app.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

import shutil
from pathlib import Path

import flask
import markdown
from flask_caching import Cache
from flask_htpasswd import HtPasswdAuth
from flask_restful import reqparse, Api, Resource

from config import Config

app = flask.Flask(__name__)
api = Api(app)

# app config
if app.config["ENV"] == "development":
    app.config.from_object("config.DevelopConfig")
else:
    app.config.from_object(Config)

cache = Cache(app)
htpasswd = HtPasswdAuth(app)
htpasswd.users.autosave = True
parser = reqparse.RequestParser()

messages = {
    'Created': {
        'message': "User creation succeeded"
    },
    'Conflict': {
        'message': 'Username conflict'
    },
    'InternalServerError': {
        'message': 'Something went wrong, please contact the administrator.'
    }
}


@app.route('/joplin/')
@cache.cached(timeout=21600)
def index():
    # codehilite css
    with open(Path(app.root_path).joinpath('./static/hilite.css'), 'r') as hilite_file:
        css = '<style>{css}</style>'.format(css=hilite_file.read())

    # Open the README file
    with open(Path(app.root_path).joinpath('./static/Readme.md'), 'r') as markdown_file:

        # Read the content of the file
        content = markdown_file.read()

    html = ''.join([css, content])

    # render finished HTML
    return markdown.markdown(html, extensions=["fenced_code", "codehilite"]), 200


@app.route('/joplin/auth-test')
@htpasswd.required
def auth_test(user):
    return 'Hello {user}'.format(user=user)


class NewUser(Resource):
    """
    class to create new htpasswd user entry
    """
    def post(self, username):
        parser.add_argument('password')
        parser.add_argument('invite')

        args = parser.parse_args()
        password = args['password']
        invitecode = args['invite']
        path = app.config['JOPLIN_DIR']

        # break early
        if invitecode != app.config['INVITE_CODE']:
            return {'message': 'Unauthorized Request'}, 401

        if None in [password, invitecode]:
            return {'message': 'Missing parameter'}, 422

        if username not in htpasswd.users.users():
            # firstly try to create the folder to break if permissions aren't correct
            try:
                Path.mkdir(Path(path).joinpath('./%s' % username), mode=0o750, exist_ok=True)

            except OSError:
                return messages['InternalServerError'], 500

            # create user entry
            htpasswd.users.set_password(username, password)

            return messages['Created'], 201
        else:
            return messages['Conflict'], 409


class ChangePW(Resource):
    """
    class to update a users password
    """
    def post(self, username):
        parser.add_argument('password')
        parser.add_argument('new_password')

        args = parser.parse_args()
        password = args['password']
        new_password = args['new_password']

        if None in [password, new_password]:
            return {'message': 'Missing parameter'}, 422

        # check_password return False if password mismatch and None if no user is found
        if htpasswd.users.check_password(username, password):
            htpasswd.users.set_password(username, new_password)

            return {'message': 'OK'}, 200
        else:
            return {'message': 'Unauthorized Request'}, 401


class DelUser(Resource):
    """
    class to delete a user
    """
    def delete(self, username):
        parser.add_argument('password')

        args = parser.parse_args()
        password = args['password']

        if password is None:
            return {'message': 'Missing parameter'}, 422

        # check_password return False if password mismatch and None if no user is found
        if htpasswd.users.check_password(username, password):
            htpasswd.users.delete(username)

            try:
                # remove users files recursively
                shutil.rmtree(Path(app.config['JOPLIN_DIR']).joinpath('./%s' % username))
            except FileNotFoundError:
                pass

            return [], 204
        else:
            return {'message': 'Unauthorized Request'}, 401


api.add_resource(NewUser, '/joplin/<string:username>/create')
api.add_resource(ChangePW, '/joplin/<string:username>/changepw')
api.add_resource(DelUser, '/joplin/<string:username>')


if __name__ == '__main__':
    app.run()