view web/templog.py @ 275:9be8464e4295

Oops, we didn't authenticate the parameter update
author Matt Johnston <matt@ucc.asn.au>
date Tue, 17 Nov 2015 22:24:09 +0800
parents 03e540c3ec24
children 0a1c02160e66 6c14e0573f50
line wrap: on
line source

#!/usr/bin/env python2.7

import binascii
import json
import hmac
import zlib
from datetime import datetime, timedelta
import time
import urllib
import sys
import os
import traceback
import fcntl
import hashlib

import bottle
from bottle import route, request, response

import config
import log
import secure
import atomicfile

DATE_FORMAT = '%Y%m%d-%H.%M'
ZOOM_SCALE = 2.0

class TemplogBottle(bottle.Bottle):
    def run(*args, **argm):
        argm['server'] = 'gevent'
        super(TemplogBottle, self).run(*args, **argm)

bottle.default_app.push(TemplogBottle())

secure.setup_csrf()

@route('/update', method='post')
def update():
    js_enc = request.forms.data
    mac = request.forms.hmac

    h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest()
    if h != mac:
        raise bottle.HTTPError(code = 403, output = "Bad key")

    js = zlib.decompress(binascii.a2b_base64(js_enc))

    params = json.loads(js)

    log.parse(params)

    return "OK"

def make_graph(length, end):
    length_minutes = int(length)
    end = datetime.strptime(end, DATE_FORMAT)
    start = end - timedelta(minutes=length_minutes)

    start_epoch = time.mktime(start.timetuple())
    return log.graph_png(start_epoch, length_minutes * 60)

def encode_data(data, mimetype):
    return 'data:%s;base64,%s' % (mimetype, binascii.b2a_base64(data).rstrip())

@route('/graph.png')
def graph():
    response.set_header('Content-Type', 'image/png')
    minutes, endstr = get_request_zoom()
    return make_graph(minutes, endstr)

@route('/set/update', method='post')
def set_update():
    if not secure.check_user_hash(config.ALLOWED_USERS):
        # the "Save" button should be disabled if the cert wasn't
        # good
        response.status = 403
        return "No cert, dodginess"

    post_json = json.loads(request.forms.data)

    csrf_blob = post_json['csrf_blob']

    if not secure.check_csrf_blob(csrf_blob):
        response.status = 403
        return "Bad csrf"

    ret = log.update_params(post_json['params'])
    if not ret is True:
        response.status = 409 # Conflict
        return ret
        
    return "Good"

@route('/set')
def set():
    allowed = ["false", "true"][secure.check_user_hash(config.ALLOWED_USERS)]
    response.set_header('Cache-Control', 'no-cache')
    return bottle.template('set', 
        inline_data = log.get_params(), 
        csrf_blob = secure.get_csrf_blob(),
        allowed = allowed)

def get_request_zoom():
    """ returns (length, end) tuple.
    length is in minutes, end is a DATE_FORMAT string """
    minutes = int(request.query.get('length', 26*60))

    if 'end' in request.query:
        end = datetime.strptime(request.query.end, DATE_FORMAT)
    else:
        end = datetime.now()

    if 'zoom' in request.query:
        orig_start = end - timedelta(minutes=minutes)
        orig_end = end
        scale = float(request.query.scaledwidth) / config.GRAPH_WIDTH
        xpos = int(request.query.x) / scale
        xpos -= config.GRAPH_LEFT_MARGIN * config.ZOOM

        if xpos >= 0 and xpos < config.GRAPH_WIDTH * config.ZOOM:
            click_time = orig_start \
                + timedelta(minutes=(float(xpos) / (config.GRAPH_WIDTH * config.ZOOM)) * minutes)
            minutes = int(minutes / ZOOM_SCALE)

            end = click_time + timedelta(minutes=minutes/2)
        else:
            # zoom out
            minutes = int(minutes*ZOOM_SCALE)
            end += timedelta(minutes=minutes/2)

    if end > datetime.now():
        end = datetime.now()

    endstr = end.strftime(DATE_FORMAT)
    return (minutes, endstr)

@route('/')
def top():
    minutes, endstr = get_request_zoom()

    request.query.replace('length', minutes)
    request.query.replace('end', endstr)

    urlparams = urllib.urlencode(request.query)
    graphdata = encode_data(make_graph(minutes, endstr), 'image/png')
    return bottle.template('top', urlparams=urlparams,
                    end = endstr,
                    length = minutes,
                    graphwidth = config.GRAPH_WIDTH,
                    graphdata = graphdata)

@route('/debug')
def debuglog():
    response.set_header('Content-Type', 'text/plain')
    return log.tail_debug_log()

@route('/env')
def env():
    response.set_header('Content-Type', 'text/plain')
    #return '\n'.join(traceback.format_stack())
    return '\n'.join(("%s %s" % k) for k in  request.environ.items())
    #return str(request.environ)
    #yield "\n"
    #var_lookup = environ['mod_ssl.var_lookup']
    #return var_lookup("SSL_SERVER_I_DN_O")

@route('/h')
def headers():
    response.set_header('Content-Type', 'text/plain')
    return '\n'.join("%s: %s" % x for x in request.headers.items())

@route('/get_settings')
def get_settings():
    response.set_header('Cache-Control', 'no-cache')
    req_etag = request.headers.get('etag', None)
    if req_etag:
        # wait for it to change
        # XXX this is meant to return True if it has been woken up
        # but it isn't working. Instead compare epochtag below.
        log.fridge_settings.wait(req_etag, timeout=config.LONG_POLL_TIMEOUT)

    contents, epoch_tag = log.fridge_settings.get()
    if epoch_tag == req_etag:
        response.status = 304
        return "Nothing happened"

    response.set_header('Content-Type', 'application/json')
    return json.dumps({'params': contents, 'epoch_tag': epoch_tag})

@bottle.get('/<filename:re:.*\.js>')
def javascripts(filename):
    response.set_header('Cache-Control', "public, max-age=1296000")
    return bottle.static_file(filename, root='static')


def main():
    """ for standalone testing """
    #bottle.debug(True)
    #bottle.run(reloader=True)
    bottle.run(server='cgi', reloader=True)
    #bottle.run(port=9999, reloader=True)

if __name__ == '__main__':
    main()