api: introduces token-based authentication

This commit is contained in:
Bart Van Der Meerssche 2010-03-14 20:31:10 +00:00
parent a53fa50f80
commit 155f2bfef9
2 changed files with 22 additions and 6 deletions

View File

@ -15,6 +15,9 @@ ensure_started(App) ->
ok ok
end. end.
mysql_prepare() ->
mysql:prepare(permissions, <<"SELECT permissions FROM logger_tokens WHERE meter = ? AND token = ?">>).
%% @spec start_link() -> {ok,Pid::pid()} %% @spec start_link() -> {ok,Pid::pid()}
%% @doc Starts the app for inclusion in a supervisor tree %% @doc Starts the app for inclusion in a supervisor tree
start_link() -> start_link() ->
@ -22,6 +25,7 @@ start_link() ->
ensure_started(crypto), ensure_started(crypto),
ensure_started(erlrrd), ensure_started(erlrrd),
ensure_started(mysql), ensure_started(mysql),
mysql_prepare(),
ensure_started(webmachine), ensure_started(webmachine),
flukso_sup:start_link(). flukso_sup:start_link().
@ -32,6 +36,7 @@ start() ->
ensure_started(crypto), ensure_started(crypto),
ensure_started(erlrrd), ensure_started(erlrrd),
ensure_started(mysql), ensure_started(mysql),
mysql_prepare(),
ensure_started(webmachine), ensure_started(webmachine),
application:start(flukso). application:start(flukso).

View File

@ -3,14 +3,15 @@
%% @doc Flukso webmachine_resource. %% @doc Flukso webmachine_resource.
-module(flukso_resource). -module(flukso_resource).
-export([init/1, allowed_methods/2, malformed_request/2, content_types_provided/2, to_json/2]). -export([init/1, allowed_methods/2, malformed_request/2, is_authorized/2, content_types_provided/2, to_json/2]).
-include_lib("webmachine/include/webmachine.hrl"). -include_lib("webmachine/include/webmachine.hrl").
-record(state, -record(state,
{rrdSensor, {rrdSensor,
rrdTime, rrdTime,
rrdFactor}). rrdFactor,
token}).
init([]) -> init([]) ->
{ok, undefined}. {ok, undefined}.
@ -22,15 +23,25 @@ malformed_request(ReqData, _) ->
{RrdSensor, ValidSensor} = rrd_sensor(wrq:path_info(sensor, ReqData)), {RrdSensor, ValidSensor} = rrd_sensor(wrq:path_info(sensor, ReqData)),
{RrdTime, ValidInterval} = rrd_time(wrq:get_qs_value("interval", ReqData)), {RrdTime, ValidInterval} = rrd_time(wrq:get_qs_value("interval", ReqData)),
{RrdFactor, ValidUnit} = rrd_factor(wrq:get_qs_value("unit", ReqData)), {RrdFactor, ValidUnit} = rrd_factor(wrq:get_qs_value("unit", ReqData)),
{Token, ValidToken} = rrd_sensor(wrq:get_req_header("X-Token", ReqData)),
State = #state{rrdSensor = RrdSensor, rrdTime = RrdTime, rrdFactor = RrdFactor}, State = #state{rrdSensor = RrdSensor, rrdTime = RrdTime, rrdFactor = RrdFactor, token = Token},
{case {ValidSensor, ValidInterval, ValidUnit} of {case {ValidSensor, ValidInterval, ValidUnit, ValidToken} of
{true, true, true} -> false; {true, true, true, true} -> false;
_ -> true _ -> true
end, end,
ReqData, State}. ReqData, State}.
is_authorized(ReqData, #state{rrdSensor = RrdSensor, token = Token} = State) ->
{data, Result} = mysql:execute(pool, permissions, [RrdSensor, Token]),
{case mysql:get_result_rows(Result) of
[[62]] -> true;
_ -> "access refused"
end,
ReqData, State}.
content_types_provided(ReqData, State) -> content_types_provided(ReqData, State) ->
{[{"application/json", to_json}], ReqData, State}. {[{"application/json", to_json}], ReqData, State}.
@ -48,7 +59,7 @@ to_json(ReqData, #state{rrdSensor = RrdSensor, rrdTime = RrdTime, rrdFactor = Rr
Final = lists:merge(Datapoints, Nans), Final = lists:merge(Datapoints, Nans),
{mochijson2:encode(Final), ReqData, State}; {mochijson2:encode(Final), ReqData, State};
{error, Reason} -> {error, _Reason} ->
{{halt, 404}, ReqData, State} {{halt, 404}, ReqData, State}
end. end.