From 53ae4c31bb6c92fd4cbec4bfefd3b214a8fd88ca Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Wed, 16 Sep 2020 21:41:55 +0000
Subject: [PATCH] Initial commit of auth server

---
 authserver/.gitignore         | 105 ++++++++++++++++++++++++++++++++++
 authserver/README.md          |  17 ++++++
 authserver/auth_functions.py  |  15 +++++
 authserver/log.py             |  22 +++++++
 authserver/requirements.txt   |   6 ++
 authserver/secrets.py.example |   7 +++
 authserver/server.py          |  29 ++++++++++
 7 files changed, 201 insertions(+)
 create mode 100644 authserver/.gitignore
 create mode 100644 authserver/README.md
 create mode 100644 authserver/auth_functions.py
 create mode 100644 authserver/log.py
 create mode 100644 authserver/requirements.txt
 create mode 100644 authserver/secrets.py.example
 create mode 100644 authserver/server.py

diff --git a/authserver/.gitignore b/authserver/.gitignore
new file mode 100644
index 0000000..26fcc5d
--- /dev/null
+++ b/authserver/.gitignore
@@ -0,0 +1,105 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+
+# Editor
+*.swp
+*.swo
+
+secrets.py
diff --git a/authserver/README.md b/authserver/README.md
new file mode 100644
index 0000000..dc3e249
--- /dev/null
+++ b/authserver/README.md
@@ -0,0 +1,17 @@
+# Auth Server
+
+Runs on Protospace's webhost and passes credentials around.
+
+Exposes a REST API to Spaceport that allows setting wiki, etc passwords.
+
+## Setup
+
+Basically the exact same as:
+
+https://docs.my.protospace.ca/ldap.html
+
+## License
+
+This program is free and open-source software licensed under the MIT License. Please see the `LICENSE` file for details.
+
+That means you have the right to study, change, and distribute the software and source code to anyone and for any purpose. You deserve these rights.
diff --git a/authserver/auth_functions.py b/authserver/auth_functions.py
new file mode 100644
index 0000000..74bdd1d
--- /dev/null
+++ b/authserver/auth_functions.py
@@ -0,0 +1,15 @@
+from log import logger
+import time
+import secrets
+
+from flask import abort
+
+HTTP_NOTFOUND = 404
+
+def set_password(username, password):
+    # TODO
+    print(username, password)
+
+if __name__ == '__main__':
+    print(set_password('test.test', 'password'))
+    pass
diff --git a/authserver/log.py b/authserver/log.py
new file mode 100644
index 0000000..23cd69e
--- /dev/null
+++ b/authserver/log.py
@@ -0,0 +1,22 @@
+import logging
+import logging.config
+
+logging.config.dictConfig({
+    'version': 1,
+    'formatters': {'default': {
+        'format': '[%(asctime)s] [%(process)d] [%(levelname)7s] %(message)s',
+    }},
+    'handlers': {'wsgi': {
+        'class': 'logging.StreamHandler',
+        'stream': 'ext://flask.logging.wsgi_errors_stream',
+        'formatter': 'default'
+    }},
+    'root': {
+        'level': 'INFO',
+        'handlers': ['wsgi']
+    }
+})
+
+logger = logging.getLogger(__name__)
+
+logger.info('Logging enabled.')
diff --git a/authserver/requirements.txt b/authserver/requirements.txt
new file mode 100644
index 0000000..139affa
--- /dev/null
+++ b/authserver/requirements.txt
@@ -0,0 +1,6 @@
+click==7.1.2
+Flask==1.1.2
+itsdangerous==1.1.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+Werkzeug==1.0.1
diff --git a/authserver/secrets.py.example b/authserver/secrets.py.example
new file mode 100644
index 0000000..d7312bb
--- /dev/null
+++ b/authserver/secrets.py.example
@@ -0,0 +1,7 @@
+# Auth server secrets file, don't commit to version control!
+
+# Auth token, used by Spaceport to authenticate
+# Set this to random characters
+# For example, use the first output of this:
+# head /dev/urandom | sha1sum
+AUTH_TOKEN = ''
diff --git a/authserver/server.py b/authserver/server.py
new file mode 100644
index 0000000..8e1fdf1
--- /dev/null
+++ b/authserver/server.py
@@ -0,0 +1,29 @@
+from flask import Flask, abort, request
+app = Flask(__name__)
+
+import auth_functions
+import secrets
+
+HTTP_UNAUTHORIZED = 401
+
+def check_auth():
+    auth_header = request.headers.get('Authorization', '')
+    if auth_header != 'Token ' + secrets.AUTH_TOKEN:
+        abort(HTTP_UNAUTHORIZED)
+
+@app.route('/')
+def index():
+    return '<i>SEE YOU SPACE SAMURAI...</i>'
+
+@app.route('/set-password', methods=['POST'])
+def set_password():
+    check_auth()
+
+    username = request.form['username']
+    password = request.form['password']
+
+    auth_functions.set_password(username, password)
+    return ''
+
+if __name__ == '__main__':
+    app.run(debug=True, host='0.0.0.0')