api: introduces token-based authentication

2010-03-14 20:31:10 +00:00 · 2010-03-14 20:31:10 +00:00 · 155f2bfef9
parent a53fa50f80
commit 155f2bfef9
2 changed files with 22 additions and 6 deletions
--- a/web/api/flukso/src/flukso.erl
+++ b/web/api/flukso/src/flukso.erl
@ -15,6 +15,9 @@ ensure_started(App) ->
 	    ok
    end.

+mysql_prepare() ->
+    mysql:prepare(permissions, <<"SELECT permissions FROM logger_tokens WHERE meter = ? AND token = ?">>).
+
 %% @spec start_link() -> {ok,Pid::pid()}
 %% @doc Starts the app for inclusion in a supervisor tree
 start_link() ->
@ -22,6 +25,7 @@ start_link() ->
    ensure_started(crypto),
    ensure_started(erlrrd),
    ensure_started(mysql),
+    mysql_prepare(),
    ensure_started(webmachine),
    flukso_sup:start_link().

@ -32,6 +36,7 @@ start() ->
    ensure_started(crypto),
    ensure_started(erlrrd),
    ensure_started(mysql),
+    mysql_prepare(),
    ensure_started(webmachine),
    application:start(flukso).

--- a/web/api/flukso/src/flukso_resource.erl
+++ b/web/api/flukso/src/flukso_resource.erl
@ -3,14 +3,15 @@
 %% @doc Flukso webmachine_resource.

 -module(flukso_resource).
-export([init/1, allowed_methods/2, malformed_request/2, content_types_provided/2, to_json/2]).
+-export([init/1, allowed_methods/2, malformed_request/2, is_authorized/2, content_types_provided/2, to_json/2]).

 -include_lib("webmachine/include/webmachine.hrl").

 -record(state,
        {rrdSensor,
         rrdTime,
-         rrdFactor}).
+         rrdFactor,
+         token}).

 init([]) -> 
    {ok, undefined}.
@ -22,15 +23,25 @@ malformed_request(ReqData, _) ->
    {RrdSensor, ValidSensor} = rrd_sensor(wrq:path_info(sensor, ReqData)),
    {RrdTime, ValidInterval} = rrd_time(wrq:get_qs_value("interval", ReqData)),
    {RrdFactor, ValidUnit} = rrd_factor(wrq:get_qs_value("unit", ReqData)),
+    {Token, ValidToken} = rrd_sensor(wrq:get_req_header("X-Token", ReqData)),

-    State = #state{rrdSensor = RrdSensor, rrdTime = RrdTime, rrdFactor = RrdFactor},
+    State = #state{rrdSensor = RrdSensor, rrdTime = RrdTime, rrdFactor = RrdFactor, token = Token},

-    {case {ValidSensor, ValidInterval, ValidUnit}  of
-	{true, true, true} -> false;
+    {case {ValidSensor, ValidInterval, ValidUnit, ValidToken}  of
+	{true, true, true, true} -> false;
 	_ -> true
     end, 
    ReqData, State}.

+is_authorized(ReqData, #state{rrdSensor = RrdSensor, token = Token} = State) ->
+    {data, Result} = mysql:execute(pool, permissions, [RrdSensor, Token]),
+
+    {case mysql:get_result_rows(Result) of
+        [[62]] -> true;
+        _ -> "access refused" 
+    end,
+    ReqData, State}.
+
 content_types_provided(ReqData, State) -> 
    {[{"application/json", to_json}], ReqData, State}.

@ -48,7 +59,7 @@ to_json(ReqData, #state{rrdSensor = RrdSensor, rrdTime = RrdTime, rrdFactor = Rr
            Final = lists:merge(Datapoints, Nans),
            {mochijson2:encode(Final), ReqData, State};

-        {error, Reason} ->
+        {error, _Reason} ->
            {{halt, 404}, ReqData, State}
    end.