300 lines
12 KiB
Python
300 lines
12 KiB
Python
# Importer tous les modules depuis common_imports (c'est là où il faut rajouter des modules python manquant)
|
|
from resources.common_imports import *
|
|
|
|
# Importer toutes les classes de kaz
|
|
from resources.password import Password_create
|
|
from resources.paheko import Paheko_categories, Paheko_users, Paheko_user, Paheko_users_action
|
|
from resources.mattermost import Mattermost_authenticate, Mattermost_user, Mattermost_message, Mattermost_user_team, Mattermost_user_channel, Mattermost_team
|
|
from resources.ldap import Ldap_user
|
|
from resources.cloud import Cloud_user, Cloud_user_delete
|
|
from resources.sympa import Sympa_user
|
|
from resources.quota import Quota
|
|
from resources.dns import Dns_serveurs, Dns
|
|
from resources.kaz_user import Kaz_user
|
|
from resources.test import Test
|
|
|
|
|
|
#on importe toutes les variables globales
|
|
from resources.config import *
|
|
|
|
app = Flask(__name__)
|
|
jwt = JWTManager(app)
|
|
api = Api(app)
|
|
|
|
#comment qu'on log ? (TODO:faudrait coller ça dans le docker-compose.yml)
|
|
app.logger.setLevel(logging.DEBUG)
|
|
|
|
|
|
#on décrit l'api telle qu'elle apparait dans le swagger (la doc)
|
|
swagger = Swagger(app, template={
|
|
"swagger": "2.0",
|
|
"info": {
|
|
"title": "L'API Kaz de la mort qui tue",
|
|
"version": "0.2.0",
|
|
"description": "Permettre des opérations de gestion des services kaz avec des écrans Ouaib"
|
|
},
|
|
"tags": [
|
|
{"name": "Authentication", "description": "Auth related operations"},
|
|
{"name": "Test", "description": "pour tester des conneries"},
|
|
{"name": "Password", "description": "Gestion Mdp"},
|
|
{"name": "Paheko", "description": "Gestion Paheko"},
|
|
{"name": "Mattermost", "description": "Gestion Mattermost Authent"},
|
|
{"name": "Mattermost User", "description": "Gestion Mattermost User"},
|
|
{"name": "Mattermost Team", "description": "Gestion Mattermost Team"},
|
|
{"name": "Ldap", "description": "Gestion Ldap"},
|
|
{"name": "Cloud", "description": "Gestion Cloud Général"},
|
|
{"name": "Sympa", "description": "Gestion Sympa"},
|
|
{"name": "Quota", "description": "Gestion Quota"},
|
|
{"name": "Dns", "description": "Gestion Dns"},
|
|
{"name": "Kaz User", "description": "Gestion Kaz User"}
|
|
],
|
|
"securityDefinitions": {
|
|
"basicAuth": {
|
|
"type": "basic",
|
|
"description": "Basic Authentication with username and password"
|
|
},
|
|
"Bearer": {
|
|
"type": "apiKey",
|
|
"name": "Authorization",
|
|
"in": "header",
|
|
"description": "JWT Authorization header using the Bearer scheme. Example: 'Bearer {token}'"
|
|
}
|
|
}
|
|
})
|
|
|
|
#TODO:
|
|
# check variables
|
|
# fail2ban (ou alors sur traefik)
|
|
# découper app.py en service
|
|
# quels scripts bash garder ?
|
|
#fin TODO
|
|
|
|
#*************************************************
|
|
#Filtrer les IP qui peuvent accéder à l'api
|
|
#TODO: au lieu d'avoir les IP en dur, prendre le fichier allow_ip'
|
|
|
|
trusted_ips = [
|
|
"176.180.83.10",
|
|
"82.64.20.246",
|
|
"31.39.14.228",
|
|
"51.75.112.172",
|
|
"80.11.47.59",
|
|
"90.121.138.71",
|
|
"109.190.2.75",
|
|
"89.234.177.115",
|
|
"80.215.140.40",
|
|
"80.67.176.91",
|
|
"89.234.177.119",
|
|
"78.127.1.19",
|
|
"80.215.236.243"
|
|
]
|
|
|
|
|
|
#*************************************************
|
|
#variables globales
|
|
#*************************************************
|
|
|
|
#le secret pour générer les tokens
|
|
#app.config['JWT_SECRET_KEY'] = os.environ.get('JWT_SECRET_KEY')
|
|
app.config['JWT_SECRET_KEY'] = os.environ.get('JWT_SECRET_KEY', 'your_jwt_secret_key')
|
|
app.config['JWT_ACCESS_TOKEN_EXPIRES'] = timedelta(days=7)
|
|
|
|
#pour le mail
|
|
app.config['MAIL_SERVER']= os.environ.get('apikaz_MAIL_SERVER')
|
|
app.config['MAIL_PORT'] = 587
|
|
app.config['MAIL_USERNAME'] = os.environ.get('apikaz_MAIL_USERNAME')
|
|
app.config['MAIL_PASSWORD'] = os.environ.get('apikaz_MAIL_PASSWORD')
|
|
app.config['MAIL_REPLY_TO'] = os.environ.get('apikaz_MAIL_REPLY_TO')
|
|
app.config['MAIL_USE_TLS'] = True
|
|
app.config['MAIL_USE_SSL'] = False
|
|
mail = Mail(app)
|
|
|
|
|
|
#*************************************************
|
|
@app.before_request
|
|
def limit_remote_addr():
|
|
if request.environ['HTTP_X_FORWARDED_FOR'] not in trusted_ips:
|
|
abort(jsonify(message="Et pis quoi encore ?"), 400)
|
|
|
|
#*************************************************
|
|
#authent mdp/pass basique
|
|
def check_auth(username, password):
|
|
return username == os.environ.get('apikaz_doc_user') and password == os.environ.get('apikaz_doc_password')
|
|
#return True
|
|
|
|
def authenticate():
|
|
return Response('tssssss.\n', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
|
|
|
|
@app.before_request
|
|
def require_basic_auth():
|
|
if request.path.startswith('/apidocs') or request.path.startswith('/print_env'):
|
|
#if request.path.startswith('/'):
|
|
auth = request.authorization
|
|
if not auth or not check_auth(auth.username, auth.password):
|
|
return authenticate()
|
|
|
|
|
|
#*************************************************
|
|
#DANGER: ne jamais mettre print_env en PROD
|
|
@app.route('/print_env')
|
|
def print_environment():
|
|
# Crée une chaîne de caractères pour stocker les variables d'environnement
|
|
env_string = ""
|
|
|
|
# Itère sur les variables d'environnement et les ajoute à la chaîne de caractères
|
|
for key, value in os.environ.items():
|
|
env_string += f"{key}: {value}\n" + "<br>"
|
|
|
|
# Retourne la chaîne de caractères contenant les variables d'environnement
|
|
return env_string
|
|
|
|
#*************************************************
|
|
#***** DEBUT Quelques fonctions utiles ***********
|
|
#*************************************************
|
|
|
|
#pour injecter la date dans dans le contexte des template
|
|
@app.context_processor
|
|
def inject_now():
|
|
return {'now': datetime.now}
|
|
|
|
#*************************************************
|
|
#***** FIN Quelques fonctions utiles ***********
|
|
#*************************************************
|
|
|
|
|
|
#*************************************************
|
|
|
|
@app.route('/favicon.ico')
|
|
def favicon():
|
|
# return send_from_directory(os.path.join(app.root_path, 'static'),'favicon.ico')
|
|
return '', 204
|
|
|
|
|
|
#*************************************************
|
|
#la page d'accueil est vide
|
|
@app.route('/')
|
|
def silence():
|
|
return ""
|
|
|
|
|
|
#*************************************************
|
|
# obtenir un token
|
|
@app.route('/get_token', methods=['GET'])
|
|
def get_token():
|
|
"""
|
|
Get JWT token with basic auth
|
|
---
|
|
tags:
|
|
- Authentication
|
|
security:
|
|
- basicAuth: []
|
|
responses:
|
|
200:
|
|
description: Token generated successfully
|
|
schema:
|
|
type: object
|
|
properties:
|
|
access_token:
|
|
type: string
|
|
description: JWT access token
|
|
401:
|
|
description: Unauthorized
|
|
"""
|
|
auth = request.authorization
|
|
if auth and check_auth(auth.username, auth.password):
|
|
# Créez un token JWT après une authentification réussie
|
|
access_token = create_access_token(identity=auth.username)
|
|
return jsonify(access_token=access_token)
|
|
else:
|
|
return authenticate()
|
|
|
|
#*************************************************
|
|
#*******MDP***************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Password_create, '/password/create')
|
|
|
|
#*************************************************
|
|
#*******PAHEKO************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Paheko_categories, '/paheko/user/categories')
|
|
api.add_resource(Paheko_users, '/paheko/user/category/<categorie>')
|
|
api.add_resource(Paheko_user, '/paheko/user/<ident>', endpoint='paheko_get_user', methods=['GET'])
|
|
api.add_resource(Paheko_user, '/paheko/user/<ident>/<string:field>/<string:new_value>', endpoint='paheko_maj_user', methods=['PUT'])
|
|
api.add_resource(Paheko_users_action, '/paheko/users/<string:action>')
|
|
|
|
#*************************************************
|
|
#*******MATTERMOST********************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Mattermost_message, '/mattermost/message/<equipe>/<canal>/<message>')
|
|
api.add_resource(Mattermost_user, '/mattermost/user/<string:user>', endpoint='mattermost_get_user', methods=['GET'])
|
|
api.add_resource(Mattermost_user, '/mattermost/user/create/<string:user>/<string:email>/<string:password>', endpoint='mattermost_create_user', methods=['POST'])
|
|
api.add_resource(Mattermost_user, '/mattermost/user/delete/<string:email>', endpoint='mattermost_delete_user', methods=['DELETE'])
|
|
api.add_resource(Mattermost_user, '/mattermost/user/change/password/<string:email>/<string:new_password>', endpoint='mattermost_change_user_password', methods=['PUT'])
|
|
api.add_resource(Mattermost_user_team, '/mattermost/user/team/<string:email>/<string:equipe>')
|
|
api.add_resource(Mattermost_user_channel, '/mattermost/user/channel/<string:email>/<string:equipe>/<string:canal>')
|
|
api.add_resource(Mattermost_team, '/mattermost/team/list',endpoint='mattermost_team_list', methods=['GET'])
|
|
api.add_resource(Mattermost_team, '/mattermost/team/create/<equipe>/<email>',endpoint='mattermost_team_create', methods=['POST'])
|
|
api.add_resource(Mattermost_team, '/mattermost/team/delete/<equipe>',endpoint='mattermost_team_delete', methods=['DELETE'])
|
|
|
|
|
|
#*************************************************
|
|
#***** LDAP **************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Ldap_user, '/ldap/user/<string:email>', endpoint='ldap_user_get', methods=['GET'])
|
|
api.add_resource(Ldap_user, '/ldap/user/delete/<string:email>', endpoint='ldap_user_delete', methods=['DELETE'])
|
|
api.add_resource(Ldap_user, '/ldap/user/change/<string:email>', endpoint='ldap_user_change', methods=['POST'])
|
|
api.add_resource(Ldap_user, '/ldap/user/add/<string:email>', endpoint='ldap_user_add', methods=['PUT'])
|
|
|
|
#*************************************************
|
|
#***** CLOUD **************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Cloud_user, '/cloud/user/<string:email>')
|
|
api.add_resource(Cloud_user_delete, '/cloud/user/delete/<string:email>')
|
|
# api.add_resource(Cloud_user_change, '/cloud/user/change/<string:email>/<string:new_password>')
|
|
|
|
#*************************************************
|
|
#***** SYMPA **************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Sympa_user, '/sympa/user/<string:email>/<string:liste>')
|
|
|
|
#*************************************************
|
|
#***** QUOTA **************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Quota, '/quota/<string:email>')
|
|
|
|
#*************************************************
|
|
#***** DNS **************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Dns, '/dns/<string:sdomaine>', endpoint='dns_get', methods=['GET'])
|
|
api.add_resource(Dns, '/dns/<string:sdomaine>', endpoint='dns_delete', methods=['DELETE'])
|
|
api.add_resource(Dns, '/dns/<string:sdomaine>/<string:serveur>', endpoint='dns_post', methods=['POST'])
|
|
api.add_resource(Dns_serveurs, '/dns/')
|
|
|
|
#*************************************************
|
|
#***** KAZ **************************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Kaz_user, '/kaz/create/users', endpoint='kaz_create_user', methods=['POST'])
|
|
api.add_resource(Kaz_user, '/kaz/delete/user', endpoint='kaz_delete_user', methods=['DELETE'])
|
|
|
|
#*************************************************
|
|
#**********TEST***********************************
|
|
#*************************************************
|
|
|
|
api.add_resource(Test, '/test', endpoint='test', methods=['GET'])
|
|
|
|
#*************************************************
|
|
#*************************************************
|
|
#*************************************************
|
|
|
|
if __name__ == '__main__':
|
|
app.run(host='0.0.0.0', port=os.getenv('PORT'))
|