Merge pull request #61 from ComputerScienceHouse/develop

Containerfile, removed LDAP requirement

Author: pikachu0542

.containerignore

@@ -0,0 +1 @@
+.venv

.github/workflows/pylint.yml

@@ -15,19 +15,17 @@ jobs:
 
     strategy:
       matrix:
-        python-version: [3.6]
+        python-version: [3.9]
 
     steps:
-      - name: Install ldap dependencies
-        run: sudo apt-get update && sudo apt-get install libldap2-dev libsasl2-dev
       - uses: actions/checkout@v2
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v2
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
+          #python -m pip install --upgrade pip
           pip install -r requirements.txt
       - name: Lint with pylint
         run: |

.gitignore

@@ -1,3 +1,6 @@
+.vscode/
+.idea/
+.venv/
 __pycache__
 *env
 config.py
@@ -7,4 +10,3 @@ AUTHORS
 ChangeLog
 creds
 .eggs
-.vscode

Containerfile

@@ -0,0 +1,11 @@
+#FROM docker.io/python:3.13-alpine
+FROM ghcr.io/astral-sh/uv:python3.9-alpine
+
+RUN apk add git
+
+WORKDIR /app
+COPY . ./
+RUN git rev-parse --short HEAD > commit.txt
+RUN uv pip install -r requirements.txt --system
+
+CMD ["gunicorn", "-b", "0.0.0.0", "audiophiler:app"]

audiophiler/__init__.py

@@ -5,15 +5,13 @@
 import os
 import random
 import subprocess
-import json
 import requests
 import flask_migrate
 from flask import Flask, render_template, request, jsonify, redirect
 from flask_pyoidc.provider_configuration import *
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_sqlalchemy import SQLAlchemy
 from werkzeug.utils import secure_filename
-from csh_ldap import CSHLDAP
 
 from audiophiler.s3 import *
 
@@ -26,9 +24,6 @@
 else:
     app.config.from_pyfile(os.path.join(os.getcwd(), "config.env.py"))
 
-git_cmd = ['git', 'rev-parse', '--short', 'HEAD']
-app.config["GIT_REVISION"] = subprocess.check_output(git_cmd).decode('utf-8').rstrip()
-
 _config = ProviderConfiguration(
     app.config['OIDC_ISSUER'],
     client_metadata = ClientMetadata(
@@ -50,12 +45,6 @@
 from audiophiler.models import File, Harold, Auth, Tour
 from audiophiler.util import *
 
-# Create CSHLDAP connection
-ldap = CSHLDAP(app.config["LDAP_BIND_DN"],
-               app.config["LDAP_BIND_PW"])
-
-# Import ldap functions after creating ldap conn
-from audiophiler.ldap import ldap_is_eboard, ldap_is_rtp
 
 # Disable SSL certificate verification warning
 requests.packages.urllib3.disable_warnings()
@@ -80,12 +69,10 @@ def home(auth_dict=None):
     db_files = db_files.paginate(page=page, per_page=page_size).items
     harolds = get_harold_list(auth_dict["uid"])
     tour_harolds = get_harold_list("root")
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
     return render_template("main.html", db_files=db_files,
                 get_date_modified=get_date_modified, s3_bucket=s3_bucket,
                 auth_dict=auth_dict, harolds=harolds, tour_harolds=tour_harolds,
-                is_rtp=is_rtp, is_eboard=is_eboard, is_tour_page=False, route="", page=page)
+                is_rtp=auth_dict["is_rtp"], is_eboard=auth_dict["is_eboard"], is_tour_page=False, route="", page=page)
 
 @app.route("/mine")
 @auth.oidc_auth('default')
@@ -100,15 +87,13 @@ def mine(auth_dict=None):
     if name:
         db_files = db_files.filter(File.name.like(f"%{name}%"))
     db_files = db_files.paginate(page=page, per_page=page_size).items
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
     # Retrieve list of files for templating
     harolds = get_harold_list(auth_dict["uid"])
     tour_harolds = get_harold_list("root")
     return render_template("main.html", db_files=db_files,
                 get_file_s3=get_file_s3, get_date_modified=get_date_modified,
                 s3_bucket=s3_bucket, auth_dict=auth_dict, harolds=harolds,
-                tour_harolds=tour_harolds, is_rtp=is_rtp, is_eboard=is_eboard,
+                tour_harolds=tour_harolds, is_rtp=auth_dict["is_rtp"], is_eboard=auth_dict["is_eboard"],
                 is_tour_page=False, route="mine", page=page)
 
 @app.route("/selected")
@@ -120,9 +105,6 @@ def selected(auth_dict=None):
     name = args.get("name", default=None, type=str)
     author = args.get("author", default=None, type=str)
     page_size = args.get("size",default=default_size, type=int)
-    # Retrieve list of files for templating
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
     #Retrieve list of files for templating
     harolds = get_harold_list(auth_dict["uid"])
     tour_harolds = get_harold_list("root")
@@ -135,7 +117,7 @@ def selected(auth_dict=None):
     return render_template("main.html", db_files=db_files,
                 get_date_modified=get_date_modified, s3_bucket=s3_bucket,
                 auth_dict=auth_dict, harolds=harolds, tour_harolds=tour_harolds,
-                is_rtp=is_rtp, is_eboard=is_eboard, is_tour_page=False,
+                is_rtp=auth_dict["is_rtp"], is_eboard=auth_dict["is_eboard"], is_tour_page=False,
                 route="selected", page=page)
 
 @app.route("/tour_page")
@@ -147,9 +129,7 @@ def admin(auth_dict=None):
     name = args.get("name", default=None, type=str)
     author = args.get("author", default=None, type=str)
     page_size = args.get("size",default=default_size, type=int)
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
-    if is_eboard or is_rtp:
+    if auth_dict["is_rtp"] or auth_dict["is_eboard"]:
         harolds = get_harold_list(auth_dict["uid"])
         tour_harolds = get_harold_list("root")
         db_files = File.query.filter(File.file_hash.in_(tour_harolds))
@@ -161,7 +141,7 @@ def admin(auth_dict=None):
         return render_template("main.html", db_files=db_files,
             get_date_modified=get_date_modified, s3_bucket=s3_bucket,
             auth_dict=auth_dict, harolds=harolds, tour_harolds=tour_harolds,
-            is_rtp=is_rtp, is_eboard=is_eboard, is_tour_page=True,
+            is_rtp=auth_dict["is_rtp"], is_eboard=auth_dict["is_eboard"], is_tour_page=True,
             is_tour_mode=get_tour_lock_status(), route="tour_page",
             page=page)
 
@@ -171,9 +151,8 @@ def admin(auth_dict=None):
 @auth.oidc_auth('default')
 @audiophiler_auth
 def upload_page(auth_dict=None):
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
-    return render_template("upload.html", is_rtp=is_rtp, is_eboard=is_eboard, auth_dict=auth_dict)
+    return render_template("upload.html", is_rtp=auth_dict["is_rtp"],
+                           is_eboard=auth_dict["is_eboard"], auth_dict=auth_dict)
 
 @app.route("/upload", methods=["POST"])
 @auth.oidc_auth('default')
@@ -233,7 +212,7 @@ def delete_file(file_hash, auth_dict=None):
         return "File Not Found", 404
 
     if not auth_dict["uid"] == file_model.author:
-        if not (ldap_is_eboard(auth_dict["uid"]) or ldap_is_rtp(auth_dict["uid"])):
+        if not auth_dict["is_rtp"] or auth_dict["is_eboard"]:
             return "Permission Denied", 403
 
     # Delete file model
@@ -259,10 +238,8 @@ def get_s3_url(file_hash, auth_dict=None):
 @audiophiler_auth
 def set_harold(file_hash, auth_dict=None):
     is_tour = request.json["tour"]
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
     if is_tour == "true":
-        if (is_rtp or is_eboard):
+        if auth_dict["is_rtp"] or auth_dict["is_eboard"]:
             uid = "root"
         else:
             return "Not Authorized", 403
@@ -280,10 +257,8 @@ def set_harold(file_hash, auth_dict=None):
 @audiophiler_auth
 def remove_harold(file_hash, auth_dict=None):
     is_tour = request.json["tour"]
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
     if is_tour == "true":
-        if is_rtp or is_eboard:
+        if auth_dict["is_rtp"] or auth_dict["is_eboard"]:
             uid = "root"
         else:
             return "Not Authorized", 403
@@ -328,9 +303,7 @@ def get_harold(uid, auth_dict=None):
 @auth.oidc_auth('default')
 @audiophiler_auth
 def toggle_tour_mode(auth_dict=None):
-    is_rtp = ldap_is_rtp(auth_dict["uid"])
-    is_eboard = ldap_is_eboard(auth_dict["uid"])
-    if is_rtp or is_eboard:
+    if auth_dict["is_rtp"] or auth_dict["is_eboard"]:
         admin_query = Tour.query.first()
         if request.json["state"] == "t":
             admin_query.tour_lock = True

audiophiler/ldap.py

@@ -105,7 +105,7 @@
 {% endblock %}
 <footer>
     <div class="version">
-        <a class="footer-version" href="https://github.com/sgreene570/audiophiler">
+        <a class="footer-version" href="https://github.com/ComputerScienceHouse/audiophiler">
             Audiophiler ({{ config["GIT_REVISION"] }})
         </a>
     </div>

audiophiler/templates/base.html

@@ -12,9 +12,13 @@ def audiophiler_auth(func):
     def wrapped_function(*args, **kwargs):
         uuid = str(session["userinfo"].get("sub", ""))
         uid = str(session["userinfo"].get("preferred_username", ""))
+        groups = str(session["userinfo"].get("groups", []))
         auth_dict = {
             "uuid": uuid,
-            "uid": uid
+            "uid": uid,
+            "groups": groups,
+            "is_rtp": 'active_rtp' in groups,
+            "is_eboard": 'eboard' in groups,
         }
         kwargs["auth_dict"] = auth_dict
         return func(*args, **kwargs)

audiophiler/util.py

@@ -16,17 +16,18 @@
     "client_secret": os.getenv("OIDC_CLIENT_SECRET", default=None),
     "post_logout_redirect_uris": [os.getenv("OIDC_LOGOUT_REDIRECT_URI", default="https://audiophiler.csh.rit.edu/logout")]
 }
+OIDC_REDIRECT_URI = os.getenv("OIDC_REDIRECT_URI", default="https://"+SERVER_NAME+"/redirect_uri")
+
+# Git Hash
+with open('commit.txt') as f: s = f.read().rstrip()
+GIT_REVISION = s
 
 # Openshift secret
 SECRET_KEY = os.getenv("SECRET_KEY", default=''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(64)))
 
 # Database credentials
 SQLALCHEMY_DATABASE_URI = os.getenv("SQLALCHEMY_DATABASE_URI", default=None)
 
-# CSH_LDAP credentials
-LDAP_BIND_DN = os.getenv("LDAP_BIND_DN", default="cn=audiophiler,ou=Apps,dc=csh,dc=rit,dc=edu")
-LDAP_BIND_PW = os.getenv("LDAP_BIND_PW", default=None)
-
 PLUG_SUPPORT = os.environ.get('PLUG_ENABLED', False)
 
 PAGE_SIZE = os.environ.get('PAGE_SIZE', 20)

config.env.py

@@ -0,0 +1,10 @@
+flask
+werkzeug
+flask-pyoidc
+boto
+gunicorn
+flask_sqlalchemy
+flask_migrate
+psycopg2
+requests
+pylint