39 lines
1.4 KiB
Python
39 lines
1.4 KiB
Python
import falcon
|
|
import logging
|
|
from certidude import const, config, authority
|
|
from certidude.decorators import serialize
|
|
from jinja2 import Environment, FileSystemLoader
|
|
from certidude.firewall import whitelist_subject
|
|
|
|
logger = logging.getLogger(__name__)
|
|
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)
|
|
|
|
class ScriptResource():
|
|
@whitelist_subject
|
|
def on_get(self, req, resp, cn):
|
|
path, buf, cert, attribs = authority.get_attributes(cn)
|
|
# TODO: are keys unique?
|
|
named_tags = {}
|
|
other_tags = []
|
|
|
|
try:
|
|
for tag in attribs.get("user").get("xdg").get("tags").split(","):
|
|
if "=" in tag:
|
|
k, v = tag.split("=", 1)
|
|
named_tags[k] = v
|
|
else:
|
|
other_tags.append(tag)
|
|
except AttributeError: # No tags
|
|
pass
|
|
|
|
script = named_tags.get("script", config.SCRIPT_DEFAULT)
|
|
resp.set_header("Content-Type", "text/x-shellscript")
|
|
resp.body = env.get_template(script).render(
|
|
authority_name=const.FQDN,
|
|
common_name=cn,
|
|
other_tags=other_tags,
|
|
named_tags=named_tags,
|
|
attributes=attribs.get("user").get("machine"))
|
|
logger.info("Served script %s for %s at %s" % (script, cn, req.context["remote_addr"]))
|
|
# TODO: Assert time is within reasonable range
|