From 8c595268db02b4825499398382ea70688c882534 Mon Sep 17 00:00:00 2001
From: nemo <nemozak1@gmail.com>
Date: Fri, 3 Nov 2023 11:45:17 +0100
Subject: [PATCH 1/5] Add columns for IP adresses in the metrics table.

---
 apimanager/metrics/templates/metrics/api.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apimanager/metrics/templates/metrics/api.html b/apimanager/metrics/templates/metrics/api.html
index 83a045e..e957376 100644
--- a/apimanager/metrics/templates/metrics/api.html
+++ b/apimanager/metrics/templates/metrics/api.html
@@ -157,6 +157,8 @@
     						<th scope="col">#</th>
     						<th scope="col">{% trans "Verb Select" %}</th>
     						<th scope="col">{% trans "URL" %}</th>
+							<th scope="col">{% trans "From IP" %}</th>
+							<th scope="col">{% trans "To IP" %}</th>
     						<th scope="col">{% trans "Date" %}</th>
 							<th scope="col">{% trans "Duration(ms)" %}</th>
     						<th scope="col">{% trans "Details" %}</th>
@@ -167,9 +169,9 @@
     						<tr>
     							<td>{{ forloop.counter }}</td>
     							<td>{{ metric.verb_selection }}</td>
-    							<td>
-    								{{ metric.url }}
-    							</td>
+    							<td>{{ metric.url }}</td>
+								<td>{{ metric.IP}}</td>
+								<td>{{ metric.IP }}</td>
     							<td>{{ metric.date|date:"Y-m-d H:i:s.u" }}</td>
 								<td>{{ metric.duration }}</td>
     							<td>

From c4d1d78dc60c0eeae94d562d7159738885593aca Mon Sep 17 00:00:00 2001
From: nemo <nemozak1@gmail.com>
Date: Mon, 13 Nov 2023 11:14:59 +0000
Subject: [PATCH 2/5] Add django-csp to requirements

---
 requirements.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/requirements.txt b/requirements.txt
index 9405cd8..7797322 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,3 +9,4 @@ matplotlib
 django-bootstrap-datepicker-plus==3.0.5
 django-mathfilters
 django-bootstrap3
+django-csp

From 4944f9c5b0ad1a155035ec6b91c5b35904434cdb Mon Sep 17 00:00:00 2001
From: nemo <nemozak1@gmail.com>
Date: Mon, 13 Nov 2023 11:16:25 +0000
Subject: [PATCH 3/5] Revert "Add django-csp to requirements"

This reverts commit c4d1d78dc60c0eeae94d562d7159738885593aca.
---
 requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 7797322..9405cd8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,4 +9,3 @@ matplotlib
 django-bootstrap-datepicker-plus==3.0.5
 django-mathfilters
 django-bootstrap3
-django-csp

From 1156325b2017bc07a0051e3637504ea94bdd6509 Mon Sep 17 00:00:00 2001
From: nemo <nemozak1@gmail.com>
Date: Wed, 22 Nov 2023 10:50:28 +0000
Subject: [PATCH 4/5] Add secure CSRF cookies and discreet timer

The session logout countdown timer is made more discreet. Secure and Httponly flags are added to the CSRF token cookie.
---
 apimanager/apimanager/settings.py             | 10 +++++++---
 apimanager/base/static/js/inactivity-timer.js |  4 +++-
 apimanager/base/templates/base.html           |  2 +-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/apimanager/apimanager/settings.py b/apimanager/apimanager/settings.py
index a807a80..03a4370 100644
--- a/apimanager/apimanager/settings.py
+++ b/apimanager/apimanager/settings.py
@@ -15,7 +15,6 @@ import os
 from django.core.exceptions import ImproperlyConfigured
 from django.urls import reverse_lazy
 
-
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
@@ -273,9 +272,12 @@ SESSION_SAVE_EVERY_REQUEST = True
 # Session Cookie Settings
 SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_AGE = 300
 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
+SESSION_COOKIE_AGE = 300
 
+# CSRF Cookie Settings
+CSRF_COOKIE_HTTPONLY = True
+CSRF_COOKIE_SECURE = True
 
 # Paths on API_HOST to OAuth
 OAUTH_TOKEN_PATH = '/oauth/initiate'
@@ -317,6 +319,8 @@ CALLBACK_BASE_URL = ""
 # Global
 UNDEFINED = "<undefined>"
 
+API_ROOT_KEY = "v500"
+
 # Local settings can replace any value ABOVE
 try:
     from apimanager.local_settings import *     # noqa
@@ -350,7 +354,7 @@ if not OAUTH_CONSUMER_SECRET:
 
 CSP_IMG_SRC = ("'self' data:", 'https://static.openbankproject.com')
 CSP_STYLE_SRC = ("'self' 'sha256-z2a+NIknPDE7NIEqE1lfrnG39eWOhJXWsXHYGGNb5oU=' 'sha256-Dn0vMZLidJplZ4cSlBMg/F5aa7Vol9dBMHzBF4fGEtk=' 'sha256-sA0hymKbXmMTpnYi15KmDw4u6uRdLXqHyoYIaORFtjU=' 'sha256-jUuiwf3ITuJc/jfynxWHLwTZifHIlhddD8NPmmVBztk=' 'sha256-RqzjtXRBqP4i+ruV3IRuHFq6eGIACITqGbu05VSVXsI='", 'https://cdnjs.cloudflare.com', )
-CSP_SCRIPT_SRC = ("'self' 'sha256-4Hr8ttnXaUA4A6o0hGi3NUGNP2Is3Ep0W+rvm+W7BAk=' 'sha256-GgQWQ4Ejk4g9XpAZJ4YxIgZDgp7CdQCmqjMOMh9hD2g=' 'sha256-05NIAwVBHkAzKcXTfkYqTnBPtkpX+AmQvM/raql3qo0='", 'http://code.jquery.com', 'https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/', 'https://cdnjs.cloudflare.com')
+CSP_SCRIPT_SRC = ("'self' 'unsafe-eval' 'sha256-4Hr8ttnXaUA4A6o0hGi3NUGNP2Is3Ep0W+rvm+W7BAk=' 'sha256-GgQWQ4Ejk4g9XpAZJ4YxIgZDgp7CdQCmqjMOMh9hD2g=' 'sha256-05NIAwVBHkAzKcXTfkYqTnBPtkpX+AmQvM/raql3qo0='", 'http://code.jquery.com', 'https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/', 'https://cdnjs.cloudflare.com')
 CSP_FONT_SRC = ("'self'", 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/') 
 CSP_FRAME_ANCESTORS = ("'self'")
 CSP_FORM_ACTION = ("'self'")
diff --git a/apimanager/base/static/js/inactivity-timer.js b/apimanager/base/static/js/inactivity-timer.js
index 2ce6dd0..a779b69 100644
--- a/apimanager/base/static/js/inactivity-timer.js
+++ b/apimanager/base/static/js/inactivity-timer.js
@@ -8,13 +8,15 @@ function addSeconds(date, seconds) {
 }
 
 export function showCountdownTimer() {
+  //TODO rather than display a timer the whole time in a span, make it only show when there are e.g. 30 seconds left.
+  // Maybe a whole page alert that the user will be logged out soon.
 
   // Get current date and time
   var now = new Date().getTime();
   let distance = countDownDate - now;
   // Output the result in an element with id="countdown-timer-span"
   let elementId = ("countdown-timer-span");
-  document.getElementById(elementId).innerHTML = "in " + Math.floor(distance / 1000) + "s";
+  document.getElementById(elementId).innerHTML = Math.floor(distance / 1000) + "s";
 
   // If the count down is over release resources
   if (distance < 0) {
diff --git a/apimanager/base/templates/base.html b/apimanager/base/templates/base.html
index da7cdde..edf44ad 100644
--- a/apimanager/base/templates/base.html
+++ b/apimanager/base/templates/base.html
@@ -107,7 +107,7 @@
                                 <p class="navbar-right button-select">
                                     <span id="navbar-login-username">{{API_USERNAME}}</span>&nbsp;&nbsp;
                                     <a id="logout" href="/logout" class="btn btn-default">{% trans "Logout" %}</a> 
-                                    <span class="badge badge-secondary" id="countdown-timer-span"></span> 
+                                    <span id="countdown-timer-span"></span> 
                                 </p>
                                 {% endif %}
                             </li>

From 385faab72e8171774873bb37d67d428c02c151d8 Mon Sep 17 00:00:00 2001
From: nemo <nemozak1@gmail.com>
Date: Wed, 22 Nov 2023 11:23:52 +0000
Subject: [PATCH 5/5] Revert "Merge branch 'metrics' into develop"

This reverts commit d28966c3e1664d3eaad8ba31b30dffe0562b91ce, reversing
changes made to d73c16efa26921e5175ea48c3466c313abfa8487.
---
 apimanager/metrics/templates/metrics/api.html | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/apimanager/metrics/templates/metrics/api.html b/apimanager/metrics/templates/metrics/api.html
index e957376..83a045e 100644
--- a/apimanager/metrics/templates/metrics/api.html
+++ b/apimanager/metrics/templates/metrics/api.html
@@ -157,8 +157,6 @@
     						<th scope="col">#</th>
     						<th scope="col">{% trans "Verb Select" %}</th>
     						<th scope="col">{% trans "URL" %}</th>
-							<th scope="col">{% trans "From IP" %}</th>
-							<th scope="col">{% trans "To IP" %}</th>
     						<th scope="col">{% trans "Date" %}</th>
 							<th scope="col">{% trans "Duration(ms)" %}</th>
     						<th scope="col">{% trans "Details" %}</th>
@@ -169,9 +167,9 @@
     						<tr>
     							<td>{{ forloop.counter }}</td>
     							<td>{{ metric.verb_selection }}</td>
-    							<td>{{ metric.url }}</td>
-								<td>{{ metric.IP}}</td>
-								<td>{{ metric.IP }}</td>
+    							<td>
+    								{{ metric.url }}
+    							</td>
     							<td>{{ metric.date|date:"Y-m-d H:i:s.u" }}</td>
 								<td>{{ metric.duration }}</td>
     							<td>