nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1874 Commits
2 Branches
15 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
healthchecks/hc/api/views.py

541 lines
16 KiB
Raw Permalink Normal View History

First stab at API, POST /api/v1/checks
9 years ago
Include timestamp in the metrics response.
5 years ago
Move timer call to api
9 years ago
Adding "Overall status" badge.
7 years ago
Lightweight 'server status' API endpoint, to be used by external load balancers
8 years ago
Source formatted with Black
6 years ago
Second interation of this
4 years ago
Source formatted with Black
6 years ago
Return 403 when API key is wrong. Return 404 when resource not found. Return 405 when request method is wrong. Return 400 when request syntax is wrong.
8 years ago
Initial commit
10 years ago
forwarded for and forwarded protocol
9 years ago
ping is csrf exempt.
9 years ago
Unsubscribe links serve a form, and require HTTP POST to actually unsubscribe
5 years ago
forwarded for and forwarded protocol
9 years ago
Add "Get a list of checks's logged pings" API call (#371)
4 years ago
First stab at API, POST /api/v1/checks
9 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Add "Get a list of checks's logged pings" API call (#371)
4 years ago
Add /api/v1/badges/ endpoint cc: #552
3 years ago
Initial commit
10 years ago
Don't let SuspiciousOperation bubble up when validating channel ids in API
5 years ago
Replace str(exc) with exc.message to make CodeQL happy
3 years ago
Don't let SuspiciousOperation bubble up when validating channel ids in API
5 years ago
ping is csrf exempt.
9 years ago
forwarded for and forwarded protocol
9 years ago
Implement hc.api.views.ping_by_slug
3 years ago
Fix ping handler to return "not found" in 404 body
3 years ago
Initial commit
10 years ago
Fix the ping handler to reject status codes > 255
3 years ago
Keep a log of pings
9 years ago
forwarded for and forwarded protocol
9 years ago
Email listener: "./manage.py smtpd"
7 years ago
Fix hc.api.views.ping to handle non-utf8 data in request body Fixes: #574
3 years ago
Email listener: "./manage.py smtpd"
7 years ago
Add Ping.exitstatus field, store received exit status values in db Fixes #455
4 years ago
Add support for script's exit status in ping URLs Fixes: #429
4 years ago
"Filtering Rules" dialog, an option to require HTTP POST. Fixes #297
5 years ago
Add Ping.exitstatus field, store received exit status values in db Fixes #455
4 years ago
Keep a log of pings
9 years ago
CORS header for ping call
9 years ago
Move timer call to api
9 years ago
Implement hc.api.views.ping_by_slug
3 years ago
Implement alternative ping URLs, WIP
3 years ago
Implement hc.api.views.ping_by_slug
3 years ago
Fix ping handler to return "not found" in 404 body
3 years ago
Implement hc.api.views.ping_by_slug
3 years ago
Implement alternative ping URLs, WIP
3 years ago
Use the api keys from project, not user profile
6 years ago
API call for updating checks
8 years ago
Use the api keys from project, not user profile
6 years ago
API call for updating checks
8 years ago
Update API to allow specifying channels by names Fixes: #440
4 years ago
Validate channel identifiers before creating/updating a check. Fixes #335
5 years ago
Update API to allow specifying channels by names Fixes: #440
4 years ago
Validate channel identifiers before creating/updating a check. Fixes #335
5 years ago
Update API to allow specifying channels by names Fixes: #440
4 years ago
Validate channel identifiers before creating/updating a check. Fixes #335
5 years ago
Update API to allow specifying channels by names Fixes: #440
4 years ago
Validate channel identifiers before creating/updating a check. Fixes #335
5 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
Implement alternative ping URLs, WIP
3 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API call for updating checks
8 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API call for updating checks
8 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API support for cron syntax
8 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
being able to set/update the description of a check when creating/updating using the api
5 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
being able to set/update the description of a check when creating/updating using the api
5 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
Paused ping handling can be controlled via API. Fixes #376
4 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
Paused ping handling can be controlled via API. Fixes #376
4 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API support for setting the allowed HTTP methods for making ping requests
4 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API support for setting the allowed HTTP methods for making ping requests
4 years ago
API support for cron syntax
8 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API support for cron syntax
8 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API support for cron syntax
8 years ago
Optimize the "Update Check" API call In the "Update Check" API call, if no fields have changed, don't save the changes to the database.
4 years ago
API support for cron syntax
8 years ago
Update API to allow specifying channels by names Fixes: #440
4 years ago
API support for cron syntax
8 years ago
Add read-only API key support
6 years ago
Use the api keys from project, not user profile
6 years ago
Reduce the number of SQL queries used in the "Get Checks" API call
4 years ago
tags querystring param to filter checks by tags
7 years ago
Add read-only API key support
6 years ago
Ensure filter matches tag exactly
7 years ago
Add read-only API key support
6 years ago
Don't include ping URLs in API responses when the read-only key is used
5 years ago
Ensure filter matches tag exactly
7 years ago
Add read-only API key support
6 years ago
More data in API responses.
8 years ago
Pricing page tweaks. Limit free accounts to 20 checks per account.
8 years ago
Add read-only API key support
6 years ago
Use the api keys from project, not user profile
6 years ago
Add read-only API key support
6 years ago
Project.num_checks_available() method.
6 years ago
Add read-only API key support
6 years ago
API call for updating checks
8 years ago
Drop Check.user_id and Channel.user_id (obsolete, using project_id now)
6 years ago
Add read-only API key support
6 years ago
Don't let SuspiciousOperation bubble up when validating channel ids in API
5 years ago
Replace str(exc) with exc.message to make CodeQL happy
3 years ago
Don't let SuspiciousOperation bubble up when validating channel ids in API
5 years ago
Add read-only API key support
6 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
Add read-only API key support
6 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
Add read-only API key support
6 years ago
Move timer call to api
9 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
Badges
8 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
Fix minor API inconsistencies 1. Drop API support for GET, DELETE requests with a request body. Healthchecks had an undocumented quirk where you could authenticate a GET or DELETE request by putting a '{"api_key":"..."}' in request body. This commit removes this feature. Note: POST requests can still authenticate either by sending a X-Api-Key header, or by putting a "api_key" key in request body. GET and DELETE requests can now only authenticate with the request header. 2. Add missing @csrf_exempt annotations in API views When client sends a HTTP POST request to a GET-only endpoint, the server is supposed to respond with "405 Method Not Allowed". Due to CSRF checking, a couple endpoints were responding with "403 Forbidden" instead. Adding @csrf_exempt annotations fixes the problem.
3 years ago
Don't include ping URLs in API responses when the read-only key is used
5 years ago
Add "Get a List of Existing Integrations" API call
6 years ago
Use the api keys from project, not user profile
6 years ago
Add "Get a List of Existing Integrations" API call
6 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
API, optimization: avoid retrieving project twice from the database
4 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
In urls.py, route "api/v1/checks/<sha1:unique_key>" directly to the hc.api.views.get_check_by_unique_key view. Minor API documentation edits.
4 years ago
Implementing new changes discussed to resolve #370
4 years ago
In urls.py, route "api/v1/checks/<sha1:unique_key>" directly to the hc.api.views.get_check_by_unique_key view. Minor API documentation edits.
4 years ago
Implementing new changes discussed to resolve #370
4 years ago
In urls.py, route "api/v1/checks/<sha1:unique_key>" directly to the hc.api.views.get_check_by_unique_key view. Minor API documentation edits.
4 years ago
Implementing new changes discussed to resolve #370
4 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
In urls.py, route "api/v1/checks/<sha1:unique_key>" directly to the hc.api.views.get_check_by_unique_key view. Minor API documentation edits.
4 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
Add read-only API key support
6 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
Return 403 when API key is wrong. Return 404 when resource not found. Return 405 when request method is wrong. Return 400 when request syntax is wrong.
8 years ago
API, optimization: avoid retrieving project twice from the database
4 years ago
Return 403 when API key is wrong. Return 404 when resource not found. Return 405 when request method is wrong. Return 400 when request syntax is wrong.
8 years ago
API call for updating checks
8 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
Replace str(exc) with exc.message to make CodeQL happy
3 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
Don't let SuspiciousOperation bubble up when validating channel ids in API
5 years ago
API call for deleting checks.
7 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
API, optimization: avoid retrieving project twice from the database
4 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
API call for deleting checks.
7 years ago
"Get a single check" API call now supports read-only API keys. Fixes #346
5 years ago
Changes to prototype this for testing with real data
5 years ago
In urls.py, route "api/v1/checks/<sha1:unique_key>" directly to the hc.api.views.get_check_by_unique_key view. Minor API documentation edits.
4 years ago
API call for updating checks
8 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
API call for updating checks
8 years ago
Refactor API key checking code
6 years ago
Add read-only API key support
6 years ago
New feature: pause monitoring of an individual check. Fixes #67
8 years ago
Return 403 when API key is wrong. Return 404 when resource not found. Return 405 when request method is wrong. Return 400 when request syntax is wrong.
8 years ago
API, optimization: avoid retrieving project twice from the database
4 years ago
Return 403 when API key is wrong. Return 404 when resource not found. Return 405 when request method is wrong. Return 400 when request syntax is wrong.
8 years ago
New feature: pause monitoring of an individual check. Fixes #67
8 years ago
Add "/ping/<code>/start" API endpoint
6 years ago
Clear Check.alert_after when pausing a check.
6 years ago
New feature: pause monitoring of an individual check. Fixes #67
8 years ago
Fix the pause action to clear Profile.next_nag_date if all checks up
4 years ago
New feature: pause monitoring of an individual check. Fixes #67
8 years ago
Add "Get a list of checks's logged pings" API call (#371)
4 years ago
Fix minor API inconsistencies 1. Drop API support for GET, DELETE requests with a request body. Healthchecks had an undocumented quirk where you could authenticate a GET or DELETE request by putting a '{"api_key":"..."}' in request body. This commit removes this feature. Note: POST requests can still authenticate either by sending a X-Api-Key header, or by putting a "api_key" key in request body. GET and DELETE requests can now only authenticate with the request header. 2. Add missing @csrf_exempt annotations in API views When client sends a HTTP POST request to a GET-only endpoint, the server is supposed to respond with "405 Method Not Allowed". Due to CSRF checking, a couple endpoints were responding with "403 Forbidden" instead. Adding @csrf_exempt annotations fixes the problem.
3 years ago
Add "Get a list of checks's logged pings" API call (#371)
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Commit with requested changes and tests
4 years ago
Second interation of this
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Returning all historical flips if no parameters are passed
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Returning all historical flips if no parameters are passed
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Returning all historical flips if no parameters are passed
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Returning all historical flips if no parameters are passed
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Second interation of this
4 years ago
Commit with requested changes and tests
4 years ago
Second interation of this
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Commit with requested changes and tests
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Commit with requested changes and tests
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Second interation of this
4 years ago
Commit with requested changes and tests
4 years ago
Second interation of this
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Second interation of this
4 years ago
Add "Get a list of checks's logged pings" API call (#371)
4 years ago
Simplify hc.api.views.flips, add validation and more tests.
4 years ago
Add /api/v1/badges/ endpoint cc: #552
3 years ago
Fix minor API inconsistencies 1. Drop API support for GET, DELETE requests with a request body. Healthchecks had an undocumented quirk where you could authenticate a GET or DELETE request by putting a '{"api_key":"..."}' in request body. This commit removes this feature. Note: POST requests can still authenticate either by sending a X-Api-Key header, or by putting a "api_key" key in request body. GET and DELETE requests can now only authenticate with the request header. 2. Add missing @csrf_exempt annotations in API views When client sends a HTTP POST request to a GET-only endpoint, the server is supposed to respond with "405 Method Not Allowed". Due to CSRF checking, a couple endpoints were responding with "403 Forbidden" instead. Adding @csrf_exempt annotations fixes the problem.
3 years ago
Add /api/v1/badges/ endpoint cc: #552
3 years ago
Badges
8 years ago
Add CORS support to API endpoints. Fixes #208
6 years ago
Implement badge mode (up/down vs up/late/down) selector Fixes #282
4 years ago
Return 403 when API key is wrong. Return 404 when resource not found. Return 405 when request method is wrong. Return 400 when request syntax is wrong.
8 years ago
Badges
8 years ago
Implement badge mode (up/down vs up/late/down) selector Fixes #282
4 years ago
Added support for Shields.io badges. cc: #304, #305
5 years ago
Use Project.badge_key in api.views.badge
6 years ago
Adding "Overall status" badge.
7 years ago
Show check counts in JSON "badges". Fixes #251
6 years ago
Badges
8 years ago
Adding "Overall status" badge.
7 years ago
Badges
8 years ago
Show check counts in JSON "badges". Fixes #251
6 years ago
Refactor: change Check.get_status(with_started=...) default value from True to False (with_started=False is or will be useful in more places)
4 years ago
Badges
8 years ago
Merge Check.get_status() and Check.in_grace_period() into one. This avoids duplicate calls to Check.get_grace_start() in several places.
7 years ago
Show check counts in JSON "badges". Fixes #251
6 years ago
Badges
8 years ago
Added support for Shields.io badges. cc: #304, #305
5 years ago
Show check counts in JSON "badges". Fixes #251
6 years ago
Implement badge mode (up/down vs up/late/down) selector Fixes #282
4 years ago
Show check counts in JSON "badges". Fixes #251
6 years ago
Badges
8 years ago
Added support for Shields.io badges. cc: #304, #305
5 years ago
Add 'schemaVersion' field in the shields.io endpoint Fixes: #566
3 years ago
Added support for Shields.io badges. cc: #304, #305
5 years ago
Source formatted with Black
6 years ago
Badges can now return either SVG or JSON
7 years ago
Adding "Overall status" badge.
7 years ago
Badges
8 years ago
"X-Bounce-Url" header in email messages. An API endpoint to handle bounce notifications. (#112)
8 years ago
Handle status callbacks from Twilio, show SMS delivery failures in the Integrations page.
4 years ago
Fix hc.api.views.notification_status to always return 200 If the notification does not exist, or is more than a hour old, return HTTP 200 (instead of 400 or 404) so the other party doesn't retry over and over again.
4 years ago
In api.views.notification_status, always return HTTP 200 so the other party doesn't retry over and over again
4 years ago
Handle status callbacks from Twilio, show SMS delivery failures in the Integrations page.
4 years ago
Handle Twilio status callbacks for SMS, WhatsApp and phone call notifications.
4 years ago
Handle status callbacks from Twilio, show SMS delivery failures in the Integrations page.
4 years ago
Handle Twilio status callbacks for SMS, WhatsApp and phone call notifications.
4 years ago
Handle status callbacks from Twilio, show SMS delivery failures in the Integrations page.
4 years ago
Handle Twilio status callbacks for SMS, WhatsApp and phone call notifications.
4 years ago
Handle status callbacks from Twilio, show SMS delivery failures in the Integrations page.
4 years ago
Added /api/v1/metrics/ endpoint, useful for monitoring the service itself
5 years ago
Return max notification_id in metrics.
5 years ago
Added /api/v1/metrics/ endpoint, useful for monitoring the service itself
5 years ago
Lightweight 'server status' API endpoint, to be used by external load balancers
8 years ago
 
  1. from datetime import timedelta as td
  2. import time
  3. 

  4. from django.conf import settings
  5. from django.db import connection
  6. from django.http import (
  7.     HttpResponse,
  8.     HttpResponseForbidden,
  9.     HttpResponseNotFound,
  10.     HttpResponseBadRequest,
  11.     JsonResponse,
  12. )
  13. from django.shortcuts import get_object_or_404
  14. from django.utils import timezone
  15. from django.views.decorators.cache import never_cache
  16. from django.views.decorators.csrf import csrf_exempt
  17. from django.views.decorators.http import require_POST
  18. 

  19. from hc.accounts.models import Profile
  20. from hc.api import schemas
  21. from hc.api.decorators import authorize, authorize_read, cors, validate_json
  22. from hc.api.forms import FlipsFiltersForm
  23. from hc.api.models import MAX_DELTA, Flip, Channel, Check, Notification, Ping
  24. from hc.lib.badges import check_signature, get_badge_svg, get_badge_url
  25. 

  26. 

  27. class BadChannelException(Exception):
  28.     def __init__(self, message):
  29.         self.message = message
  30. 

  31. 

  32. @csrf_exempt
  33. @never_cache
  34. def ping(request, code, check=None, action="success", exitstatus=None):
  35.     if check is None:
  36.         try:
  37.             check = Check.objects.get(code=code)
  38.         except Check.DoesNotExist:
  39.             return HttpResponseNotFound("not found")
  40. 

  41.     if exitstatus is not None and exitstatus > 255:
  42.         return HttpResponseBadRequest("invalid url format")
  43. 

  44.     headers = request.META
  45.     remote_addr = headers.get("HTTP_X_FORWARDED_FOR", headers["REMOTE_ADDR"])
  46.     remote_addr = remote_addr.split(",")[0]
  47.     scheme = headers.get("HTTP_X_FORWARDED_PROTO", "http")
  48.     method = headers["REQUEST_METHOD"]
  49.     ua = headers.get("HTTP_USER_AGENT", "")
  50.     body = request.body.decode(errors="replace")
  51. 

  52.     if exitstatus is not None and exitstatus > 0:
  53.         action = "fail"
  54. 

  55.     if check.methods == "POST" and method != "POST":
  56.         action = "ign"
  57. 

  58.     check.ping(remote_addr, scheme, method, ua, body, action, exitstatus)
  59. 

  60.     response = HttpResponse("OK")
  61.     response["Access-Control-Allow-Origin"] = "*"
  62.     return response
  63. 

  64. 

  65. @csrf_exempt
  66. def ping_by_slug(request, ping_key, slug, action="success", exitstatus=None):
  67.     try:
  68.         check = Check.objects.get(slug=slug, project__ping_key=ping_key)
  69.     except Check.DoesNotExist:
  70.         return HttpResponseNotFound("not found")
  71.     except Check.MultipleObjectsReturned:
  72.         return HttpResponse("ambiguous slug", status=409)
  73. 

  74.     return ping(request, check.code, check, action, exitstatus)
  75. 

  76. 

  77. def _lookup(project, spec):
  78.     unique_fields = spec.get("unique", [])
  79.     if unique_fields:
  80.         existing_checks = Check.objects.filter(project=project)
  81.         if "name" in unique_fields:
  82.             existing_checks = existing_checks.filter(name=spec.get("name"))
  83.         if "tags" in unique_fields:
  84.             existing_checks = existing_checks.filter(tags=spec.get("tags"))
  85.         if "timeout" in unique_fields:
  86.             timeout = td(seconds=spec["timeout"])
  87.             existing_checks = existing_checks.filter(timeout=timeout)
  88.         if "grace" in unique_fields:
  89.             grace = td(seconds=spec["grace"])
  90.             existing_checks = existing_checks.filter(grace=grace)
  91. 

  92.         return existing_checks.first()
  93. 

  94. 

  95. def _update(check, spec):
  96.     # First, validate the supplied channel codes/names
  97.     if "channels" not in spec:
  98.         # If the channels key is not present, don't update check's channels
  99.         new_channels = None
  100.     elif spec["channels"] == "*":
  101.         # "*" means "all project's channels"
  102.         new_channels = Channel.objects.filter(project=check.project)
  103.     elif spec.get("channels") == "":
  104.         # "" means "empty list"
  105.         new_channels = []
  106.     else:
  107.         # expect a comma-separated list of channel codes or names
  108.         new_channels = set()
  109.         available = list(Channel.objects.filter(project=check.project))
  110. 

  111.         for s in spec["channels"].split(","):
  112.             if s == "":
  113.                 raise BadChannelException("empty channel identifier")
  114. 

  115.             matches = [c for c in available if str(c.code) == s or c.name == s]
  116.             if len(matches) == 0:
  117.                 raise BadChannelException("invalid channel identifier: %s" % s)
  118.             elif len(matches) > 1:
  119.                 raise BadChannelException("non-unique channel identifier: %s" % s)
  120. 

  121.             new_channels.add(matches[0])
  122. 

  123.     need_save = False
  124.     if check.pk is None:
  125.         # Empty pk means we're inserting a new check,
  126.         # and so do need to save() it:
  127.         need_save = True
  128. 

  129.     if "name" in spec and check.name != spec["name"]:
  130.         check.set_name_slug(spec["name"])
  131.         need_save = True
  132. 

  133.     if "tags" in spec and check.tags != spec["tags"]:
  134.         check.tags = spec["tags"]
  135.         need_save = True
  136. 

  137.     if "desc" in spec and check.desc != spec["desc"]:
  138.         check.desc = spec["desc"]
  139.         need_save = True
  140. 

  141.     if "manual_resume" in spec and check.manual_resume != spec["manual_resume"]:
  142.         check.manual_resume = spec["manual_resume"]
  143.         need_save = True
  144. 

  145.     if "methods" in spec and check.methods != spec["methods"]:
  146.         check.methods = spec["methods"]
  147.         need_save = True
  148. 

  149.     if "timeout" in spec and "schedule" not in spec:
  150.         new_timeout = td(seconds=spec["timeout"])
  151.         if check.kind != "simple" or check.timeout != new_timeout:
  152.             check.kind = "simple"
  153.             check.timeout = new_timeout
  154.             need_save = True
  155. 

  156.     if "grace" in spec:
  157.         new_grace = td(seconds=spec["grace"])
  158.         if check.grace != new_grace:
  159.             check.grace = new_grace
  160.             need_save = True
  161. 

  162.     if "schedule" in spec:
  163.         if check.kind != "cron" or check.schedule != spec["schedule"]:
  164.             check.kind = "cron"
  165.             check.schedule = spec["schedule"]
  166.             need_save = True
  167. 

  168.     if "tz" in spec and check.tz != spec["tz"]:
  169.         check.tz = spec["tz"]
  170.         need_save = True
  171. 

  172.     if need_save:
  173.         check.alert_after = check.going_down_after()
  174.         check.save()
  175. 

  176.     # This needs to be done after saving the check, because of
  177.     # the M2M relation between checks and channels:
  178.     if new_channels is not None:
  179.         check.channel_set.set(new_channels)
  180. 

  181. 

  182. @authorize_read
  183. def get_checks(request):
  184.     q = Check.objects.filter(project=request.project)
  185.     if not request.readonly:
  186.         q = q.prefetch_related("channel_set")
  187. 

  188.     tags = set(request.GET.getlist("tag"))
  189.     for tag in tags:
  190.         # approximate filtering by tags
  191.         q = q.filter(tags__contains=tag)
  192. 

  193.     checks = []
  194.     for check in q:
  195.         # precise, final filtering
  196.         if not tags or check.matches_tag_set(tags):
  197.             checks.append(check.to_dict(readonly=request.readonly))
  198. 

  199.     return JsonResponse({"checks": checks})
  200. 

  201. 

  202. @validate_json(schemas.check)
  203. @authorize
  204. def create_check(request):
  205.     created = False
  206.     check = _lookup(request.project, request.json)
  207.     if check is None:
  208.         if request.project.num_checks_available() <= 0:
  209.             return HttpResponseForbidden()
  210. 

  211.         check = Check(project=request.project)
  212.         created = True
  213. 

  214.     try:
  215.         _update(check, request.json)
  216.     except BadChannelException as e:
  217.         return JsonResponse({"error": e.message}, status=400)
  218. 

  219.     return JsonResponse(check.to_dict(), status=201 if created else 200)
  220. 

  221. 

  222. @csrf_exempt
  223. @cors("GET", "POST")
  224. def checks(request):
  225.     if request.method == "POST":
  226.         return create_check(request)
  227. 

  228.     return get_checks(request)
  229. 

  230. 

  231. @cors("GET")
  232. @csrf_exempt
  233. @authorize
  234. def channels(request):
  235.     q = Channel.objects.filter(project=request.project)
  236.     channels = [ch.to_dict() for ch in q]
  237.     return JsonResponse({"channels": channels})
  238. 

  239. 

  240. @authorize_read
  241. def get_check(request, code):
  242.     check = get_object_or_404(Check, code=code)
  243.     if check.project_id != request.project.id:
  244.         return HttpResponseForbidden()
  245.     return JsonResponse(check.to_dict(readonly=request.readonly))
  246. 

  247. 

  248. @cors("GET")
  249. @csrf_exempt
  250. @authorize_read
  251. def get_check_by_unique_key(request, unique_key):
  252.     checks = Check.objects.filter(project=request.project.id)
  253.     for check in checks:
  254.         if check.unique_key == unique_key:
  255.             return JsonResponse(check.to_dict(readonly=request.readonly))
  256.     return HttpResponseNotFound()
  257. 

  258. 

  259. @validate_json(schemas.check)
  260. @authorize
  261. def update_check(request, code):
  262.     check = get_object_or_404(Check, code=code)
  263.     if check.project_id != request.project.id:
  264.         return HttpResponseForbidden()
  265. 

  266.     try:
  267.         _update(check, request.json)
  268.     except BadChannelException as e:
  269.         return JsonResponse({"error": e.message}, status=400)
  270. 

  271.     return JsonResponse(check.to_dict())
  272. 

  273. 

  274. @authorize
  275. def delete_check(request, code):
  276.     check = get_object_or_404(Check, code=code)
  277.     if check.project_id != request.project.id:
  278.         return HttpResponseForbidden()
  279. 

  280.     response = check.to_dict()
  281.     check.delete()
  282.     return JsonResponse(response)
  283. 

  284. 

  285. @csrf_exempt
  286. @cors("POST", "DELETE", "GET")
  287. def single(request, code):
  288.     if request.method == "POST":
  289.         return update_check(request, code)
  290. 

  291.     if request.method == "DELETE":
  292.         return delete_check(request, code)
  293. 

  294.     return get_check(request, code)
  295. 

  296. 

  297. @cors("POST")
  298. @csrf_exempt
  299. @validate_json()
  300. @authorize
  301. def pause(request, code):
  302.     check = get_object_or_404(Check, code=code)
  303.     if check.project_id != request.project.id:
  304.         return HttpResponseForbidden()
  305. 

  306.     check.status = "paused"
  307.     check.last_start = None
  308.     check.alert_after = None
  309.     check.save()
  310. 

  311.     # After pausing a check we must check if all checks are up,
  312.     # and Profile.next_nag_date needs to be cleared out:
  313.     check.project.update_next_nag_dates()
  314. 

  315.     return JsonResponse(check.to_dict())
  316. 

  317. 

  318. @cors("GET")
  319. @csrf_exempt
  320. @validate_json()
  321. @authorize
  322. def pings(request, code):
  323.     check = get_object_or_404(Check, code=code)
  324.     if check.project_id != request.project.id:
  325.         return HttpResponseForbidden()
  326. 

  327.     # Look up ping log limit from account's profile.
  328.     # There might be more pings in the database (depends on how pruning is handled)
  329.     # but we will not return more than the limit allows.
  330.     profile = Profile.objects.get(user__project=request.project)
  331.     limit = profile.ping_log_limit
  332. 

  333.     # Query in descending order so we're sure to get the most recent
  334.     # pings, regardless of the limit restriction
  335.     pings = Ping.objects.filter(owner=check).order_by("-id")[:limit]
  336. 

  337.     # Ascending order is more convenient for calculating duration, so use reverse()
  338.     prev, dicts = None, []
  339.     for ping in reversed(pings):
  340.         d = ping.to_dict()
  341.         if ping.kind != "start" and prev and prev.kind == "start":
  342.             delta = ping.created - prev.created
  343.             if delta < MAX_DELTA:
  344.                 d["duration"] = delta.total_seconds()
  345. 

  346.         dicts.insert(0, d)
  347.         prev = ping
  348. 

  349.     return JsonResponse({"pings": dicts})
  350. 

  351. 

  352. def flips(request, check):
  353.     if check.project_id != request.project.id:
  354.         return HttpResponseForbidden()
  355. 

  356.     form = FlipsFiltersForm(request.GET)
  357.     if not form.is_valid():
  358.         return HttpResponseBadRequest()
  359. 

  360.     flips = Flip.objects.filter(owner=check).order_by("-id")
  361. 

  362.     if form.cleaned_data["start"]:
  363.         flips = flips.filter(created__gte=form.cleaned_data["start"])
  364. 

  365.     if form.cleaned_data["end"]:
  366.         flips = flips.filter(created__lt=form.cleaned_data["end"])
  367. 

  368.     if form.cleaned_data["seconds"]:
  369.         threshold = timezone.now() - td(seconds=form.cleaned_data["seconds"])
  370.         flips = flips.filter(created__gte=threshold)
  371. 

  372.     return JsonResponse({"flips": [flip.to_dict() for flip in flips]})
  373. 

  374. 

  375. @cors("GET")
  376. @csrf_exempt
  377. @authorize_read
  378. def flips_by_uuid(request, code):
  379.     check = get_object_or_404(Check, code=code)
  380.     return flips(request, check)
  381. 

  382. 

  383. @cors("GET")
  384. @csrf_exempt
  385. @authorize_read
  386. def flips_by_unique_key(request, unique_key):
  387.     checks = Check.objects.filter(project=request.project.id)
  388.     for check in checks:
  389.         if check.unique_key == unique_key:
  390.             return flips(request, check)
  391.     return HttpResponseNotFound()
  392. 

  393. 

  394. @cors("GET")
  395. @csrf_exempt
  396. @authorize_read
  397. def badges(request):
  398.     tags = set(["*"])
  399.     for check in Check.objects.filter(project=request.project):
  400.         tags.update(check.tags_list())
  401. 

  402.     key = request.project.badge_key
  403.     badges = {}
  404.     for tag in tags:
  405.         badges[tag] = {
  406.             "svg": get_badge_url(key, tag),
  407.             "svg3": get_badge_url(key, tag, with_late=True),
  408.             "json": get_badge_url(key, tag, fmt="json"),
  409.             "json3": get_badge_url(key, tag, fmt="json", with_late=True),
  410.             "shields": get_badge_url(key, tag, fmt="shields"),
  411.             "shields3": get_badge_url(key, tag, fmt="shields", with_late=True),
  412.         }
  413. 

  414.     return JsonResponse({"badges": badges})
  415. 

  416. 

  417. @never_cache
  418. @cors("GET")
  419. def badge(request, badge_key, signature, tag, fmt):
  420.     if fmt not in ("svg", "json", "shields"):
  421.         return HttpResponseNotFound()
  422. 

  423.     with_late = True
  424.     if len(signature) == 10 and signature.endswith("-2"):
  425.         with_late = False
  426. 

  427.     if not check_signature(badge_key, tag, signature):
  428.         return HttpResponseNotFound()
  429. 

  430.     q = Check.objects.filter(project__badge_key=badge_key)
  431.     if tag != "*":
  432.         q = q.filter(tags__contains=tag)
  433.         label = tag
  434.     else:
  435.         label = settings.MASTER_BADGE_LABEL
  436. 

  437.     status, total, grace, down = "up", 0, 0, 0
  438.     for check in q:
  439.         if tag != "*" and tag not in check.tags_list():
  440.             continue
  441. 

  442.         total += 1
  443.         check_status = check.get_status()
  444. 

  445.         if check_status == "down":
  446.             down += 1
  447.             status = "down"
  448.             if fmt == "svg":
  449.                 # For SVG badges, we can leave the loop as soon as we
  450.                 # find the first "down"
  451.                 break
  452.         elif check_status == "grace":
  453.             grace += 1
  454.             if status == "up" and with_late:
  455.                 status = "late"
  456. 

  457.     if fmt == "shields":
  458.         color = "success"
  459.         if status == "down":
  460.             color = "critical"
  461.         elif status == "late":
  462.             color = "important"
  463. 

  464.         return JsonResponse(
  465.             {"schemaVersion": 1, "label": label, "message": status, "color": color}
  466.         )
  467. 

  468.     if fmt == "json":
  469.         return JsonResponse(
  470.             {"status": status, "total": total, "grace": grace, "down": down}
  471.         )
  472. 

  473.     svg = get_badge_svg(label, status)
  474.     return HttpResponse(svg, content_type="image/svg+xml")
  475. 

  476. 

  477. @csrf_exempt
  478. @require_POST
  479. def notification_status(request, code):
  480.     """ Handle notification delivery status callbacks. """
  481. 

  482.     try:
  483.         cutoff = timezone.now() - td(hours=1)
  484.         notification = Notification.objects.get(code=code, created__gt=cutoff)
  485.     except Notification.DoesNotExist:
  486.         # If the notification does not exist, or is more than a hour old,
  487.         # return HTTP 200 so the other party doesn't retry over and over again:
  488.         return HttpResponse()
  489. 

  490.     error, mark_not_verified = None, False
  491. 

  492.     # Look for "error" and "mark_not_verified" keys:
  493.     if request.POST.get("error"):
  494.         error = request.POST["error"][:200]
  495.         mark_not_verified = request.POST.get("mark_not_verified")
  496. 

  497.     # Handle "MessageStatus" key from Twilio
  498.     if request.POST.get("MessageStatus") in ("failed", "undelivered"):
  499.         status = request.POST["MessageStatus"]
  500.         error = f"Delivery failed (status={status})."
  501. 

  502.     # Handle "CallStatus" key from Twilio
  503.     if request.POST.get("CallStatus") == "failed":
  504.         error = f"Delivery failed (status=failed)."
  505. 

  506.     if error:
  507.         notification.error = error
  508.         notification.save(update_fields=["error"])
  509. 

  510.         channel_q = Channel.objects.filter(id=notification.channel_id)
  511.         channel_q.update(last_error=error)
  512.         if mark_not_verified:
  513.             channel_q.update(email_verified=False)
  514. 

  515.     return HttpResponse()
  516. 

  517. 

  518. def metrics(request):
  519.     if not settings.METRICS_KEY:
  520.         return HttpResponseForbidden()
  521. 

  522.     key = request.META.get("HTTP_X_METRICS_KEY")
  523.     if key != settings.METRICS_KEY:
  524.         return HttpResponseForbidden()
  525. 

  526.     doc = {
  527.         "ts": int(time.time()),
  528.         "max_ping_id": Ping.objects.values_list("id", flat=True).last(),
  529.         "max_notification_id": Notification.objects.values_list("id", flat=True).last(),
  530.         "num_unprocessed_flips": Flip.objects.filter(processed__isnull=True).count(),
  531.     }
  532. 

  533.     return JsonResponse(doc)
  534. 

  535. 

  536. def status(request):
  537.     with connection.cursor() as c:
  538.         c.execute("SELECT 1")
  539.         c.fetchone()
  540. 

  541.     return HttpResponse("OK")