New build

2024-11-22 15:20:09 +01:00 · 2024-07-31 02:27:44 -04:00 · 2024-07-31 02:27:44 -04:00 · 85970f8c96
commit 85970f8c96
parent 881d62d69d
4 changed files with 62 additions and 47 deletions
--- a/src/dashboard.py
+++ b/src/dashboard.py
@ -22,6 +22,7 @@ import psutil
 import pyotp
 from flask import Flask, request, render_template, session
 from json import JSONEncoder
+from flask_cors import CORS

 from icmplib import ping, traceroute

@ -46,7 +47,7 @@ UPDATE = None
 app = Flask("WGDashboard")
 app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 5206928
 app.secret_key = secrets.token_urlsafe(32)
-
+cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

 class ModelEncoder(JSONEncoder):
    def default(self, o: Any) -> Any:
@ -1209,21 +1210,35 @@ API Routes
@app.before_request
 def auth_req():
    authenticationRequired = DashboardConfig.GetConfig("Server", "auth_req")[1]
+    d = request.args
    if authenticationRequired:
-
-        if ('/static/' not in request.path and "username" not in session and "/" != request.path
-                and "validateAuthentication" not in request.path and "authenticate" not in request.path
-                and "getDashboardConfiguration" not in request.path and "getDashboardTheme" not in request.path
-                and "isTotpEnabled" not in request.path
-        ):
-            response = Flask.make_response(app, {
-                "status": False,
-                "message": None,
-                "data": None
-            })
-            response.content_type = "application/json"
-            response.status_code = 401
-            return response
+        apiKey = d.get('apiKey')
+        apiKeyEnabled = DashboardConfig.GetConfig("Server", "dashboard_api_key")[1]
+        if apiKey is not None and len(apiKey) > 0 and apiKeyEnabled:
+            apiKeyExist = len(list(filter(lambda x : x.Key == apiKey, DashboardConfig.DashboardAPIKeys))) == 1
+            if not apiKeyExist:
+                response = Flask.make_response(app, {
+                    "status": False,
+                    "message": "API Key does not exist",
+                    "data": None
+                })
+                response.content_type = "application/json"
+                response.status_code = 401
+                return response
+        else:
+            if ('/static/' not in request.path and "username" not in session and "/" != request.path
+                    and "validateAuthentication" not in request.path and "authenticate" not in request.path
+                    and "getDashboardConfiguration" not in request.path and "getDashboardTheme" not in request.path
+                    and "isTotpEnabled" not in request.path
+            ):
+                response = Flask.make_response(app, {
+                    "status": False,
+                    "message": "Unauthorized access.",
+                    "data": None
+                })
+                response.content_type = "application/json"
+                response.status_code = 401
+                return response


@app.route('/api/validateAuthentication', methods=["GET"])
--- a/src/requirements.txt
+++ b/src/requirements.txt
@ -6,4 +6,4 @@ flask
 icmplib
 sqlalchemy
 flask[async]
-aiosqlite
+flask-cors
--- a/src/static/app/dist/assets/index.css
+++ b/src/static/app/dist/assets/index.css
--- a/src/static/app/dist/assets/index.js
+++ b/src/static/app/dist/assets/index.js