Merge pull request #3046 from catchpoint/api_key_header_only

get api key from http header only

Author: Mike Kozicki

batchtool/wpt_batch.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python2.6
+#!/usr/bin/python3
 #
 # Copyright 2010 Google Inc. All Rights Reserved.
 
@@ -95,17 +95,15 @@ def RunBatch(options):
     test_params['tcpdump'] = options.tcpdump
   if options.script:
     test_params['script'] = open(options.script, 'rb').read()
-  if options.key:
-    test_params['k'] = options.key
 
   requested_urls = wpt_batch_lib.ImportUrls(options.urlfile)
-  id_url_dict = wpt_batch_lib.SubmitBatch(requested_urls, test_params,
+  id_url_dict = wpt_batch_lib.SubmitBatch(requested_urls, test_params, options.key,
                                           options.server)
 
   submitted_urls = set(id_url_dict.values())
   for url in requested_urls:
     if url not in submitted_urls:
-      logging.warn('URL submission failed: %s', url)
+      logging.warning('URL submission failed: %s', url)
 
   pending_test_ids = id_url_dict.keys()
   if not os.path.isdir(options.outputdir):
@@ -129,13 +127,13 @@ def RunBatch(options):
         if test_status == '200':
           completed_test_ids.append(test_id)
         else:
-          logging.warn('Tests failed with status $s: %s', test_status, test_id)
+          logging.warning('Tests failed with status $s: %s', test_status, test_id)
     test_results = wpt_batch_lib.GetXMLResult(completed_test_ids,
                                               server_url=options.server)
     result_test_ids = set(test_results.keys())
     for test_id in completed_test_ids:
       if test_id not in result_test_ids:
-        logging.warn('The XML failed to retrieve: %s', test_id)
+        logging.warning('The XML failed to retrieve: %s', test_id)
 
     for test_id, dom in test_results.iteritems():
       SaveTestResult(options.outputdir, id_url_dict[test_id], test_id,

batchtool/wpt_batch_lib.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python2.6
+#!/usr/bin/python3
 #
 # Copyright 2011 Google Inc. All Rights Reserved.
 
@@ -13,12 +13,12 @@
 
 __author__ = '[email protected] (Qi Zhao)'
 
-import re
-import urllib
+import urllib.request
+import urllib.parse
 from xml.dom import minidom
 
 
-def __LoadEntity(url, urlopen=urllib.urlopen):
+def __LoadEntity(url, apiKey, urlopen=urllib.request.urlopen):
   """A helper function to load an entity such as an URL.
 
   Args:
@@ -28,7 +28,15 @@ def __LoadEntity(url, urlopen=urllib.urlopen):
   Returns:
     The response message
   """
-  response = urlopen(url)
+  headers = {}
+
+  if apiKey:
+    headers = {
+      "X-WPT-API-KEY" : apiKey
+    }
+
+  request = urllib.request.Request(url, headers=headers)
+  response = urlopen(request)
   return response
 
 
@@ -44,14 +52,14 @@ def ImportUrls(url_filename):
   url_list = []
   for line in open(url_filename, 'rb'):
     # Remove newline and trailing whitespaces
-    url = line.rstrip(' \r\n')
+    url = line.rstrip(b' \r\n')
     if url:
       url_list.append(url)
   return url_list
 
 
-def SubmitBatch(url_list, test_params, server_url='http://www.webpagetest.org/',
-                urlopen=urllib.urlopen):
+def SubmitBatch(url_list, test_params, apiKey, server_url='http://www.webpagetest.org/',
+                urlopen=urllib.request.urlopen,):
   """Submit the tests to WebPageTest server.
 
   Args:
@@ -67,8 +75,8 @@ def SubmitBatch(url_list, test_params, server_url='http://www.webpagetest.org/',
   id_url_dict = {}
   for url in url_list:
     test_params['url'] = url
-    request = server_url + 'runtest.php?%s' % urllib.urlencode(test_params)
-    response = __LoadEntity(request, urlopen)
+    request = server_url + 'runtest.php?%s' % urllib.parse.urlencode(test_params)
+    response = __LoadEntity(request, apiKey, urlopen)
     return_code = response.getcode()
     if return_code == 200:
       dom = minidom.parseString(response.read())
@@ -81,7 +89,7 @@ def SubmitBatch(url_list, test_params, server_url='http://www.webpagetest.org/',
 
 
 def CheckBatchStatus(test_ids, server_url='http://www.webpagetest.org/',
-                     urlopen=urllib.urlopen):
+                     urlopen=urllib.request.urlopen):
   """Check the status of tests.
 
   Args:
@@ -105,7 +113,7 @@ def CheckBatchStatus(test_ids, server_url='http://www.webpagetest.org/',
 
 
 def GetXMLResult(test_ids, server_url='http://www.webpagetest.org/',
-                 urlopen=urllib.urlopen):
+                 urlopen=urllib.request.urlopen):
   """Obtain the test result in XML format.
 
   Args:

www/addresses.php

@@ -5,7 +5,8 @@
 // found in the LICENSE.md file.
 require_once __DIR__ . '/common.inc';
 
-if (isset($_REQUEST['k'])) {
+$user_api_key = $request_context->getApiKeyInUse();
+if (!empty($user_api_key)) {
     $keys_file = SETTINGS_PATH . '/keys.ini';
     if (file_exists(SETTINGS_PATH . '/common/keys.ini')) {
         $keys_file = SETTINGS_PATH . '/common/keys.ini';
@@ -14,7 +15,7 @@
         $keys_file = SETTINGS_PATH . '/server/keys.ini';
     }
     $keys = parse_ini_file($keys_file, true);
-    if (isset($keys['server']['key']) && $_REQUEST['k'] == $keys['server']['key']) {
+    if (isset($keys['server']['key']) && $user_api_key == $keys['server']['key']) {
         $admin = true;
     }
 }

www/getLocations.php

@@ -201,7 +201,8 @@ function LoadLocations($isPaid = false)
     $isPaid = false;
     $locations = array();
     $loc = LoadLocationsIni();
-    if (isset($_REQUEST['k'])) {
+    $user_api_key = $request_context->getApiKeyInUse();
+    if (!empty($user_api_key)) {
         foreach ($loc as $name => $location) {
             if (isset($location['browser']) && isset($location['noapi'])) {
                 unset($loc[$name]);
@@ -214,7 +215,7 @@ function LoadLocations($isPaid = false)
             }
         }
     }
-    $isPaid =  !is_null($request_context->getUser()) && $request_context->getUser()->isPaid();
+    $isPaid = !is_null($request_context->getUser()) && $request_context->getUser()->isPaid();
     $includePaid = $isPaid || $admin;
 
     FilterLocations($loc, $includePaid);

www/getTesters.php

@@ -8,7 +8,8 @@
     //header("HTTP/1.1 403 Unauthorized");
     //exit;
 }
-if (isset($_REQUEST['k'])) {
+$user_api_key = $request_context->getApiKeyInUse();
+if (strlen($user_api_key)) {
     $keys_file = SETTINGS_PATH . '/keys.ini';
     if (file_exists(SETTINGS_PATH . '/common/keys.ini')) {
         $keys_file = SETTINGS_PATH . '/common/keys.ini';
@@ -17,7 +18,7 @@
         $keys_file = SETTINGS_PATH . '/server/keys.ini';
     }
     $keys = parse_ini_file($keys_file, true);
-    if (isset($keys['server']['key']) && $_REQUEST['k'] == $keys['server']['key']) {
+    if (isset($keys['server']['key']) && $user_api_key == $keys['server']['key']) {
         $admin = true;
     }
 }

www/src/RequestContext.php

@@ -25,7 +25,7 @@ class RequestContext
     private ?BannerMessageManager $banner_message_manager;
     // Should use an enum, TODO
     private string $environment;
-    private string $api_key_in_use;
+    private ?string $api_key_in_use;
 
     private string $user_api_key_header = 'X-WPT-API-KEY';
 
@@ -49,7 +49,7 @@ public function __construct(array $global_request, array $server = [], array $op
         $this->host = $options['host'] ?? Util::getSetting('host', "");
 
         $this->environment = Environment::$Production;
-        $this->api_key_in_use = "";
+        $this->api_key_in_use = null;
     }
 
     public function getRaw(): array
@@ -131,7 +131,7 @@ public function getHost(): string
 
     public function setEnvironment(?string $env = ''): void
     {
-      // This should really be a match, but we're on 7.4
+        // This should really be a match, but we're on 7.4
         switch ($env) {
             case 'development':
                 $this->environment = Environment::$Development;
@@ -160,22 +160,20 @@ public function getEnvironment(): string
      * */
     public function getApiKeyInUse(): string
     {
-        if (empty($this->api_key_in_use)) {
-            $user_api_key = $this->getRaw()['k'] ?? "";
-            if (empty($user_api_key)) {
-                $user_api_key_header = $this->user_api_key_header;
-                $request_headers = getallheaders();
-                $matching_headers = array_filter($request_headers, function ($k) use ($user_api_key_header) {
-                    return strtolower($k) == strtolower($user_api_key_header);
-                }, ARRAY_FILTER_USE_KEY);
-                if (!empty($matching_headers)) {
-                    $user_api_key = array_values($matching_headers)[0];
-                }
-            }
-
-            $this->api_key_in_use = $user_api_key;
+        if ($this->api_key_in_use == null) {
+            $this->api_key_in_use = $this->readApiKey();
         }
-
         return $this->api_key_in_use;
     }
+
+    private function readApiKey()
+    {
+        $request_headers = getallheaders();
+        foreach ($request_headers as $k => $value) {
+            if (strtolower($k) == strtolower($this->user_api_key_header)) {
+                return trim($value);
+            }
+        }
+        return '';
+    }
 }

www/usage.php

@@ -26,8 +26,8 @@
 ?>
 
 <?php
-if (array_key_exists('k', $_REQUEST) && strlen($_REQUEST['k'])) {
-    $key = trim($_REQUEST['k']);
+$user_api_key = $request_context->getApiKeyInUse();
+if (!empty($user_api_key)) {
     $keys_file = SETTINGS_PATH . '/keys.ini';
     if (file_exists(SETTINGS_PATH . '/common/keys.ini')) {
         $keys_file = SETTINGS_PATH . '/common/keys.ini';
@@ -37,7 +37,7 @@
     }
     $keys = parse_ini_file($keys_file, true);
 
-    if ($admin && $key == 'all') {
+    if ($admin && $user_api_key == 'all') {
         if (!isset($_REQUEST['days'])) {
             $days = 1;
         }
@@ -65,7 +65,7 @@
         }
         $used = array();
         foreach ($keys as $key => &$keyUser) {
-            $u = isset($usage[$key]) ? (int)$usage[$key] : 0;
+            $u = isset($usage[$key]) ? (int) $usage[$key] : 0;
             if ($u) {
                 $used[] = array('used' => $u, 'description' => $keyUser['description'], 'contact' => $keyUser['contact'], 'limit' => $keyUser['limit']);
             }
@@ -100,9 +100,9 @@
             }
         }
     } else {
-        if (isset($keys[$key])) {
+        if (isset($keys[$user_api_key])) {
             $out = array();
-            $limit = (int)@$keys[$key]['limit'];
+            $limit = (int) @$keys[$user_api_key]['limit'];
             if (!$json) {
                 echo "<table class=\"table\"><tr><th>Date</th><th>Used</th><th>Limit</th></tr>";
             }
@@ -113,7 +113,7 @@
                 $used = 0;
                 if (is_file($keyfile)) {
                     $usage = json_decode(file_get_contents($keyfile), true);
-                    $used = (int)@$usage[$key];
+                    $used = (int) @$usage[$user_api_key];
                 }
                 $date = $targetDate->format("Y/m/d");
                 if ($json) {
@@ -127,9 +127,9 @@
                 echo '</table>';
             }
 
-            $limit = (int)$keys[$key]['limit'];
-            if (isset($usage[$key])) {
-                $used = (int)$usage[$key];
+            $limit = (int) $keys[$user_api_key]['limit'];
+            if (isset($usage[$user_api_key])) {
+                $used = (int) $usage[$user_api_key];
             } else {
                 $used = 0;
             }