Initial commit of auth server

authserver/.gitignore

@@ -0,0 +1,105 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+
+# Editor
+*.swp
+*.swo
+
+secrets.py

authserver/README.md

@@ -0,0 +1,17 @@
+# Auth Server
+
+Runs on Protospace's webhost and passes credentials around.
+
+Exposes a REST API to Spaceport that allows setting wiki, etc passwords.
+
+## Setup
+
+Basically the exact same as:
+
+https://docs.my.protospace.ca/ldap.html
+
+## License
+
+This program is free and open-source software licensed under the MIT License. Please see the `LICENSE` file for details.
+
+That means you have the right to study, change, and distribute the software and source code to anyone and for any purpose. You deserve these rights.

authserver/auth_functions.py

@@ -0,0 +1,15 @@
+from log import logger
+import time
+import secrets
+
+from flask import abort
+
+HTTP_NOTFOUND = 404
+
+def set_password(username, password):
+    # TODO
+    print(username, password)
+
+if __name__ == '__main__':
+    print(set_password('test.test', 'password'))
+    pass

authserver/log.py

@@ -0,0 +1,22 @@
+import logging
+import logging.config
+
+logging.config.dictConfig({
+    'version': 1,
+    'formatters': {'default': {
+        'format': '[%(asctime)s] [%(process)d] [%(levelname)7s] %(message)s',
+    }},
+    'handlers': {'wsgi': {
+        'class': 'logging.StreamHandler',
+        'stream': 'ext://flask.logging.wsgi_errors_stream',
+        'formatter': 'default'
+    }},
+    'root': {
+        'level': 'INFO',
+        'handlers': ['wsgi']
+    }
+})
+
+logger = logging.getLogger(__name__)
+
+logger.info('Logging enabled.')

authserver/requirements.txt

@@ -0,0 +1,6 @@
+click==7.1.2
+Flask==1.1.2
+itsdangerous==1.1.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+Werkzeug==1.0.1

authserver/secrets.py.example

@@ -0,0 +1,7 @@
+# Auth server secrets file, don't commit to version control!
+
+# Auth token, used by Spaceport to authenticate
+# Set this to random characters
+# For example, use the first output of this:
+# head /dev/urandom | sha1sum
+AUTH_TOKEN = ''

authserver/server.py

@@ -0,0 +1,29 @@
+from flask import Flask, abort, request
+app = Flask(__name__)
+
+import auth_functions
+import secrets
+
+HTTP_UNAUTHORIZED = 401
+
+def check_auth():
+    auth_header = request.headers.get('Authorization', '')
+    if auth_header != 'Token ' + secrets.AUTH_TOKEN:
+        abort(HTTP_UNAUTHORIZED)
+
+@app.route('/')
+def index():
+    return '<i>SEE YOU SPACE SAMURAI...</i>'
+
+@app.route('/set-password', methods=['POST'])
+def set_password():
+    check_auth()
+
+    username = request.form['username']
+    password = request.form['password']
+
+    auth_functions.set_password(username, password)
+    return ''
+
+if __name__ == '__main__':
+    app.run(debug=True, host='0.0.0.0')