diff --git a/app.py b/app.py index fb41760..ec18817 100644 --- a/app.py +++ b/app.py @@ -230,7 +230,37 @@ def admin_logout(): @app.route("/dashboard") def admin_dashboard(): if "username" in session: - return render_template("dashboard.html") + + tokens = db.get_tokens() + + return render_template("dashboard.html", api_tokens=tokens) + else: + return abort(403) + + +@app.route("/generate_token", methods=["POST"]) +def admin_generate_token(): + if "username" in session: + + description = request.form.get("description") + + db.generate_api_token(description) + flash("Generated API token", "success") + + return redirect("/dashboard") + else: + return abort(403) + + +@app.route("/del_token", methods=["POST"]) +def admin_del_token(): + if "username" in session: + + token = request.form.get("token") + + db.delete_token(token) + flash("Deleted API token", "success") + return redirect("/dashboard") else: return abort(403) diff --git a/database.py b/database.py index fd80a31..11dd4b5 100644 --- a/database.py +++ b/database.py @@ -3,6 +3,7 @@ import datetime import json import os import bcrypt +import uuid class InvalidQueryException(Exception): @@ -29,6 +30,13 @@ class File: self.website_id = website_id +class ApiToken: + + def __init__(self, token, description): + self.token = token + self.description = description + + class Database: SORT_ORDERS = { @@ -391,6 +399,44 @@ class Database: cursor.execute("INSERT INTO Admin (username, password) VALUES (?,?)", (username, hashed_pw)) conn.commit() + def check_api_token(self, token) -> bool: + + with sqlite3.connect(self.db_path) as conn: + cursor = conn.cursor() + + cursor.execute("SELECT token FROM ApiToken WHERE token=?", (token, )) + return cursor.fetchone() is not None + + def generate_api_token(self, description: str) -> str: + + with sqlite3.connect(self.db_path) as conn: + cursor = conn.cursor() + + token = str(uuid.uuid4()) + cursor.execute("INSERT INTO ApiToken (token, description) VALUES (?, ?)", (token, description)) + conn.commit() + + return token + + def get_tokens(self) -> list: + + with sqlite3.connect(self.db_path) as conn: + cursor = conn.cursor() + + cursor.execute("SELECT * FROM ApiToken") + + return [ApiToken(x[0], x[1]) for x in cursor.fetchall()] + + def delete_token(self, token: str) -> None: + + with sqlite3.connect(self.db_path) as conn: + cursor = conn.cursor() + + cursor.execute("DELETE FROM ApiToken WHERE token=?", (token, )) + conn.commit() + + + diff --git a/init_script.sql b/init_script.sql index c2d9afc..a318de7 100644 --- a/init_script.sql +++ b/init_script.sql @@ -45,7 +45,12 @@ CREATE TABLE Queue ( CREATE TABLE Admin ( username TEXT PRIMARY KEY NOT NULL, password TEXT -) +); + +CREATE TABLE ApiToken ( + token TEXT PRIMARY KEY NOT NULL, + description TEXT +); -- Full Text Index diff --git a/static/js/report.js b/static/js/report.js index ae46c2e..dee2b19 100644 --- a/static/js/report.js +++ b/static/js/report.js @@ -75,7 +75,7 @@ function fillTable(rData) { document.getElementById("baseUrl").innerHTML = rData["base_url"]; document.getElementById("fileCount").innerHTML = rData["total_count"]; document.getElementById("totalSize").innerHTML = humanFileSize(rData["total_size"]); - document.getElementById("reportTime").innerHTML = rData["report_time"]; + document.getElementById("reportTime").innerHTML = rData["report_time"] + " UTC"; } diff --git a/templates/dashboard.html b/templates/dashboard.html index bde547c..ee6129d 100644 --- a/templates/dashboard.html +++ b/templates/dashboard.html @@ -3,11 +3,53 @@ {% block body %}
-
-
Dashboard
-
- Logout +
+
Dashboard
+
+ +

API Keys

+ + + + + + + + + + + {% for token in api_tokens %} + + + + + + {% endfor %} + +
DescriptionKeyAction
{{ token.description }}{{ token.token }} +
+ + +
+
+
+
+
+ +
+
+ +
+
+
+ +

Misc actions

+ +

TODO:

+ +
+ Logout +
-
{% endblock body %}