dashboard: add /key handler

R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5504066

dashboard: add /key handler
R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5504066
03805054 · Andrew Gerrand · ddc85f41 · 03805054 · 03805054
Commit 03805054 authored Dec 22, 2011 by Andrew Gerrand
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 7 deletions

misc/dashboard/app/app.yaml misc/dashboard/app/app.yaml +1 -1

misc/dashboard/app/build/handler.go misc/dashboard/app/build/handler.go +29 -6

No files found.
--- a/misc/dashboard/app/app.yaml
+++ b/misc/dashboard/app/app.yaml
@@ -10,6 +10,6 @@ handlers:
  script: _go_app
 - url: /(|commit|packages|result|tag|todo)
  script: _go_app
- url: /(init|buildtest|_ah/queue/go/delay)
+- url: /(init|buildtest|key|_ah/queue/go/delay)
  script: _go_app
  login: admin
--- a/misc/dashboard/app/build/handler.go
+++ b/misc/dashboard/app/build/handler.go
@@ -321,13 +321,10 @@ func AuthHandler(h dashHandler) http.HandlerFunc {
 		// Validate key query parameter for POST requests only.
 		key := r.FormValue("key")
-		if r.Method == "POST" && key != secretKey && !appengine.IsDevAppServer() {
+		builder := r.FormValue("builder")
-			h := hmac.NewMD5([]byte(secretKey))
+		if r.Method == "POST" && !validKey(key, builder) {
-			h.Write([]byte(r.FormValue("builder")))
-			if key != fmt.Sprintf("%x", h.Sum()) {
 			err = os.NewError("invalid key: " + key)
 		}
-		}
 		// Call the original HandlerFunc and return the response.
 		if err == nil {
@@ -365,9 +362,19 @@ func initHandler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprint(w, "OK")
 }
+func keyHandler(w http.ResponseWriter, r *http.Request) {
+	builder := r.FormValue("builder")
+	if builder == "" {
+		logErr(w, r, os.NewError("must supply builder in query string"))
+		return
+	}
+	fmt.Fprint(w, builderKey(builder))
+}
 func init() {
 	// admin handlers
 	http.HandleFunc("/init", initHandler)
+	http.HandleFunc("/key", keyHandler)
 	// authenticated handlers
 	http.HandleFunc("/commit", AuthHandler(commitHandler))
@@ -385,6 +392,22 @@ func validHash(hash string) bool {
 	return hash != ""
 }
+func validKey(key, builder string) bool {
+	if appengine.IsDevAppServer() {
+		return true
+	}
+	if key == secretKey {
+		return true
+	}
+	return key == builderKey(builder)
+}
+func builderKey(builder string) string {
+	h := hmac.NewMD5([]byte(secretKey))
+	h.Write([]byte(builder))
+	return fmt.Sprintf("%x", h.Sum())
+}
 func logErr(w http.ResponseWriter, r *http.Request, err os.Error) {
 	appengine.NewContext(r).Errorf("Error: %v", err)
 	w.WriteHeader(http.StatusInternalServerError)