headscale
/
hsman
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixed view for non admin users

This commit is contained in:
Andrea Mistrali 2024-09-05 11:12:55 +02:00
parent 2a38fb14dd
commit a1c66152ae
Signed by: andre
SSH Key Fingerprint: SHA256:/D780pZnuHMQ8xFII5lAtXWy8zdowtBhgWjwi88p+lI
9 changed files with 43 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/__init__.py
View File

@ -1,9 +1,7 @@
from flask import Flask, render_template from flask import Flask, render_template, g
from werkzeug.exceptions import HTTPException from werkzeug.exceptions import HTTPException
from flask_mobility import Mobility from flask_mobility import Mobility
from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
from . import filters from . import filters
from .lib import OIDCAuthentication from .lib import OIDCAuthentication
@ -53,9 +51,12 @@ def create_app(environment='development'):
filters.init_app(app) filters.init_app(app)
# Error handlers. # Error handlers.
@app.errorhandler(HTTPException) @app.errorhandler(HTTPException)
def handle_http_error(exc): def handle_http_error(exc):
return render_template('error.html', error=exc), exc.code return render_template('error.html', error=exc), exc.code
@app.context_processor
def inject_auth():
return dict(auth=auth)
return app return app

17
app/lib.py
View File

@ -56,11 +56,26 @@ class OIDCAuthentication(_OIDCAuth):
userinfo = flask_session['userinfo'] userinfo = flask_session['userinfo']
return userinfo['email'].split('@')[0] return userinfo['email'].split('@')[0]
@property
def email(self) -> str:
userinfo = flask_session['userinfo']
return userinfo['email']
@property @property
def login_name(self) -> str: def login_name(self) -> str:
userinfo = flask_session['userinfo'] userinfo = flask_session['userinfo']
return userinfo.get('preferred_username', self.username) return userinfo.get('preferred_username', self.username)
@property
def full_name(self) -> str:
userinfo = flask_session['userinfo']
return userinfo.get('name')
@property
def groups(self) -> list:
userinfo = flask_session['userinfo']
return userinfo.get('groups')
@property @property
def isAdmin(self) -> bool: def isAdmin(self) -> bool:
userinfo = flask_session['userinfo'] userinfo = flask_session['userinfo']
@ -73,7 +88,7 @@ class OIDCAuthentication(_OIDCAuth):
if len(authorized_groups): if len(authorized_groups):
log.debug(f"'{self.username}' is a member of { log.debug(f"'{self.username}' is a member of {
authorized_groups}") authorized_groups}. isAdmin == True")
return True return True
if self.username in admin_users: if self.username in admin_users:

2
app/templates/base.html
View File

@ -50,6 +50,7 @@
<div class="collapse navbar-collapse" id="navbarNav"> <div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav mr-auto"> <ul class="navbar-nav mr-auto">
{% if auth.isAdmin %}
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="{{ url_for('main.nodes') }}">nodes</a> <a class="nav-link" href="{{ url_for('main.nodes') }}">nodes</a>
</li> </li>
@ -59,6 +60,7 @@
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="{{ url_for('main.routes') }}">routes</a> <a class="nav-link" href="{{ url_for('main.routes') }}">routes</a>
</li> </li>
{% endif %}
</ul> </ul>
<ul class="navbar-nav"> <ul class="navbar-nav">
<li class="nav-item me-right"> <li class="nav-item me-right">

7
app/templates/error.html
View File

@ -1,10 +1,11 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
<div class="jumbotron my-4"> <div class="jumbotron jumbotron-fluid my-4">
<div class="text-center"> <div class="text-center">
<h1>{{ '%s - %s' % (error.code, error.name) }}</h1> <h1>Oops, something went wrong</h1>
<h1>{{ '%s - %s' % (error.code, error.name) }}</h2>
<p>{{ error.description }}.</p> <p>{{ error.description }}.</p>
</div> </div>
</div> </div>
{% endblock %} {% endblock %}

19
app/templates/index.html
View File

@ -2,25 +2,26 @@
{% block content %} {% block content %}
<h3> <h3>
Welcome, {{ session.userinfo.name }} Welcome, {{ auth.full_name }}
</h3> </h3>
<hr> <hr>
<h4>authentication info</h4> <h4>authentication info</h4>
<div class="row data"> <div class="row data">
<div class="col col-2"> <div class="col col-2">
<strong>email</strong> <strong>username</strong>
</div> </div>
<div class="col col-6"> <div class="col col-6">
{{ session.userinfo.email }} <span data-toggle="tooltip" data-placement="right" title="OIDC username: {{ auth.login_name }}">
<!-- {{ session.userinfo.email_verified | fancyBool | safe }} --> {{ auth.username }}
</span>
</div> </div>
</div> </div>
<div class="row data"> <div class="row data">
<div class="col col-2"> <div class="col col-2">
<strong>username</strong> <strong>email</strong>
</div> </div>
<div class="col col-6"> <div class="col col-6">
{{ session.userinfo.preferred_username }} {{ auth.email }}
</div> </div>
</div> </div>
<div class="row data"> <div class="row data">
@ -29,16 +30,16 @@
</div> </div>
<div class="col col-6"> <div class="col col-6">
<i class="fas fa-angle-right"></i> <i class="fas fa-angle-right"></i>
{% if session.userinfo.groups[0] in config['ADMIN_GROUPS'] %} {% if auth.groups[0] in config['ADMIN_GROUPS'] %}
<span class="badge badge-pill badge-warning"> <span class="badge badge-pill badge-warning">
{% else %} {% else %}
<span class="badge badge-pill badge-dark"> <span class="badge badge-pill badge-dark">
{% endif %} {% endif %}
{{ session.userinfo.groups[0]}} {{ auth.groups[0]}}
</span> </span>
</div> </div>
</div> </div>
{% for group in session.userinfo.groups[1:] |sort %} {% for group in auth.groups[1:] |sort %}
<div class="row data"> <div class="row data">
<div class="col col-2"> <div class="col col-2">
&nbsp; &nbsp;

1
app/templates/node.html
View File

@ -39,7 +39,6 @@
<span class="badge badge-pill badge-warning"> <span class="badge badge-pill badge-warning">
{{ node.registerMethod.name }} {{ node.registerMethod.name }}
</span> </span>
</span> </span>
</div> </div>
</div> </div>

9
app/views/main.py
View File

@ -2,7 +2,7 @@ import logging
import datetime import datetime
import os import os
from flask import current_app from flask import current_app
from flask import render_template, Blueprint, request from flask import render_template, Blueprint
from flask import redirect, session, url_for from flask import redirect, session, url_for
from app import auth from app import auth
@ -38,13 +38,10 @@ def token():
@main_blueprint.route('/', methods=['GET', 'POST']) @main_blueprint.route('/', methods=['GET', 'POST'])
@auth.access_control('default') @auth.access_control('default')
def index(): def index():
user_session = UserSession(session) hs_user = auth.username
hs_user = user_session.userinfo['email'].split('@')[0]
userNodeList = [n for n in Node().list().nodes if n.user.name == hs_user] userNodeList = [n for n in Node().list().nodes if n.user.name == hs_user]
return render_template('index.html', return render_template('index.html',
userNodeList=userNodeList, userNodeList=userNodeList)
session=user_session,
auth=auth)
@main_blueprint.route('/logout') @main_blueprint.route('/logout')

6
app/views/rest.py
View File

@ -4,8 +4,6 @@ from flask import Blueprint, request
from flask import redirect, url_for from flask import redirect, url_for
from app import auth from app import auth
# from ..lib import login_name, username
from flask import jsonify from flask import jsonify
from hsapi_client import Node, User, Route, PreAuthKey from hsapi_client import Node, User, Route, PreAuthKey
@ -14,8 +12,8 @@ from hsapi_client.preauthkeys import (v1CreatePreAuthKeyRequest,
log = logging.getLogger() log = logging.getLogger()
# REST calls
# REST calls
rest_blueprint = Blueprint( rest_blueprint = Blueprint(
'rest', __name__, url_prefix=os.getenv('APPLICATION_ROOT', '/')) 'rest', __name__, url_prefix=os.getenv('APPLICATION_ROOT', '/'))
@ -30,7 +28,7 @@ def routeToggle(routeId: int):
else: else:
action = 'enabled' action = 'enabled'
log.info( log.info(
f"route '{route.prefix}' via '{route.node.givenName}'" f"route '{route.prefix}' via '{route.node.givenName}' "
f"{action} by '{auth.username}'") f"{action} by '{auth.username}'")
Route().toggle(routeId) Route().toggle(routeId)
return redirect(request.referrer) return redirect(request.referrer)

2
wsgi.py
View File

@ -19,7 +19,7 @@ log.debug(f"Running in web mode: {lib.webMode()}")
def get_context(): def get_context():
# flask cli context setup # flask cli context setup
"""Objects exposed here will be automatically available from the shell.""" """Objects exposed here will be automatically available from the shell."""
return dict(app=app, models=models) return dict(app=app)
if __name__ == '__main__': if __name__ == '__main__':