COSCUP · orertrr · Jun 25, 2024 · Jul 2, 2024 · Jul 14, 2024 · Jul 14, 2024
diff --git a/Dockerfile-app b/Dockerfile-app
@@ -12,12 +12,14 @@ ADD ./celery_task/__init__.py \
     ./celery_task/
 
 ADD ./models/__init__.py \
+    ./models/api_token.py \
     ./models/base.py \
     ./models/index.py \
     ./models/subscriberdb.py \
     ./models/
 
 ADD ./module/__init__.py \
+    ./module/api_token.py \
     ./module/awsses.py \
     ./module/ga.py \
     ./module/sender.py \
@@ -37,6 +39,7 @@ ADD ./templates/admin_subscriber_add.html \
     ./templates/base_subscribe.html \
     ./templates/base.html \
     ./templates/index.html \
+    ./templates/settings_token.html \
     ./templates/subscribe_coscup.html \
     ./templates/subscriber_error.html \
     ./templates/subscriber_intro.html \
@@ -49,5 +52,7 @@ ADD ./view/__init__.py \
     ./view/reader.py \
     ./view/subscribe.py \
     ./view/subscriber.py \
+    ./view/token.py \
     ./view/trello.py \
+    ./view/volunteer.py \
     ./view/
diff --git a/main.py b/main.py
@@ -10,7 +10,7 @@
 import google_auth_oauthlib.flow
 from apiclient import discovery
 from flask import (Flask, g, got_request_exception, redirect, render_template,
-                   request, session, url_for)
+                   request, session, url_for, make_response)
 from flask.wrappers import Response
 from werkzeug.wrappers import Response as ResponseBase
 
@@ -21,6 +21,9 @@
 from view.subscribe import VIEW_SUBSCRIBE
 from view.subscriber import VIEW_SUBSCRIBER
 from view.trello import VIEW_TRELLO
+from view.volunteer import VIEW_VOLUNTEER
+from view.token import VIEW_TOKEN
+from module.api_token import APIToken
 
 logging.basicConfig(
     filename='./log/log.log',
@@ -37,7 +40,9 @@
 app.register_blueprint(VIEW_READER)
 app.register_blueprint(VIEW_SUBSCRIBE)
 app.register_blueprint(VIEW_SUBSCRIBER)
+app.register_blueprint(VIEW_TOKEN)
 app.register_blueprint(VIEW_TRELLO)
+app.register_blueprint(VIEW_VOLUNTEER)
 
 if app.debug:
     app.config['TEMPLATES_AUTO_RELOAD'] = True
@@ -60,6 +65,16 @@ def need_login() -> ResponseBase | None:
                  request.headers.get('USER-AGENT'),
                  session, )
 
+    if request.path.startswith('/volunteer'):
+        token = request.headers.get('Authorization')
+        if token is None:
+            return make_response('Unauthorized', 401)
+
+        if APIToken.verify(token) is True:
+            return None
+
+        return make_response('Unauthorized', 401)
+
     if request.path not in NO_NEED_LOGIN_PATH \
             and not request.path.startswith('/subscriber') \
             and not request.path.startswith('/subscribe') \

diff --git a/models/api_token.py b/models/api_token.py
@@ -0,0 +1,19 @@
+''' APIToken DB '''
+from models.base import DBBase
+
+class APITokenDB(DBBase):
+    ''' Token Collection
+
+    Schema:
+    {
+        serial_no: string,
+        token: string,
+        label: string
+    }
+    '''
+    def __init__(self) -> None:
+        super().__init__('api_token')
+
+    def index(self) -> None:
+        ''' index '''
+        self.create_index([('serial_no', 1)])
diff --git a/models/index.py b/models/index.py
@@ -1,8 +1,10 @@
 ''' index '''
+from models.api_token import APITokenDB
 from models.subscriberdb import (SubscriberDB, SubscriberLoginTokenDB,
                                  SubscriberReadDB)
 
 if __name__ == '__main__':
+    APITokenDB().index()
     SubscriberDB().index()
     SubscriberLoginTokenDB().index()
     SubscriberReadDB().index()
diff --git a/module/api_token.py b/module/api_token.py
@@ -0,0 +1,62 @@
+''' API Token Module '''
+from typing import Any
+from uuid import uuid4
+from dataclasses import dataclass, asdict, field
+
+from passlib.context import CryptContext
+
+from models.api_token import APITokenDB
+
+@dataclass
+class APITokenSchema:
+    ''' Schema of api_token collection '''
+    token: str = field(default_factory=lambda: uuid4().hex)
+    serial_no: str = field(default_factory=lambda: f'{uuid4().node:08x}')
+    label: str = ''
+
+class APIToken:
+    ''' Class for managing API tokens '''
+    @staticmethod
+    def create(label: str) -> APITokenSchema:
+        ''' Create token '''
+        new_token = APITokenSchema(label=label)
+
+        hash_context = CryptContext(schemes=['bcrypt'], deprecated='auto')
+        hashed_token = asdict(new_token)
+        hashed_token['token'] = hash_context.hash(hashed_token['token'])
+
+        APITokenDB().insert_one(hashed_token)
+
+        new_token.token = f'{new_token.serial_no}|{new_token.token}'
+
+        return new_token
+
+    @staticmethod
+    def get_list() -> list[dict[str, Any]]:
+        ''' Get list of token '''
+        return list(APITokenDB().find({}, { 'label': 1, 'serial_no': 1, '_id': 0 }))
+
+    @staticmethod
+    def delete(tokens: list[str]) -> None:
+        ''' Delete the given token serial_no '''
+        APITokenDB().delete_many({
+            'serial_no': { '$in': tokens }
+        })
+
+    @staticmethod
+    def verify(token: str) -> bool:
+        ''' Check if the token exists and valid '''
+        schema, token = token.split(' ')
+        if schema.lower() != 'bearer':
+            return False
+
+        serial_no, token = token.split('|')
+        hash_context = CryptContext(schemes=['bcrypt'], deprecated='auto')
+        hashed_token = APITokenDB().find_one({
+            'serial_no': serial_no
+        })
+
+        if hashed_token is None:
+            return False
+
+        return hash_context.verify(token, hashed_token['token'])
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -24,6 +24,8 @@ pymongo = "^4.3.3"
 requests = "^2.31.0"
 uWSGI = "^2.0.21"
 certifi = "*"
+passlib = "^1.7.4"
+types-passlib = "^1.7.7.20240327"
 
 
 [tool.poetry.group.dev.dependencies]

diff --git a/templates/base.html b/templates/base.html
@@ -38,6 +38,9 @@
                 <span>{{session.u.name}}</span>
             </a>
             <div class="navbar-dropdown is-right">
+                <a class="navbar-item" href="/token">
+                    <span class="icon"><i class="fas fa-key"></i></span> <span>API Token 設定</span>
+                </a>
                 <a class="navbar-item" href="/logout">
                     <span class="icon"><i class="fas fa-sign-out-alt"></i></span> <span>登出</span>
                 </a>

diff --git a/templates/index.html b/templates/index.html
@@ -28,6 +28,19 @@ <h3>管理電子報訂閱者</h3>
                 </div>
             </div>
         </div>
+        <div class="columns">
+            <div class="column">
+                <div class="content">
+                    <h3>電子報系統設定</h3>
+                </div>
+                <div class="buttons">
+                    <a class="button is-outlined is-info is-light" href="/token">
+                        <span class="icon"><i class="fas fa-key"></i></span>
+                        <span>API Token 設定</span>
+                    </a>
+                </div>
+            </div>
+        </div>
         <div class="columns">
             <div class="column">
                 <div class="content">