marty 1.0.27 → 1.0.28

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 32549066e0c8789c2965387c0a5351ae672f454d
-  data.tar.gz: e6cf959267b704fb809bb145c58ff38723b863eb
+  metadata.gz: aa124524b13bf86bccbf7cdc28eb791cf603a5e6
+  data.tar.gz: e506b8efb8fbed2ceeb176e6c382353cc1391cc6
 SHA512:
-  metadata.gz: af5710ceabc29629e4261e8fd3fda9ac7f350b7e609ddefe1c347106fee24a6988399b9bc3a5e430e09b81adbfd5ce5b1ad6e9b97d0ea3467ba714ca5f112c4a
-  data.tar.gz: ffe61d68b9c660770436a74ed835db71648a95c89143f0b15e7d8bc5ed92178af27af64bc32c16c678079a241042e25d305abba3146e518589d7034c13a9b571
+  metadata.gz: 088be58e5d88fb2afe3fd30aac9dd61bab0e3ac2c251f057e584a24801f480d015c292a3e4377419b66c06801a4557a78beb43c4c86b19434c34fe789fbcc589
+  data.tar.gz: 54b28698faafad445932d05477434050b890a3331cd94a71d7d2eb225fe449b27d0e51ea20c0f7389a3066a0113d1512d0a3cc54c03dbbe020c4e3d1a9057e06

data/app/components/marty/api_config_view.rb

@@ -0,0 +1,72 @@
+class Marty::ApiConfigView < Marty::Grid
+  has_marty_permissions create: :admin,
+                        read: :any,
+                        update: :admin,
+                        delete: :admin
+
+  def configure(c)
+    super
+    c.model = Marty::ApiConfig
+    c.title = 'API Config'
+    c.attributes = [
+      :script,
+      :node,
+      :attr,
+      :logged,
+      :validated,
+      :created_at,
+      :updated_at,
+    ]
+    c.paging = :pageination
+    c.editing = :in_form
+    c.store_config.merge!(
+      sorters: [{ property: :script, direction: :ASC},
+                { property: :node, direction: :ASC},
+                { property: :attr, direction: :ASC},
+               ])
+    @model = c.model
+  end
+  attribute :script do |c|
+    editor_config = {
+      trigger_action: :all,
+      xtype:          :combo,
+      store:          Marty::Script.where(obsoleted_dt: 'infinity').
+        order(:name).pluck(:name),
+      forceSelection: true,
+    }
+    c.merge!(
+      column_config: { editor: editor_config },
+      field_config:  editor_config,
+      type:          :string,
+    )
+    c.width = 150
+  end
+  [:node, :attr].each do |a|
+    attribute a do |c|
+      c.width = 150
+      c.setter = lambda { |r, v| r.send("#{a}=", v.blank? ? nil : v) }
+    end
+  end
+  attribute :logged do |c|
+    c.width = 100
+  end
+  attribute :validated do |c|
+    c.width = 110
+  end
+  [:created_at, :updated_at].each do |a|
+    attribute a do |c|
+      c.read_only = true
+    end
+  end
+  def default_form_items
+    [
+      :script,
+      :node,
+      :attr,
+      :logged,
+      :validated,
+    ]
+  end
+
+end
+ApiConfigView = Marty::ApiConfigView

data/app/components/marty/api_log_view.rb

@@ -0,0 +1,73 @@
+class Marty::ApiLogView < Marty::Grid
+  include Marty::Extras::Layout
+  has_marty_permissions read: :admin,
+                        update: :admin
+
+  def configure(c)
+    super
+    c.editing = :in_form
+    c.paging = :buffered
+    c.title = 'Api Log View'
+    c.model = Marty::ApiLog
+    c.attributes = [
+      :script,
+      :node,
+      :attrs,
+      :start_time,
+      :end_time,
+      :input,
+      :output,
+      :error,
+      :remote_ip,
+      :auth_name,
+    ]
+
+    c.store_config.merge!(
+      {sorters: [{ property: :start_time, direction: :desc }]},
+    )
+  end
+
+  component :edit_window do |c|
+    super(c)
+    c.width = 1200
+  end
+
+  [:script, :node, :attrs, :remote_ip, :auth_name, :start_time,
+   :end_time].each do |a|
+    attribute a do |c|
+      c.read_only = true
+    end
+  end
+
+  def default_form_items
+    [
+      :script,
+      :node,
+      :attrs,
+      :start_time,
+      :end_time,
+      textarea_field(:input).merge!({height: 300}),
+      textarea_field(:output).merge!({height: 300}),
+      :error,
+      :remote_ip,
+      :auth_name,
+    ]
+  end
+
+  [:input, :output].each do |a|
+    attribute a do |c|
+      c.text = a.to_s
+      c.width     = 900
+      c.read_only = true
+      c.type = :string
+      c.getter = lambda { |r| r.send(a).pretty_inspect }
+    end
+    column a do |c|
+      c.width = 250
+      c.type = :string
+      c.getter = lambda { |r| r.send(a).to_json }
+    end
+  end
+
+end
+ApiLogView = Marty::ApiLogView

data/app/components/marty/main_auth_app.rb

@@ -7,6 +7,8 @@ require 'marty/user_view'
 require 'marty/event_view'
 require 'marty/promise_view'
 require 'marty/api_auth_view'
+require 'marty/api_config_view'
+require 'marty/api_log_view'
 require 'marty/config_view'
 require 'marty/data_grid_view'
 
@@ -61,6 +63,21 @@ class Marty::MainAuthApp < Marty::AuthApp
     ]
   end
 
+  def api_menu
+    [
+      {
+        text: 'API Management',
+        icon:  icon_hack(:wrench),
+        disabled: !self.class.has_admin_perm?,
+        menu: [
+          :api_auth_view,
+          :api_config_view,
+          :api_log_view,
+        ]
+      }
+    ]
+  end
+
   def system_menu
     {
       text:  I18n.t("system"),
@@ -70,11 +87,10 @@ class Marty::MainAuthApp < Marty::AuthApp
         :import_type_view,
         :user_view,
         :config_view,
-        :api_auth_view,
         :event_view,
         :reload_scripts,
         :load_seed,
-      ] + background_jobs_menu + log_menu
+      ] + background_jobs_menu + log_menu + api_menu
     }
   end
 
@@ -201,7 +217,21 @@ class Marty::MainAuthApp < Marty::AuthApp
   end
 
   action :api_auth_view do |a|
-    a.text      = I18n.t("api_auth_view", default: "API Authorization")
+    a.text      = 'API Auth Management'
+    a.handler   = :netzke_load_component_by_action
+    a.icon      = :script_key
+    a.disabled  = !self.class.has_admin_perm?
+  end
+
+  action :api_config_view do |a|
+    a.text      = 'API Config Management'
+    a.handler   = :netzke_load_component_by_action
+    a.icon      = :script_key
+    a.disabled  = !self.class.has_admin_perm?
+  end
+
+  action :api_log_view do |a|
+    a.text      = 'API Log View'
     a.handler   = :netzke_load_component_by_action
     a.icon      = :script_key
     a.disabled  = !self.class.has_admin_perm?
@@ -498,6 +528,8 @@ class Marty::MainAuthApp < Marty::AuthApp
   component :api_auth_view do |c|
     c.disabled = Marty::Util.warped?
   end
+  component :api_log_view
+  component :api_config_view
 
   component :log_view do |c|
     c.klass = Marty::LogView

data/app/controllers/marty/rpc_controller.rb

@@ -7,8 +7,7 @@ class Marty::RpcController < ActionController::Base
                   params["params"] || "{}",
                   params["api_key"] || nil,
                   params["background"],
-                  )
-
+                 )
     respond_to do |format|
       format.json { send_data res.to_json }
       format.csv  {
@@ -21,68 +20,118 @@ class Marty::RpcController < ActionController::Base
 
   private
 
+  # FIXME: move to (probably) agrim's schema code in lib
+  def get_schemas(tag, sname, node, attrs)
+    begin
+      engine = Marty::ScriptSet.new(tag).get_engine(sname+'Schemas')
+      result = engine.evaluate_attrs(node, attrs, {})
+      attrs.zip(result)
+    rescue => e
+      use_message = e.message == 'No such script' ?
+                    'Schema not defined' : 'Problem with schema'
+      raise "Schema error for #{sname}/#{node} "\
+            "attrs=#{attrs.join(',')}: #{use_message}"
+    end
+  end
+
   def do_eval(sname, tag, node, attrs, params, api_key, background)
-    err = "Marty::RpcController#do_eval,"
+    return {error: "Malformed attrs"} unless attrs.is_a?(String)
 
-    unless attrs.is_a?(String)
-      logger.info "#{err} Bad attrs (must be a string): <#{attrs.inspect}>"
-      return {error: "Bad attrs"}
-    end
+    attrs_atom = !attrs.start_with?('[')
+    start_time = Time.zone.now
 
-    begin
-      attrs = ActiveSupport::JSON.decode(attrs)
-    rescue JSON::ParserError => e
-      logger.info "#{err} Malformed attrs (json): #{attrs.inspect}, #{e.message}"
-      return {error: "Malformed attrs"}
+    if attrs_atom
+      attrs = [attrs]
+    else
+      begin
+        attrs = ActiveSupport::JSON.decode(attrs)
+      rescue JSON::ParserError => e
+        return {error: "Malformed attrs"}
+      end
     end
 
-    unless attrs.is_a?(Array) && attrs.all? {|x| x.is_a? String}
-      logger.info "#{err} Malformed attrs (not string array): <#{attrs.inspect}>"
-      return {error: "Malformed attrs"}
-    end
+    return {error: "Malformed attrs"} unless
+      attrs.is_a?(Array) && attrs.all? {|x| x =~ /\A[a-z][a-zA-Z0-9_]*\z/}
 
-    unless params.is_a?(String)
-      logger.info "#{err} Bad params (must be a string): <#{params.inspect}>"
-      return {error: "Bad params"}
-    end
+    return {error: "Bad params"} unless params.is_a?(String)
 
     begin
       params = ActiveSupport::JSON.decode(params)
+      orig_params = params.clone
     rescue JSON::ParserError => e
-      logger.info "#{err} Malformed params (json): <#{params.inspect}>, #{e.message}"
       return {error: "Malformed params"}
     end
 
-    unless params.is_a?(Hash)
-      logger.info "#{err} Malformed params (not hash): <#{params.inspect}>"
-      return {error: "Malformed params"}
+    return {error: "Malformed params"} unless params.is_a?(Hash)
+
+    need_validate, need_log = [], []
+    Marty::ApiConfig.multi_lookup(sname, node, attrs).each do
+      |attr, log, validate, id|
+      need_validate << attr if validate
+      need_log << id if log
     end
 
-    unless Marty::ApiAuth.authorized?(sname, api_key)
-      logger.info "#{err} permission denied"
-      return {error: "Permission denied" }
+    validation_error = {}
+    err_count = 0
+    if need_validate.present?
+      begin
+        schemas = get_schemas(tag, sname, node, need_validate)
+      rescue => e
+        return {error: e.message}
+      end
+      opt = { :validate_schema    => true,
+              :errors_as_objects  => true,
+              :version            => Marty::JsonSchema::RAW_URI }
+      to_append = {"\$schema" => Marty::JsonSchema::RAW_URI}
+      schemas.each do |attr, schema|
+        err = JSON::Validator.fully_validate(schema.merge(to_append), params, opt)
+        validation_error[attr] = err.map{ |e| e[:message] } if err.size > 0
+        err_count += err.size
+      end
     end
+    return {error: "Error(s) validating: #{validation_error}"} if err_count > 0
+
+    auth = Marty::ApiAuth.authorized?(sname, api_key)
+    return {error: "Permission denied" } unless auth
 
     begin
       engine = Marty::ScriptSet.new(tag).get_engine(sname)
     rescue => e
       err_msg = "Can't get engine: #{sname || 'nil'} with tag: " +
-              "#{tag || 'nil'}; message: #{e.message}"
-      logger.info "#{err} #{err_msg}"
+                "#{tag || 'nil'}; message: #{e.message}"
+      logger.info err_msg
       return {error: err_msg}
     end
 
+    retval = nil
+
     begin
       if background
         result = engine.background_eval(node, params, attrs)
-        {"job_id" => result.__promise__.id}
-      else
-        engine.evaluate_attrs(node, attrs, params)
+        return retval = {"job_id" => result.__promise__.id}
       end
+
+      res = engine.evaluate_attrs(node, attrs, params)
+      return retval = (attrs_atom ? res.first : res)
     rescue => exc
-      err_msg = Delorean::Engine.grok_runtime_exception(exc)
-      logger.info "#{err} Evaluation error: #{err_msg}"
-      err_msg
+      err_msg = Delorean::Engine.grok_runtime_exception(exc).symbolize_keys
+      logger.info "Evaluation error: #{err_msg}"
+      return retval = err_msg
+    ensure
+      error = Hash === retval ? retval[:error] : nil
+
+      # FIXME: how do we know this isn't going to fail??
+      Marty::ApiLog.create!(script:     sname,
+                            node:       node,
+                            attrs:      (attrs_atom ? attrs.first : attrs),
+                            input:      orig_params,
+                            output:     error ? nil : retval,
+                            start_time: start_time,
+                            end_time:   Time.zone.now,
+                            error:      error,
+                            remote_ip:  request.remote_ip,
+                            auth_name:  auth,
+                           ) if need_log.present?
     end
   end
 end

data/app/models/marty/api_auth.rb

@@ -37,6 +37,7 @@ class Marty::ApiAuth < Marty::Base
                        obsoleted_dt: 'infinity').exists?
     !is_secured || where(api_key: api_key,
                          script_name: script_name,
-                         obsoleted_dt: 'infinity').exists?
+                         obsoleted_dt: 'infinity').pluck(:app_name).first
   end
+
 end

data/app/models/marty/api_config.rb

@@ -0,0 +1,16 @@
+class Marty::ApiConfig < Marty::Base
+  validates_presence_of :script
+
+  def self.lookup(script, node, attr)
+    res = where(["script = ? AND (node IS NULL OR node = ?) "\
+           "AND (attr IS NULL OR attr = ?)",
+           script, node, attr]).
+           order('node nulls last, attr nulls last').
+           pluck(:logged, :validated, :id)
+    res.first
+  end
+  def self.multi_lookup(script, node, attrs)
+    (attrs.nil? ? [nil] : attrs).
+      map { |attr| lookup(script, node, attr).try{|x| x.unshift(attr) }}
+  end
+end

data/app/models/marty/api_log.rb

@@ -0,0 +1,5 @@
+class Marty::ApiLog < Marty::Base
+  validates_presence_of :script, :node, :attrs, :start_time, :end_time,
+                        :remote_ip
+
+end

data/app/models/marty/data_grid.rb

@@ -262,7 +262,7 @@ class Marty::DataGrid < Marty::Base
   cached_delorean_fn :find_class_instance, sig: 3 do
     |pt, klass, v|
     if Marty::PgEnum === klass
-      StringEnum.new(v)
+      klass.find_by_name(v)
     else
       # FIXME: very hacky -- hard-coded name
       Marty::DataConversion.find_row(klass, {"name" => v}, pt)

data/db/migrate/300_create_marty_api_configs.rb

@@ -0,0 +1,13 @@
+class CreateMartyApiConfigs < ActiveRecord::Migration
+  def change
+    create_table :marty_api_configs do |t|
+      t.timestamps null: false
+      t.string :script, null: false
+      t.string :node, null: true
+      t.string :attr, null: true
+      t.boolean :logged, null: false, default: false
+      t.boolean :validated, null: false, default: false
+    end
+    add_index :marty_api_configs, [:script, :node, :attr], unique: true
+  end
+end