You've already forked snikket-web-portal
206 lines
6.4 KiB
Python
206 lines
6.4 KiB
Python
import contextlib
|
|
import functools
|
|
|
|
import aiohttp
|
|
|
|
from quart import (
|
|
current_app, _app_ctx_stack, session as http_session, abort, redirect,
|
|
url_for,
|
|
)
|
|
|
|
|
|
def split_jid(s):
|
|
bare, sep, resource = s.partition("/")
|
|
if not sep:
|
|
resource = None
|
|
localpart, sep, domain = bare.partition("@")
|
|
if not sep:
|
|
domain = localpart
|
|
localpart = None
|
|
return localpart, domain, resource
|
|
|
|
|
|
class HTTPSessionManager:
|
|
def __init__(self, app_context_attribute):
|
|
self._app_context_attribute = app_context_attribute
|
|
|
|
async def _create(self) -> aiohttp.ClientSession:
|
|
return aiohttp.ClientSession()
|
|
|
|
async def teardown(self, exc):
|
|
app_ctx = _app_ctx_stack.top
|
|
try:
|
|
session = getattr(app_ctx, self._app_context_attribute)
|
|
except AttributeError:
|
|
return
|
|
|
|
if exc is not None:
|
|
exc_type = type(exc)
|
|
traceback = getattr(exc.__traceback__, None)
|
|
else:
|
|
exc_type = None
|
|
traceback = None
|
|
|
|
await session.__aexit__(exc_type, exc, traceback)
|
|
|
|
async def __aenter__(self) -> aiohttp.ClientSession:
|
|
app_ctx = _app_ctx_stack.top
|
|
try:
|
|
return getattr(app_ctx, self._app_context_attribute)
|
|
except AttributeError:
|
|
pass
|
|
|
|
session_object = await self._create()
|
|
session = await session_object.__aenter__()
|
|
setattr(app_ctx, self._app_context_attribute, session)
|
|
return session
|
|
|
|
async def __aexit__(self, exc_type, exc_value, traceback):
|
|
# we do nothing on aexit, since the session will be kept alive until
|
|
# the application context is torn down in teardown.
|
|
pass
|
|
|
|
|
|
class HTTPAuthSessionManager(HTTPSessionManager):
|
|
def __init__(self, app_context_attribute, session_token_key):
|
|
super().__init__(app_context_attribute)
|
|
self._session_token_key = session_token_key
|
|
|
|
async def _create(self) -> aiohttp.ClientSession:
|
|
try:
|
|
token = http_session[self._session_token_key]
|
|
except KeyError:
|
|
raise abort(401, "no token")
|
|
|
|
return aiohttp.ClientSession(
|
|
headers={
|
|
"Authorization": "Bearer {}".format(token)
|
|
}
|
|
)
|
|
|
|
|
|
class ProsodyClient:
|
|
CTX_PLAIN_SESSION = "_ProsodyClient__session"
|
|
CTX_AUTH_SESSION = "_ProsodyClient__auth_session"
|
|
CONFIG_ENDPOINT = "PROSODY_ENDPOINT"
|
|
SESSION_TOKEN = "prosody_access_token"
|
|
SESSION_ADDRESS = "prosody_jid"
|
|
|
|
def __init__(self, app=None):
|
|
self._default_login_redirect = None
|
|
self._plain_session = HTTPSessionManager(self.CTX_PLAIN_SESSION)
|
|
self._auth_session = HTTPAuthSessionManager(self.CTX_AUTH_SESSION,
|
|
self.SESSION_TOKEN)
|
|
self.app = app
|
|
if app is not None:
|
|
self.init_app(app)
|
|
|
|
@property
|
|
def default_login_redirect(self):
|
|
return self._default_login_redirect
|
|
|
|
@default_login_redirect.setter
|
|
def default_login_redirect(self, v):
|
|
self._default_login_redirect = v
|
|
|
|
def init_app(self, app):
|
|
app.config[self.CONFIG_ENDPOINT]
|
|
app.teardown_appcontext(self._plain_session.teardown)
|
|
app.teardown_appcontext(self._auth_session.teardown)
|
|
|
|
@property
|
|
def _endpoint_base(self):
|
|
return current_app.config[self.CONFIG_ENDPOINT]
|
|
|
|
@property
|
|
def _login_endpoint(self):
|
|
return "{}/oauth2/token".format(self._endpoint_base)
|
|
|
|
@property
|
|
def _rest_endpoint(self):
|
|
return "{}/rest".format(self._endpoint_base)
|
|
|
|
async def login(self, jid: str, password: str):
|
|
request = aiohttp.FormData()
|
|
request.add_field("grant_type", "password")
|
|
request.add_field("username", jid)
|
|
request.add_field("password", password)
|
|
|
|
async with self._plain_session as session:
|
|
async with session.post(self._login_endpoint, data=request) as resp:
|
|
auth_status = resp.status
|
|
auth_info = (await resp.json())
|
|
if auth_status == 401:
|
|
raise ValueError("Invalid credentials")
|
|
elif auth_status == 200:
|
|
token_type = auth_info["token_type"]
|
|
if token_type != "bearer":
|
|
raise NotImplementedError(
|
|
"unsupported token type: {!r}".format(
|
|
auth_info["token_type"]
|
|
)
|
|
)
|
|
|
|
http_session[self.SESSION_TOKEN] = auth_info["access_token"]
|
|
http_session[self.SESSION_ADDRESS] = jid
|
|
return True
|
|
else:
|
|
raise RuntimeError(
|
|
"unexpected backend response: {!r}".format(auth_status)
|
|
)
|
|
|
|
@property
|
|
def session_token(self):
|
|
try:
|
|
return http_session[self.SESSION_TOKEN]
|
|
except KeyError:
|
|
raise abort(401, "no session")
|
|
|
|
@property
|
|
def session_address(self):
|
|
try:
|
|
return http_session[self.SESSION_ADDRESS]
|
|
except KeyError:
|
|
raise abort(401, "no session")
|
|
|
|
@property
|
|
def has_session(self):
|
|
return self.SESSION_TOKEN in http_session
|
|
|
|
def require_session(self, redirect_to: str = None):
|
|
def decorator(f):
|
|
@functools.wraps(f)
|
|
async def wrapped(*args, **kwargs):
|
|
if not self.has_session:
|
|
nonlocal redirect_to
|
|
if redirect_to is not False:
|
|
redirect_to = \
|
|
redirect_to or self._default_login_redirect
|
|
if not redirect_to:
|
|
raise abort(401, "Not Authorized")
|
|
return redirect(url_for(redirect_to))
|
|
|
|
return await f(*args, **kwargs)
|
|
return wrapped
|
|
return decorator
|
|
|
|
async def get_user_info(self):
|
|
localpart, domain, _ = split_jid(self.session_address)
|
|
|
|
request = {
|
|
"kind": "iq",
|
|
"to": domain,
|
|
"type": "get",
|
|
"ping": True
|
|
}
|
|
|
|
async with self._auth_session as session:
|
|
async with session.post(self._rest_endpoint,
|
|
json=request) as resp:
|
|
if resp.status != 200:
|
|
raise abort(resp.status)
|
|
|
|
return {
|
|
"username": localpart,
|
|
}
|