server-configs/machines/gerd/services/member-website/app.py

#!/usr/bin/env nix-shell
#!nix-shell --pure -i python3 -p "python3.withPackages (ps: with ps; [ flask ])"
from typing import Any

from flask import Flask, request
from flask import render_template, render_template_string
import argparse
import logging
import json
import sys

logging.basicConfig()
logger = logging.getLogger(__name__)

app = Flask(__name__)

services_data: dict[str, Any] = {}

tmpl_index = """
<!doctype html>
<title>Members Area</title>
<b>Welcome to the members area {% if user.name %} {{ user.name }} {% else %} {{ user.username }} {% endif %}!</b>

<h1>Services</h1>
{% for name, info in services.items() %}
<h3>{{ info.name }}</h3>
  {{ info.description }}
  {% if info.url %}
  <br>
  Link: <a href="{{ info.url }}">{{ info.url }}</a>
  {% endif %}
  <pre>
  Package name: {{ info.package.name }}
  Package version: {{ info.package.version }}
  Package homepage: {{ info.package.meta.homepage }}
  License: <a href="{{ info.package.meta.license.url }}">{{ info.package.meta.license.spdxId }} ({{ info.package.meta.license.shortName }})</a>
  Unfree: {{ info.package.meta.unfree }}
  </pre>
<hr>
{% endfor %}

{% if show_debug %}
<br>
<br>
<br>
Debug information:
<ul>
  <li>Username: {{ user.username }}</li>
  <li>Name: {{ user.name }}</li>
  <li>Email: {{ user.email }}</li>
  <li>Groups: {{ user.groups }}</li>
</ul>
{% endif %}
"""


def extract_secrets() -> dict[str, str]:
    new_args = {}
    # read all secrets
    for service in services_data.values():
        for k, v in service.get("secrets", {}).items():
            try:
                fcontent = open(v, "r").read()
            except Exception as e:
                logger.exception("unable to open secret file", e)
                continue

            isEnv: bool = False
            if v.endswith("env"):
                isEnv = True

            if not isEnv:
                new_args[k.upper()] = fcontent
                continue

            # parse env file
            for line in fcontent.splitlines():
                line = line.strip()
                if not line:
                    continue

                envkey, envvalue = line.split("=", maxsplit=1)

                if envvalue[0] == '"' or envvalue[1] == "'":
                    envvalue = envvalue[1:-1]

                new_args[envkey.upper()] = envvalue

    return new_args


@app.route("/")
@app.route("/members")
def index():
    # extract user information
    user_info = {
        "username": request.headers.get("Remote-User"),
        "name": request.headers.get("Remote-Name"),
        "groups": request.headers.get("Remote-Groups"),
        "email": request.headers.get("Remote-Email"),
    }
    tmpl_firstpass = render_template_string(
        tmpl_index,
        services=services_data,
        user=user_info,
        show_debug=bool(request.args.get("debug")),
    )
    return render_template_string(
        tmpl_firstpass,
        user=user_info,
        secrets=extract_secrets(),
    )


if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument(
        "--debug",
        type=bool,
        action=argparse.BooleanOptionalAction,
        default=False,
    )
    parser.add_argument("--listen", type=str, default="127.0.0.1")
    parser.add_argument("--port", type=int, default=5000)
    parser.add_argument("--meta-json", type=str, required=True)
    args = parser.parse_args()

    if args.debug:
        logger.setLevel(logging.DEBUG)

    services_data = json.loads(open(args.meta_json, "r").read())
    app.run(host=args.listen, port=args.port, debug=args.debug)