k-space/doorboy-proxy
11
0
Fork 0
Code Issues 3 Pull Requests 1 Projects Activity

groups doc

Browse Source
This commit is contained in:
rasmus
2025-08-08 05:40:45 +03:00
parent f5cfb3454a
commit 4e493069ab
4 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -35,7 +35,8 @@ docker-compose -f docker-compose.yml up --build
On kdoorpi override `KDOORPI_API_ALLOWED`, `KDOORPI_API_LONGPOLL` environment variables On kdoorpi override `KDOORPI_API_ALLOWED`, `KDOORPI_API_LONGPOLL` environment variables
to redirect requests to your dev instance. to redirect requests to your dev instance.
# Slack bot # Deployment
## Slack credentials
1. https://api.slack.com/apps → Create new app → From scratch 1. https://api.slack.com/apps → Create new app → From scratch
1. Verification Token as `SLACK_VERIFICATION_TOKEN` 1. Verification Token as `SLACK_VERIFICATION_TOKEN`
1. App home → Bot user 1. App home → Bot user
@@ -47,3 +48,6 @@ to redirect requests to your dev instance.
<!-- `incoming-webhook` --> <!-- `incoming-webhook` -->
1. Add commands. Request URL `https://doorboy-proxy.k-space.ee/slack-open` 1. Add commands. Request URL `https://doorboy-proxy.k-space.ee/slack-open`
1. Incoming Webhooks → assign to channel -> Webhook URL as `SLACK_DOORLOG_CALLBACK` 1. Incoming Webhooks → assign to channel -> Webhook URL as `SLACK_DOORLOG_CALLBACK`
## OIDC groups
Assumes `k-space:floor` and `k-space:workshop`, same in inventory-app.

6
app/doorboy-proxy.py
View File

@@ -21,8 +21,6 @@ monitor(app).expose_endpoint()
DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"] DOORBOY_SECRET_FLOOR = os.environ["DOORBOY_SECRET_FLOOR"]
# API key for godoor controllers authenticating to k-space:workshop # API key for godoor controllers authenticating to k-space:workshop
DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"] DOORBOY_SECRET_WORKSHOP = os.environ["DOORBOY_SECRET_WORKSHOP"]
FLOOR_ACCESS_GROUP = os.getenv("FLOOR_ACCESS_GROUP", "k-space:floor")
WORKSHOP_ACCESS_GROUP = os.getenv("WORKSHOP_ACCESS_GROUP", "k-space:workshop")
MONGO_URI = os.environ["MONGO_URI"] MONGO_URI = os.environ["MONGO_URI"]
@@ -61,9 +59,9 @@ async def view_doorboy_uids(request):
# authorize # authorize
key = request.headers.get("KEY") key = request.headers.get("KEY")
if key == DOORBOY_SECRET_FLOOR: if key == DOORBOY_SECRET_FLOOR:
users = kube.users_with_group(FLOOR_ACCESS_GROUP) users = kube.users_with_group("k-space:floor")
elif key == DOORBOY_SECRET_WORKSHOP: elif key == DOORBOY_SECRET_WORKSHOP:
users = kube.users_with_group(WORKSHOP_ACCESS_GROUP) users = kube.users_with_group("k-space:workshop")
else: else:
print("WARN: unknown door token in /allowed") print("WARN: unknown door token in /allowed")
return "unknown doorboy secret token", 403 return "unknown doorboy secret token", 403

2
app/kube.py
View File

@@ -3,7 +3,7 @@ from typing import List, Tuple
from kubernetes import client, config from kubernetes import client, config
OIDC_USERS_NAMESPACE = os.getenv("OIDC_USERS_NAMESPACE") OIDC_USERS_NAMESPACE = os.environ["OIDC_USERS_NAMESPACE"]
def users_with_group(group: str) -> List[str]: def users_with_group(group: str) -> List[str]:

4
docker-compose.yml
View File

@@ -21,10 +21,10 @@ services:
doorboy_proxy: doorboy_proxy:
environment: environment:
OIDC_USERS_NAMESPACE: passmower
DOORBOY_SECRET_FLOOR: "0123456789" DOORBOY_SECRET_FLOOR: "0123456789"
DOORBOY_SECRET_WORKSHOP: "9999999999" DOORBOY_SECRET_WORKSHOP: "9999999999"
FLOOR_ACCESS_GROUP: "k-space:floor" SLACK_VERIFICATION_TOKEN: DEV
WORKSHOP_ACCESS_GROUP: "k-space:workshop"
SLACK_DOORLOG_CALLBACK: DEV SLACK_DOORLOG_CALLBACK: DEV
SLACK_CHANNEL_ID: CDL9H8Q9W SLACK_CHANNEL_ID: CDL9H8Q9W
env_file: .env env_file: .env