From ee064bde2dd1f81c77fb4c3f3d8339b7b6e5ebee Mon Sep 17 00:00:00 2001 From: rasmus Date: Thu, 7 Aug 2025 23:59:11 +0300 Subject: [PATCH] move /m/doorboy/swipe to doorboy-proxy --- inventory-app/doorboy.py | 98 +++++----------------------------------- 1 file changed, 12 insertions(+), 86 deletions(-) diff --git a/inventory-app/doorboy.py b/inventory-app/doorboy.py index d35fb3f..066f305 100644 --- a/inventory-app/doorboy.py +++ b/inventory-app/doorboy.py @@ -10,7 +10,6 @@ from wtforms.validators import DataRequired import pytz import const -from api import check_api_key from common import slack_post, User from oidc import login_required, read_user @@ -144,6 +143,18 @@ def view_doorboy_hold(): }) return redirect("/m/doorboy") +@page_doorboy.route("/m/doorboy/slam", methods=["POST"]) +@login_required +def view_doorboy_slam(): + user = read_user() + db.eventlog.insert_one({ + "component": "doorboy", + "type": "hold", + "requester": user["name"], + "door": form.door_name.data, + "expires": datetime.utcnow() + timedelta(minutes=form.duration_min.data) + }) + return redirect("/m/doorboy") @page_doorboy.route("/m/doorboy//open") @login_required @@ -179,21 +190,6 @@ def view_doorboy_open(door): else: return "", 401 - -@page_doorboy.route("/m/doorboy/slam", methods=["POST"]) -@login_required -def view_doorboy_slam(): - user = read_user() - db.eventlog.insert_one({ - "component": "doorboy", - "type": "hold", - "requester": user["name"], - "door": form.door_name.data, - "expires": datetime.utcnow() + timedelta(minutes=form.duration_min.data) - }) - return redirect("/m/doorboy") - - @page_doorboy.route("/m/doorboy") @login_required def view_doorboy(): @@ -295,73 +291,3 @@ def view_doorboy_token_events(token_id): token = db.inventory.find_one({"_id": ObjectId(token_id)}) latest_events = db.eventlog.find({"component": "doorboy", "event":"card-swiped", "token.uid_hash": token.get("token").get("uid_hash")}).sort([("timestamp", -1)]) return render_template("doorboy.html", **locals()) - -class FormSwipe(FlaskForm): - class Meta: - csrf = False - uid = StringField('uid', validators=[]) - uid_hash = StringField('uid', validators=[]) - door = StringField('door', validators=[DataRequired()]) - success = BooleanField('success', validators=[]) - timestamp = DateTimeField('timestamp') - -@page_doorboy.route("/m/doorboy/swipe", methods=["POST"]) -@check_api_key -def view_swipe(): - form = request.json - print(form) - timestamp = parse(form["timestamp"]) if form.get("timestamp") else None - now = datetime.utcnow() - # Make sure token exists - db.inventory.update_one({ - "type": "token", - "component": "doorboy", - "token.uid_hash": form["uid_hash"] - }, { - "$set": { - "last_seen": timestamp or now - }, - "$setOnInsert": { - "component": "doorboy", - "type": "token", - "first_seen": now, - "inventory": { - "claimable": True, - } - } - }, upsert=True) - - # Fetch token to read owner - token = db.inventory.find_one({ - "type": "token", - "component": "doorboy", - "token.uid_hash": form["uid_hash"] - }) - - event_swipe = { - "component": "doorboy", - "timestamp": timestamp, - "door": form["door"], - "event": "card-swiped", - "approved": form["approved"], - "token": { - "uid_hash": form["uid_hash"] - }, - "inventory": {} - } - - if token.get("inventory", {}).get("owner", {}).get("username", None): - event_swipe["inventory"]["owner_id"] = token["inventory"]["owner"]["username"] - - db.eventlog.insert_one(event_swipe) - - status = "Permitted" if form["approved"] else "Denied" - username = token.get("inventory", {}).get("owner", {}).get("username", None) - if username and username in g.users_lookup: - subject = g.users_lookup[username].display_name or username - else: - subject = "Unknown" - msg = "%s %s door access for %s identified by keycard/keyfob" % (status, form["door"], subject) - slack_post(msg, "doorboy") - - return "ok"