Merge pull request #57 from Pitastic/docker-deployment

Deployment und kleine Fixes

Author: Pitastic

Dockerfile

@@ -21,4 +21,4 @@ RUN ln -sf /dev/stdout /var/log/apache2/access.log && \
 
 EXPOSE 80
 
-ENTRYPOINT ["/app/docker/entrypoint.sh"]
+ENTRYPOINT ["apachectl", "-D", "FOREGROUND"]

README.md

@@ -26,6 +26,9 @@ docker compose build
 docker compose down && docker compose up -d
 ```
 
+**Ändere `AUTH_PASSWORD` in der `docker-compose.yaml` !**
+
+
 ### Standalone non-Docker Setup
 
 ```
@@ -36,6 +39,8 @@ pip install -r requirements.txt
 .venv/bin/python3.12 app/server.py
 ```
 
+**Ändere das Login Passwort in der `app/config.py` !**
+
 ### Start
 
 - Importiere Kontoumsätze über CSV Listen oder PDF Kontoauszüge deiner Bank ([unterstützte Banken](#unterstützte-banken))

app/config.py

@@ -1,12 +1,19 @@
 #!/usr/bin/python3
 """App Settings zum Zeitpunkt der Initalisierung von PynanceParser"""
 
+import os
+
 # Logging (will also log in webserver logs if used via wsgi)
 LOG_ACCESS_FILE = '/tmp/pynance_access.log'
 LOG_ERROR_FILE = '/tmp/pynance_error.log'
 
 # Options:
-DATABASE_BACKEND = 'tiny' #  or 'mongo'
+
+# - Login Password (overwrite to not use the system env variable)
+PASSWORD = os.getenv('AUTH_PASSWORD', 'change_this_password')
+
+# - Database Backend ('tiny' or 'mongo')
+DATABASE_BACKEND = 'tiny'
 
 # For tiny: Path to the Folder (/path/to)
 # For mongo: MongoDB URI

app/routes.py

@@ -4,7 +4,8 @@
 import os
 from datetime import datetime
 from flask import request, current_app, render_template, redirect, \
-                  make_response, send_from_directory
+                  make_response, send_from_directory, session
+import secrets
 
 
 class Routes:
@@ -37,6 +38,59 @@ def version_string():
                     'version': current_app.config.get('VERSION', 'unknown')
                 }
 
+            @current_app.before_request
+            def require_login():
+                """
+                Before Request Handler, der sicherstellt, dass der User eingeloggt ist.
+                Falls nicht, wird dieser immer zur Login Seite umeleitet-
+                """
+                # Allow PyTest Client
+                if current_app.config.get('TESTING', False):
+                    return
+
+                # Allow access to login route
+                if request.endpoint == "login":
+                    return
+
+                # Allow access to CSS files
+                if request.endpoint == "static" and request.path.endswith(".css"):
+                    return
+
+                # Allow access to JS files
+                if request.endpoint == "static" and request.path.endswith(".js"):
+                    return
+
+                # Block everything else unless logged in
+                if not session.get("logged_in"):
+                    return redirect('/login')
+
+            @current_app.route("/login", methods=["GET", "POST"])
+            def login():
+                """
+                Login Seite, die ohne gültiges Cookie immer aufgerufen wird.
+                Args (form):
+                    password, str: Passwort für den Login
+                Returns:
+                    html: Login Formular
+                """
+                error = None
+
+                if request.method == "POST":
+                    password = request.form.get("password", "")
+                    if secrets.compare_digest(password, current_app.config['PASSWORD']):
+                        session["logged_in"] = True
+                        return redirect('/')
+
+                    error = "Invalid password"
+
+                return render_template('login.html', error=error)
+
+            @current_app.route("/logout")
+            def logout():
+                """Logout Seite, welche das Cookie löscht und zur Loin Seite weiterleitet."""
+                session.clear()
+                return redirect('/login')
+
             @current_app.route('/', methods=['GET'])
             def welcome() -> str:
                 """
@@ -215,16 +269,6 @@ def show_stats(iban) -> str:
                 return render_template('stats.html', sums=sums, IBAN=iban,
                                        filters=frontend_filters)
 
-            @current_app.route('/logout', methods=['GET'])
-            def logout():
-                """
-                Loggt den User aus der Session aus und leitet zur Startseite weiter.
-
-                Returns:
-                    redirect: Weiterleitung zur Startseite
-                """
-                return redirect('/')
-
             @current_app.route('/sw.js')
             def sw():
                 response = make_response(

app/server.py

@@ -39,6 +39,7 @@ def create_app(config_path: str) -> Flask:
                 template_folder=os.path.join(parent_dir, 'app', 'templates'),
                 static_folder=os.path.join(parent_dir, 'app', 'static')
     )
+    app.secret_key = os.urandom(24).hex()
 
     # Global Config
     app.config.from_pyfile(config_path)

app/static/css/style.css

@@ -15,8 +15,11 @@ main {
   flex: 1;
 }
 
-.container.hero {
-    margin-top: 10%;
+.container.hero {margin-top: 10%;}
+    main.container.hero {margin-top: 5%;}
+
+.margin-top{
+    margin-top: 2em;
 }
 
 /* Pico Tooltip Feature with newlines*/
@@ -38,6 +41,10 @@ main {
 @media (max-width: 1023px) {.hide-m {display:none !important;}}
 
 /* Color classes */
+.error {
+    color: var(--pico-color-red-600);
+    font-weight: bold;
+}
 .delete {
     color: white;
     border-color: var(--pico-color-red-600);

app/templates/iban.html

@@ -26,7 +26,7 @@ <h3>
                 &#128202; <a href="/{{IBAN}}/stats?{{ request.query_string.decode('utf-8')|safe }}" title="Statistiken">Statistik</a>
             </li>
             <li>
-                &#128682; <a href="/logout" title="Logout">Logout</a>
+                &#128218; <a href="/" title="Konten">Konten</a>
             </li>
         </ul>
     </nav>

app/templates/index.html

@@ -5,7 +5,7 @@
 <header>
     <hgroup class="container hero">
         <h1>Pynance Parser</h1>
-        <p>Manage Bankaccounts like a Boss !</p>
+        <p>Manage Bankaccounts like a Boss !</p>    
     </hgroup>
 </header>
 
@@ -55,6 +55,7 @@ <h1>Pynance Parser</h1>
 
     <section>
         <p>Das Konto wird bei einem Import automatisch erstellt.</p>
+        <p><a href="/logout" role="button" class="secondary margin-top">Logout</a></p>
     </section>
 
 </main>

app/templates/login.html

@@ -0,0 +1,37 @@
+{% extends 'layout.html' %}
+
+{% block content %}
+
+<header>
+    <hgroup class="container hero">
+        <h1>Pynance Parser</h1>
+        <p>Manage Bankaccounts like a Boss !</p>
+    </hgroup>
+</header>
+
+<main class="container hero">
+
+    <section class="grid m-6-6 margin">
+
+        <form method="post" action="/login">
+            <div role="group">
+                <input type="password" name="password" value=""
+                    placeholder="Passwort"
+                    {% if error %}aria-invalid="true"{%endif%}
+                >
+                <input type="submit" value="🔒" role="button">
+            </div>
+        </form>
+
+    </section>
+
+    {% if error %}
+    <section>
+        <p class="error">{{ error }}</p>
+    </section>
+    {% endif %}
+
+</main>
+
+
+{% endblock %}

docker-compose.yaml

@@ -7,7 +7,6 @@ services:
     volumes:
       - ./settings:/app/settings
     environment:
-      - AUTH_USER=username
       - AUTH_PASSWORD=yourpasswordhere
 
   mongo: