Commits

Rich Manalang [Atlassian] committed aada6f6

added config page

  • Participants
  • Parent commits 81683da

Comments (0)

Files changed (3)

 set :protection, :except => :frame_options
 
 get '/register' do
+  url = URI.parse(request.env['REQUEST_URI'])
+  @uri = (url.port == 80 or url.port == 443) ? 
+    "#{url.scheme}://#{url.host}" : "#{url.scheme}://#{url.host}:#{url.port}"
   if params["key"]
     registration = Registration.find_or_initialize_by_client_key(params["key"])
-    registration.host_public_key = params["publicKey"]
+    registration.host_public_key = to_pub_key_pem(params["publicKey"])
     registration.base_url = params["baseUrl"]
     registration.description = params["description"]
     registration.save
 before "/protected/*" do
   response.header["X-Frame-Options"] = "GOFORIT"
   if session[:client_key].nil?
+    session[:client_key] = params["oauth_consumer_key"]
+    @client_key = session[:client_key]
+    @registration = Registration.find_by_client_key(@client_key)
     halt(400, "Bad Request") unless has_oauth_params(params)
     # TODO add nonce/timestamp check http://tools.ietf.org/html/rfc5849#section-3.3
-    valid = OAuth::Signature.verify(request, {:consumer_secret => ENV["HOST_PUBLIC_KEY"]})
+    p @registration.host_public_key
+    valid = OAuth::Signature.verify(request, {:consumer_secret =>  
+      @registration.host_public_key})
     halt(401, "Not authorized") unless valid
-    session[:client_key] = params["oauth_consumer_key"]
+  else
+    @client_key = session[:client_key]
   end
-  @client_key = session[:client_key]
 end
 
 get '/protected/config' do
-  @registration = Registration.find_by_client_key(params['oauth_consumer_key'])
+  @registration = Registration.find_by_client_key(@client_key)
   erb :config
 end
 
 def oauth
   reg = Registration.find_by_client_key(params['oauth_consumer_key'])
   @consumer = OAuth::Consumer.new(
-    ENV["HOST_KEY"],
+    reg.client_key,
     OpenSSL::PKey::RSA.new(ENV["LOCAL_PRIVATE_KEY"]),
     :site => reg.base_url,
     :signature_method => 'RSA-SHA1',
   )
   @consumer.http.set_debug_output($stderr)
   OAuth::AccessToken.new(@consumer)
+end
+
+def to_pub_key_pem(str)
+  str = CGI.unescape(str).gsub(" ","+")
+  len = str.length
+  start = 0
+  arry = []
+  while len > 0 do
+    arry.push(str.slice(start,64))
+    start += 64
+    len = len - 64
+  end
+  arry.unshift("-----BEGIN PUBLIC KEY-----")
+  arry.push("-----END PUBLIC KEY-----")
+  arry.join("\n")
 end
 require 'uri'
 require 'oauth/request_proxy/rack_request'
 require 'rack-flash'
+require 'cgi'
 
 require './app'
 run Sinatra::Application

File views/register.erb

 <?xml version="1.0" encoding="UTF-8"?>
-<remote-app key="hipchat-demo" name="HipChat Demo" version="1" icon-url="http://www.atlassian.com/favicon.ico" display-url="http://localhost:9292" access-level="user">
+<remote-app key="hipchat-demo" name="HipChat Demo" version="1" icon-url="http://www.atlassian.com/favicon.ico" display-url="<%= @uri %>" access-level="user">
   <vendor name="Atlassian" url="http://atlassian.com" />
   <description>
     A simple webhook example that sends a HipChat notification when a blog post or