app-MAIL-temp/app/dashboard/views/api_key.py

103 lines
3.3 KiB
Python
Raw Normal View History

2019-11-28 23:14:55 +01:00
from flask import render_template, request, redirect, url_for, flash
from flask_login import login_required, current_user
from flask_wtf import FlaskForm
from wtforms import StringField, validators
from app import config
2019-11-28 23:14:55 +01:00
from app.dashboard.base import dashboard_bp
from app.dashboard.views.enter_sudo import sudo_required
from app.db import Session
from app.extensions import limiter
2019-11-28 23:14:55 +01:00
from app.models import ApiKey
from app.utils import CSRFValidationForm
2019-11-28 23:14:55 +01:00
class NewApiKeyForm(FlaskForm):
name = StringField("Name", validators=[validators.DataRequired()])
def clean_up_unused_or_old_api_keys(user_id: int):
total_keys = ApiKey.filter_by(user_id=user_id).count()
if total_keys <= config.MAX_API_KEYS:
return
# Remove oldest unused
for api_key in (
ApiKey.filter_by(user_id=user_id, last_used=None)
.order_by(ApiKey.created_at.asc())
.all()
):
Session.delete(api_key)
total_keys -= 1
if total_keys <= config.MAX_API_KEYS:
return
# Clean up oldest used
for api_key in (
ApiKey.filter_by(user_id=user_id).order_by(ApiKey.last_used.asc()).all()
):
Session.delete(api_key)
total_keys -= 1
if total_keys <= config.MAX_API_KEYS:
return
2019-11-28 23:14:55 +01:00
@dashboard_bp.route("/api_key", methods=["GET", "POST"])
@login_required
@sudo_required
@limiter.limit("10/hour")
2019-11-28 23:14:55 +01:00
def api_key():
2020-04-28 20:08:45 +02:00
api_keys = (
ApiKey.filter(ApiKey.user_id == current_user.id)
2020-04-28 20:08:45 +02:00
.order_by(ApiKey.created_at.desc())
.all()
)
2019-11-28 23:14:55 +01:00
csrf_form = CSRFValidationForm()
2019-11-28 23:14:55 +01:00
new_api_key_form = NewApiKeyForm()
if request.method == "POST":
if not csrf_form.validate():
flash("Invalid request", "warning")
return redirect(request.url)
2019-11-28 23:14:55 +01:00
if request.form.get("form-name") == "delete":
api_key_id = request.form.get("api-key-id")
api_key = ApiKey.get(api_key_id)
if not api_key:
flash("Unknown error. Refresh the page", "warning")
return redirect(url_for("dashboard.api_key"))
elif api_key.user_id != current_user.id:
flash("You cannot delete this api key", "warning")
return redirect(url_for("dashboard.api_key"))
name = api_key.name
ApiKey.delete(api_key_id)
Session.commit()
2019-12-30 17:43:38 +01:00
flash(f"API Key {name} has been deleted", "success")
2019-11-28 23:14:55 +01:00
elif request.form.get("form-name") == "create":
if new_api_key_form.validate():
clean_up_unused_or_old_api_keys(current_user.id)
2019-11-28 23:14:55 +01:00
new_api_key = ApiKey.create(
name=new_api_key_form.name.data, user_id=current_user.id
)
Session.commit()
2019-12-30 17:43:38 +01:00
flash(f"New API Key {new_api_key.name} has been created", "success")
return render_template(
"dashboard/new_api_key.html", api_key=new_api_key
)
2022-01-23 19:38:54 +01:00
elif request.form.get("form-name") == "delete-all":
2022-01-25 19:32:34 +01:00
ApiKey.delete_all(current_user.id)
2022-01-23 19:38:54 +01:00
Session.commit()
flash("All API Keys have been deleted", "success")
2019-11-28 23:14:55 +01:00
return redirect(url_for("dashboard.api_key"))
return render_template(
"dashboard/api_key.html",
api_keys=api_keys,
new_api_key_form=new_api_key_form,
csrf_form=csrf_form,
2019-11-28 23:14:55 +01:00
)