106 lines
4.1 KiB
Python
106 lines
4.1 KiB
Python
import streamlit as st
|
|
import requests
|
|
import logging
|
|
import os
|
|
|
|
def initialiser_logger():
|
|
LOG_FILE_PATH = "/var/log/fabnum-auth.log"
|
|
if not os.path.exists(os.path.dirname(LOG_FILE_PATH)):
|
|
os.makedirs(os.path.dirname(LOG_FILE_PATH), exist_ok=True)
|
|
|
|
logger = logging.getLogger("auth_logger")
|
|
logger.setLevel(logging.INFO)
|
|
if not logger.hasHandlers():
|
|
fh = logging.FileHandler(LOG_FILE_PATH)
|
|
formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
|
|
fh.setFormatter(formatter)
|
|
logger.addHandler(fh)
|
|
return logger
|
|
|
|
def connexion():
|
|
if "logged_in" not in st.session_state or not st.session_state.logged_in:
|
|
st.html("""
|
|
<section role="region" aria-label="region-authentification">
|
|
<div role="region" aria-labelledby="Authentification">
|
|
<p id="Authentification" class="decorative-heading">Authentification</p>
|
|
""")
|
|
|
|
GITEA_URL = "https://fabnum-git.peccini.fr/api/v1"
|
|
ORGANISATION = "FabNum"
|
|
EQUIPE_CIBLE = "Administrateurs"
|
|
|
|
logger = initialiser_logger()
|
|
|
|
if "logged_in" not in st.session_state:
|
|
st.session_state.logged_in = False
|
|
st.session_state.username = ""
|
|
st.session_state.token = ""
|
|
|
|
if not st.session_state.logged_in:
|
|
with st.form("auth_form"):
|
|
token = st.text_input("Token d'accès personnel Gitea", type="password")
|
|
submitted = st.form_submit_button("Se connecter")
|
|
|
|
if submitted and token:
|
|
erreur = True
|
|
headers = {"Authorization": f"token {token}"}
|
|
ip = os.environ.get("REMOTE_ADDR", "inconnu")
|
|
username = "inconnu"
|
|
|
|
try:
|
|
user_response = requests.get(f"{GITEA_URL}/user", headers=headers, timeout=5)
|
|
user_response.raise_for_status()
|
|
utilisateur = user_response.json()
|
|
username = utilisateur.get("login", "inconnu")
|
|
logger.info(f"Tentative par {username} depuis IP {ip}")
|
|
|
|
teams_url = f"{GITEA_URL}/orgs/{ORGANISATION}/teams"
|
|
teams_response = requests.get(teams_url, headers=headers, timeout=5)
|
|
teams_response.raise_for_status()
|
|
equipes = teams_response.json()
|
|
equipe_admin = next((e for e in equipes if e["name"] == EQUIPE_CIBLE), None)
|
|
|
|
if equipe_admin:
|
|
team_id = equipe_admin["id"]
|
|
check_url = f"{GITEA_URL}/teams/{team_id}/members/{username}"
|
|
check_response = requests.get(check_url, headers=headers, timeout=5)
|
|
if check_response.status_code == 200:
|
|
st.session_state.logged_in = True
|
|
st.session_state.username = username
|
|
st.session_state.token = token
|
|
erreur = False
|
|
logger.info(f"Connexion réussie pour {username} depuis IP {ip}")
|
|
st.rerun()
|
|
|
|
except requests.RequestException:
|
|
st.error("❌ Impossible de vérifier l'utilisateur auprès de Gitea.")
|
|
|
|
if erreur:
|
|
logger.warning(f"Accès refusé pour tentative avec token depuis IP {ip}")
|
|
st.error("❌ Accès refusé.")
|
|
st.html("""
|
|
</div>
|
|
</section>
|
|
""")
|
|
|
|
def bouton_deconnexion():
|
|
if st.session_state.get("logged_in", False):
|
|
st.html("""
|
|
<section role="region" aria-label="region-authentification">
|
|
<div role="region" aria-labelledby="Authentification">
|
|
<p id="Authentification" class="decorative-heading">Authentification</p>
|
|
""")
|
|
|
|
st.sidebar.markdown(f"Connecté en tant que `{st.session_state.username}`")
|
|
if st.sidebar.button("Se déconnecter"):
|
|
st.session_state.logged_in = False
|
|
st.session_state.username = ""
|
|
st.session_state.token = ""
|
|
st.success("Déconnecté avec succès.")
|
|
st.rerun()
|
|
|
|
st.html("""
|
|
</div>
|
|
</section>
|
|
""")
|