openwebrx-clone/owrx/controllers/admin.py

from .template import WebpageController
from .session import SessionStorage
from owrx.config import Config
from owrx.users import UserList
from urllib import parse

import logging

logger = logging.getLogger(__name__)


class Authentication(object):
    def isAuthenticated(self, request):
        if "owrx-session" not in request.cookies:
            return False
        session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
        if session is None:
            return False
        if "user" not in session:
            return False
        userList = UserList.getSharedInstance()
        try:
            user = userList[session["user"]]
            return user.is_enabled()
        except KeyError:
            return False


class AdminController(WebpageController):
    def __init__(self, handler, request, options):
        self.authentication = Authentication()
        super().__init__(handler, request, options)

    def handle_request(self):
        config = Config.get()
        if "webadmin_enabled" not in config or not config["webadmin_enabled"]:
            self.send_response("Web Admin is disabled", code=403)
            return
        if self.authentication.isAuthenticated(self.request):
            super().handle_request()
        else:
            target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))
            self.send_redirect(target)
add settings button, start with the admin template 2020-03-08 20:28:15 +00:00			`from .template import WebpageController`
session cookie handling 2020-02-23 20:52:13 +00:00			`from .session import SessionStorage`
webadmin feature flag 2020-04-01 19:39:53 +00:00			`from owrx.config import Config`
thoroughly validate user 2021-02-08 16:09:22 +00:00			`from owrx.users import UserList`
implement redirect on login 2020-04-25 23:54:48 +00:00			`from urllib import parse`

			`import logging`

			`logger = logging.getLogger(__name__)`
prepare route protection 2020-02-23 18:23:18 +00:00

			`class Authentication(object):`
			`def isAuthenticated(self, request):`
thoroughly validate user 2021-02-08 16:09:22 +00:00			`if "owrx-session" not in request.cookies:`
			`return False`
			`session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)`
			`if session is None:`
			`return False`
			`if "user" not in session:`
			`return False`
			`userList = UserList.getSharedInstance()`
			`try:`
			`user = userList[session["user"]]`
			`return user.is_enabled()`
			`except KeyError:`
			`return False`
prepare route protection 2020-02-23 18:23:18 +00:00

add settings button, start with the admin template 2020-03-08 20:28:15 +00:00			`class AdminController(WebpageController):`
prepare route protection 2020-02-23 18:23:18 +00:00			`def __init__(self, handler, request, options):`
			`self.authentication = Authentication()`
			`super().__init__(handler, request, options)`

			`def handle_request(self):`
webadmin feature flag 2020-04-01 19:39:53 +00:00			`config = Config.get()`
check for key 2020-04-25 18:55:33 +00:00			`if "webadmin_enabled" not in config or not config["webadmin_enabled"]:`
webadmin feature flag 2020-04-01 19:39:53 +00:00			`self.send_response("Web Admin is disabled", code=403)`
			`return`
prepare route protection 2020-02-23 18:23:18 +00:00			`if self.authentication.isAuthenticated(self.request):`
			`super().handle_request()`
			`else:`
implement redirect on login 2020-04-25 23:54:48 +00:00			`target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))`
			`self.send_redirect(target)`