mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-14 01:20:27 +00:00
97 lines
3.0 KiB
Python
97 lines
3.0 KiB
Python
from werkzeug.contrib.fixers import ProxyFix
|
|
from flask import Flask, request, session, redirect, url_for
|
|
from flask_login import LoginManager
|
|
from flask_sqlalchemy import SQLAlchemy
|
|
|
|
app = Flask(__name__)
|
|
app.config.from_object('config')
|
|
app.wsgi_app = ProxyFix(app.wsgi_app)
|
|
|
|
login_manager = LoginManager()
|
|
login_manager.init_app(app)
|
|
db = SQLAlchemy(app)
|
|
|
|
def enable_github_oauth(GITHUB_ENABLE):
|
|
if not GITHUB_ENABLE:
|
|
return None, None
|
|
from flask_oauthlib.client import OAuth
|
|
oauth = OAuth(app)
|
|
github = oauth.remote_app(
|
|
'github',
|
|
consumer_key=app.config['GITHUB_OAUTH_KEY'],
|
|
consumer_secret=app.config['GITHUB_OAUTH_SECRET'],
|
|
request_token_params={'scope': app.config['GITHUB_OAUTH_SCOPE']},
|
|
base_url=app.config['GITHUB_OAUTH_URL'],
|
|
request_token_url=None,
|
|
access_token_method='POST',
|
|
access_token_url=app.config['GITHUB_OAUTH_TOKEN'],
|
|
authorize_url=app.config['GITHUB_OAUTH_AUTHORIZE']
|
|
)
|
|
|
|
@app.route('/user/authorized')
|
|
def authorized():
|
|
session['github_oauthredir'] = url_for('.authorized', _external=True)
|
|
resp = github.authorized_response()
|
|
if resp is None:
|
|
return 'Access denied: reason=%s error=%s' % (
|
|
request.args['error'],
|
|
request.args['error_description']
|
|
)
|
|
session['github_token'] = (resp['access_token'], '')
|
|
return redirect(url_for('.login'))
|
|
|
|
@github.tokengetter
|
|
def get_github_oauth_token():
|
|
return session.get('github_token')
|
|
|
|
return oauth, github
|
|
|
|
|
|
oauth, github = enable_github_oauth(app.config.get('GITHUB_OAUTH_ENABLE'))
|
|
|
|
|
|
def enable_google_oauth(GOOGLE_ENABLE):
|
|
if not GOOGLE_ENABLE:
|
|
return None
|
|
from flask_oauthlib.client import OAuth
|
|
oauth = OAuth(app)
|
|
|
|
google = oauth.remote_app(
|
|
'google',
|
|
consumer_key=app.config['GOOGLE_OAUTH_CLIENT_ID'],
|
|
consumer_secret=app.config['GOOGLE_OAUTH_CLIENT_SECRET'],
|
|
request_token_params=app.config['GOOGLE_TOKEN_PARAMS'],
|
|
base_url=app.config['GOOGLE_BASE_URL'],
|
|
request_token_url=None,
|
|
access_token_method='POST',
|
|
access_token_url=app.config['GOOGLE_TOKEN_URL'],
|
|
authorize_url=app.config['GOOGLE_AUTHORIZE_URL'],
|
|
)
|
|
|
|
@app.route('/user/authorized')
|
|
def authorized():
|
|
resp = google.authorized_response()
|
|
if resp is None:
|
|
return 'Access denied: reason=%s error=%s' % (
|
|
request.args['error_reason'],
|
|
request.args['error_description']
|
|
)
|
|
session['google_token'] = (resp['access_token'], '')
|
|
return redirect(url_for('.login'))
|
|
|
|
@google.tokengetter
|
|
def get_google_oauth_token():
|
|
return session.get('google_token')
|
|
|
|
return google
|
|
|
|
|
|
google = enable_google_oauth(app.config.get('GOOGLE_OAUTH_ENABLE'))
|
|
|
|
from app import views, models
|
|
|
|
if app.config.get('SAML_ENABLED') and app.config.get('SAML_ENCRYPT'):
|
|
from app.lib import certutil
|
|
if not certutil.check_certificate():
|
|
certutil.create_self_signed_cert()
|