haproxy-wi/app/login.py

from flask import render_template, request, redirect, make_response, abort
from flask_jwt_extended import unset_jwt_cookies, jwt_required

from app import app
import app.modules.db.user as user_sql
import app.modules.roxywi.roxy as roxy
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common


@app.before_request
def check_login():
    allowed_endpoints = (
        'login_page', 'static', 'main.show_roxywi_version', 'service.check_service', 'smon.show_smon_status_page',
        'smon.smon_history_statuses', 'smon.agent_get_checks', 'smon.get_check_status' 'api', 'favicon'
    )
    if 'api' not in request.url and request.endpoint not in allowed_endpoints:
        try:
            user_params = roxywi_common.get_users_params()
        except Exception as e:
            print(f'{e}')
            abort(401)

        if not user_sql.is_user_active(user_params['user_id']):
            abort(401)

        try:
            roxywi_auth.check_login(user_params['user_id'])
        except Exception:
            abort(401)


@app.after_request
def redirect_to_login(response):
    return response


@app.route('/login', methods=['GET', 'POST'])
def login_page():
    if request.method == 'GET':
        lang = roxywi_common.get_user_lang_for_flask()

        return render_template('login.html', lang=lang)
    elif request.method == 'POST':
        next_url = request.args.get('next') or request.form.get('next')
        login = request.json.get('login')
        password = request.json.get('pass')
        try:
            roxy.update_plan()
        except Exception:
            pass
        try:
            user_params = roxywi_auth.check_user_password(login, password)
        except Exception as e:
            print(str(e))
            return roxywi_common.handle_json_exceptions(e, 'Cannot check login password'), 401
        try:
            response = roxywi_auth.do_login(user_params, next_url)
        except Exception as e:
            return roxywi_common.handle_json_exceptions(e, 'Cannot do login'), 401

        return response


@app.route('/logout', methods=['GET', 'POST'])
@jwt_required()
def logout():
    resp = make_response(redirect('/', 302))
    unset_jwt_cookies(resp)
    return resp