latosa/app.py

import os
import time
from base64 import b64decode, b64encode
from typing import Union
from urllib.parse import quote, unquote

from flask import (Flask, flash, redirect, render_template, request,
                   send_from_directory, url_for)
from flask_login import LoginManager, login_required, login_user, logout_user

from auth import Auth
from forms import LoginForm
from latosa import LaToSa
from user import User

app = Flask(__name__)
app.config.update(
    SECRET_KEY=os.urandom(32),
    SESSION_COOKIE_HTTPONLY=True,
    REMEMBER_COOKIE_HTTPONLY=True,
    SESSION_COOKIE_SAMESITE="Strict",
)
login_manager = LoginManager()
login_manager.init_app(app)

latosa = LaToSa(app)


@login_manager.user_loader
def load_user(user_id) -> Union[User, None]:
    for user in latosa.get_users():
        if user.uid == user_id:
            return user
    return None


@app.route('/', methods=['GET', 'POST'])
def index():
    i18n = latosa.get_i18n(request)
    session = request.args.get('session', None)
    client_id = request.args.get('client_id', None)
    form = LoginForm()
    form.session.data = session
    form.session.data = client_id
    if request.method == 'POST':
        username = form.username.data
        password = form.password.data
        redirect_to = url_for('admin') 
        user = latosa.login_user(username, password)
        if user:
            login_user(user)
            client_id = form.client_id.data
            session = form.session.data
            if session:
                session = unquote(b64decode(session))
            if session and client_id:
                session_auth = Auth()
                session_data = session_auth.decrypt(client_id, session)
                session_key = session_data['session_key']
                if 'redirect_to' in session_data:
                    response_data = {
                            'status': 'success',
                            'uid': user.uid,
                            'email': user.email,
                            'display_name': user.display_name,
                            'groups': user.groups,
                            'timestamp': time.time()
                            }
                    cyphertext = session_auth.encrypt(session_key, response_data)
                    b64 = quote(b64encode(cyphertext).decode('utf-8'))
                    url = session_data['redirect_to']
                    redirect_to = f'{url}?session={b64}'
            return redirect(redirect_to)
        flash(i18n['login']['failed'])
    return render_template('index.html', i18n=i18n, form=form)


@app.route('/admin', methods=['GET'])
@login_required
def admin():
    i18n = latosa.get_i18n(request)
    return render_template('admin.html', i18n=i18n)


@app.route('/favicon.ico')
def favicon():
    return send_from_directory(os.path.join(app.root_path, 'static'),
                               'favicon.ico',
                               mimetype='image/vnd.microsoft.icon')