velvox
/
litecord
mirror of https://gitlab.com/litecord/litecord.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'admin-token' into 'master' 

Implement admin ID for automated tests

See merge request litecord/litecord!90
This commit is contained in:
luna 2022-11-27 17:55:13 +00:00
parent febdee5bd9 77277d8cca
commit bb8621ba72
4 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config.ci.py
View File

@ -48,6 +48,9 @@ class Config:
# Postgres credentials # Postgres credentials
POSTGRES = {} POSTGRES = {}
ADMIN_ID = None
ADMIN_TOKEN = None
class Development(Config): class Development(Config):
DEBUG = True DEBUG = True

17
config.example.py
View File

@ -17,6 +17,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
""" """
import os
MODE = "Development" MODE = "Development"
@ -65,10 +68,13 @@ class Config:
#: Postgres credentials #: Postgres credentials
POSTGRES = {} POSTGRES = {}
#: Shared secret for LVSP #: Shared secret for LVSP
LVSP_SECRET = "" LVSP_SECRET = ""
ADMIN_ID = None
ADMIN_TOKEN = None
class Development(Config): class Development(Config):
DEBUG = True DEBUG = True
@ -80,6 +86,12 @@ class Development(Config):
"database": "litecord", "database": "litecord",
} }
ADMIN_ID = os.getenv("ADMIN_ID")
ADMIN_TOKEN = os.getenv("ADMIN_TOKEN")
if ADMIN_ID is not None:
ADMIN_ID = int(ADMIN_ID)
class Production(Config): class Production(Config):
DEBUG = False DEBUG = False
@ -91,3 +103,6 @@ class Production(Config):
"password": "some_production_password", "password": "some_production_password",
"database": "litecord_or_anything_else_really", "database": "litecord_or_anything_else_really",
} }
ADMIN_TOKEN = None
ADMIN_ID = None

8
litecord/auth.py
View File

@ -19,6 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
import base64 import base64
import binascii import binascii
from hmac import compare_digest
import bcrypt import bcrypt
from itsdangerous import TimestampSigner, BadSignature from itsdangerous import TimestampSigner, BadSignature
@ -47,6 +48,11 @@ async def raw_token_check(token: str, db=None) -> int:
Forbidden Forbidden
If token validation fails. If token validation fails.
""" """
if app.config["ADMIN_TOKEN"] is not None and compare_digest(
token, app.config["ADMIN_TOKEN"]
):
return app.config["ADMIN_ID"]
db = db or app.db db = db or app.db
# just try by fragments instead of # just try by fragments instead of
@ -121,6 +127,8 @@ async def token_check() -> int:
async def admin_check() -> int: async def admin_check() -> int:
"""Check if the user is an admin.""" """Check if the user is an admin."""
user_id = await token_check() user_id = await token_check()
if user_id == app.config["ADMIN_ID"]:
return user_id
flags = await app.db.fetchval( flags = await app.db.fetchval(
""" """

15
run.py
View File

@ -122,7 +122,22 @@ redirect_logging()
def make_app(): def make_app():
app = Quart(__name__) app = Quart(__name__)
app.config.from_object(f"config.{config.MODE}") app.config.from_object(f"config.{config.MODE}")
admin_id, admin_token = app.config["ADMIN_ID"], app.config["ADMIN_TOKEN"]
if None in {admin_id, admin_token} and not admin_id == admin_token:
log.warning(
"Not both admin ID ({}) and token ({}) configured; ignoring",
admin_id,
admin_token,
)
admin_id = admin_token = None
# update config if the variables were updated
app.config["ADMIN_ID"] = admin_id
app.config["ADMIN_TOKEN"] = admin_token
is_debug = app.config.get("DEBUG", False) is_debug = app.config.get("DEBUG", False)
app.debug = is_debug app.debug = is_debug