check api key for raw/stats

api/sysvitals_api.py

@@ -46,7 +46,7 @@ class HTTPException(Exception):
 
 BASE_HEADERS = [
 	('Access-Control-Allow-Origin', '*'),
-	('Access-Control-Allow-Headers', 'X-Requested-With, X-Request'),
+	('Access-Control-Allow-Headers', 'Authorization, X-Requested-With, X-Request'),
 ]
 DEFAULT_HEADERS = BASE_HEADERS + [('Content-type', 'application/json')]
 ERROR_HEADERS = BASE_HEADERS + [('Content-type', 'text/plain')]
@@ -88,7 +88,7 @@ def application(environ, start_response):
 
 def get_raw(split, query, environ):
 	try:
-		group_id = int(split[1])
+		group_id = get_group(split, environ)
 		server_id = int(split[3])
 		start = datetime.datetime.strptime(query['start'], '%Y-%m-%d').date()
 		end = datetime.datetime.strptime(query['end'], '%Y-%m-%d').date()

config.py.example

@@ -1,7 +1,8 @@
-api_port = 8892
+api_host = 'http://127.0.0.1:8887'
+api_port = 8887
 
 web_port = 8888
-host = 'http://127.0.0.1:8888'
+web_host = 'http://127.0.0.1:8888'
 cookie_secret = 'dis is super sekrit'
 debug = True
 

web/db.py

@@ -76,3 +76,8 @@ class MomokoDB:
 		for row in cursor.fetchall():
 			servers[row['group_id']].append(row)
 		return servers
+
+	@tornado.gen.coroutine
+	def get_api_key(self, group_id):
+		cursor = yield self.execute('SELECT api_key FROM groups WHERE id = %s', group_id)
+		return cursor.fetchone()['api_key']

web/static/js/stats.js

@@ -39,10 +39,11 @@ window.addEvent('domready', function() {
 	});
 
 	var split = document.location.pathname.split('/');
-	var url = 'http://localhost:8892/v1/' + split[2] + '/stats/' + split[3];
+	var url = window.sysvitals.api_host + '/v1/' + split[2] + '/stats/' + split[3];
 	function get_stats(start, end, interval) {
 		new Request.JSON({
 			'url': url + '?start=' + start + '&end=' + end + '&interval=' + interval,
+			'headers': {'Authorization': window.sysvitals.api_key},
 			'onSuccess': function(data) {
 				Object.each(data, function(subfields, field) {
 					graph_stat(field, subfields, interval);

web/sysvitals_web.py

@@ -15,7 +15,8 @@ import db
 
 class BaseHandler(tornado.web.RequestHandler):
 	def render(self, *args, **kwargs):
-		kwargs['host'] = config.host
+		kwargs['api_host'] = config.api_host
+		kwargs['web_host'] = config.web_host
 		return super(BaseHandler, self).render(*args, **kwargs)
 
 	def render_string(self, *args, **kwargs):
@@ -86,8 +87,9 @@ class StatsHandler(BaseHandler):
 	@tornado.gen.coroutine
 	def get(self, group_id, server_id):
 		group_id = int(group_id)
+		api_key = yield self.db.get_api_key(group_id)
 		servers = yield self.db.get_servers(self.current_user['id'])
-		self.render('stats.html', group_id=group_id, servers=servers[group_id])
+		self.render('stats.html', group_id=group_id, api_key=api_key, servers=servers[group_id])
 
 class GroupCreateHandler(BaseHandler):
 	@tornado.gen.coroutine

web/templates/base.html

@@ -4,6 +4,12 @@
 	<title>sysvitals</title>
 	<link rel="stylesheet" type="text/css" href="/css/base.css" />
 	<script src="//ajax.googleapis.com/ajax/libs/mootools/1.4.5/mootools.js"></script>
+	<script>
+		window.sysvitals = {
+			'web_host': '{{ web_host }}',
+			'api_host': '{{ api_host }}',
+		};
+	</script>
 	{% block js %}{% end %}
 	{% block css %}{% end %}
 </head>

web/templates/stats.html

@@ -4,6 +4,7 @@
 	<script src="//cdnjs.cloudflare.com/ajax/libs/d3/3.4.5/d3.js"></script>
 	<script src="//cdnjs.cloudflare.com/ajax/libs/rickshaw/1.4.6/rickshaw.js"></script>
 	<script src="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.6.0/moment.js"></script>
+	<script>window.sysvitals.api_key = '{{ api_key }}';</script>
 	<script src="/static/js/stats.js"></script>
 {% end %}
 {% block css %}
@@ -14,7 +15,7 @@
 {% block main %}
 	{% for server in servers %}
 		<br>
-		<a href="/stats/{{ group_id }}/{{ server['id'] }}">{{ server['hostname'] }}</a>
+		<a href="/stats/{{ server['group_id'] }}/{{ server['id'] }}">{{ server['hostname'] }}</a>
 	{% end %}
 	<p>
 	<select id="resolution">