CCCHH/hmdooris
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Fix ip checks
All checks were successful
docker-image / docker (push) Successful in 9m31s
Details

Browse source
This commit is contained in:
Stefan Bethke 2025-05-29 15:44:21 +02:00
commit f49cb3d6f3
4 changed files with 14 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -6,6 +6,7 @@ All configuration is handled through environment variables.
| Name | Default | Description | | Name | Default | Description |
|---------------------------------|-------------------------------------------------------------------------|------------------------------------------------------------------------------------------| |---------------------------------|-------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
| `HMDOORIS_ALLOWED_IPS` | - | List of IP addresses in CIDR notation that are allowed to control the locks |
| `HMDOORIS_URL` | `http://localhost:3000` | URL of the application, used to construct links to itself | | `HMDOORIS_URL` | `http://localhost:3000` | URL of the application, used to construct links to itself |
| `HMDOORIS_DISCOVERY_URL` | `http://localhost:8080/realms/testing/.well-known/openid-configuration` | OIDC configuration discovery URL | | `HMDOORIS_DISCOVERY_URL` | `http://localhost:8080/realms/testing/.well-known/openid-configuration` | OIDC configuration discovery URL |
| `HMDOORIS_CLIENT_ID` | `hmdooris` | OIDC client ID | | `HMDOORIS_CLIENT_ID` | `hmdooris` | OIDC client ID |

11
hmdooris/AppConfig.py
View file

@ -12,6 +12,8 @@ class AppConfig:
""" """
Gets the config from environment variables Gets the config from environment variables
""" """
self.log = logging.getLogger(__name__)
self.basepath = path.dirname(__file__) self.basepath = path.dirname(__file__)
self.debug = getenv("DEBUG", None) self.debug = getenv("DEBUG", None)
self.staticpath = path.join(self.basepath, "static") self.staticpath = path.join(self.basepath, "static")
@ -28,13 +30,17 @@ class AppConfig:
self.ccujack_certificate_path = getenv('HMDOORIS_CCU_CERTIFICATE_PATH', None) self.ccujack_certificate_path = getenv('HMDOORIS_CCU_CERTIFICATE_PATH', None)
self.ccujack_username = getenv('HMDOORIS_CCUJACK_USERNAME', None) self.ccujack_username = getenv('HMDOORIS_CCUJACK_USERNAME', None)
self.ccujack_password = getenv('HMDOORIS_CCUJACK_PASSWORD', None) self.ccujack_password = getenv('HMDOORIS_CCUJACK_PASSWORD', None)
self.log = logging.getLogger(__name__)
if self.debug is not None and self.debug.lower not in ('0', 'f', 'false'): if self.debug is not None and self.debug.lower not in ('0', 'f', 'false'):
self.debug = True self.debug = True
else: else:
self.debug = False self.debug = False
self.allowed = []
for a in getenv('HMDOORIS_ALLOWED_IPS', '').split(' '):
if a != '':
self.allowed.append(a)
if self.client_secret is None or self.client_secret == '': if self.client_secret is None or self.client_secret == '':
raise ValueError('You need to provide HMDOORIS_CLIENT_SECRET') raise ValueError('You need to provide HMDOORIS_CLIENT_SECRET')
if self.ccujack_url is None or self.ccujack_url == '': if self.ccujack_url is None or self.ccujack_url == '':
@ -45,7 +51,8 @@ class AppConfig:
else: else:
p = Path(self.ccujack_certificate_path) p = Path(self.ccujack_certificate_path)
if not p.is_file(): if not p.is_file():
self.log.warning(f'Unable to read certificate file {self.ccujack_certificate_path}, certificate verification might not work') self.log.warning(
f'Unable to read certificate file {self.ccujack_certificate_path}, certificate verification might not work')
self.oidc = { self.oidc = {
'client_id': self.client_id, 'client_id': self.client_id,

2
hmdooris/BottleHelpers.py
View file

@ -17,7 +17,7 @@ class BottleHelpers:
def require_login(self, func: Callable) -> Callable: def require_login(self, func: Callable) -> Callable:
if self.group is not None: if self.group is not None:
return self.auth.require_login(auth.require_attribute('groups', self.group)(func)) return self.auth.require_login(self.auth.require_attribute('groups', self.group)(func))
else: else:
return self.auth.require_login(func) return self.auth.require_login(func)

4
hmdooris/__main__.py
View file

@ -40,7 +40,7 @@ auth = BottleOIDC(app, config={
}) })
websocket_clients = WebSocketClients() websocket_clients = WebSocketClients()
bottle_helpers = BottleHelpers(auth, config.requires_group) bottle_helpers = BottleHelpers(auth, group=config.requires_group, allowed=config.allowed)
update_poller = UpdatePoller(websocket_clients, ccujack, 1 if config.debug else 0.1) update_poller = UpdatePoller(websocket_clients, ccujack, 1 if config.debug else 0.1)
@ -51,12 +51,12 @@ def server_static(filepath):
@app.get("/") @app.get("/")
@jinja2_view("home.html.j2") @jinja2_view("home.html.j2")
@bottle_helpers.require_sourceip
def root(): def root():
return {} return {}
@app.get("/operate") @app.get("/operate")
@bottle_helpers.require_login @bottle_helpers.require_login
@bottle_helpers.require_sourceip
@jinja2_view("operate.html.j2") @jinja2_view("operate.html.j2")
def root(): def root():
return {} return {}