headscale
/
hsman
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Cleanup auth and config

This commit is contained in:
Andrea Mistrali 2024-07-22 16:41:33 +02:00
parent a1159ac97e
commit ffdded6537
5 changed files with 32 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hsman/TODO.md
View File

@ -1,4 +1,3 @@
- improve configuration
- improve APP_PREFIX - improve APP_PREFIX
- edit bootstrap CSS to fix fonts and colors - edit bootstrap CSS to fix fonts and colors
- try to use a datatable for routes, with grouping - try to use a datatable for routes, with grouping

30
hsman/app/__init__.py
View File

@ -11,31 +11,15 @@ import os
mobility = Mobility() mobility = Mobility()
client_metadata = ClientMetadata( auth = OIDCAuthentication()
client_id=os.getenv('HSMAN_OIDC_CLIENT_ID'),
client_secret=os.getenv('HSMAN_OIDC_CLIENT_SECRET'))
provider_config = ProviderConfiguration(issuer=os.getenv('HSMAN_OIDC_URL'),
client_metadata=client_metadata,
auth_request_params={
'scope': ['openid',
'profile',
'groups',
'email']},
session_refresh_interval_seconds=1800)
auth = OIDCAuthentication({'default': provider_config})
def create_app(environment='development'): def create_app(environment='development'):
from config import config from config import config
from .views import main_blueprint, rest_blueprint
# BRUTTO BRUTTO
app_prefix = os.getenv('APP_PREFIX', '')
# Instantiate app. # Instantiate app.
app_prefix = os.getenv('APPLICATION_ROOT', '')
app = Flask(__name__, app = Flask(__name__,
static_url_path=f"{app_prefix}/static") static_url_path=f"{app_prefix}/static")
@ -46,12 +30,14 @@ def create_app(environment='development'):
config[env].configure(app) config[env].configure(app)
app.config['APP_TZ'] = os.environ.get('TZ', 'UTC') app.config['APP_TZ'] = os.environ.get('TZ', 'UTC')
# app.static_url_path = f"{app.config['APP_PREFIX']}/static"
app.logger.info("middleware init: mobility") app.logger.info("middleware init: mobility")
mobility.init_app(app) mobility.init_app(app)
app.logger.info("middleware init: auth")
auth.init_app(app)
# Register blueprints. # Register blueprints.
from .views import main_blueprint, rest_blueprint
app.logger.info(f"registering main blueprint with prefix '{ app.logger.info(f"registering main blueprint with prefix '{
main_blueprint.url_prefix}'") main_blueprint.url_prefix}'")
app.register_blueprint(main_blueprint) app.register_blueprint(main_blueprint)
@ -63,10 +49,8 @@ def create_app(environment='development'):
app.logger.info("jinja2 custom filters loaded") app.logger.info("jinja2 custom filters loaded")
filters.init_app(app) filters.init_app(app)
app.logger.info("middleware init: auth")
auth.init_app(app)
# Error handlers. # Error handlers.
@app.errorhandler(HTTPException) @app.errorhandler(HTTPException)
def handle_http_error(exc): def handle_http_error(exc):
return render_template('error.html', error=exc), exc.code return render_template('error.html', error=exc), exc.code

24
hsman/app/lib.py
View File

@ -5,6 +5,7 @@ from flask import request, abort, current_app
from flask import session as flask_session from flask import session as flask_session
from flask_pyoidc import OIDCAuthentication as _OIDCAuth from flask_pyoidc import OIDCAuthentication as _OIDCAuth
from flask_pyoidc.user_session import UserSession from flask_pyoidc.user_session import UserSession
from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
from typing import Callable, List from typing import Callable, List
@ -36,6 +37,27 @@ def webMode() -> bool:
class OIDCAuthentication(_OIDCAuth): class OIDCAuthentication(_OIDCAuth):
def __init__(self):
pass
def init_app(self, app):
client_metadata = ClientMetadata(
client_id=app.config['OIDC_CLIENT_ID'],
client_secret=app.config['OIDC_CLIENT_SECRET'])
provider_config = ProviderConfiguration(
issuer=app.config['OIDC_URL'],
client_metadata=client_metadata,
auth_request_params={
'scope': ['openid',
'profile',
'groups',
'email']},
session_refresh_interval_seconds=1800)
# self._provider_configurations = provider_config
super().__init__({'default': provider_config})
super().init_app(app)
def authorize(self, provider_name: str, authz_fn: Callable, **kwargs): def authorize(self, provider_name: str, authz_fn: Callable, **kwargs):
if provider_name not in self._provider_configurations: if provider_name not in self._provider_configurations:
raise ValueError( raise ValueError(
@ -48,7 +70,7 @@ class OIDCAuthentication(_OIDCAuth):
# Decorator # Decorator
def oidc_decorator(view_func): def oidc_decorator(view_func):
@functools.wraps(view_func) @ functools.wraps(view_func)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
# Retrieve session and client # Retrieve session and client
session = UserSession(flask_session, provider_name) session = UserSession(flask_session, provider_name)

2
hsman/app/templates/base.html
View File

@ -40,7 +40,7 @@
<nav class="navbar navbar-expand-lg navbar-themed"> <nav class="navbar navbar-expand-lg navbar-themed">
<!-- Navbar Brand --> <!-- Navbar Brand -->
<a class="navbar-brand" href="{{ url_for('main.index') }}"> <a class="navbar-brand" href="{{ url_for('main.index') }}">
<img src="/static/hsman.png"> <img src="{{ url_for('static', filename='/hsman.png') }}">
<!-- HSMAN --> <!-- HSMAN -->
</a> </a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav"

2
hsman/app/views/rest.py
View File

@ -17,7 +17,7 @@ log = logging.getLogger()
# REST calls # REST calls
rest_blueprint = Blueprint( rest_blueprint = Blueprint(
'rest', __name__, url_prefix=os.getenv('APP_PREFIX', '/')) 'rest', __name__, url_prefix=os.getenv('APPLICATION_ROOT', '/'))
@rest_blueprint.route('/routeToggle/<int:routeId>', methods=['GET']) @rest_blueprint.route('/routeToggle/<int:routeId>', methods=['GET'])