Admin changes

augur/api/routes/__init__.py

@@ -1,6 +1,7 @@
 AUGUR_API_VERSION = 'api/unstable'
 
 from .application import *
+from .admin import *
 from .batch import *
 from .collection_status import *
 from .config import *

augur/api/routes/admin.py

@@ -0,0 +1,27 @@
+from augur.api.routes import AUGUR_API_VERSION
+from ..server import app
+import sqlalchemy as s
+import json
+from subprocess import run, PIPE, Popen
+from flask import Response, current_app, jsonify
+
+from augur.application.db.lib import get_value
+from augur.application.logs import AugurLogger
+from augur.api.util import admin_required
+
+logger = AugurLogger("augur").get_logger()
+
+@app.route(f"/{AUGUR_API_VERSION}/admin/shutdown")
+@admin_required
+def shutdown_system():
+    run("augur backend stop-collection-blocking".split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
+    Popen("augur backend stop", shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+
+    return jsonify({"status": "shutdown"})
+
+@app.route(f"/{AUGUR_API_VERSION}/admin/restart")
+@admin_required
+def restart_system():
+    Popen("python scripts/control/restart.py", shell=True)
+
+    return jsonify({"status": "restart"})

augur/api/routes/config.py

@@ -7,43 +7,52 @@
 import sqlalchemy as s
 
 # Disable the requirement for SSL by setting env["AUGUR_DEV"] = True
-from augur.application.config import get_development_flag
+from augur.api.util import ssl_required, admin_required
 from augur.application.db.lib import get_session
 from augur.application.db.models import Config
 from augur.application.config import AugurConfig
 from augur.application.db.session import DatabaseSession
 from ..server import app
 
 logger = logging.getLogger(__name__)
-development = get_development_flag()
 
 from augur.api.routes import AUGUR_API_VERSION
 
-def generate_upgrade_request():
-    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/426
-    response = jsonify({"status": "SSL Required"})
-    response.headers["Upgrade"] = "TLS"
-    response.headers["Connection"] = "Upgrade"
-
-    return response, 426
-
 @app.route(f"/{AUGUR_API_VERSION}/config/get", methods=['GET', 'POST'])
+@ssl_required
 def get_config():
-    if not development and not request.is_secure:
-        return generate_upgrade_request()
-
     with DatabaseSession(logger, engine=current_app.engine) as session:
 
         config_dict = AugurConfig(logger, session).config.load_config()
 
     return jsonify(config_dict), 200
 
+@app.route(f"/{AUGUR_API_VERSION}/config/set", methods=['GET', 'POST'])
+@ssl_required
+@admin_required
+def set_config_item():
+    setting = request.args.get("setting")
+    section = request.args.get("section")
+    value = request.values.get("value")
+
+    result = {
+        "section_name": section,
+        "setting_name": setting,
+        "value": value
+    }
+
+    if not setting or not section or not value:
+        return jsonify({"status": "Missing argument"}), 400
+
+    with get_session() as session:
+        config = AugurConfig(logger, session)
+        config.add_or_update_settings([result])
+
+    return jsonify({"status": "success"})
 
 @app.route(f"/{AUGUR_API_VERSION}/config/update", methods=['POST'])
+@ssl_required
 def update_config():
-    if not development and not request.is_secure:
-        return generate_upgrade_request()
-
     update_dict = request.get_json()
 
     with get_session() as session:
@@ -64,5 +73,3 @@ def update_config():
         session.commit()
 
     return jsonify({"status": "success"}), 200
-
-

augur/api/util.py

@@ -6,14 +6,16 @@
 import re
 import beaker
 
-from flask import request, jsonify, current_app
+from flask import request, jsonify, current_app, abort
 
 from augur.application.db import get_session
 from functools import wraps
 from sqlalchemy.orm.exc import NoResultFound
 from augur.application.config import get_development_flag
 from augur.application.db.models import ClientApplication
 
+from flask_login import login_required, current_user
+
 development = get_development_flag()
 
 __ROOT = os.path.abspath(os.path.dirname(__file__))
@@ -112,7 +114,6 @@ def get_client_token():
 
     return token
 
-
 # usage:
 """
 @app.route("/path")
@@ -155,4 +156,22 @@ def wrapper(*args, **kwargs):
             return generate_upgrade_request()
         return fun(*args, **kwargs)
 
-    return wrapper
+    return wrapper
+
+def admin_required(func):
+    @login_required
+    @wraps(func)
+    def inner_function(*args, **kwargs):
+        if current_user.admin:
+            return func(*args, **kwargs)
+        else:
+            abort(403)
+    return inner_function
+
+def development_required(func):
+    @wraps(func)
+    def inner_function(*args, **kwargs):
+        if not development:
+            abort(403)
+        return func(*args, **kwargs)
+    return inner_function

augur/api/view/augur_view.py

@@ -1,10 +1,12 @@
 from flask import render_template, redirect, url_for, session, request, jsonify
-from flask_login import LoginManager
+from flask_login import LoginManager, current_user, login_required
 from io import StringIO
 from .utils import *
 from .init import logger
 from .url_converters import *
 
+from functools import wraps
+
 # from .server import User
 from ..server import app, db_session
 from augur.application.db.models import User, UserSessionToken
@@ -38,6 +40,13 @@ def unsupported_method(error):
 
     return render_message("405 - Method not supported", "The resource you are trying to access does not support the request method used"), 405
 
+@app.errorhandler(403)
+def forbidden(error):
+    if AUGUR_API_VERSION in str(request.url_rule):
+        return jsonify({"status": "Forbidden"}), 403
+
+    return render_message("403 - Forbidden", "You do not have permission to view this page"), 403
+
 @app.errorhandler(500)
 def internal_server_error(error):
     if AUGUR_API_VERSION in str(request.path):
@@ -52,8 +61,21 @@ def internal_server_error(error):
         errout.close()
     except Exception as e:
         logger.error(e)
+        raise e
 
-    return render_message("500 - Internal Server Error", "An error occurred while trying to service your request. Please try again, and if the issue persists, please file a GitHub issue with the below error message:", error=stacktrace), 500
+    return render_message("500 - Internal Server Error", """An error occurred while trying to service your request.
+                          Please try again, and if the error persists, please file a GitHub issue with a description
+                          of what you were doing before this error occurred accompanied by the below error message:""", error=stacktrace), 500
+
+@app.template_filter("escape_ID")
+def escape_HTML_ID(data: str) -> str:
+    # Done this way in case we want to add more replacements in the future
+    data = data.replace(".", "\\.")
+    return data
+
+@app.template_filter("quoted")
+def quote_surrounded(data: str) -> str:
+    return '"' + data + '"'
 
 @login_manager.unauthorized_handler
 def unauthorized():
@@ -98,19 +120,16 @@ def load_user(user_id):
 @login_manager.request_loader
 def load_user_request(request):
     token = get_bearer_token()
-
     current_time = int(time.time())
-    token = db_session.query(UserSessionToken).filter(UserSessionToken.token == token, UserSessionToken.expiration >= current_time).first()
-    if token:
 
-        print("Valid user")
+    token = db_session.query(UserSessionToken).filter(UserSessionToken.token == token, UserSessionToken.expiration >= current_time).first()
 
+    if token:
         user = token.user
         user._is_authenticated = True
         user._is_active = True
-
         return user
-        
+
     return None
 
 @app.template_filter('as_datetime')

augur/api/view/routes.py

@@ -3,16 +3,23 @@
 """
 import logging
 import math
+import os
+import signal
 from flask import render_template, request, redirect, url_for, session, flash
 from .utils import *
+from augur.api.util import admin_required, development_required
 from flask_login import login_user, logout_user, current_user, login_required
+from sqlalchemy.exc import OperationalError
 
 from augur.application.db.models import User, Repo, ClientApplication
 from .server import LoginException
 from augur.application.util import *
 from augur.application.db.lib import get_value
+from augur.application.config import AugurConfig
 from ..server import app, db_session
 
+from augur.application.db.lib import get_session
+
 logger = logging.getLogger(__name__)
 
 
@@ -112,6 +119,10 @@ def repo_card_view():
 @app.route('/collection/status')
 def status_view():
     return render_module("status", title="Status")
+
+@app.route('/connection_status')
+def server_ping_frontend():
+    return render_module("ping")
 
 """ ----------------------------------------------------------------
 login:
@@ -318,6 +329,7 @@ def user_group_view(group = None):
     return render_module("user-group-repos-table", title="Repos", repos=data, query_key=query, activePage=params["page"], pages=page_count, offset=pagination_offset, PS="user_group_view", reverse = rev, sorting = params.get("sort"), group=group)
 
 @app.route('/error')
+@development_required
 def throw_exception():
     raise Exception("This Exception intentionally raised")
 
@@ -326,6 +338,7 @@ def throw_exception():
     View the admin dashboard.
 """
 @app.route('/dashboard')
+@admin_required
 def dashboard_view():
     empty = [
         { "title": "Placeholder", "settings": [
@@ -337,6 +350,14 @@ def dashboard_view():
         ]}
     ]
 
-    backend_config = requestJson("config/get", False)
+    backend_config = AugurConfig(logger, db_session).load_config()
+
+    with get_session() as session:
+        try:
+            users = session.query(User).all()
+        except OperationalError as e:
+            # Instruct Gunicorn to reboot workers to resolve database connection instability
+            os.kill(os.getpid(), signal.SIGTERM)
+            return "reloading"
 
-    return render_template('admin-dashboard.j2', sections = empty, config = backend_config)
+    return render_template('admin-dashboard.j2', sections = empty, config = backend_config, users = users)