Skip to content
Snippets Groups Projects
Commit aa1914bf authored by Martin Mareš's avatar Martin Mareš
Browse files

DSN: Autorizace API

parent 85343b78
No related branches found
No related tags found
1 merge request!138Zpracování nedoručenek
......@@ -2,21 +2,40 @@
# Tento skript se volá při doručování pošty (například pomocí "execute" v Sieve)
# a předá mail webové části OSMO přes /api/email-dsn.
import os
from pathlib import Path
import requests
from requests.exceptions import RequestException
import sys
if len(sys.argv) != 2:
print('Arguments: <URL of OSMO root>/', file=sys.stderr)
print('Arguments: <URL of OSMO root>', file=sys.stderr)
sys.exit(1)
osmo_url = sys.argv[1]
mail = sys.stdin.buffer.read()
key_path = Path.home() / '.config/osmo/dsn-api-key'
try:
reply = requests.post(f'{osmo_url}api/email-dsn', data=mail, timeout=30)
except RequestException:
with key_path.open() as f:
key = f.readline().strip()
if key == "":
print(f'Cannot read key from {key_path}', file=sys.stderr)
sys.exit(1)
except OSError as e:
print(f'Cannot read {key_path}: {e}', file=sys.stderr)
sys.exit(1)
try:
reply = requests.post(
os.path.join(osmo_url, 'api/email-dsn'),
data=mail,
headers={'Authorization': f'Bearer {key}'},
timeout=30)
except RequestException as e:
print(f'Error sending DSN: {e}')
sys.exit(1)
if reply.status_code != 200:
print(f'Error sending DSN: HTTP status {reply.status_code}')
sys.exit(1)
......@@ -111,3 +111,7 @@ MAILING_LIST_EXCLUDE = {
# Maximální počet e-mailových adres, které jsme ochotni ve webovém rozhraní zobrazit
# uživatelům bez práva unrestricted_email.
EMAILS_SHOW_MAX = 500
# Klíč k API na zpracování mailových nedoručenek. Měl by být také uložen
# v ~/.config/osmo/dsn-api-key účtu, který volá bin/send-dsn. Nesmí obsahovat mezery.
# DSN_API_KEY = "..."
......@@ -112,8 +112,21 @@ def process_dsn_reg(dsn: db.EmailDSN) -> None:
dsn.reg.dsn_id = dsn.dsn_id
def authorize_email_dsn() -> bool:
dsn_api_token = getattr(config, 'DSN_API_KEY', None)
auth_header = request.headers.get('Authorization')
if dsn_api_token is None or auth_header is None:
return False
fields = auth_header.split()
return len(fields) == 2 and fields[1] == dsn_api_token
@app.route('/api/email-dsn', methods=('POST',))
def api_email_dsn() -> Response:
if not authorize_email_dsn():
raise werkzeug.exceptions.Forbidden()
body = request.get_data(cache=False)
try:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment