hieraviz 0.0.1 → 0.0.2

data/app/public/js/nodes.js

@@ -48,9 +48,9 @@ ready( () => {
   function build_top(title) {
     meat.innerHTML = "<h3>Node "+title+"</h3>";
     addTo(meat,  "<div class=\"nodenav\">" +
-                 "<span class=\"showinfo\" data-node=\""+title+"\">Info</span>" +
-                 "<span class=\"showparams\" data-node=\""+title+"\">Params</span>" +
-                 "<span class=\"showallparams\" data-node=\""+title+"\">AllParams</span>" +
+                 "<span class=\"showinfo\" data-item=\""+title+"\">Info</span>" +
+                 "<span class=\"showparams\" data-item=\""+title+"\">Params</span>" +
+                 "<span class=\"showallparams\" data-item=\""+title+"\">AllParams</span>" +
                  "</div>");
     addTo(meat,  "<div class=\"paramfilter\">" + 
                  "<input type=\"text\" name=\"paramfilter\" />" +
@@ -81,7 +81,7 @@ ready( () => {
       item.addEventListener('click', (ev) => {
         start_wait();
         el = ev.target;
-        action = el.innerText.toLowerCase();
+        action = el.textContent.toLowerCase();
         fetch('/v1/node/' + title + '/' + action).
           then(res => res.json()).
           then(j => {
@@ -92,42 +92,54 @@ ready( () => {
     });
   }
 
+  function show_error(meat, message) {
+    meat.innerHTML = "<div class=\"error\">" + message + "</div>\n";
+  }
+
   var Node = {
     params: function(el) {
       start_wait(meat);
-      title = el.dataset.node;
-      fetch('/v1/node/' + title).
+      title = el.dataset.item;
+      fetch('/v1/node/' + title, auth_header()).
         then(res => res.json()).
         then(j => {
-          build_top(title);
-          build_params(meat, title, j);
-          rebuild_nav(title);
+          console.log(auth_header().headers.getAll('x-auth'));
+          if (j.error != undefined) {
+            show_error(meat, j['error']);
+          } else {
+            build_top(title);
+            build_params(meat, title, j);
+            rebuild_nav(title);
+            update_footer('/v1/node/' + title);            
+          }
           end_wait(meat);
         });
     },
 
     info: function(el) {
       start_wait(meat);
-      title = el.dataset.node;
-      fetch('/v1/node/' + title + '/info').
+      title = el.dataset.item;
+      fetch('/v1/node/' + title + '/info', auth_header()).
         then(res => res.json()).
         then(j => {
           build_top(title);
           build_info(meat, title, j);
           rebuild_nav(title);
+          update_footer('/v1/node/' + title + '/info');
           end_wait(meat);
         });
     },
 
     allparams: function(el) {
       start_wait(meat);
-      title = el.dataset.node;
-      fetch('/v1/node/' + title + '/all').
+      title = el.dataset.item;
+      fetch('/v1/node/' + title + '/all', auth_header()).
         then(res => res.json()).
         then(j => {
           build_top(title);
           build_info(meat, title, j);
           rebuild_nav(title);
+          update_footer('/v1/node/' + title + '/all');
           end_wait(meat);
         });
     },

data/app/views/_foot.erb

@@ -1,3 +1,5 @@
-footer
+<span class="puppetdb">
+<%= settings.configdata['puppetdb']['host'] %>
+</span>
 <span class="debug">
 </span>

data/app/views/_head.erb

@@ -3,6 +3,7 @@
 <%= settings.app_name %>
 </a>
 </div>
+<% if session[:access_token] -%>
 <div class="nav">
 <a href="/nodes" class="nodes">Nodes</a>
 <a href="/farms" class="farms">Farms</a>
@@ -10,5 +11,13 @@
 <a href="/resources" class="resources">Resources</a>
 </div>
 <div class="auth">
+<div class="username">
+identified as <b><%= @username %></b>
+</div>
 <a href="/logout" id="logout">Logout</a>
 </div>
+<% else -%>
+<div class="auth">
+<a href="/login" id="login">Connect</a>
+</div>
+<% end -%>

data/app/views/_layout.erb

@@ -5,7 +5,11 @@
     <%= @title if @title %>
     </title>
     <link href="css/main.css" rel="stylesheet" type="text/css">
+    <script src="js/fetch.js"></script>
     <script src="js/main.js"></script>
+    <% if session['access_token'] -%>
+    <script>var session_key = "<%= session['access_token'] %>";</script>
+    <% end -%>
     <%= yield_content :more_js %>
   </head>
   <body>
@@ -14,6 +18,7 @@
         <%= erb :_head, :layout => false %>
       </div>
       <div class="content">
+        <%= styled_flash %>
         <%= yield %>
       </div>
       <div class="foot">

data/app/views/data.erb

@@ -0,0 +1,4 @@
+<div class="meat text">
+<h1>Raw Data</h1>
+<pre><%= @data %></pre>
+</div>

data/app/views/farms.erb

@@ -8,7 +8,7 @@
 </form>
 <ul>
 <% @farms.each do |farm| %>
-<li class="farm"><%= farm %></li>
+<li class="farm" data-item="<%= farm %>"><%= farm %></li>
 <% end %>
 </ul>
 </div>

data/app/views/home.erb

@@ -1,3 +1,8 @@
 <div class="meat text">
-Welcome to hieraviz
+Welcome to hieraviz<br>
+
+<% if settings.configdata['debug'] -%>
+<%= session['access_token'] %><br>
+<pre><%= Hieraviz::Store.get session['access_token'] if session['access_token'] %></pre>
 </div>
+<% end %>

data/app/views/modules.erb

@@ -2,7 +2,8 @@
 <script async="async" src="js/modules.js"></script>
 <% end %>
 
-<pre class="meat">
-WIP
-</pre>
+<div class="meat">
+<br>
+<div>Work In Progress</div>
+</div>
 

data/app/views/nodes.erb

@@ -8,7 +8,7 @@
 </form>
 <ul>
 <% @nodes.each do |node| %>
-<li class="node" data-node="<%= node %>"><%= node %></li>
+<li class="node" data-item="<%= node %>"><%= node %></li>
 <% end %>
 </ul>
 </div>

data/app/views/resources.erb

@@ -2,7 +2,7 @@
 <script src="js/resources.js"></script>
 <% end %>
 
-<pre class="meat">
-WIP
-</pre>
-
+<div class="meat">
+<br>
+<div>Work In Progress</div>
+</div>

data/app/views/store.erb

@@ -0,0 +1,6 @@
+<div class="meat text">
+<h1>Store</h1>
+<%= session['access_token'] %><br>
+<pre><%= Hieraviz::Store.dump %></pre>
+<pre><%= Hieraviz::Store.tmpdir %></pre>
+</div>

data/app/web.rb

@@ -1,8 +1,9 @@
 require 'sinatra/content_for'
+require 'sinatra/flash'
 
 require 'better_errors'
-require 'digest/sha1'
 require 'dotenv'
+require 'oauth2'
 
 require 'hieracles'
 require 'hieraviz'
@@ -12,61 +13,133 @@ require File.expand_path '../common.rb', __FILE__
 module HieravizApp
   class Web < Common
     helpers Sinatra::ContentFor
+    register Sinatra::Flash
 
     configure do
+      set :session_secret, settings.configdata['session_seed']
       set :public_folder, Proc.new { File.join(root, "public") }
       set :views_folder, Proc.new { File.join(root, "views") }
       set :erb, layout: :_layout
+      enable :sessions
     end
 
     configure :development do
       use BetterErrors::Middleware
-      BetterErrors.application_root = File.expand_path('..', __FILE__)
+      BetterErrors.application_root = File.expand_path('../../', __FILE__)
     end
 
-    helpers do
-      def check_cookie
-        if !session[:hieraviz_key]
-          newkey = Digest::SHA1.hexdigest(Time.new.to_s)
-          store.set(:hieraviz_key, newkey)
-          session[:hieraviz_key] = newkey
+    case settings.configdata['auth_method']
+    when 'http'
+
+      use Rack::Auth::Basic, "Puppet Private Access" do |username, password|
+        username == settings.configdata['http_auth']['username'] && 
+        password == settings.configdata['http_auth']['password']
+      end
+
+      get '/logout' do
+        erb :logout, layout: :_layout
+      end
+
+      helpers do
+        def check_authorization
+          set :username, settings.configdata['http_auth']['username']
+          true
         end
       end
-      def verify_key(key)
-        
+
+    when 'gitlab'
+
+      set :oauth, Hieraviz::AuthGitlab.new(settings.configdata['gitlab_auth'])
+
+      def get_username
+        if session['access_token']
+          session_info = Hieraviz::Store.get(session['access_token'], settings.configdata['session_renew'])
+          if session_info
+            session_info['username']
+          else
+            ''
+          end
+        end
+      end
+
+      def check_authorization
+        if !session['access_token']
+          redirect settings.oauth.login_url(request)
+        else
+          session_info = Hieraviz::Store.get(session['access_token'], settings.configdata['session_renew'])
+          if !session_info
+            if !settings.oauth.authorized?(session['access_token'])
+              flash[:fatal] = "Sorry you are not authorized to read puppet repo on gitlab."
+              redirect '/'
+            else
+              Hieraviz::Store.set session['access_token'], settings.oauth.user_info(session['access_token'])
+              session_info = Hieraviz::Store.get(session['access_token'], settings.configdata['session_renew'])
+            end
+          end
+          session_info['username']
+        end
+      end
+
+      get '/login' do
+        redirect settings.oauth.login_url(request)
+      end
+
+      get '/logged-in' do
+        access_token = settings.oauth.access_token(request, params[:code])
+        session[:access_token] = access_token.token
+        Hieraviz::Store.set access_token.token, settings.oauth.user_info(access_token.token)
+        flash['info'] = "Successfully authenticated with the server"
+        redirect '/'
+      end
+
+      get '/logout' do
+        session.clear
+        redirect '/'
       end
-    end
 
-    use Rack::Auth::Basic, "Puppet Private Access" do |username, password|
-      username == settings.configdata['http_auth']['username'] && 
-      password == settings.configdata['http_auth']['password']
+    else
     end
 
 
     get '/' do
+      @username = get_username
       erb :home
     end
 
     get '/nodes' do
+      @username = check_authorization
       @nodes = Hieracles::Registry.nodes(settings.config)
       erb :nodes
     end
 
     get '/farms' do
+      @username = check_authorization
       @farms = Hieracles::Registry.farms(settings.config)
       erb :farms
     end
 
     get '/modules' do
-      erb :farms
+      @username = check_authorization
+      erb :modules
     end
 
     get '/resources' do
-      erb :farms
+      @username = check_authorization
+      erb :resources
     end
 
-    get '/logout' do
-      erb :logout, layout: :_layout
+    get '/store' do
+      # Hieraviz::Store.set 'woot', 'nada'
+      erb :store
+    end
+
+    get '/user' do
+      if session[:access_token]
+        @data = settings.oauth.user_info(session[:access_token])
+      else
+        @data = 'nada'
+      end
+      erb :data
     end
 
     not_found do

data/lib/hieraviz/auth_gitlab.rb

@@ -0,0 +1,59 @@
+require 'oauth2'
+
+module Hieraviz
+  class AuthGitlab
+
+    def initialize(settings)
+      @@client ||= OAuth2::Client.new(
+        settings['application_id'], 
+        settings['secret'], 
+        :site => settings['host']
+        )
+      @settings = settings
+    end
+
+    def access_token(request, code)
+      @@client.auth_code.get_token(code, :redirect_uri => redirect_uri(request))
+    end
+
+    def get_response(url, token)
+      access_token = OAuth2::AccessToken.new(@@client, token)
+      begin
+        JSON.parse(access_token.get(url).body)
+      rescue Exception => e
+        { 'error' => JSON.parse(e.message.split(/\n/)[1])['message'] }
+      end
+    end
+
+
+    def redirect_uri(request)
+      uri = URI.parse(request.url)
+      uri.path = '/logged-in'
+      uri.query = nil
+      uri.to_s
+    end
+
+    def login_url(request)
+      @@client.auth_code.authorize_url(:redirect_uri => redirect_uri(request))
+    end
+
+    def authorized?(token)
+      if @settings['resource_required']
+        resp = get_response(@settings['resource_required'], token)
+        if resp['error'] ||
+           (resp[@settings['required_response_key']] &&
+           resp[@settings['required_response_key']] != resp[@settings['required_response_value']])
+          false
+        else
+          true
+        end
+      end
+      true
+    end
+
+    def user_info(token)
+      get_response('/api/v3/user', token)
+    end
+
+  end
+end

data/lib/hieraviz/config.rb

@@ -0,0 +1,20 @@
+module Hieraviz
+  module Config
+    extend self
+
+    def load
+      @_config ||= YAML.load_file(configfile)
+    end
+
+    def configfile
+      file = ENV['HIERAVIZ_CONFIG_FILE'] || File.join("config", "hieraviz.yml")
+      file = File.join(root, file) unless file[0] == '/'
+      file
+    end
+
+    def root
+      File.expand_path('../../../', __FILE__)
+    end
+
+  end
+end

data/lib/hieraviz/store.rb

@@ -1,16 +1,53 @@
 module Hieraviz
-  class Store
+  module Store
+    extend self
 
-    def initialize
-      @data = {}
+    def data
+      @_data ||= Hash.new
     end
 
     def set(key, value)
-      @data[key.to_sym] = value
+      File.open(tmpfile(key), 'w') do |f|
+        f.print Marshal::dump(value)
+      end
+      data[key] = value
     end
 
-    def get(key)
-      @data[key.to_sym]
+    def get(key, expiration=false)
+      f = tmpfile(key)
+      if File.exist?(f) && expiration && expired?(f, expiration)
+        File.unlink(f)
+      end
+      if File.exist?(f)
+        data[key] ||= Marshal::load(File.read(f).chomp)
+      end
+    end
+
+    def dump
+      data
+    end
+
+    def tmpfile(name)
+      File.join tmpdir, name.gsub(/[^a-z0-9]/,'')
+    end
+
+    def tmpdir
+      @_tmpdir ||= init_tmpdir 
+    end
+
+    def init_tmpdir
+      config = Hieraviz::Config.load
+      tmp = config['tmpdir'] || '/tmp'
+      begin
+        FileUtils.mkdir_p(tmp) unless Dir.exist?(tmp)
+      rescue Exception => e
+        tmp = '/tmp'
+      end
+      tmp
+    end
+
+    def expired?(file, duration)
+      Time.now - duration > File.mtime(file)
     end
 
   end

data/lib/hieraviz.rb

@@ -1,5 +1,7 @@
 require "hieraviz/version"
+require "hieraviz/config"
 require "hieraviz/store"
+require "hieraviz/auth_gitlab"
 
 module Hieraviz
   # Your code goes here...

data/spec/app/apiv1_spec.rb

@@ -1,11 +1,14 @@
 require 'spec_helper'
+require 'sinatra_helper'
 
 describe HieravizApp::ApiV1 do
 
-  context "when GET /v1/nodes" do
-    it "replies 200" do
-      get '/nodes'
-      expect(last_response).to be_ok
+  context "without any auth" do
+    context "when GET /v1/nodes" do
+      it "replies error" do
+        get '/nodes'
+        expect(last_response).not_to be_ok
+      end
     end
   end
 

data/spec/app/web_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'sinatra_helper'
 
 describe HieravizApp::Web do
 

data/spec/files/config.yml

@@ -2,11 +2,21 @@
 basepath: "spec/files/puppet"
 classpath: "farm_modules/%s/manifests/init.pp"
 hierafile: "hiera.yml"
+session_seed: "toto"
+tmpdir: "spec/files/tmp"
 usedb: false
 puppetdb:
   usessl: false
   host: puppetdb.example.com
   port: 8080
+auth_method: http
 http_auth:
   username: 'toto'
   password: 'toto'
+gitlab_auth:
+  host: https://gitlab.example.com
+  application_id: xxxid
+  secret: xxxsecret
+  resource_required: '/api/v3/projects/group%2Fpuppet'
+  required_response_key: 'id'
+  required_response_value: '42'

data/spec/lib/auth_gitlab_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Hieraviz::AuthGitlab do
+
+  describe '.new' do
+  end
+
+  describe '.access_token' do
+  end
+
+  describe '.get_response' do
+  end
+
+  describe '.redirect_uri' do
+  end
+
+  describe '.login_url' do
+  end
+
+  describe '.authorized?' do
+  end
+
+  describe '.user_info' do
+  end
+
+end

data/spec/lib/config_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe Hieraviz::Config do
+
+  describe '.load' do
+    let(:expected) { "spec/files/puppet" }
+    it { expect(Hieraviz::Config.load['basepath']).to eq expected }
+  end
+
+  describe '.configfile' do
+    let(:expected) { File.expand_path('../../files/config.yml', __FILE__) }
+    it { expect(Hieraviz::Config.configfile).to eq expected }
+  end
+
+  describe '.root' do
+    let(:expected) { File.expand_path('../../../', __FILE__) }
+    it { expect(Hieraviz::Config.root).to eq expected }
+  end
+
+end