forked from server/reporter
less spaghetti, more whitelist
This commit is contained in:
parent
600b11b700
commit
052df38541
@ -1,12 +1,9 @@
|
||||
import json
|
||||
from collections import namedtuple
|
||||
from string import Formatter
|
||||
|
||||
from flask import Flask, render_template, request
|
||||
from flask_mail import Mail, Message
|
||||
from jinja2 import Environment, meta, Template
|
||||
|
||||
Placeholder = namedtuple("Placeholder", ["name", "type", "desc", "default"])
|
||||
env = Environment()
|
||||
|
||||
|
||||
@ -15,39 +12,45 @@ def load_config(conf="config.json"):
|
||||
placeholders = []
|
||||
for i in config["placeholders"]:
|
||||
p_h = config["placeholders"][i]
|
||||
p = Placeholder(
|
||||
name=i,
|
||||
type=p_h.get("type", "text"),
|
||||
desc=p_h["desc"],
|
||||
default=p_h.get("default"))
|
||||
p = {
|
||||
"name": i,
|
||||
"type": p_h.get("type", "text"),
|
||||
"desc": p_h["desc"],
|
||||
"default": p_h.get("default")}
|
||||
placeholders.append(p)
|
||||
config.pop("placeholders")
|
||||
flat = []
|
||||
whitelist = []
|
||||
for org in config:
|
||||
target = config[org]
|
||||
templates = []
|
||||
whitelist.append(config[org]["mail"].lower())
|
||||
for issue_name in target["templates"]:
|
||||
text = target["templates"][issue_name]
|
||||
ast = env.parse(text)
|
||||
fields = list(meta.find_undeclared_variables(ast))
|
||||
#fields = [name for _, name, _, _ in Formatter().parse(text)]
|
||||
name = f"{org}: {issue_name}"
|
||||
value = {
|
||||
"org": org,
|
||||
"name": issue_name,
|
||||
"mail": config[org]["mail"],
|
||||
"text": text,
|
||||
"placeholders": [i._asdict() for i in placeholders if i.name in fields]
|
||||
"placeholders": [i for i in placeholders if i["name"] in fields]
|
||||
}
|
||||
flat.append({"name": name, "value": value})
|
||||
return flat
|
||||
return flat, whitelist
|
||||
|
||||
def missing_fields(fields):
|
||||
return not all([field in request.form for field in fields])
|
||||
|
||||
MAIL_SERVER = "smtp.uni-bamberg.de"
|
||||
MAIL_PORT = 587
|
||||
#TESTING=True
|
||||
#MAIL_USE_TLS=True
|
||||
#MAIL_USE_SSL=True
|
||||
MAIL_DEBUG=True
|
||||
#MAIL_DEBUG=True
|
||||
|
||||
sender_whitelist = [
|
||||
"@stud.uni-bamberg.de",
|
||||
"@uni-bamberg.de",
|
||||
]
|
||||
|
||||
app = Flask(__name__)
|
||||
app.config.from_object(__name__)
|
||||
@ -56,7 +59,7 @@ app.config.from_object(__name__)
|
||||
|
||||
mail = Mail(app)
|
||||
|
||||
issues = load_config()
|
||||
issues, whitelist = load_config()
|
||||
|
||||
@app.route("/")
|
||||
def index():
|
||||
@ -64,28 +67,30 @@ def index():
|
||||
|
||||
@app.route("/send", methods=["POST"])
|
||||
def send():
|
||||
if all([field in request.form for field in ("text", "sender", "target")]):
|
||||
text = request.form["text"]
|
||||
print("all fields present")
|
||||
ast = env.parse(text)
|
||||
fields = list(meta.find_undeclared_variables(ast))
|
||||
#fields = [name for _, name, _, _ in Formatter().parse(text)]
|
||||
if None in fields:
|
||||
fields.remove(None)
|
||||
if all([field in request.form for field in fields]):
|
||||
values = {field: request.form[field] for field in fields}
|
||||
text = Template(text).render(**values)
|
||||
sender = request.form["sender"]
|
||||
recipients = [request.form["target"]]
|
||||
msg = Message("Störungsmeldung", body=text, sender=sender, recipients=recipients)
|
||||
print(msg)
|
||||
result = mail.send(msg)
|
||||
if result is None:
|
||||
return f"Success! ({result})"
|
||||
else:
|
||||
return f"Fail :( ({result})"
|
||||
if missing_fields(("text", "sender", "target")):
|
||||
print([(field,field in request.form) for field in ("text", "sender", "target")])
|
||||
print(request.form)
|
||||
return "1"
|
||||
print("all fields present")
|
||||
sender = request.form["sender"].lower()
|
||||
recipients = [request.form["target"].lower()]
|
||||
text = request.form["text"]
|
||||
if not any([sender.endswith(white) for white in sender_whitelist]):
|
||||
return f"Whitelist error!"
|
||||
if any([recip not in whitelist for recip in recipients]):
|
||||
return f"Whitelist error!"
|
||||
ast = env.parse(text)
|
||||
fields = list(meta.find_undeclared_variables(ast))
|
||||
if None in fields:
|
||||
fields.remove(None)
|
||||
if missing_fields(fields):
|
||||
print([(field,field in request.form) for field in fields])
|
||||
return "2"
|
||||
print([(field,field in request.form) for field in ("text", "sender", "target")])
|
||||
print(request.form)
|
||||
return "1"
|
||||
values = {field: request.form[field] for field in fields}
|
||||
text = Template(text).render(**values)
|
||||
msg = Message("Störungsmeldung", body=text, sender=sender, recipients=recipients) # TODO: subject?
|
||||
result = mail.send(msg)
|
||||
if result is None:
|
||||
return f"Success! ({result})"
|
||||
else:
|
||||
return f"Fail :( ({result})"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user