Accessing Django Template Variables in Javascript

How do we follow the Django DRY principle and avoid as many hard coded elements as possible in our project when we need to include Javascript? A good example of this is if we are pulling in a bookmarklet that will be offered on the site. We need to reference the domain of our project in the bookmarklet, but this then yields code buried in our project’s static files that needs to be altered by anyone that might be utilizing your open sourced code.

This example presents a little bit of a challenge. If this were HTML in our template we could simply reference a DOMAIN variable that we would feed in through a view. However, this is a static Javascript file, so how do we go about utilizing Django template variables in supposedly static Javascript?

Here is a simple method. In our HTML template, we will setup a Javascript global variable that is created to reference a template variable that we feed in from our view, here a domain, and this variable is then referenced in our static Javascript files.

<!-- Our HTML Template (templates/index.html) that is fed data from views.py -->
{% extends "base.html" %}
{% block content %}

<script type="text/javascript" src="/static/somejs.js"></script>

<script> 
var DOMAIN = "{{ site_domain }}";
</script>

<!-- rest of our template, business as usual. -->
{% endblock %}

As you can see, we would feed in a site_domain variable from views.py that might be created something like this.

from django.contrib.sites.models import Site
from django.shortcuts import render_to_response

def index(request):
    '''Our main index view.'''
    site_domain = smart_str(Site.objects.get_current().domain)
    # more of our view code...
    
    return render_to_response('templates/index.html', {
	'site_domain': site_domain,
        #...rest of our template vars
    })

Now, how do we use this in our static Javascript? We reference that global Javascript variable we declared in our template using our Django template variable site_domain.

// Our Javascript file ... /static/somejs.js 
alert("Your current domain is: "+DOMAIN);

Now our code is much more portable, even in places where things should essentially be static.

Analyzing Brute Force Attempts in BASH

If you have a public facing SSH server running on the standard port, your message log is probably filled with failed authentication attempts from brute force attacks. Let’s mash up some quick BASH commands to analyze this data. For our purposes, we’ll look at the top attacker IPs and the top usernames tried.

First, pull down all of your message files and decompress them in a working directory using bunzip2.

Once you have all your message logs ready, we will search through them and pull out all of the authentication failure entries and grab the IP and username for each attempt.

grep -r "authentication error" messages* | awk '{split($0,a," "); print a[NF],a[NF-2]}' > attempts

So we first use grep to look for failed authentications by searching recursively for the string “authentication error” in all of our message logs by using the wildcard. We then pipe this to awk and split each input line found into an array delimited by a whitespace. The last part of each line, and therefore our new array, goes something like: ‘authentication error for USERNAME from IP’. So to get the username and IP from our array we can use the array length variable NF and use that to index the variables we need. Here we grab the last using a[NF] and two in from that with a[NF-2]. Finally, we output this to a file called attempts.

Now, let’s use more BASH magic to do the analyses for us. Our attempts file now is in the format as follows: IP USERNAME. We want to see the top IPs and usernames and we can do that with some sorting commands.

cut -d ' ' -f2 attempts | sort | uniq -c | sort -nr > attempts_username
cut -d ' ' -f1 attempts | sort | uniq -c | sort -nr > attempts_ip

Here, we simply grab either the username in the second column or the IP in the first with cut, sort this data, prepend lines with the number of occurrences of each, and then sort by this occurrence number and output to a new file. You can now view attempts_username and attempts_ip to see the top usernames and IPs, respectively, of brute force attacks.

Lastly, we can associate the keep usernames and IPs together and sort on one or the other to see the correlation between the two. To end our initial analyses, we will sort on usernames and find out for the top attempted usernames, what are the top originating IPs.

 sort -k 2,2 attempts| uniq -c | sort -nr | head -n 10

Next time we will be using some GEOIP methods to see where our top attack attempts are originating.

Stumpy Updated – v1.4.3

The Mutaku URL shortener, Stumpy, has now been updated to version 1.4.3.

You can find out more about Stumpy by clicking the first link in this post to read the initial write up on Mutaku, or you can go to the project page on Github.

Stumpy main page

This release includes a few small bug fixes as well as incorporating a new feature that, for logged in users, shows all of their submitted URLS at the bottom of the main page. Previously, this was only viewable by going through the admin interface. If you are not logged in, you will see the traditional view with the 5 most recent and 5 most visited URLs.

You get get the newest release at the Github page here: v1.4.3

Stumpy is Now Available!

Stumpy has gone v1.0 and is now available on Github. The project is a URL shortener that I originally wrote in Python and have recently rebuilt from scratch to use the Django Python web framework. Now that I’ve reached what I felt was 1.0 functional code, I’ve moved the repository to the Github public section and is available under a BSD license.

Stumpy goes open source on Github

In brief, I have sucked in the first parts of the README.textile file you can find in the repository which should do most of the explaining as to the what and why. The full file contains instructions on setting everything up and how to get testing it out. If you should have any questions, please feel free to contact me. However, I’ve tried to keep the README as clear as possible to be able to drop into a Django environment and the code should be pretty self explanatory.

STUMPy

Mutaku URL Shortener

WHAT IS STUMPY?

STUMPy is a URL shortener written by xiao_haozi (Mutaku) using the django python web framework.

WHY STUMPY?

There are many url shorteners out there, and STUMPy does not do anything groundbreaking.
However, there are several benefits that encouraged it’s development:

  • you keep all the data and can access it at your will
  • you keep all the code and can access/change it at your will
  • simple to use, simple to run, and simple code
  • because of it’s simplicity, it is easy to understand how url shorteners work and some of the possible optimizations
  • uses the django framework which allows for easy expansion, management, and tweaking
  • django also allows for a nice web UI for administration of all of the data

REQUIREMENTS:

Everything is still in active development, so feel free to watch the repository to keep up with it’s evolution on Github. I will soon have the active Mutaku version of Stumpy up and running which I will post as soon as it’s up so that you can see the code in action.

Head over to the home at Github and clone or fork the source and have at it. Please be sure to add any comments or problems to the issues page on Github and feel free to send in pull requests if you’ve added any fun, interesting, or helpful code.

Better Python Redirect

Not too long ago, I showed you how to do a simple redirect with Javascript. This works, of course, but it’s far from ideal.

So let’s do it a more correct way.
You ask, “How do we do that and still keep it a hack <scratching head>?”
We will set the Location and Status headers. And to keep things rebellious, we will be using python.

#!/usr/bin/env python
import cgi
url = "http://example.com/"
print "Status: 302 Moved"
print "Location: %s" % url
print

** Note that, as always when doing CGI with Python, we need to have an alone print statement after our header writes. Haven’t seen this before? Here is the same concept, but this time instead of doing a redirect we can see Python CGI in action simply printing out “Hello, world.” :

#!/usr/bin/env python
import cgi
print "Content-type: text/html"
print
print "Hello, world."

That’s it. It’s much more proper, and it’s noticeably faster. Try it both ways and you’ll see.

Don’t have your webserver setup for Python? What are you waiting for? Do yourself a favor and install Lighttpd, configure out fastcgi, and get cranking in Python.

Simple Javascript Redirect

Need a quick redirect for a page? A simple Javascript location set can get the job done just fine.

Let’s redirect mutaku.com/github to go to the Mutaku GitHub Page. All we need to do is create an index.html file with the following in our subdirectory of choice (here we would have it residing at mutaku.com/github/index.html).

<script type="text/javascript">
   window.location = "https://github.com/mutaku"
</script>

Now, as you would expect, if you visit mutaku.com/github you will be redirected to the GitHub page.