diff --git a/adminer/index.js b/adminer/index.js index 21bbbe5..bb0686d 100644 --- a/adminer/index.js +++ b/adminer/index.js @@ -4,9 +4,9 @@ var app = new Vue({ type: 'admin_pass', /* admin_pass or token */ password: 'test', loggedin: false, - mailerHost: 'https://mailer.jean-cloud.net', + //mailerHost: 'https://mailer.jean-cloud.net', //mailerHost: 'http://localhost:8080', - //mailerHost: '/api', + mailerHost: '/api', forms: [], users: [], newUser: '', diff --git a/server/main.py b/server/main.py index 27e7cba..da2e42f 100755 --- a/server/main.py +++ b/server/main.py @@ -96,8 +96,7 @@ def submission (): if 'token' in request.forms: token = request.forms.getunicode('token') else: - response.status = 400 - return resp('error', 'Le jeton d’autentification est requis') + return resp(400, 'Le jeton d’autentification est requis') # Getting mail address if 'mail' in request.forms: @@ -110,39 +109,32 @@ def submission (): try: form = mongodb_database['forms'].find({'token': token})[0] except IndexError as e: - response.status = 400 - return resp('error', 'Le formulaire demandé est introuvable, merci de vérifier que le token utilisé est le bon') + return resp(400, 'Le formulaire demandé est introuvable, merci de vérifier que le token utilisé est le bon') except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible.') + return resp(500, 'La base de donnée n’est pas accessible.') # Did the bot filled the honeypot field? if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '': - response.status = 400 - print('honeypotfield') - return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') + return resp(400, 'We identified you as a bot. If this is an error, try to contact us via another way.') # Is the js timer enabled? if 'timerdelay' in form: # Did it work? if 'timerfield' not in request.forms or int(request.forms.get('timerfield')) < int(form['timerdelay']): print('timer : {}/{}'.format(request.forms.get('timerfield'), form['timerdelay'])) - response.status = 400 - return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.') + return resp(400, 'We identified you as a bot. If this is an error, try to contact us via another way.') try: subject_fields = fill_fields(request, get_fields(form['subject'])) content_fields = fill_fields(request, get_fields(form['content'])) except MissingParameterException as e: - response.status = 400 - return resp('error', str(e)) + return resp(400, str(e)) subject = re.sub(form_regex, r'{\1}', form['subject']).format(**subject_fields) content = re.sub(form_regex, r'{\1}', form['content']).format(**content_fields) try: if not send_mail(from_address, form['mail'], subject, content): - response.status = 500 - return resp('error', 'Le mail n’a pas pu être envoyé.') + return resp(500, 'Le mail n’a pas pu être envoyé.') except smtplib.SMTPDataError as e: response.status = 500 error = 'Le mail a été refusé. Merci de réessayer plus tard.' @@ -156,11 +148,12 @@ def submission (): # Redirection #bottle.redirect(success_redirect_default) origin = request.headers.get('origin') - return resp('success', 'Mail envoyé !') + return resp(200, 'Mail envoyé !') ##################################################### Helpers ############################################ def resp (status, msg, data='{}'): + response.status = status return '{{"status": "{}", "msg": "{}", "data": {}}}'.format(status, msg, data) def get_fields (string): @@ -248,30 +241,26 @@ def create_form (): elif mail_default_subject != '': subject = mail_default_subject else: - response.status = 400 - return resp('error', 'Le champs « sujet » est requis') + return resp(400, 'Le champs « sujet » est requis') # Getting mail content if 'content' in request.forms: content = request.forms.getunicode('content') else: - response.status = 400 - return resp('error', 'Le champs « contenu » est requis') + return resp(400, 'Le champs « contenu » est requis') # Getting from address if 'mail' in request.forms: mail = request.forms.getunicode('mail') else: - response.status = 400 - return resp('error', 'Le champs « adresse » est requis') + return resp(4000, 'Le champs « adresse » est requis') user = login(request) print('post form') print(user) if user['_privilege'] > 1: - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(400, 'Privilèges insufisants') # TODO limit the insertion rate token = ''.join(random.sample(token_chars, token_len)) @@ -290,10 +279,9 @@ def create_form (): inserted = mongodb_database['forms'].insert_one(newEntry) except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible') + return resp(500, 'La base de donnée n’est pas accessible') - return resp('success', 'Créé : ' + token) + return resp(200, 'Créé : ' + token) @app.post('/form/list') def list_forms (): @@ -304,13 +292,11 @@ def list_forms (): elif user['_privilege'] == 1: filt = {'user_id': user['_id']} else: - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(400, 'Privilèges insufisants') data = mongodb_database['forms'].find(filt) - return resp('success','', dumps(list(data))) + return resp(200,'', dumps(list(data))) except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error','La base de donnée n’est pas accessible') + return resp(500,'La base de donnée n’est pas accessible') @@ -319,18 +305,15 @@ def delete_form(token): # TODO If admin or form owner user = login(request) if user['_privilege'] > 1: - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(400, 'Privilèges insufisants') # Actually delete try: form = mongodb_database['forms'].find({'token':token })[0] except IndexError as e: - response.status = 400 - return resp('error', 'Le token n’est pas valide') + return resp(400, 'Le token n’est pas valide') except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible') + return resp(500, 'La base de donnée n’est pas accessible') if user['_privilege'] == 0 or (form['user_id'] == user['_id']): try: @@ -338,11 +321,9 @@ def delete_form(token): 'token': token, }) except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible') - return resp('success', 'Supprimé ' + token) - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(500, 'La base de donnée n’est pas accessible') + return resp(200, 'Supprimé ' + token) + return resp(400, 'Privilèges insufisants') ##################################################### Users ############################################ @@ -351,58 +332,50 @@ def delete_form(token): def list_users (): user = login(request) if user['_privilege'] > 0: - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(400, 'Privilèges insufisants') try: data = mongodb_database['users'].find() - return resp('success', '', dumps(list(data))) + return resp(200, '', dumps(list(data))) except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible') + return resp(500, 'La base de donnée n’est pas accessible') @app.route('/user/', method=['OPTIONS', 'PUT']) def create_user (username): user = login(request) if user['_privilege'] > 0: - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(400, 'Privilèges insufisants') try: mongodb_database['users'].find({'username': username})[0] - return resp('error', 'L’utilisateur existe déjà') + return resp(400, 'L’utilisateur existe déjà') except IndexError as e: try: inserted = mongodb_database['users'].insert_one({ 'username': username, 'token': ''.join(random.sample(token_chars, token_len)) }) - return resp('success', 'Créé : ' + username) + return resp(200, 'Créé : ' + username) except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible') + return resp(500, 'La base de donnée n’est pas accessible') except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error','La base de donnée n’est pas accessible') + return resp(500,'La base de donnée n’est pas accessible') @app.delete('/user/') def delete_user (username): user = login(request) if user['_privilege'] > 0: - response.status = 400 - return resp('error', 'Privilèges insufisants') + return resp(400, 'Privilèges insufisants') try: mongodb_database['users'].find({'username': username})[0] mongodb_database['users'].delete_one({ 'username': username, }) - return resp('success', 'Supprimé ' + username) + return resp(200, 'Supprimé ' + username) except IndexError as e: - response.status = 400 - return resp('error', 'L’utilisateur n’existe pas') + return resp(400, 'L’utilisateur n’existe pas') except pymongo.errors.ServerSelectionTimeoutError as e: - response.status = 500 - return resp('error', 'La base de donnée n’est pas accessible') + return resp(500, 'La base de donnée n’est pas accessible') ##################################################### app startup ############################################ diff --git a/test/docker-compose.yml b/test/docker-compose.yml index 5f44aa3..7923003 100644 --- a/test/docker-compose.yml +++ b/test/docker-compose.yml @@ -17,13 +17,21 @@ services: SMTP_SERVER_USERNAME: toto SMTP_SERVER_PASSWORD: lol SMTP_SERVER_SENDER: moi - ADMIN_PASSWORD: admin + ADMIN_PASSWORD: test SMTP_SSL: 'true' + UID: 101 + MOUNT: /api + proxy: image: nginx ports: - 8080:8080 volumes: - - ./nginx.conf:/etc/nginx.conf + - ./nginx.conf:/etc/nginx/nginx.conf - ../:/usr/app + - ./uwsgi:/tmp/uwsgi + environment: + nginx_uid: 1000 + depends_on: + - mailer diff --git a/test/nginx.conf b/test/nginx.conf index 0e2341b..77972fe 100644 --- a/test/nginx.conf +++ b/test/nginx.conf @@ -24,7 +24,7 @@ http { add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS'; listen 8080; location /admin { - root /usr/app/adminer; + alias /usr/app/adminer; index index.html; } location / { @@ -32,7 +32,10 @@ http { index test.html; } location /api/ { - proxy_pass http://mailer:8080; + include uwsgi_params; + uwsgi_pass unix:/tmp/uwsgi/uwsgi.sock; + #uwsgi_param PATH_INFO "$1"; + #uwsgi_param SCRIPT_NAME /; } } }