Generate and delete API tokens

2025-04-16 08:56:44 +00:00 · 2018-06-09 12:41:28 -04:00 · 2018-06-09 12:41:28 -04:00 · a25976d24a
commit a25976d24a
parent de717d3992
5 changed files with 131 additions and 8 deletions
--- a/app.py
+++ b/app.py
@ -230,7 +230,37 @@ def admin_logout():
@app.route("/dashboard")
 def admin_dashboard():
    if "username" in session:
-        return render_template("dashboard.html")
+
+        tokens = db.get_tokens()
+
+        return render_template("dashboard.html", api_tokens=tokens)
+    else:
+        return abort(403)
+
+
+@app.route("/generate_token", methods=["POST"])
+def admin_generate_token():
+    if "username" in session:
+
+        description = request.form.get("description")
+
+        db.generate_api_token(description)
+        flash("Generated API token", "success")
+
+        return redirect("/dashboard")
+    else:
+        return abort(403)
+
+
+@app.route("/del_token", methods=["POST"])
+def admin_del_token():
+    if "username" in session:
+
+        token = request.form.get("token")
+
+        db.delete_token(token)
+        flash("Deleted API token", "success")
+        return redirect("/dashboard")
    else:
        return abort(403)

--- a/database.py
+++ b/database.py
@ -3,6 +3,7 @@ import datetime
 import json
 import os
 import bcrypt
+import uuid


 class InvalidQueryException(Exception):
@ -29,6 +30,13 @@ class File:
        self.website_id = website_id


+class ApiToken:
+
+    def __init__(self, token, description):
+        self.token = token
+        self.description = description
+
+
 class Database:

    SORT_ORDERS = {
@ -391,6 +399,44 @@ class Database:
            cursor.execute("INSERT INTO Admin (username, password) VALUES (?,?)", (username, hashed_pw))
            conn.commit()

+    def check_api_token(self, token) -> bool:
+
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.cursor()
+
+            cursor.execute("SELECT token FROM ApiToken WHERE token=?", (token, ))
+            return cursor.fetchone() is not None
+
+    def generate_api_token(self, description: str) -> str:
+
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.cursor()
+
+            token = str(uuid.uuid4())
+            cursor.execute("INSERT INTO ApiToken (token, description) VALUES (?, ?)", (token, description))
+            conn.commit()
+
+            return token
+
+    def get_tokens(self) -> list:
+
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.cursor()
+
+            cursor.execute("SELECT * FROM ApiToken")
+
+            return [ApiToken(x[0], x[1]) for x in cursor.fetchall()]
+
+    def delete_token(self, token: str) -> None:
+
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.cursor()
+
+            cursor.execute("DELETE FROM ApiToken WHERE token=?", (token, ))
+            conn.commit()
+
+
+



--- a/init_script.sql
+++ b/init_script.sql
@ -45,7 +45,12 @@ CREATE TABLE Queue (
 CREATE TABLE Admin (
  username TEXT PRIMARY KEY NOT NULL,
  password TEXT
-)
+);
+
+CREATE TABLE ApiToken (
+  token TEXT PRIMARY KEY NOT NULL,
+  description TEXT
+);

 -- Full Text Index

--- a/static/js/report.js
+++ b/static/js/report.js
@ -75,7 +75,7 @@ function fillTable(rData) {
    document.getElementById("baseUrl").innerHTML = rData["base_url"];
    document.getElementById("fileCount").innerHTML = rData["total_count"];
    document.getElementById("totalSize").innerHTML = humanFileSize(rData["total_size"]);
-    document.getElementById("reportTime").innerHTML = rData["report_time"];
+    document.getElementById("reportTime").innerHTML = rData["report_time"] + " UTC";

 }

--- a/templates/dashboard.html
+++ b/templates/dashboard.html
@ -3,11 +3,53 @@

 {% block body %}
    <div class="container">
-    <div class="card">
-        <div class="card-header">Dashboard</div>
-        <div class="card-body">
-            <a class="btn btn-info" href="/logout">Logout</a>
+        <div class="card">
+            <div class="card-header">Dashboard</div>
+            <div class="card-body">
+
+                <h3>API Keys</h3>
+                <table class="table table-striped">
+                    <thead>
+                    <tr>
+                        <th>Description</th>
+                        <th>Key</th>
+                        <th>Action</th>
+                    </tr>
+                    </thead>
+
+                    <tbody>
+                    {% for token in api_tokens %}
+                        <tr>
+                            <td>{{ token.description }}</td>
+                            <td><code>{{ token.token }}</code></td>
+                            <td>
+                                <form action="/del_token" method="post">
+                                    <input type="hidden" value="{{ token.token }}" name="token">
+                                    <input type="submit" class="btn btn-danger" value="Delete">
+                                </form>
+                            </td>
+                        </tr>
+                    {% endfor %}
+                    </tbody>
+                </table>
+                <form action="/generate_token" method="post">
+                    <div class="form-row">
+                        <div class="col col-md-10">
+                            <input class="form-control" name="description" placeholder="Description">
+                        </div>
+                        <div class="col col-md-2">
+                            <input type="submit" class="form-control btn btn-primary" value="Generate API token">
+                        </div>
+                    </div>
+                </form>
+
+                <h3>Misc actions</h3>
+
+                <p>TODO: </p>
+
+                <hr>
+                <a class="btn btn-info" href="/logout">Logout</a>
+            </div>
        </div>
    </div>
-    </div>
 {% endblock body %}