# HG changeset patch # User Matt Johnston # Date 1403795012 -28800 # Node ID cf52d581770914dc7351a94bea23d6312fc090d8 # Parent ad846b9bdd1096a76a49e624936d98c63d5ea6eb# Parent fa282fb36f04a25f161935884c1fc02f0f7a327b merge diff -r fa282fb36f04 -r cf52d5817709 web/log.py --- a/web/log.py Thu Jun 26 21:44:16 2014 +0800 +++ b/web/log.py Thu Jun 26 23:03:32 2014 +0800 @@ -83,6 +83,8 @@ # (title, sensorline) pairs. sensor_lines = [] + wort_sensor = None + fridge_sensor = None for n, (rrdfile, sensor) in enumerate(rrds): unit = None if 'avrtemp' in sensor: @@ -118,10 +120,27 @@ else: print_legend = legend sensor_lines.append( (legend, 'LINE%(width)f:%(vname)s#%(colour)s:%(print_legend)s' % locals()) ) + if legend == 'Wort': + wort_sensor = vname + elif legend == 'Fridge': + fridge_sensor = vname + # calculated bits + colour = '000000' + print_legend = 'Heat' + graph_args.append('CDEF:wortdel=%(wort_sensor)s,PREV(%(wort_sensor)s),-' % locals()) + graph_args.append('CDEF:tempdel=%(wort_sensor)s,%(fridge_sensor)s,-' % locals()) + graph_args.append('CDEF:fermheat=wortdel,80,*,tempdel,0.9,*,+' % locals()) + graph_args.append('CDEF:trendfermheat=fermheat,7200,TRENDNAN' % locals()) + graph_args.append('CDEF:limitfermheat=trendfermheat,5,+,11,MIN,2,MAX' % locals()) + graph_args.append('LINE0.5:limitfermheat#%(colour)s:%(print_legend)s' % locals()) + + # lines are done afterwards so they can be layered sensor_lines.sort(key = lambda (legend, line): "Wort" in legend) + graph_args += (line for (legend, line) in sensor_lines) - graph_args += (line for (legend, line) in sensor_lines) + print>>sys.stderr, '\n'.join(graph_args) + end = int(start+length) start = int(start) @@ -309,7 +328,8 @@ def send_params(params): # 'templog_receive' is ignored due to authorized_keys - # restrictions + # restrictions. the rpi has authorized_keys with + # command="/home/matt/templog/venv/bin/python /home/matt/templog/py/receive.py",no-pty,no-port-forwarding,no-x11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC.... args = [config.SSH_PROG, '-i', config.SSH_KEYFILE, config.SSH_HOST, 'templog_receive'] try: diff -r fa282fb36f04 -r cf52d5817709 web/secure.py --- a/web/secure.py Thu Jun 26 21:44:16 2014 +0800 +++ b/web/secure.py Thu Jun 26 23:03:32 2014 +0800 @@ -1,3 +1,4 @@ +import re import os import time import fcntl @@ -10,11 +11,29 @@ import config -__all__ = ["get_csrf_blob", "check_csrf_blob", "setup_csrf", "get_user_hash"] +__all__ = ["get_csrf_blob", "check_csrf_blob", "setup_csrf", "get_user_hash", +"check_user_hash"] HASH=hashlib.sha1 +CLEAN_RE = re.compile('[^a-z0-9A-Z]') + +def clean_hash(h): + return CLEAN_RE.sub('', h.lower()) + def get_user_hash(): + """ + Uses the following apache config. + Needs a separate port or IP to no-certificate SSL, SNI isn't good enough. + + + Require all granted + SSLVerifyClient optional_no_ca + SSLVerifyDepth 1 + SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate + + """ + verify = bottle.request.environ.get('SSL_CLIENT_VERIFY', '') if not (verify == 'GENEROUS' or verify == 'SUCCESS'): return 'FAILVERIFY' @@ -27,6 +46,13 @@ return HASH(binascii.a2b_base64(b64)).hexdigest() +def check_user_hash(allowed_users): + current_hash = clean_hash(get_user_hash()) + for a in allowed_users: + if current_hash == clean_hash(a): + return True + return False + def setup_csrf(): NONCE_SIZE=16 global _csrf_fd, _csrf_key diff -r fa282fb36f04 -r cf52d5817709 web/templog.py --- a/web/templog.py Thu Jun 26 21:44:16 2014 +0800 +++ b/web/templog.py Thu Jun 26 23:03:32 2014 +0800 @@ -68,7 +68,7 @@ @route('/set') def set(): - allowed = ["false", "true"][secure.get_user_hash() in config.ALLOWED_USERS] + allowed = ["false", "true"][secure.check_user_hash(config.ALLOWED_USERS)] response.set_header('Cache-Control', 'no-cache') return bottle.template('set', inline_data = log.get_params(), diff -r fa282fb36f04 -r cf52d5817709 web/watch.py --- a/web/watch.py Thu Jun 26 21:44:16 2014 +0800 +++ b/web/watch.py Thu Jun 26 23:03:32 2014 +0800 @@ -47,7 +47,7 @@ patterns = watchpatterns[event.wd] for p in patterns: if fnmatch.fnmatch(event.name, p): - print("matched %s %s" % (event.name, p, event.maskname)) + print("matched %s %s %s" % (event.name, p, event.maskname)) os.utime(touchf, None) n = pyinotify.Notifier(watcher, triggered)