From 9e4e2f4d6a601a369610e69bb7cb402184fd3165 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Tue, 2 Feb 2021 18:52:54 -0300
Subject: [PATCH] autoconfigurar airbrake

---
 app/controllers/api/v1/notices_controller.rb |  8 +-------
 app/controllers/env_controller.rb            | 10 ++++++++++
 app/javascript/packs/application.js          |  6 +++---
 app/models/site/api.rb                       |  6 ++++++
 app/views/env/index.js.haml                  |  7 +++++++
 app/views/layouts/application.html.haml      | 17 ++++++-----------
 config/routes.rb                             |  1 +
 7 files changed, 34 insertions(+), 21 deletions(-)
 create mode 100644 app/controllers/env_controller.rb
 create mode 100644 app/views/env/index.js.haml

diff --git a/app/controllers/api/v1/notices_controller.rb b/app/controllers/api/v1/notices_controller.rb
index cf2e214..cd44130 100644
--- a/app/controllers/api/v1/notices_controller.rb
+++ b/app/controllers/api/v1/notices_controller.rb
@@ -10,7 +10,7 @@ module Api
       # solo si la API key es verificable.  Del otro lado siempre
       # respondemos con lo mismo.
       def create
-        if verify_api_key
+        if site&.airbrake_valid? airbrake_token
           BacktraceJob.perform_later site_id: params[:site_id],
                                      params: airbrake_params.to_h
         end
@@ -31,12 +31,6 @@ module Api
       rescue ActiveRecord::RecordNotFound
       end
 
-      def verify_api_key
-        site&.verifier&.verify(airbrake_token, purpose: :airbrake) === Site::Api::AIRBRAKE_SECRET
-      rescue ActiveSupport::MessageVerifier::InvalidSignature
-        false
-      end
-
       def airbrake_token
         @airbrake_token ||= params[:key]
       end
diff --git a/app/controllers/env_controller.rb b/app/controllers/env_controller.rb
new file mode 100644
index 0000000..0f34e15
--- /dev/null
+++ b/app/controllers/env_controller.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class EnvController < ActionController::Base
+  skip_before_action :verify_authenticity_token
+
+  def index
+    @site = Site.find_by_name('panel')
+    stale? @site
+  end
+end
diff --git a/app/javascript/packs/application.js b/app/javascript/packs/application.js
index 6d903b4..7295446 100644
--- a/app/javascript/packs/application.js
+++ b/app/javascript/packs/application.js
@@ -18,9 +18,9 @@
 import { Notifier } from '@airbrake/browser'
 
 window.airbrake = new Notifier({
-  projectId: process.env.AIRBRAKE_SITE_ID,
-  projectKey: process.env.AIRBRAKE_API_KEY,
-  host: process.env.PANEL_URL
+  projectId: window.env.AIRBRAKE_SITE_ID,
+  projectKey: window.env.AIRBRAKE_API_KEY,
+  host: window.env.PANEL_URL
 })
 
 import 'core-js/stable'
diff --git a/app/models/site/api.rb b/app/models/site/api.rb
index aef69bf..73f8e71 100644
--- a/app/models/site/api.rb
+++ b/app/models/site/api.rb
@@ -22,6 +22,12 @@ class Site
         @airbrake_api_key ||= verifier.generate(airbrake_secret, purpose: :airbrake)
       end
 
+      def airbrake_valid?(token)
+        ActiveSupport::SecurityUtils.secure_compare(verifier.verify(token, purpose: :airbrake), airbrake_secret)
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        false
+      end
+
       private
 
       def airbrake_secret
diff --git a/app/views/env/index.js.haml b/app/views/env/index.js.haml
new file mode 100644
index 0000000..68ea73a
--- /dev/null
+++ b/app/views/env/index.js.haml
@@ -0,0 +1,7 @@
+= cache @site do
+  :plain
+    window.env = {
+      AIRBRAKE_SITE_ID: #{@site&.id || 1},
+      AIRBRAKE_API_KEY: "#{@site&.airbrake_api_key}",
+      PANEL_URL: "#{ENV['PANEL_URL']}"
+    }
diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
index 4049bf1..d4f94e6 100644
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -11,18 +11,13 @@
 
     %title Sutty
 
+    %script{ type: 'text/javascript', src: '/env.js' }
     = csrf_meta_tags
-    = stylesheet_link_tag 'application', media: 'all',
-      'data-turbolinks-track': 'reload'
-    = javascript_pack_tag 'application',
-      'data-turbolinks-track': 'reload'
-    = stylesheet_pack_tag 'application',
-      'data-turbolinks-track': 'reload'
-    = javascript_include_tag 'application',
-      'data-turbolinks-track': 'reload'
-
-    = favicon_link_tag 'sutty_cuadrada.png',
-      rel: 'apple-touch-icon', type: 'image/png'
+    = stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload'
+    = javascript_pack_tag 'application', 'data-turbolinks-track': 'reload'
+    = stylesheet_pack_tag 'application', 'data-turbolinks-track': 'reload'
+    = javascript_include_tag 'application', 'data-turbolinks-track': 'reload'
+    = favicon_link_tag 'sutty_cuadrada.png', rel: 'apple-touch-icon', type: 'image/png'
 
   %body{ class: yield(:body) }
     .container-fluid#sutty
diff --git a/config/routes.rb b/config/routes.rb
index f5a25fd..70bd6b0 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -34,6 +34,7 @@ Rails.application.routes.draw do
   get '/sites/private/:site_id(*file)', to: 'private#show', constraints: { site_id: %r{[^/]+} }
   # Obtener archivos estáticos desde el directorio público
   get '/sites/:site_id/static_file/(*file)', to: 'sites#static_file', as: 'site_static_file', constraints: { site_id: %r{[^/]+} }
+  get '/env.js', to: 'env#index'
 
   match '/api/v3/projects/:site_id/notices' => 'api/v1/notices#create', via: %i[post]