doorboy-proxy/app/doorboy-proxy.py

#!/usr/bin/env python3
from sanic import Sanic
from sanic.response import text, json
from sanic_prometheus import monitor
from motor.motor_asyncio import AsyncIOMotorClient
import httpx
import pymongo
import os

app = Sanic(__name__)
monitor(app).expose_endpoint()

INVENTORY_API_KEY = os.environ["INVENTORY_API_KEY"]
DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"]
DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"]
CARD_URI = os.environ["CARD_URI"]
FLOOR_ACCESS_GROUP = os.environ["FLOOR_ACCESS_GROUP"]
WORKSHOP_ACCESS_GROUP = os.environ["WORKSHOP_ACCESS_GROUP"]
MONGO_URI = os.environ["MONGO_URI"]
SWIPE_URI = os.environ["SWIPE_URI"]

assert len(DOORBOY_SECRET_FLOOR) >= 10
assert len(DOORBOY_SECRET_WORKSHOP) >= 10


@app.listener("before_server_start")
async def setup_db(app, loop):
    # TODO: find cleaner way to do this, for more see
    # https://github.com/sanic-org/sanic/issues/919
    app.ctx.db = AsyncIOMotorClient(MONGO_URI).get_default_database()

@app.route("/allowed")
async def view_doorboy_uids(request):
    key = request.headers.get("KEY")
    if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
        return text("how about no")

    groups = []
    if key == DOORBOY_SECRET_FLOOR:
        groups.append(FLOOR_ACCESS_GROUP)
    if key == DOORBOY_SECRET_WORKSHOP:
        groups.append(WORKSHOP_ACCESS_GROUP)
    if not groups:
        return "fail", 500
    async with httpx.AsyncClient() as client:
        r = await client.post(CARD_URI, json={
            "groups": groups
        }, headers={
            "Content-Type": "application/json",
            "Authorization": f"Basic {INVENTORY_API_KEY}"
        })
    j = r.json()
    allowed_uids = []
    for obj in j:
        allowed_uids.append({
            "token": obj["token"]
        })
    return json({"allowed_uids": allowed_uids})


@app.route("/longpoll", stream=True)
async def view_longpoll(request):
    key = request.headers.get("KEY")
    if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
        return text("Invalid token")

    response = await request.respond(content_type="text/event-stream")
    await response.send("data: response-generator-started\n\n")
    pipeline = [
        {
            "$match": {
                 "operationType": "insert",
             }
        }
    ]
    try:
        async with app.ctx.db.eventlog.watch(pipeline) as stream:
            await response.send("data: watch-stream-opened\n\n")
            async for event in stream:
                if event["fullDocument"].get("type") == "open-door" and event["fullDocument"].get("approved", False):
                    await response.send("data: %s\n\n" %
                                        event["fullDocument"]["door"])
    except pymongo.errors.PyMongoError as e:
        print(e)
        await response.send("data: response-generator-ended\n\n")
        return

@app.post("/swipe")
async def forward_swipe(request):
    key = request.headers.get("KEY")
    if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
        return text("Invalid token", status=401)
    data = request.json
    doors = set()
    if key == DOORBOY_SECRET_FLOOR:
        doors.update(["backdoor", "frontdoor", "grounddoor"])
    if key == DOORBOY_SECRET_WORKSHOP:
        doors.add("workshopdoor")
    if data.get("door") not in doors:
        print("Door", repr(data.get("door")), "not in", doors)
        return text("Not allowed", 403)

    async with httpx.AsyncClient() as client:
        r = await client.post(SWIPE_URI, json=data, headers={
            "Content-Type": "application/json",
            "Authorization": f"Basic {INVENTORY_API_KEY}"
        })
    if r.status_code == 200:
        return text("ok")
    else:
        return text("Failed", 500)


if __name__ == "__main__":
    app.run(debug=False, host="0.0.0.0", port=5000, single_process=True, access_log=True)
Prepare for Kubernetes migration 2022-12-17 10:46:39 +00:00			`#!/usr/bin/env python3`
Modernize whole stack 2022-02-21 20:10:57 +00:00			`from sanic import Sanic`
			`from sanic.response import text, json`
Prepare for Kubernetes migration 2022-12-17 10:46:39 +00:00			`from sanic_prometheus import monitor`
change to sanic and motor 2021-04-02 09:10:34 +00:00			`from motor.motor_asyncio import AsyncIOMotorClient`
Change allowed endpoint to use inventory api 2023-07-30 10:05:02 +00:00			`import httpx`
change to sanic and motor 2021-04-02 09:10:34 +00:00			`import pymongo`
first commit 2021-03-17 07:58:03 +00:00			`import os`

change to sanic and motor 2021-04-02 09:10:34 +00:00			`app = Sanic(__name__)`
Prepare for Kubernetes migration 2022-12-17 10:46:39 +00:00			`monitor(app).expose_endpoint()`
change to sanic and motor 2021-04-02 09:10:34 +00:00
Give inventory api key in request 2023-08-01 21:32:17 +00:00			`INVENTORY_API_KEY = os.environ["INVENTORY_API_KEY"]`
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"]`
			`DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"]`
Read cards endpoint uri from env 2023-07-30 10:17:14 +00:00			`CARD_URI = os.environ["CARD_URI"]`
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`FLOOR_ACCESS_GROUP = os.environ["FLOOR_ACCESS_GROUP"]`
			`WORKSHOP_ACCESS_GROUP = os.environ["WORKSHOP_ACCESS_GROUP"]`
Remove mongo uri default 2023-08-10 17:46:38 +00:00			`MONGO_URI = os.environ["MONGO_URI"]`
Add missing swipe uri 2023-08-24 17:35:07 +00:00			`SWIPE_URI = os.environ["SWIPE_URI"]`
first commit 2021-03-17 07:58:03 +00:00
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`assert len(DOORBOY_SECRET_FLOOR) >= 10`
			`assert len(DOORBOY_SECRET_WORKSHOP) >= 10`
first commit 2021-03-17 07:58:03 +00:00
Fix MongoDB event loop handling 2021-10-26 17:17:48 +00:00
			`@app.listener("before_server_start")`
			`async def setup_db(app, loop):`
			`# TODO: find cleaner way to do this, for more see`
			`# https://github.com/sanic-org/sanic/issues/919`
Modernize whole stack 2022-02-21 20:10:57 +00:00			`app.ctx.db = AsyncIOMotorClient(MONGO_URI).get_default_database()`
Fix MongoDB event loop handling 2021-10-26 17:17:48 +00:00
first commit 2021-03-17 07:58:03 +00:00			`@app.route("/allowed")`
change to sanic and motor 2021-04-02 09:10:34 +00:00			`async def view_doorboy_uids(request):`
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`key = request.headers.get("KEY")`
Fix key check 2023-08-01 20:02:58 +00:00			`if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:`
clean up requirements, small tweak 2021-04-03 14:09:51 +00:00			`return text("how about no")`
Change allowed endpoint to use inventory api 2023-07-30 10:05:02 +00:00
Fix groups checking 2023-08-10 16:42:18 +00:00			`groups = []`
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`if key == DOORBOY_SECRET_FLOOR:`
Fix groups checking 2023-08-10 16:42:18 +00:00			`groups.append(FLOOR_ACCESS_GROUP)`
			`if key == DOORBOY_SECRET_WORKSHOP:`
			`groups.append(WORKSHOP_ACCESS_GROUP)`
			`if not groups:`
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`return "fail", 500`
Change allowed endpoint to use inventory api 2023-07-30 10:05:02 +00:00			`async with httpx.AsyncClient() as client:`
Use separate workhop and floor keys 2023-08-01 19:21:57 +00:00			`r = await client.post(CARD_URI, json={`
Fix groups checking 2023-08-10 16:42:18 +00:00			`"groups": groups`
Give inventory api key in request 2023-08-01 21:32:17 +00:00			`}, headers={`
			`"Content-Type": "application/json",`
			`"Authorization": f"Basic {INVENTORY_API_KEY}"`
			`})`
Change allowed endpoint to use inventory api 2023-07-30 10:05:02 +00:00			`j = r.json()`
first commit 2021-03-17 07:58:03 +00:00			`allowed_uids = []`
Change allowed endpoint to use inventory api 2023-07-30 10:05:02 +00:00			`for obj in j:`
			`allowed_uids.append({`
			`"token": obj["token"]`
			`})`
clean up requirements, small tweak 2021-04-03 14:09:51 +00:00			`return json({"allowed_uids": allowed_uids})`
first commit 2021-03-17 07:58:03 +00:00

Modernize whole stack 2022-02-21 20:10:57 +00:00			`@app.route("/longpoll", stream=True)`
change to sanic and motor 2021-04-02 09:10:34 +00:00			`async def view_longpoll(request):`
Fix key checking 2023-08-10 16:35:43 +00:00			`key = request.headers.get("KEY")`
Fix key check 2023-08-01 20:02:58 +00:00			`if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:`
Modernize whole stack 2022-02-21 20:10:57 +00:00			`return text("Invalid token")`

Fix reponse already sent error 2023-08-10 17:45:24 +00:00			`response = await request.respond(content_type="text/event-stream")`
Modernize whole stack 2022-02-21 20:10:57 +00:00			`await response.send("data: response-generator-started\n\n")`
			`pipeline = [`
			`{`
			`"$match": {`
			`"operationType": "insert",`
			`}`
			`}`
			`]`
			`try:`
			`async with app.ctx.db.eventlog.watch(pipeline) as stream:`
			`await response.send("data: watch-stream-opened\n\n")`
			`async for event in stream:`
Add approval checking 2023-08-11 15:20:01 +00:00			`if event["fullDocument"].get("type") == "open-door" and event["fullDocument"].get("approved", False):`
Modernize whole stack 2022-02-21 20:10:57 +00:00			`await response.send("data: %s\n\n" %`
			`event["fullDocument"]["door"])`
Fix reponse already sent error 2023-08-10 17:45:24 +00:00			`except pymongo.errors.PyMongoError as e:`
			`print(e)`
			`await response.send("data: response-generator-ended\n\n")`
Modernize whole stack 2022-02-21 20:10:57 +00:00			`return`
first commit 2021-03-17 07:58:03 +00:00
Add swipe proxy endpoint 2023-08-18 01:08:02 +00:00			`@app.post("/swipe")`
			`async def forward_swipe(request):`
			`key = request.headers.get("KEY")`
			`if not key or key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:`
			`return text("Invalid token", status=401)`
			`data = request.json`
Fix swipe reporting 2023-09-05 14:41:58 +00:00			`doors = set()`
Add swipe proxy endpoint 2023-08-18 01:08:02 +00:00			`if key == DOORBOY_SECRET_FLOOR:`
Fix swipe reporting 2023-09-05 14:41:58 +00:00			`doors.update(["backdoor", "frontdoor", "grounddoor"])`
Add swipe proxy endpoint 2023-08-18 01:08:02 +00:00			`if key == DOORBOY_SECRET_WORKSHOP:`
Fix swipe reporting 2023-09-05 14:41:58 +00:00			`doors.add("workshopdoor")`
Add swipe proxy endpoint 2023-08-18 01:08:02 +00:00			`if data.get("door") not in doors:`
Fix swipe reporting 2023-09-05 14:41:58 +00:00			`print("Door", repr(data.get("door")), "not in", doors)`
Add swipe proxy endpoint 2023-08-18 01:08:02 +00:00			`return text("Not allowed", 403)`

			`async with httpx.AsyncClient() as client:`
			`r = await client.post(SWIPE_URI, json=data, headers={`
			`"Content-Type": "application/json",`
			`"Authorization": f"Basic {INVENTORY_API_KEY}"`
			`})`
			`if r.status_code == 200:`
			`return text("ok")`
			`else:`
			`return text("Failed", 500)`

first commit 2021-03-17 07:58:03 +00:00
Modernize whole stack 2022-02-21 20:10:57 +00:00			`if __name__ == "__main__":`
Enable access log 2022-12-17 13:24:13 +00:00			`app.run(debug=False, host="0.0.0.0", port=5000, single_process=True, access_log=True)`