Merge branch 'develop' into develop

Author: shaeespring

.github/pull_request_template.md

@@ -0,0 +1,19 @@
+## What
+
+_what the PR changes_
+
+## Why
+
+_why these changes were made_
+
+## Test Plan
+
+_how did you verify these changes did what you expected_
+
+## Env Vars
+
+_did you add, remove, or rename any environment variables_
+
+## Checklist
+
+- [ ] Tested all changes locally

.github/workflows/node-js.yml

@@ -15,7 +15,7 @@ jobs:
 
     strategy:
       matrix:
-        python-version: [3.8, 3.9]
+        python-version: [3.12]
 
     steps:
       - name: Install ldap dependencies

.github/workflows/python-app.yml

@@ -0,0 +1,21 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - develop
+
+
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+    
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

.github/workflows/sonarqube.yml

@@ -9,7 +9,6 @@ disable =
 	duplicate-code,
 	no-member,
 	parse-error,
-	bad-continuation,
 	too-few-public-methods,
 	global-statement,
 	cyclic-import,
@@ -18,14 +17,11 @@ disable =
 
 [REPORTS]
 output-format = text
-files-output = no
 reports = no
 
 [FORMAT]
 max-line-length = 120
-max-statement-lines = 75
 single-line-if-stmt = no
-no-space-check = trailing-comma,dict-separator
 max-module-lines = 1000
 indent-string = '    '
 
@@ -73,8 +69,6 @@ good-names=logger,id,ID
 # Bad variable names which should always be refused, separated by a comma
 bad-names=foo,bar,baz,toto,tutu,tata
 
-# List of builtins function names that should not be used, separated by a comma
-bad-functions=apply,input
 
 
 [DESIGN]
@@ -90,4 +84,4 @@ min-public-methods = 2
 max-public-methods = 20
 
 [EXCEPTIONS]
-overgeneral-exceptions = Exception
+overgeneral-exceptions = builtins.Exception

.nvmrc

@@ -1,5 +1,23 @@
-FROM docker.io/python:3.8-buster
-MAINTAINER Devin Matte <matted@csh.rit.edu>
+FROM node:25-bookworm-slim AS build-frontend
+
+RUN mkdir /opt/conditional
+
+WORKDIR /opt/conditional
+
+RUN apt-get -yq update && \
+    apt-get -yq install curl git
+
+COPY package.json package-lock.json /opt/conditional/
+
+RUN npm ci 
+
+COPY webpack.config.js /opt/conditional
+COPY frontend /opt/conditional/frontend
+
+RUN npm run webpack
+
+FROM docker.io/python:3.12-slim-bookworm
+MAINTAINER Computer Science House <webmaster@csh.rit.edu>
 
 RUN mkdir /opt/conditional
 
@@ -8,21 +26,17 @@ ADD requirements.txt /opt/conditional
 WORKDIR /opt/conditional
 
 RUN apt-get -yq update && \
-    apt-get -yq install libsasl2-dev libldap2-dev libssl-dev gcc g++ make && \
+    apt-get -yq install libsasl2-dev libldap2-dev libldap-common libssl-dev gcc g++ make && \
     pip install -r requirements.txt && \
     apt-get -yq clean all
 
-ADD . /opt/conditional
+ARG PORT=8080
+ENV PORT=${PORT}
+EXPOSE ${PORT}
 
-RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
-    apt-get -yq update && \
-    apt-get -yq install nodejs && \
-    npm install && \
-    npm run production && \
-    rm -rf node_modules && \
-    apt-get -yq remove nodejs npm && \
-    apt-get -yq clean all
+COPY . /opt/conditional
+COPY --from=build-frontend /opt/conditional/conditional/static /opt/conditional/conditional/static
 
 RUN ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
 
-CMD ["ddtrace-run", "gunicorn", "conditional:app", "--bind=0.0.0.0:8080", "--access-logfile=-", "--timeout=256"]
+CMD ["sh", "-c", "gunicorn conditional:app --bind=0.0.0.0:${PORT} --access-logfile=- --timeout=256"]

.pylintrc

@@ -3,10 +3,11 @@
 
 import structlog
 from csh_ldap import CSHLDAP
-from flask import Flask, redirect, render_template, g
+from flask import Flask, redirect, render_template, request, g
 from flask_migrate import Migrate
 from flask_gzip import Gzip
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
+from flask_pyoidc.provider_configuration import ProviderConfiguration, ClientMetadata
 from flask_sqlalchemy import SQLAlchemy
 
 import sentry_sdk
@@ -39,8 +40,10 @@
                app.config['LDAP_BIND_PW'],
                ro=app.config['LDAP_RO'])
 
-auth = OIDCAuthentication(app, issuer=app.config["OIDC_ISSUER"],
-                          client_registration_info=app.config["OIDC_CLIENT_CONFIG"])
+provider_config = ProviderConfiguration(
+    app.config['OIDC_ISSUER'],
+    client_metadata=ClientMetadata(**app.config['OIDC_CLIENT_CONFIG']))
+auth = OIDCAuthentication({'default': provider_config}, app)
 
 app.secret_key = app.config["SECRET_KEY"]
 
@@ -55,7 +58,6 @@ def start_of_year():
 # pylint: disable=C0413
 from .models.models import UserLog
 
-
 # Configure Logging
 def request_processor(logger, log_method, event_dict):  # pylint: disable=unused-argument, redefined-outer-name
     if 'request' in event_dict:
@@ -99,6 +101,7 @@ def database_processor(logger, log_method, event_dict):  # pylint: disable=unuse
 # pylint: disable=wrong-import-order
 from conditional.util import context_processors
 from conditional.util.auth import get_user
+from conditional.util.member import gatekeep_status
 from .blueprints.dashboard import dashboard_bp  # pylint: disable=ungrouped-imports
 from .blueprints.attendance import attendance_bp
 from .blueprints.major_project_submission import major_project_bp
@@ -137,7 +140,7 @@ def static_proxy(path):
 
 
 @app.route('/')
-@auth.oidc_auth
+@auth.oidc_auth("default")
 def default_route():
     return redirect('/dashboard')
 
@@ -156,12 +159,25 @@ def health():
     return {'status': 'ok'}
 
 
+@app.route("/gatekeep/<username>")
+def gatekeep(username):
+    token = request.headers.get("X-VOTE-TOKEN", "")
+    if token != app.config["VOTE_TOKEN"]:
+        return "Users cannot access this page", 403
+    try:
+        gatekeep_data = gatekeep_status(username)
+    except KeyError:
+        return "", 404
+
+    return gatekeep_data, 200
+
+
 @app.errorhandler(404)
 @app.errorhandler(500)
-@auth.oidc_auth
+@auth.oidc_auth("default")
 @get_user
 def route_errors(error, user_dict=None):
-    data = dict()
+    data = {}
 
     # Handle the case where the header isn't present
     if user_dict['username'] is not None: