lib/perus/server/app.rb in perus-0.1.20 vs lib/perus/server/app.rb in perus-0.1.21
- old
+ new
@@ -4,23 +4,10 @@
require 'json'
require 'uri'
module Perus::Server
class App < Sinatra::Application
- def self.new(*)
- unless Server.options.auth['username'].empty?
- app = Rack::Auth::Digest::MD5.new(super) do |username|
- {Server.options.auth['username'] => Server.options.auth['password']}[username]
- end
- app.realm = 'Protected Area'
- app.opaque = 'secretkey'
- app
- else
- super
- end
- end
-
#----------------------
# config
#----------------------
helpers Helpers
@@ -52,10 +39,11 @@
get '/admin' do
redirect "#{url_prefix}admin/systems"
end
post '/admin/scripts/:id/commands' do
+ protected!
script = Script.with_pk!(params['id'])
script_command = ScriptCommand.new
script_command.script_id = params['id']
script_command.order = script.largest_order + 1
@@ -72,10 +60,11 @@
redirect "#{url_prefix}admin/scripts/#{params['id']}"
end
post '/admin/scripts/:script_id/commands/:id' do
+ protected!
script_command = ScriptCommand.with_pk!(params['id'])
if params['action'] == 'Delete'
script_command.destroy
elsif params['action'] == 'Update'
script_command.command_config.update_options!(params)
@@ -83,10 +72,11 @@
redirect "#{url_prefix}admin/scripts/#{params['script_id']}"
end
post '/admin/configs/:id/metrics' do
+ protected!
config = Config.with_pk!(params['id'])
config_metric = ConfigMetric.new
config_metric.config_id = params['id']
config_metric.order = config.largest_order + 1
@@ -103,10 +93,11 @@
redirect "#{url_prefix}admin/configs/#{params['id']}"
end
post '/admin/configs/:config_id/metrics/:id' do
+ protected!
config_metric = ConfigMetric.with_pk!(params['id'])
if params['action'] == 'Delete'
config_metric.destroy
elsif params['action'] == 'Update'
config_metric.command_config.update_options!(params)
@@ -114,10 +105,11 @@
redirect "#{url_prefix}admin/configs/#{params['config_id']}"
end
get '/admin/stats' do
+ protected!
@stats = Stats.new
@queue_length = Server.ping_queue.length
erb :stats
end
@@ -125,10 +117,11 @@
#----------------------
# API
#----------------------
# csv for graphs shown on system page
get '/systems/:id/values' do
+ protected!
system = System.with_pk!(params['id'])
metrics = params[:metrics].to_s.split(',')
# find all values for the requested metrics
dataset = system.values_dataset.where(metric: metrics)
@@ -211,40 +204,45 @@
system.config_hash.to_json
end
# render all errors in html to replace the shortened subset on the system page
get '/systems/:id/errors' do
+ protected!
system = System.with_pk!(params['id'])
errors = system.collection_errors
erb :errors, layout: false, locals: {errors: errors}
end
# clear collection errors
delete '/systems/:id/errors' do
+ protected!
system = System.with_pk!(params['id'])
system.collection_errors.each(&:delete)
redirect "#{url_prefix}systems/#{system.id}"
end
# create a new action
post '/systems/:id/actions' do
+ protected!
Action.add(params['id'], params)
redirect "#{url_prefix}systems/#{params['id']}#actions"
end
# create an action for all systems in a group
post '/groups/:id/systems/actions' do
+ protected!
group = Group.with_pk!(params['id'])
group.systems.each do |system|
Action.add(system.id, params)
end
redirect "#{url_prefix}groups/#{params['id']}/systems"
end
# delete completed actions in a group
delete '/groups/:id/systems/actions' do
+ protected!
group = Group.with_pk!(params['id'])
group.systems.each do |system|
system.actions.each do |action|
next if action.timestamp.nil?
action.destroy
@@ -254,29 +252,32 @@
redirect "#{url_prefix}groups/#{params['id']}/systems"
end
# create an action for all systems
post '/systems/actions' do
+ protected!
System.each do |system|
Action.add(system.id, params)
end
redirect "#{url_prefix}systems"
end
# delete all completed actions
delete '/systems/actions' do
+ protected!
Action.each do |action|
next if action.timestamp.nil?
action.destroy
end
redirect "#{url_prefix}systems"
end
# delete an action. deletion also clears any uploaded files.
delete '/systems/:system_id/actions/:id' do
+ protected!
action = Action.with_pk!(params['id'])
action.destroy
redirect "#{url_prefix}systems/#{params['system_id']}#actions"
end
@@ -284,36 +285,40 @@
#----------------------
# frontend
#----------------------
# overview
get '/' do
+ protected!
systems = System.all
@alerts = Alert.all.sort_by(&:severity_level).reverse
erb :index
end
# list of systems
get '/systems' do
+ protected!
@systems = System.all.group_by(&:orientation)
@title = 'All Systems'
@scripts = Script.all
@action_url = "systems/actions"
erb :systems
end
# list of systems by group
get '/groups/:id/systems' do
+ protected!
group = Group.with_pk!(params['id'])
@systems = group.systems_dataset.order_by(:name).all.group_by(&:orientation)
@title = group.name
@scripts = Script.all
@action_url = "groups/#{params['id']}/systems/actions"
erb :systems
end
# info page for a system
get '/systems/:id' do
+ protected!
@system = System.with_pk!(params['id'])
@uploads = @system.upload_urls
metrics = @system.metrics
# we're only interested in the latest value for string metrics
@@ -346,9 +351,10 @@
erb :system
end
# helper to make uploads publicly accessible
get '/uploads/*' do
+ protected!
path = params['splat'][0]
raise 'Invalid path' if path.include?('..')
full_path = File.join(Server.options.uploads_dir, path)
send_file full_path
end