az/linuxmuster-voucher
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: az:with_keycloak
Branches Tags
az:main
az:with_keycloak
..
compare: az:main
Branches Tags
az:with_keycloak
az:main

No commits in common. "with_keycloak" and "main" have entirely different histories.
with_keycl ... main

7 changed files with 10 additions and 75 deletions
Show stats Expand all files Collapse all files

6
.env-dist
View file

@ -1,4 +1,4 @@
UNIFI_HOST = 'dein.unifi.controller' UNIFI_HOST = 'wlan.morz.de'
UNIFI_USERNAME = 'admin' UNIFI_USERNAME = 'admin'
UNIFI_PASSWORD = 'yourPassword' UNIFI_PASSWORD = 'yourPassword'
UNIFI_PORT = 443 UNIFI_PORT = 443
@ -6,7 +6,3 @@ UNIFI_SSL_VERIFY = True
UNIFI_SITE_ID = 'yourSiteID' UNIFI_SITE_ID = 'yourSiteID'
WLAN_SSID = 'your WLAN-SSID' WLAN_SSID = 'your WLAN-SSID'
WLAN_PASSWORD = 'your WLAN Passwort' WLAN_PASSWORD = 'your WLAN Passwort'
OIDC_CLIENT_ID = "linuxmuster-voucher"
OIDC_CLIENT_SECRET = "<CLIENT_SECRET>"
OIDC_ISSUER = "https://keycloak.deine-domain.de/realms/deinrealm"
OIDC_REDIRECT_URI = "https://voucher.deine-domain.tld/auth/callback"

8
build-and-push-latest.sh
View file

@ -27,13 +27,13 @@ git commit -m "Update to version $NEW_TAG" || exit 1
git push || exit 1 git push || exit 1
# Baue das Docker-Image mit der neuen Versionsnummer # Baue das Docker-Image mit der neuen Versionsnummer
echo "Building Docker image with tag: $NEW_TAG" echo "Building Docker image with tag: $NEW_TAG"
docker build -t "$REPO:keycloak-$NEW_TAG" . || exit 1 docker build -t "$REPO:$NEW_TAG" . || exit 1
# Push das neue Image # Push das neue Image
echo "Pushing Docker image: $REPO:keycloak-$NEW_TAG" echo "Pushing Docker image: $REPO:$NEW_TAG"
docker push "$REPO:$NEW_TAG" || exit 1 docker push "$REPO:$NEW_TAG" || exit 1
# Aktualisiere den "latest"-Tag # Aktualisiere den "latest"-Tag
echo "Updating latest tag" echo "Updating latest tag"
docker tag "$REPO:$NEW_TAG" "$REPO:keycloak-latest" docker tag "$REPO:$NEW_TAG" "$REPO:latest"
docker push "$REPO:keycloak-latest" docker push "$REPO:latest"

3
docker-compose.dev.yml
View file

@ -15,8 +15,7 @@ services:
working_dir: /app/script working_dir: /app/script
environment: environment:
- DEV=true - DEV=false
- DEBUG=true
- PYTHONUNBUFFERED=1 - PYTHONUNBUFFERED=1
env_file: env_file:
- .env - .env

63
script/app.py
View file

@ -9,7 +9,6 @@ import json
import qrcode import qrcode
import base64 import base64
import io import io
import datetime
@ -29,7 +28,6 @@ UNIFI_SITE_ID = os.getenv('UNIFI_SITE_ID', '')
DEBUG = str_to_bool(os.getenv('DEBUG', 'False')) DEBUG = str_to_bool(os.getenv('DEBUG', 'False'))
LOGO_FILE = os.getenv('LOGO_FILE', '/static/logo.jpg') LOGO_FILE = os.getenv('LOGO_FILE', '/static/logo.jpg')
WIFI_ICON = os.getenv('WIFI_ICON', '/static/wifi-icon.png') WIFI_ICON = os.getenv('WIFI_ICON', '/static/wifi-icon.png')
if DEBUG: if DEBUG:
print("DEBUG mode is enabled.") print("DEBUG mode is enabled.")
print(f"UNIFI_HOST: {UNIFI_HOST}") print(f"UNIFI_HOST: {UNIFI_HOST}")
@ -38,9 +36,6 @@ if DEBUG:
print(f"UNIFI_PORT: {UNIFI_PORT}") print(f"UNIFI_PORT: {UNIFI_PORT}")
print(f"UNIFI_SSL_VERIFY: {UNIFI_SSL_VERIFY}") print(f"UNIFI_SSL_VERIFY: {UNIFI_SSL_VERIFY}")
print(f"UNIFI_SITE_ID: {UNIFI_SITE_ID}") print(f"UNIFI_SITE_ID: {UNIFI_SITE_ID}")
print(f"LOGO_FILE: {LOGO_FILE}")
print(f"WIFI_ICON: {WIFI_ICON}")
LOGLEVEL = os.getenv('LOGLEVEL', 'INFO') LOGLEVEL = os.getenv('LOGLEVEL', 'INFO')
@ -127,24 +122,6 @@ buffer.seek(0)
app = Flask(__name__) app = Flask(__name__)
# Keycloak-Konfiguration
app.secret_key = 'paiqwrqwrsfuhkcp8sdfisuhckjhyli' # ohne den geht Keycloak nicht
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
app.config['OIDC_CLIENT_ID'] = os.getenv('OIDC_CLIENT_ID')
app.config['OIDC_CLIENT_SECRET'] = os.getenv('OIDC_CLIENT_SECRET')
app.config['OIDC_ISSUER'] = os.getenv('OIDC_ISSUER')
app.config['OIDC_REDIRECT_URI'] = os.getenv('OIDC_REDIRECT_URI')
app.config['SERVER_NAME'] = os.getenv('OIDC_REDIRECT_URI')
oauth = OAuth(app)
oauth.register(
name="keycloak",
client_id=app.config["OIDC_CLIENT_ID"],
client_secret=app.config["OIDC_CLIENT_SECRET"],
server_metadata_url=f"{app.config['OIDC_ISSUER']}/.well-known/openid-configuration",
client_kwargs={"scope": "openid profile email"},
)
# b64encode-Filter registrieren # b64encode-Filter registrieren
@app.template_filter('b64encode') @app.template_filter('b64encode')
def b64encode_filter(data): def b64encode_filter(data):
@ -160,17 +137,13 @@ def b64encode_filter(data):
@app.route("/") @app.route("/")
def home(): def home():
if "user" not in session: return render_template("index.html", logo=LOGO_FILE)
return redirect(url_for("login"))
return render_template("index.html", logo=LOGO_FILE, name=session['user']['given_name'])
@app.route("/voucher/<int:minutes>") @app.route("/voucher/<int:minutes>")
def create_voucher(minutes): def create_voucher(minutes):
if "user" not in session:
return redirect(url_for("login"))
try: try:
c = Controller(UNIFI_HOST, UNIFI_USERNAME, UNIFI_PASSWORD, port=UNIFI_PORT, ssl_verify=UNIFI_SSL_VERIFY, site_id=check_site_id(UNIFI_SITE_ID)) c = Controller(UNIFI_HOST, UNIFI_USERNAME, UNIFI_PASSWORD, port=UNIFI_PORT, ssl_verify=UNIFI_SSL_VERIFY, site_id=check_site_id(UNIFI_SITE_ID))
code = api_create_voucher(c, time=minutes, note=f"{session['user']['preferred_username']} - {datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')}") code = api_create_voucher(c, time=minutes) # Platzhalter für echten Code
# code aufbereiten: 5 Zeichen Bindestrich, 5 Zeichen Bindestrich, 5 Zeichen Bindestrich, 5 Zeichen # code aufbereiten: 5 Zeichen Bindestrich, 5 Zeichen Bindestrich, 5 Zeichen Bindestrich, 5 Zeichen
code = f"{code[:5]}-{code[5:10]}" code = f"{code[:5]}-{code[5:10]}"
except Exception as e: except Exception as e:
@ -179,38 +152,6 @@ def create_voucher(minutes):
return render_template("voucher.html", code=code, minutes=minutes, qr_code=buffer, wifi_icon=WIFI_ICON) return render_template("voucher.html", code=code, minutes=minutes, qr_code=buffer, wifi_icon=WIFI_ICON)
@app.route('/login')
def login():
# Generiere einen eindeutigen nonce-Wert
nonce = str(uuid.uuid4())
session['nonce'] = nonce # Speichere den nonce in der Session
redirect_uri = url_for('authorize', _external=True)
return oauth.keycloak.authorize_redirect(redirect_uri, nonce=nonce)
@app.route('/authorize')
def authorize():
token = oauth.keycloak.authorize_access_token()
print(token)
nonce = session.pop('nonce', None) # Hole den nonce aus der Session
if not nonce:
return "Fehler: nonce fehlt in der Session", 400
print(nonce)
user_info = oauth.keycloak.parse_id_token(token, nonce=nonce)
session['user'] = user_info
print(user_info)
print(session['user'])
return redirect(url_for('home'))
# Logout-Route
@app.route("/logout")
def logout():
session.pop("user", None)
return redirect(app.config["OIDC_ISSUER"] + "/protocol/openid-connect/logout?redirect_uri=" + url_for("home", _external=True))
# Main script # Main script
if __name__ == "__main__": if __name__ == "__main__":
app.run(host="0.0.0.0", port=42425, debug=True) app.run(host="0.0.0.0", port=42425, debug=True)

2
script/templates/index.html
View file

@ -74,7 +74,7 @@
<body> <body>
<div class="container"> <div class="container">
<img src="{{ logo }}" alt="Logo" class="logo"> <img src="{{ logo }}" alt="Logo" class="logo">
<div class="text">{{ name }}, bitte wähle die gewünschte Dauer für den WLAN-Zugang 😀</div> <div class="text">Bitte wähle die gewünschte Dauer für den WLAN-Zugang 😀</div>
<div class="buttons"> <div class="buttons">
<a href="/voucher/45" class="button">WLAN-Zugangscode<br>für<br><span class="zeit">45min</span><br>erstellen</a> <a href="/voucher/45" class="button">WLAN-Zugangscode<br>für<br><span class="zeit">45min</span><br>erstellen</a>
<a href="/voucher/90" class="button">WLAN-Zugangscode<br>für<br><span class="zeit">90min</span><br>erstellen</a> <a href="/voucher/90" class="button">WLAN-Zugangscode<br>für<br><span class="zeit">90min</span><br>erstellen</a>

1
script/templates/voucher.html
View file

@ -84,7 +84,6 @@
</head> </head>
<body> <body>
<button class="button" onclick="window.location.href='/'">zurück</button>
<div class="header"> <div class="header">
Der {{ minutes }}min Zugangscode: Der {{ minutes }}min Zugangscode:
</div> </div>

2
version.txt
View file

@ -1 +1 @@
0.0.5 0.0.4