Browse Source

add a password for the regenerate_vapid endpoint

test-message
Trent Larson 11 months ago
parent
commit
35747dff26
  1. 23
      app.py
  2. 4
      webpush.py

23
app.py

@ -1,3 +1,8 @@
"""
Environment variables:
- SQLALCHEMY_DATABASE_URI: path to sqlite file, starting with "sqlite:////"
- ADMIN_PASSWORD: password for admin user for sensitive endpoints
"""
from typing import Dict, Tuple, Union, Optional from typing import Dict, Tuple, Union, Optional
from flask import Flask, request, jsonify, Response from flask import Flask, request, jsonify, Response
@ -14,10 +19,10 @@ import os
import threading import threading
import time import time
app = Flask(__name__)
CONTACT_EMAIL = "mailto:info@timesafari.app" CONTACT_EMAIL = "mailto:info@timesafari.app"
app = Flask(__name__)
class WebPushService(): class WebPushService():
""" """
This class provides services for sending web push notifications. This class provides services for sending web push notifications.
@ -210,6 +215,7 @@ class WebPushService():
URL: /web-push/regenerate_vapid URL: /web-push/regenerate_vapid
Method: POST Method: POST
Header: Authentication: Basic ...
Returns: Returns:
- Tuple[str, int]: A JSON response indicating the success or failure of the operation, along with the appropriate HTTP status code. - Tuple[str, int]: A JSON response indicating the success or failure of the operation, along with the appropriate HTTP status code.
@ -219,6 +225,19 @@ class WebPushService():
- If there's an error during the operation, a JSON response with the error message is returned with a 500 status code. - If there's an error during the operation, a JSON response with the error message is returned with a 500 status code.
""" """
envPassword = os.getenv('ADMIN_PASSWORD')
auth = request.authorization
if (auth is None
or auth.username is None
or auth.username != 'admin'
or auth.password is None
or auth.password != envPassword):
return (
jsonify(error='Wrong password'),
401,
{'WWW-Authenticate': 'Basic realm="Login Required"'}
)
# Creating a context for the application to enable database operations # Creating a context for the application to enable database operations
try: try:
with self.app.app_context(): with self.app.app_context():

4
webpush.py

@ -63,11 +63,15 @@ if len(sys.argv) > 2:
try: try:
#print(str(subscription_info))
#sys.exit(0)
result = webpush(subscription_info, result = webpush(subscription_info,
data, data,
vapid_private_key=private_key_base64, vapid_private_key=private_key_base64,
vapid_claims={"sub": "mailto:matthew.raymer@gmail.com"}) vapid_claims={"sub": "mailto:matthew.raymer@gmail.com"})
print(f"Result from remote service: {result}") print(f"Result from remote service: {result}")
# log the .reason from Apple
# https://developer.apple.com/documentation/usernotifications/sending_web_push_notifications_in_web_apps_and_browsers#3994594
except WebPushException as ex: except WebPushException as ex:
print(f"An error occurred: {ex}") print(f"An error occurred: {ex}")
# Check if there is a response from the remote service. # Check if there is a response from the remote service.

Loading…
Cancel
Save