added js logging

rowers/urls.py

@@ -240,6 +240,7 @@ urlpatterns = [
 #    re_path(r'^oauth2/', include('provider.oauth2.urls', namespace = 'oauth2')),
 #    re_path(r'^o/authorize/$', base.AuthorizationView.as_view(), name="authorize"),
 #    re_path(r'^o/token/$', base.TokenView.as_view(), name="token"),
+    re_path('^log/$', views.javascript_log),
     re_path('^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
     re_path(r'^', include(router.urls)),
     re_path(r'^api-docs/$', views.schema_view, name='schema_view'),

rowers/views/apiviews.py

@@ -6,6 +6,7 @@ from xml.etree import ElementTree as ET
 
 import arrow
 import pendulum
+from pendulum.parsing.exceptions import ParserError
 from rowsandall_app.settings import UPLOAD_SERVICE_SECRET, UPLOAD_SERVICE_URL
 from rowers.dataroutines import get_workouttype_from_tcx, get_startdate_time_zone
 
@@ -34,6 +35,50 @@ class XMLParser(BaseParser):
 
 # Stroke data form to test API upload
 
+@csrf_exempt
+def javascript_log(request):
+    if request.method != 'POST':
+        message = {'status': 'false',
+                   'message': 'this view cannot be accessed through GET'}
+        return JSONResponse(status=403, data=message)
+
+    # test if JSON
+    try:
+        json_data = json.loads(request.body)
+        secret = json_data['secret']
+        post_data = json_data
+    except:
+        q = request.POST
+        post_data = {k: q.getlist(k) if len(
+            q.getlist(k)) > 1 else v for k, v in q.items()}
+
+    # only allow local host
+    hostt = request.get_host().split(':')
+    if hostt[0] not in ['localhost', '127.0.0.1', 'dev.rowsandall.com', 'rowsandall.com']:
+        message = {'status': 'false',
+                   'message': 'permission denied for host '+hostt[0]}
+        return JSONResponse(status=403, data=message)
+
+    # check credentials here
+    try:
+        secret = post_data['secret']
+    except KeyError:
+        dologging('own_api.log','Missing credentials')
+        message = {'status': 'false', 'message': 'missing credentials'}
+        return JSONResponse(status=400, data=message)
+    if secret != settings.LOG_SECRET:
+        message = {'status': 'false', 'message': 'invalid credentials'}
+        return JSONResponse(status=403, data=message)
+
+    try:
+        message = post_data['message']
+    except KeyError:
+        dologging('javascript_log.log','no message received')
+        message = {'status': 'false', 'message': 'no filename given'}
+        return JSONResponse(status=400, data=message)
+
+    dologging('javascript_log.log', message)
+    return JSONResponse(status=200, data = {'status': 'true', 'message': message})
     
 @login_required()
 @permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
@@ -547,7 +592,10 @@ def strokedatajson_v3(request):
     rpe = request.data.get('rpe',0)
     startdatetime = request.data.get('startdatetime',"%s" % timezone.now())
 
+    try:
         startdatetime = pendulum.parse(startdatetime)
+    except ParserError:
+        startdatetime = timezone.now()
 
     dologging('apilog.log',workouttype)
     dologging('apilog.log',boattype)
@@ -570,7 +618,11 @@ def strokedatajson_v3(request):
         except:
             return HttpResponse("No JSON Object could be decoded", status=400)
 
+    try:
         df = df.sort("time")
+    except ColumnNotFoundError:
+        return HttpResponse("No time column", status=400)
+    
     status, comment, data = api_get_dataframe(startdatetime, df)
 
     if status != 200: # pragma: no cover

rowsandall_app/settings.py

@@ -283,6 +283,11 @@ try:
 except KeyError:  # pragma: no cover
     UPLOAD_SERVICE_SECRET = "FoYezZWLSyfAVimumpHEeYsJjsNCerxV"
 
+try:
+    LOG_SECRET = CFG['log_secret']
+except KeyError:
+    LOG_SECRET = "RoeiKalender"
+
 # Concept 2
 C2_CLIENT_ID = CFG['c2_client_id']
 C2_CLIENT_SECRET = CFG['c2_client_secret']