Use separate workhop and floor keys

2023-08-01 22:21:57 +03:00 · 2023-08-01 22:21:57 +03:00 · 26a602a282
commit 26a602a282
parent 63a8b9e5f7
2 changed files with 21 additions and 9 deletions
--- a/app/doorboy-proxy.py
+++ b/app/doorboy-proxy.py
@ -10,13 +10,16 @@ import os
 app = Sanic(__name__)
 monitor(app).expose_endpoint()
-DOORBOY_SECRET = os.environ["DOORBOY_SECRET"]
+DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"]
 DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"]
 CARD_URI = os.environ["CARD_URI"]
-CARD_KUBE_GROUP = os.environ["CARD_KUBE_GROUP"]
+FLOOR_ACCESS_GROUP = os.environ["FLOOR_ACCESS_GROUP"]
 WORKSHOP_ACCESS_GROUP = os.environ["WORKSHOP_ACCESS_GROUP"]
 MONGO_URI = os.getenv("MONGO_URI",
                      "mongodb://127.0.0.1:27017/default?replicaSet=rs0")
-assert len(DOORBOY_SECRET) >= 10
+assert len(DOORBOY_SECRET_FLOOR) >= 10
 assert len(DOORBOY_SECRET_WORKSHOP) >= 10
@app.listener("before_server_start")
@ -27,13 +30,20 @@ async def setup_db(app, loop):
@app.route("/allowed")
 async def view_doorboy_uids(request):
-    if request.headers.get("KEY") != DOORBOY_SECRET:
+    key = request.headers.get("KEY")
    if key not in [DOORBOY_SECRET_FLOOR, DOORBOY_SECRET_WORKSHOP]:
        return text("how about no")
    if key == DOORBOY_SECRET_FLOOR:
        group = FLOOR_ACCESS_GROUP
    elif key == DOORBOY_SECRET_WORKSHOP:
        group = WORKSHOP_ACCESS_GROUP
    if not group:
        return "fail", 500
    async with httpx.AsyncClient() as client:
-        r = await client.get(CARD_URI, params={
+        r = await client.post(CARD_URI, json={
-            "group": CARD_KUBE_GROUP
+            "groups": [group]
-        })
+        }, headers={"Content-Type": "application/json"})
    j = r.json()
    allowed_uids = []
    for obj in j:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -24,8 +24,10 @@ services:
  doorboy_proxy:
    network_mode: host
    environment:
-      DOORBOY_SECRET: "0123456789"
+      DOORBOY_SECRET_FLOOR: "0123456789"
-      CARD_KUBE_GROUP: "codemowers:admins"
+      DOORBOY_SECRET_WORKSHOP: "9999999999"
      FLOOR_ACCESS_GROUP: "k-space:floor"
      WORKSHOP_ACCESS_GROUP: "k-space:workshop"
      CARD_URI: "https://inventory-app-72zn4.codemowers.ee/cards"
    build:
      context: .