Skip to content
Snippets Groups Projects
Commit 32939318 authored by Jan Hartig's avatar Jan Hartig
Browse files

Merge branch 'dev' into 'main'

Add unlockroom endpoint

See merge request !22
parents 4161ef32 3439e99a
No related branches found
No related tags found
1 merge request!22Add unlockroom endpoint
Pipeline #30132 passed
sanic==23.3.0
aiofiles==23.1.0
\ No newline at end of file
sanic~=23.6.0
aiofiles~=23.2.1
wonderwords~=2.2.0
\ No newline at end of file
......@@ -4,20 +4,24 @@ import json
from base64 import urlsafe_b64encode
from time import time
from urllib.parse import quote
from wonderwords import RandomWord
import aiofiles
from sanic import Sanic
from sanic import Sanic, Request
from sanic.exceptions import Unauthorized, InvalidUsage
from sanic.response import redirect
from sanic.response import json as json_response
app = Sanic(__name__)
r = RandomWord()
''' Config ###
Set via environment variable
SANIC_JITSI_PUBLIC_URL: vc.ptb.de
SANIC_JITSI_APP_ID
SANIC_JITSI_APP_SECRET: Jitsi App Secret
SANIC_TOKEN_VALID_FOR: Time in seconds generated JWT will be valid for
SANIC_TOKEN_VALID_FOR: Time in seconds generated personal room JWT will be valid for
SANIC_ROOMS_VALID_FOR: Time in days generated room JWT will be valid for
'''
# Static token header string
......@@ -26,9 +30,37 @@ header = json.dumps({
"alg": "HS256"
}, separators=(',', ':')).encode("utf-8")
ROOMS_VALID_FOR_S = app.config.ROOMS_VALID_FOR * 24 * 60 * 60 # d, h, m -> s
@app.post('/unlockroom')
async def unlock_room(request: Request):
try:
room = request.json["room"]
if len(room) == 0:
return InvalidUsage
serial2room = await get_serial2room()
for entry in serial2room.values():
if room == entry["room"]:
return {"error": "Raum nicht freischaltbar."}
except KeyError:
room = get_random_room()
# Make room name url-safe
room = quote(room)
# Generate jwt
jwt = gen_jwt(room, ROOMS_VALID_FOR_S)
# redirect to room
return json_response({"room": room, "jwt": jwt, "valid_for": app.config.ROOMS_VALID_FOR})
@app.route('/cert2room')
async def cert2room(request):
async def cert2room(request: Request):
s_dn = request.headers.get("SSL-Client-S-DN")
serial = request.headers.get("SSL-Client-Serial")
......@@ -42,7 +74,8 @@ async def cert2room(request):
# Get user's room & email from json file
try:
room = await get_user_data(serial)
serial2room = await get_serial2room()
room = serial2room[serial]["room"]
# room, email = get_user_data(serial)
# Remove fluff from room name
......@@ -56,7 +89,7 @@ async def cert2room(request):
room = quote(room)
# Generate jwt
jwt = gen_jwt(room)
jwt = gen_jwt(room, app.config.TOKEN_VALID_FOR)
# redirect to room
return redirect("/{}?jwt={}".format(room, jwt))
......@@ -64,7 +97,14 @@ async def cert2room(request):
raise InvalidUsage
async def get_user_data(serial: str):
def get_random_room() -> str:
adjectives = r.random_words(2, include_parts_of_speech=["adjectives"])
nouns = r.random_words(2, include_parts_of_speech=["nouns"])
return f"{adjectives[0].capitalize()}{nouns[0].capitalize()}{adjectives[1].capitalize()}{nouns[1].capitalize()}"
async def get_serial2room():
# Get user data by certificate serial number
try:
async with aiofiles.open("/data/serial2room.json", "r") as f:
......@@ -75,14 +115,10 @@ async def get_user_data(serial: str):
async with aiofiles.open(app.config.SERIAL2ROOM_FILE, "r") as f:
serial2room = json.loads(await f.read())
room = serial2room[serial]["room"]
# email = serial2room[serial]["email"]
return room
# return room, email
return serial2room
def gen_jwt(room):
def gen_jwt(room: str, valid_for: int) -> str:
now = int(time())
claims = json.dumps({
"context": {}, # Setting name and email here leads to auth failure
......@@ -90,7 +126,7 @@ def gen_jwt(room):
"sub": app.config.JITSI_PUBLIC_URL,
"iat": now,
"nbf": now,
"exp": now + app.config.TOKEN_VALID_FOR,
"exp": now + valid_for,
"aud": 'DFNClientCert',
"room": room,
}, separators=(',', ':')).encode("utf-8")
......@@ -113,4 +149,4 @@ def gen_jwt(room):
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8000, fast=True, access_log=False)
app.run(host='0.0.0.0', port=8000, fast=True, access_log=True)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment