Initial release JoplinWebApi
Joplin WebAPI to manage Joplin users and the directory structure + add user creation endpoint + add user deletion endpoint + add user password change endpoint + add README and highlight css + add gitignore file + add uwsgi template file
+import shutil
+from pathlib import Path
+import flask
+import markdown
+from flask_caching import Cache
+from flask_htpasswd import HtPasswdAuth
+from flask_restful import reqparse, Api, Resource
+from config import Config
+app = flask.Flask(__name__)
+api = Api(app)
+# app config
+if app.config["ENV"] == "development":
+ app.config.from_object("config.DevelopConfig")
+ app.config.from_object(Config)
+cache = Cache(app)
+htpasswd = HtPasswdAuth(app)
+htpasswd.users.autosave = True
+parser = reqparse.RequestParser()
+messages = {
+ 'OK': {
+ 'status': 200,
+ 'message': 'OK'
+ },
+ 'Created': {
+ 'status': 201,
+ 'message': "User creation succeeded"
+ },
+ 'Unauthorized Request': {
+ 'status': 401,
+ 'message': 'Unauthorized Request',
+ },
+ 'Unprocessable Entity':{
+ 'status': 422,
+ 'message': 'Missing parameter'
+ },
+ 'Conflict': {
+ 'status': 409,
+ 'message': 'Username conflict'
+ },
+ 'InternalServerError': {
+ 'status': 500,
+ 'message': 'Something went wrong, please contact the administrator.'
+ }
+def index():
+ # codehilite css
+ with open(Path(app.root_path).joinpath('./static/hilite.css'), 'r') as hilite_file:
+ css = '<style>{css}</style>'.format(
+ # Open the README file
+ with open(Path(app.root_path).joinpath('./static/'), 'r') as markdown_file:
+ # Read the content of the file
+ content =
+ html = ''.join([css, content])
+ # render finished HTML
+ return flask.Response(markdown.markdown(html, extensions=["fenced_code", "codehilite"]), status=200)
+def auth_test(user):
+ return 'Hello {user}'.format(user=user)
+class NewUser(Resource):
+ """
+ class to create new htpasswd user entry
+ """
+ def post(self, username):
+ parser.add_argument('password')
+ parser.add_argument('invite')
+ args = parser.parse_args()
+ password = args['password']
+ invitecode = args['invite']
+ path = app.config['JOPLIN_DIR']
+ # break early
+ if invitecode != app.config['INVITE_CODE']:
+ return flask.jsonify(messages['Unauthorized Request'])
+ if None in [password, invitecode]:
+ return flask.jsonify(messages['Unprocessable Entity'])
+ if username not in htpasswd.users.users():
+ # firstly try to create the folder to break if permissions aren't correct
+ try:
+ Path.mkdir(Path(path).joinpath('./%s' % username), mode=0o750, exist_ok=True)
+ except OSError:
+ return flask.jsonify(messages['InternalServerError'])
+ # create user entry
+ htpasswd.users.set_password(username, password)
+ return flask.jsonify(messages['Created'])
+ else:
+ return flask.jsonify(messages['Conflict'])
+class ChangePW(Resource):
+ """
+ class to update a users password
+ """
+ def post(self, username):
+ parser.add_argument('password')
+ parser.add_argument('new_password')
+ args = parser.parse_args()
+ password = args['password']
+ new_password = args['new_password']
+ if None in [password, new_password]:
+ return flask.jsonify(messages['Unprocessable Entity'])
+ # check_password return False if password mismatch and None if no user is found
+ if htpasswd.users.check_password(username, password):
+ htpasswd.users.update(username, new_password)
+ return flask.jsonify(messages['OK'])
+ else:
+ return flask.jsonify(messages['Unauthorized Request'])
+class DelUser(Resource):
+ """
+ class to delete a user
+ """
+ def delete(self, username):
+ parser.add_argument('password')
+ args = parser.parse_args()
+ password = args['password']
+ if password is None:
+ return flask.jsonify(messages['Unprocessable Entity'])
+ # check_password return False if password mismatch and None if no user is found
+ if htpasswd.users.check_password(username, password):
+ htpasswd.users.delete(username)
+ try:
+ # remove users files recursively
+ shutil.rmtree(Path(app.config['JOPLIN_DIR']).joinpath('./%s' % username))
+ except FileNotFoundError:
+ pass
+ return flask.Response(flask.jsonify([]), status=204)
+ else:
+ return flask.jsonify(messages['Unauthorized Request'])
+api.add_resource(NewUser, '/joplin/<string:username>/create')
+api.add_resource(ChangePW, '/joplin/<string:username>/changepw')
+api.add_resource(DelUser, '/joplin/<string:username>')
+if __name__ == '__main__':
+ "secret-key": "super-secret-password",
+ "flask-secret": "different-super-secret-password",
+ "cookie_domain": "",
+ "cookie_path": "/joplin/",
+ "htpasswd_file": "/path/to/joplin/htauth/file",
+ "joplin_webdav_dir": "/var/www/webdav/joplin",
+ "invite_code": "secret invite code"
+} \ No newline at end of file
+# -*- coding: utf-8 -*-
+from ruamel.yaml import YAML
+with open("config.yml", "r", encoding="utf-8") as file:
+ config = YAML()
+ config = config.load(file)
+class Config(object):
+ DEBUG = False
+ TESTING = False
+ SECRET_KEY = config['secret-key']
+ # joplin
+ JOPLIN_DIR = config['joplin_webdav_dir']
+ INVITE_CODE = config['invite_code']
+ # flask-htpasswd
+ FLASK_SECRET = config['flask-secret']
+ FLASK_HTPASSWD_PATH = config['htpasswd_file']
+ # cache
+ CACHE_TYPE = config['cache_type']
+ CACHE_KEY_PREFIX = config['cache_key_prefix']
+ CACHE_REDIS_URL = config['cache_redis_url']
+ # session cookies
+ SESSION_COOKIE_DOMAIN = config['cookie_domain']
+ SESSION_COOKIE_PATH = config['cookie_path']
+class DevelopConfig(Config):
+ DEBUG = True
+ TESTING = True
+ # joplin
+ JOPLIN_DIR = "."
+ # flask-htpasswd
+ FLASK_HTPASSWD_PATH = "./local.htpasswd"
+ # cache
+ CACHE_TYPE = config['cache_type']
+ CACHE_KEY_PREFIX = config['cache_key_prefix']
+ CACHE_REDIS_URL = config['cache_redis_url']
+ # session cookies
+# Joplin UserManagement WebApi
+## How To
+The Joplin UserManagement WebApi utilizes [url encoded]( parameter to manage the Joplin userbase.
+## create new user
+`POST /joplin/<string:username>/create`
+- `"password":string` user password
+- `"invite-code":string` invite code to create an account
+ "password": "password",
+ "invite-code": "invite"
+- `201 Created` user creation succeeded
+- `409 Conflict` user creation failed due to a conflict
+- `422 Unprocessable Entity` one or more parameter/s were not given
+- `500 Internal Server Error` user directory creation failure
+curl --data "password=super_secret&invite-code=nachos" https://domain.tld/joplin/jim/create
+## update user password
+`POST /joplin/<string:username>/changepw`
+- `"password": string` current user password
+- `"new_password": string` new user password
+ "password": "password",
+ "new_password": "new_password"
+- `200 OK` password change succeeded
+- `401 Unauthorized` the request was not authorized
+- `422 Unprocessable Entity` one or more parameter/s were not given
+curl --data "password=super_secret&new_password=5up3r_53cr37" https://domain.tld/joplin/jim/changepw
+## delete user account
+`DELETE /joplin/<string:username>`
+- `"password": string` users password
+ "password": "password"
+- `204 No Content` user deletion succeeded
+- `401 Unauthorized` the request was not authorized
+- `422 Unprocessable Entity` one or more parameter/s were not given
+curl -X DELETE --data "password=super_secret" https://domain.tld/joplin/jim
+master = true
+project = JoplinWebApi
+base = /var/www
+chdir = %(base)/%(project)
+home = %(base)/%(project)/venv
+module = joplinapi:app
+plugins = python3
+manage-script-name = true
+processes = 3
+uid = www-data
+gid = www-data
+logto = /var/log/uwsgi/app/%(project).log
+logformat = '%(addr) - %(host) ["%(ltime)"] "%(method) %(uri)" "%(status)" "%(cl)" "%(referrer)" rt="%(time)" ut="%(secs)'
+vacuum = true
+die-on-term = true
+touch-reload = %(chdir)/reload.file