function (treatment) {
             var timestamp = new Date(treatment.timestamp || treatment.created_at);
             treatment.mills = timestamp.getTime();
@@ -643,7 +647,8 @@
         $('#info-' + day).html('<b>'+translate('Loading device status data of')+' '+day+' ...</b>');
         var tquery = '?find[created_at][$gte]=' + new Date(from).toISOString() + '&find[created_at][$lt]=' + new Date(to).toISOString() + '&count=10000';
         return $.ajax('/api/v1/devicestatus.json'+tquery, {
-          success: function (xhr) {
+          headers: client.headers()
+          , success: function (xhr) {
             data.devicestatus = xhr.map(function (devicestatus) {
               devicestatus.mills = new Date(devicestatus.timestamp || devicestatus.created_at).getTime();
               return devicestatus;
@@ -666,7 +671,8 @@
     $('#info > b').html('<b>'+translate('Loading profile switch data') + ' ...</b>');
     var tquery = '?find[eventType][$eq]=Profile Switch';
     $.ajax('/api/v1/treatments.json'+tquery, {
-      success: function (xhr) {
+      headers: client.headers()
+      , success: function (xhr) {
         var treatmentData = xhr.map(function (treatment) {
           var timestamp = new Date(treatment.timestamp || treatment.created_at);
           treatment.mills = timestamp.getTime();