perus 0.1.20 → 0.1.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 48150f3119813db0b986b3a78316724d3c454600
-  data.tar.gz: a74d668d0a6ffcb96109958d51ca504d5553cda5
+  metadata.gz: 2eb9babcf7c051aeca8860be3b4865d0f566d27a
+  data.tar.gz: 0a04455e38f26ccc96cefdca91023e0a89586db9
 SHA512:
-  metadata.gz: 96cf0f1b9cf9e01cdf518bb14c8945ac94973e6f2d1248d8968c1e345aa037997c2bf54eee8b530b4b88de2eee90c6db7b3e33611f6a8b32916cb2843e0b8f4e
-  data.tar.gz: 8bc42c6192e42236463339d07f865a192ac7b42781f4104a38f792ba210e32598731bcbaa493fcd3f3a1e614b2f9787b5ea0ed3c426735bfd76e8634df9939d5
+  metadata.gz: 0524c08e915553654605df6e52c8560562442637fe23932d7e8e3ecf2b4d64af6724ff930118ff3580a3b56495212a8392795f8268fedf44895ced29c8a6b961
+  data.tar.gz: 4bac65c5037b1770705274b4175fed6e66d35110beb92d9a1748dc0d208b82d14888efb9c6e6c1e354837b451355cd7bf3bec0ac78b235b9d6825524222d59aa

data/lib/perus/server/admin.rb

@@ -19,12 +19,14 @@ module Perus::Server
 
                     # list
                     get '/admin/#{plural}' do
+                        protected!
                         @records = #{klass}.dataset.order_by(:name).all
                         erb :'admin/index'
                     end
 
                     # new form
                     get '/admin/#{plural}/new' do
+                        protected!
                         @record = #{klass}.new
                         @form = Form.new(@record)
                         erb :'admin/new'
@@ -32,6 +34,7 @@ module Perus::Server
 
                     # create
                     post '/admin/#{plural}' do
+                        protected!
                         @record = #{klass}.new(params[:record])
                         if @record.valid?
                             begin
@@ -52,6 +55,7 @@ module Perus::Server
 
                     # edit
                     get '/admin/#{plural}/:id' do
+                        protected!
                         @record = #{klass}.with_pk!(params['id'])
                         @form = Form.new(@record)
                         erb :'admin/edit'
@@ -59,6 +63,7 @@ module Perus::Server
 
                     # update
                     put '/admin/#{plural}/:id' do
+                        protected!
                         @record = #{klass}.with_pk!(params['id'])
                         if @record.valid?
                             begin
@@ -75,6 +80,7 @@ module Perus::Server
 
                     # delete
                     delete '/admin/#{plural}/:id' do
+                        protected!
                         @record = #{klass}.with_pk!(params['id'])
                         @record.destroy
                         redirect url_prefix + 'admin/#{plural}'

data/lib/perus/server/app.rb

@@ -6,19 +6,6 @@ require 'uri'
 
 module Perus::Server
     class App < Sinatra::Application
-        def self.new(*)
-            unless Server.options.auth['username'].empty?
-                app = Rack::Auth::Digest::MD5.new(super) do |username|
-                    {Server.options.auth['username'] => Server.options.auth['password']}[username]
-                end
-                app.realm = 'Protected Area'
-                app.opaque = 'secretkey'
-                app
-            else
-                super
-            end
-        end
-
         #----------------------
         # config
         #----------------------
@@ -54,6 +41,7 @@ module Perus::Server
         end
 
         post '/admin/scripts/:id/commands' do
+            protected!
             script = Script.with_pk!(params['id'])
             script_command = ScriptCommand.new
             script_command.script_id = params['id']
@@ -74,6 +62,7 @@ module Perus::Server
         end
 
         post '/admin/scripts/:script_id/commands/:id' do
+            protected!
             script_command = ScriptCommand.with_pk!(params['id'])
             if params['action'] == 'Delete'
                 script_command.destroy
@@ -85,6 +74,7 @@ module Perus::Server
         end
 
         post '/admin/configs/:id/metrics' do
+            protected!
             config = Config.with_pk!(params['id'])
             config_metric = ConfigMetric.new
             config_metric.config_id = params['id']
@@ -105,6 +95,7 @@ module Perus::Server
         end
 
         post '/admin/configs/:config_id/metrics/:id' do
+            protected!
             config_metric = ConfigMetric.with_pk!(params['id'])
             if params['action'] == 'Delete'
                 config_metric.destroy
@@ -116,6 +107,7 @@ module Perus::Server
         end
 
         get '/admin/stats' do
+            protected!
             @stats = Stats.new
             @queue_length = Server.ping_queue.length
             erb :stats
@@ -127,6 +119,7 @@ module Perus::Server
         #----------------------
         # csv for graphs shown on system page
         get '/systems/:id/values' do
+            protected!
             system  = System.with_pk!(params['id'])
             metrics = params[:metrics].to_s.split(',')
 
@@ -213,6 +206,7 @@ module Perus::Server
 
         # render all errors in html to replace the shortened subset on the system page
         get '/systems/:id/errors' do
+            protected!
             system = System.with_pk!(params['id'])
             errors = system.collection_errors
             erb :errors, layout: false, locals: {errors: errors}
@@ -220,6 +214,7 @@ module Perus::Server
 
         # clear collection errors
         delete '/systems/:id/errors' do
+            protected!
             system = System.with_pk!(params['id'])
             system.collection_errors.each(&:delete)
             redirect "#{url_prefix}systems/#{system.id}"
@@ -227,12 +222,14 @@ module Perus::Server
 
         # create a new action
         post '/systems/:id/actions' do
+            protected!
             Action.add(params['id'], params)
             redirect "#{url_prefix}systems/#{params['id']}#actions"
         end
 
         # create an action for all systems in a group
         post '/groups/:id/systems/actions' do
+            protected!
             group = Group.with_pk!(params['id'])
             group.systems.each do |system|
                 Action.add(system.id, params)
@@ -243,6 +240,7 @@ module Perus::Server
 
         # delete completed actions in a group
         delete '/groups/:id/systems/actions' do
+            protected!
             group = Group.with_pk!(params['id'])
             group.systems.each do |system|
                 system.actions.each do |action|
@@ -256,6 +254,7 @@ module Perus::Server
 
         # create an action for all systems
         post '/systems/actions' do
+            protected!
             System.each do |system|
                 Action.add(system.id, params)
             end
@@ -265,6 +264,7 @@ module Perus::Server
 
         # delete all completed actions
         delete '/systems/actions' do
+            protected!
             Action.each do |action|
                 next if action.timestamp.nil?
                 action.destroy
@@ -275,6 +275,7 @@ module Perus::Server
 
         # delete an action. deletion also clears any uploaded files.
         delete '/systems/:system_id/actions/:id' do
+            protected!
             action = Action.with_pk!(params['id'])
             action.destroy
             redirect "#{url_prefix}systems/#{params['system_id']}#actions"
@@ -286,6 +287,7 @@ module Perus::Server
         #----------------------
         # overview
         get '/' do
+            protected!
             systems = System.all
             @alerts = Alert.all.sort_by(&:severity_level).reverse
             erb :index
@@ -293,6 +295,7 @@ module Perus::Server
 
         # list of systems
         get '/systems' do
+            protected!
             @systems = System.all.group_by(&:orientation)
             @title = 'All Systems'
             @scripts = Script.all
@@ -302,6 +305,7 @@ module Perus::Server
 
         # list of systems by group
         get '/groups/:id/systems' do
+            protected!
             group = Group.with_pk!(params['id'])
             @systems = group.systems_dataset.order_by(:name).all.group_by(&:orientation)
             @title = group.name
@@ -312,6 +316,7 @@ module Perus::Server
 
         # info page for a system
         get '/systems/:id' do
+            protected!
             @system  = System.with_pk!(params['id'])
             @uploads = @system.upload_urls
             metrics = @system.metrics
@@ -348,6 +353,7 @@ module Perus::Server
 
         # helper to make uploads publicly accessible
         get '/uploads/*' do
+            protected!
             path = params['splat'][0]
             raise 'Invalid path' if path.include?('..')
             full_path = File.join(Server.options.uploads_dir, path)

data/lib/perus/server/helpers.rb

@@ -46,5 +46,21 @@ module Perus::Server
         def url_prefix
             Server.options.url_prefix
         end
+
+        def protected!
+            return if authorised?
+            headers['WWW-Authenticate'] = 'Basic realm="Restricted Area"'
+            halt 401, "Not authorized\n"
+        end
+
+        def authorised?
+            return true if Server.options.auth['username'].empty?
+            @auth ||=  Rack::Auth::Basic::Request.new(request.env)
+            @auth.provided? && @auth.basic? && @auth.credentials &&
+                @auth.credentials == [
+                    Server.options.auth['username'],
+                    Server.options.auth['password']
+                ]
+        end
     end
 end

data/lib/perus/version.rb

@@ -1,3 +1,3 @@
 module Perus
-    VERSION = "0.1.20"
+    VERSION = "0.1.21"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: perus
 version: !ruby/object:Gem::Version
-  version: 0.1.20
+  version: 0.1.21
 platform: ruby
 authors:
 - Will Cannings
@@ -338,4 +338,3 @@ signing_key:
 specification_version: 4
 summary: Simple system overview server
 test_files: []
-has_rdoc: