138 lines
5.7 KiB
Python
138 lines
5.7 KiB
Python
import flask
|
|
from flask import render_template, jsonify, request, redirect, Response, json
|
|
import initdb
|
|
import db
|
|
from dotenv import load_dotenv
|
|
from os import getenv
|
|
|
|
with open("config.json", "r") as f:
|
|
config = json.load(f)
|
|
|
|
print(config)
|
|
|
|
load_dotenv()
|
|
|
|
DB_HOST = getenv("DB_HOST")
|
|
DB_USER = getenv("DB_USER")
|
|
DB_PASSWORD = getenv("DB_PASSWORD")
|
|
DB_NAME = getenv("DB_NAME")
|
|
|
|
appName = "Outpost"
|
|
|
|
app = flask.Flask(__name__)
|
|
|
|
@app.route('/', methods = ['GET'])
|
|
def index():
|
|
token = request.cookies.get('auth_token', 'none')
|
|
userId = db.verifyToken(token, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if (userId == None):
|
|
return render_template('login.html', appName=appName)
|
|
else:
|
|
return render_template("home.html", pageTitle="Home | " + appName)
|
|
|
|
@app.route('/api/login', methods = ['POST'])
|
|
def handleLogin():
|
|
username = request.json['username'].lower()
|
|
password = request.json['password']
|
|
newToken = db.loginUser(username, password, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if newToken == None:
|
|
print("Invalid login attempt")
|
|
return jsonify("Invalid username or password")
|
|
return jsonify(newToken)
|
|
|
|
@app.route('/signup', methods = ['GET'])
|
|
def signup():
|
|
token = request.cookies.get('auth_token', 'none')
|
|
userId = db.verifyToken(token, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if (userId == None):
|
|
return render_template('signup.html', appName=appName)
|
|
else:
|
|
return render_template("home.html", pageTitle="Home | " + appName)
|
|
|
|
@app.route('/logout', methods = ['GET'])
|
|
def logout():
|
|
token = request.cookies.get('auth_token', 'none')
|
|
try:
|
|
token = request.headers['remove-token']
|
|
except:
|
|
pass
|
|
db.removeToken(token, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
return render_template('logout.html', appName=appName)
|
|
|
|
@app.route('/login/service/<serviceid>', methods = ['GET'])
|
|
def logIntoServiceWebsite(serviceid):
|
|
token = request.cookies.get('auth_token', 'none')
|
|
redirectUrl = request.args.get("redirect")
|
|
userId = db.verifyToken(token, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if (userId == None):
|
|
return render_template('login.html', appName=appName)
|
|
else:
|
|
serviceData = db.getServiceById(serviceid, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if not serviceData:
|
|
return jsonify("Service not found")
|
|
else:
|
|
serviceName = serviceData["name"]
|
|
requestToken = db.createRequestToken(userId, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if db.getUserServiceData(userId, serviceid, "approved", DB_USER, DB_PASSWORD, DB_HOST, DB_NAME) == "True":
|
|
return render_template('logbackintoservice.html', appName=appName, serviceName=serviceName, requestToken=requestToken, serviceId=serviceid, redirectUrl=redirectUrl)
|
|
else:
|
|
permissions = []
|
|
for permission in serviceData["permissions"]:
|
|
permissions.append(config["permissionDetails"][permission])
|
|
return render_template('approveservice.html', appName=appName, serviceName=serviceName, permissions=permissions, requestToken=requestToken, serviceId=serviceid, redirectUrl = redirectUrl)
|
|
|
|
@app.route('/api/login/service', methods = ['POST'])
|
|
def logIntoService():
|
|
requestId = request.json["request_id"]
|
|
serviceId = request.json["service_id"]
|
|
redirectURL = request.json["redirect_url"]
|
|
token = request.cookies.get('auth_token', 'none')
|
|
userId = db.verifyToken(token, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
requestUserId = db.checkRequestToken(requestId, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if userId == requestUserId:
|
|
if db.getUserServiceData(userId, serviceId, "approved", DB_USER, DB_PASSWORD, DB_HOST, DB_NAME) != "True":
|
|
db.createUserServiceData("approved", "True", serviceId, userId, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
serviceToken = "TEST FOR NOW, FIX IT FIRST THING"
|
|
# TODO: Generate token for service to access data
|
|
redirectURL = redirectURL + "?token=" + serviceToken
|
|
return redirect(redirectURL)
|
|
else:
|
|
|
|
@app.route('/api/createservice', methods = ['POST'])
|
|
def createService():
|
|
try:
|
|
name = request.json['name']
|
|
permissions = json.dumps(request.json['permissions'])
|
|
print(permissions)
|
|
serviceData =db.createService(name, permissions, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
print(serviceData)
|
|
return jsonify({"success": True, "service": serviceData})
|
|
except Exception as e:
|
|
print(f"Signup error: {e}")
|
|
return jsonify({"success": False, "error": str(e)})
|
|
|
|
@app.route('/api/signup', methods = ['POST'])
|
|
def handleSignup():
|
|
try:
|
|
username = request.json['username'].lower()
|
|
email = request.json['email'].lower()
|
|
password = request.json['password']
|
|
name = request.json['name']
|
|
root_group = db.getGroupByName("root", DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
group_id = root_group['id'] if root_group else None
|
|
db.createUser(name, username, email, password, group_id, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
return jsonify({"success": True})
|
|
except Exception as e:
|
|
print(f"Signup error: {e}")
|
|
return jsonify({"success": False, "error": str(e)})
|
|
|
|
@app.route('/testpage/<pageStr>', methods = ['GET'])
|
|
def testPage(pageStr):
|
|
return render_template(pageStr, appName=appName, serviceName="Test Service")
|
|
|
|
if __name__ == '__main__':
|
|
initdb.createDatabase(DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
initdb.createTables(DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
if not db.getGroupByName("root", DB_USER, DB_PASSWORD, DB_HOST, DB_NAME):
|
|
db.createGroup("root", None, DB_USER, DB_PASSWORD, DB_HOST, DB_NAME)
|
|
app.run(debug=True) |