Update to version 0.0.5

.env-dist

@@ -1,4 +1,4 @@
-UNIFI_HOST = 'wlan.morz.de'
+UNIFI_HOST = 'dein.unifi.controller'
 UNIFI_USERNAME = 'admin'
 UNIFI_PASSWORD = 'yourPassword'
 UNIFI_PORT = 443
@@ -6,3 +6,7 @@ UNIFI_SSL_VERIFY = True
 UNIFI_SITE_ID = 'yourSiteID'
 WLAN_SSID = 'your WLAN-SSID'
 WLAN_PASSWORD = 'your WLAN Passwort'
+OIDC_CLIENT_ID = "linuxmuster-voucher"
+OIDC_CLIENT_SECRET = "<CLIENT_SECRET>"
+OIDC_ISSUER = "https://keycloak.deine-domain.de/realms/deinrealm"
+OIDC_REDIRECT_URI = "https://voucher.deine-domain.tld/auth/callback"

build-and-push-latest.sh

@@ -27,13 +27,13 @@ git commit -m "Update to version $NEW_TAG" || exit 1
 git push || exit 1
 # Baue das Docker-Image mit der neuen Versionsnummer
 echo "Building Docker image with tag: $NEW_TAG"
-docker build -t "$REPO:$NEW_TAG" . || exit 1
+docker build -t "$REPO:keycloak-$NEW_TAG" . || exit 1
 
 # Push das neue Image
-echo "Pushing Docker image: $REPO:$NEW_TAG"
+echo "Pushing Docker image: $REPO:keycloak-$NEW_TAG"
 docker push "$REPO:$NEW_TAG" || exit 1
 
 # Aktualisiere den "latest"-Tag
 echo "Updating latest tag"
-docker tag "$REPO:$NEW_TAG" "$REPO:latest"
-docker push "$REPO:latest"
+docker tag "$REPO:$NEW_TAG" "$REPO:keycloak-latest"
+docker push "$REPO:keycloak-latest"

docker-compose.dev.yml

@@ -15,7 +15,8 @@ services:
 
     working_dir: /app/script
     environment:
-      - DEV=false
+      - DEV=true
+      - DEBUG=true
       - PYTHONUNBUFFERED=1
     env_file:
       - .env

script/app.py

@@ -9,6 +9,7 @@ import json
 import qrcode
 import base64
 import io
+import datetime
 
 
 
@@ -28,6 +29,7 @@ UNIFI_SITE_ID = os.getenv('UNIFI_SITE_ID', '')
 DEBUG = str_to_bool(os.getenv('DEBUG', 'False'))
 LOGO_FILE = os.getenv('LOGO_FILE', '/static/logo.jpg')
 WIFI_ICON = os.getenv('WIFI_ICON', '/static/wifi-icon.png')
+
 if DEBUG:
     print("DEBUG mode is enabled.")
     print(f"UNIFI_HOST: {UNIFI_HOST}")
@@ -36,6 +38,9 @@ if DEBUG:
     print(f"UNIFI_PORT: {UNIFI_PORT}")
     print(f"UNIFI_SSL_VERIFY: {UNIFI_SSL_VERIFY}")
     print(f"UNIFI_SITE_ID: {UNIFI_SITE_ID}")
+    print(f"LOGO_FILE: {LOGO_FILE}")
+    print(f"WIFI_ICON: {WIFI_ICON}")
+
 
 LOGLEVEL = os.getenv('LOGLEVEL', 'INFO')
 
@@ -122,6 +127,24 @@ buffer.seek(0)
 
 
 app = Flask(__name__)
+# Keycloak-Konfiguration
+app.secret_key = 'paiqwrqwrsfuhkcp8sdfisuhckjhyli' # ohne den geht Keycloak nicht
+app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
+app.config['OIDC_CLIENT_ID'] = os.getenv('OIDC_CLIENT_ID')
+app.config['OIDC_CLIENT_SECRET'] = os.getenv('OIDC_CLIENT_SECRET')
+app.config['OIDC_ISSUER'] = os.getenv('OIDC_ISSUER')
+app.config['OIDC_REDIRECT_URI'] = os.getenv('OIDC_REDIRECT_URI')
+app.config['SERVER_NAME'] = os.getenv('OIDC_REDIRECT_URI')
+oauth = OAuth(app)
+oauth.register(
+    name="keycloak",
+    client_id=app.config["OIDC_CLIENT_ID"],
+    client_secret=app.config["OIDC_CLIENT_SECRET"],
+    server_metadata_url=f"{app.config['OIDC_ISSUER']}/.well-known/openid-configuration",
+    client_kwargs={"scope": "openid profile email"},
+)
+
+
 # b64encode-Filter registrieren
 @app.template_filter('b64encode')
 def b64encode_filter(data):
@@ -137,13 +160,17 @@ def b64encode_filter(data):
 
 @app.route("/")
 def home():
-    return render_template("index.html", logo=LOGO_FILE)
+    if "user" not in session:
+        return redirect(url_for("login"))
+    return render_template("index.html", logo=LOGO_FILE, name=session['user']['given_name'])
 
 @app.route("/voucher/<int:minutes>")
 def create_voucher(minutes):
+    if "user" not in session:
+        return redirect(url_for("login"))
     try:
         c = Controller(UNIFI_HOST, UNIFI_USERNAME, UNIFI_PASSWORD, port=UNIFI_PORT, ssl_verify=UNIFI_SSL_VERIFY, site_id=check_site_id(UNIFI_SITE_ID))
-        code = api_create_voucher(c, time=minutes)  # Platzhalter für echten Code
+        code = api_create_voucher(c, time=minutes, note=f"{session['user']['preferred_username']} - {datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")  
         # code aufbereiten: 5 Zeichen Bindestrich, 5 Zeichen Bindestrich, 5 Zeichen Bindestrich, 5 Zeichen
         code = f"{code[:5]}-{code[5:10]}"
     except Exception as e:
@@ -152,6 +179,38 @@ def create_voucher(minutes):
     return render_template("voucher.html", code=code, minutes=minutes, qr_code=buffer, wifi_icon=WIFI_ICON)
 
 
+@app.route('/login')
+def login():
+    # Generiere einen eindeutigen nonce-Wert
+    nonce = str(uuid.uuid4())
+    session['nonce'] = nonce  # Speichere den nonce in der Session
+
+    redirect_uri = url_for('authorize', _external=True)
+    return oauth.keycloak.authorize_redirect(redirect_uri, nonce=nonce)
+
+@app.route('/authorize')
+def authorize():
+    token = oauth.keycloak.authorize_access_token()
+    print(token)
+    nonce = session.pop('nonce', None)  # Hole den nonce aus der Session
+    if not nonce:
+        return "Fehler: nonce fehlt in der Session", 400
+    print(nonce)
+
+    user_info = oauth.keycloak.parse_id_token(token, nonce=nonce)
+    session['user'] = user_info
+    print(user_info)
+    print(session['user'])
+    return redirect(url_for('home'))
+
+# Logout-Route
+@app.route("/logout")
+def logout():
+    session.pop("user", None)
+    return redirect(app.config["OIDC_ISSUER"] + "/protocol/openid-connect/logout?redirect_uri=" + url_for("home", _external=True))
+
+
+
 # Main script
 if __name__ == "__main__":
     app.run(host="0.0.0.0", port=42425, debug=True)

script/templates/index.html

@@ -74,7 +74,7 @@
 <body>
     <div class="container">
         <img src="{{ logo }}" alt="Logo" class="logo">
-        <div class="text">Bitte wähle die gewünschte Dauer für den WLAN-Zugang 😀</div>
+        <div class="text">{{ name }}, bitte wähle die gewünschte Dauer für den WLAN-Zugang 😀</div>
         <div class="buttons">
             <a href="/voucher/45" class="button">WLAN-Zugangscode<br>für<br><span class="zeit">45min</span><br>erstellen</a>
             <a href="/voucher/90" class="button">WLAN-Zugangscode<br>für<br><span class="zeit">90min</span><br>erstellen</a>

script/templates/voucher.html

@@ -84,6 +84,7 @@
 </head>
 
 <body>
+    <button class="button" onclick="window.location.href='/'">zurück</button>
     <div class="header">
         Der {{ minutes }}min Zugangscode:
     </div>

version.txt

@@ -1 +1 @@
-0.0.4
+0.0.5