wip: build ldap and message processing

2025-12-06 14:31:35 +01:00 · 2023-07-14 17:37:32 +02:00
parent 4af3cfcedd
commit c30bfd265a
3 changed files with 66 additions and 82 deletions
--- a/interface.py
+++ b/interface.py
@@ -6,18 +6,31 @@ import subprocess
 import os
 from functools import wraps
 import ldaptools
 import messagetools
 from sqlalchemy import Column, Integer, String, Boolean, or_, and_
 from sqlalchemy.orm import sessionmaker
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.sql import func
 import sqlalchemy
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy.sql.expression import func
 HOST = "icinga.atlantishq.de"
 SIGNAL_USER_FILE = "signal_targets.txt"
 app = flask.Flask("Signal Notification Gateway")
 db = SQLAlchemy(app)
-def dbReadSignalUserFile():
+class Status(db.Model):
-    users = []
+
-    with open(SIGNAL_USER_FILE, "r") as f:
+    __tablename__ = "dispatch_queue"
-        for line in f:
+
-            user = line.strip()
+    service     = Column(String, primary_key=True)
-            if user:
+    timestamp   = Column(Integer, primary_key=True)
-                users.append(user)
+    status      = Column(String)
-    return users
+    info_text   = Column(String)
 def login_required(f):
    @wraps(f)
@@ -28,66 +41,8 @@ def login_required(f):
        return f(*args, **kwargs)
    return decorated_function
 def signalSend(user, msg):
    if user not in dbReadSignalUserFile():
        print("{} not in Userfiler, refusing to send".format(user), file=sys.stderr)
        return
    signalCliBin = "signal-cli"
    if app.config["SIGNAL_CLI_BIN"]:
        signalCliBin = app.config["SIGNAL_CLI_BIN"]
    cmd = [signalCliBin, "send", "-m", msg, user]
    subprocess.Popen(cmd)
 def sendMessageToAllClients(msg):
    for number in dbReadSignalUserFile():
        signalSend(number, msg)
@app.route('/send-to-clients', methods=["POST"])
@login_required
 def sendToNumbers():
    jsonDict = flask.request.json
    if jsonDict.get("number"):
        print("Request received to send to {} only".format(number))
        signalSend(jsonDict["number"], flask.request.json["message"])
    else:
        for number in flask.request.json["numbers"]:
            signalSend(number, flask.request.json["message"])
    return ("","204")
@app.route('/send-all', methods=["POST"])
@login_required
 def sendToAll():
    sendMessageToAllClients(flask.request.json["message"])
    return ("","204")
@app.route('/send-all-icinga', methods=["POST"])
@login_required
 def sendToAllIcinga():
    args = flask.request.json
    for key in args.keys():
        if type(args[key]) == str:
            print(key)
    # build message #
    serviceName = args["service_name"]
    if args["service_display_name"]:
        serviceName = args["service_display_name"]
    message = "{service} {state}\n{host}\n{output}".format(service=serviceName,
                                                                state=args["service_state"],
                                                                host=args["service_host"],
                                                                output=args["service_output"])
    sendMessageToAllClients(message)
    return ("","204")
@app.route('/smart-send', methods=["POST"])
-@login_required
+#@login_required
 def smart_send_to_clients():
    '''Send to clients based on querying the LDAP
        requests MAY include:
@@ -110,16 +65,19 @@ def smart_send_to_clients():
    if struct:
        try:
            message = messagetools.load_struct(struct)
-        except messagetools.UnsupporedStruct() as e:
+        except messagetools.UnsupportedStruct as e:
            return (408, e.response())
    persons = ldaptools.select_targets(users, groups, app.config["LDAP_ARGS"])
-    signal.bulk_dispatch(persons, message)
+    save_in_dispatch_queue(persons, message)
    return (200, "OK")
-@app.before_first_request
+def save_in_dispatch_queue(persons, message):
-def init():
+    pass
 def create_app():
    app.config["PASSWORD"] = os.environ["SIGNAL_API_PASS"]
    app.config["SIGNAL_CLI_BIN"] = os.environ["SIGNAL_CLI_BIN"]
@@ -127,12 +85,12 @@ if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='Simple Telegram Notification Interface',
                        formatter_class=argparse.ArgumentDefaultsHelpFormatter)
    parser.add_argument('--interface', default="localhost", help='Interface on which to listen')
    parser.add_argument('--port', default="5000", help='Port on which to listen')
    parser.add_argument("--signal-cli-bin", default=None, type=str,
                            help="Path to signal-cli binary if no in $PATH")
    parser.add_argument('--ldap-server')
    parser.add_argument('--ldap-base-dn')
    parser.add_argument('--ldap-manager-dn')
@@ -143,8 +101,8 @@ if __name__ == "__main__":
    # define ldap args #
    ldap_args = {
        "LDAP_SERVER" : args.ldap_server,
-        "LDAP_BIND_DN" : args.manager_dn,
+        "LDAP_BIND_DN" : args.ldap_manager_dn,
-        "LDAP_BIND_PW" : args.manager_password,
+        "LDAP_BIND_PW" : args.ldap_manager_password,
        "LDAP_BASE_DN" : args.ldap_base_dn,
    }
@@ -153,7 +111,7 @@ if __name__ == "__main__":
    else:
        app.config["LDAP_ARGS"] = None
-    app.config["SIGNAL_CLI_BIN"] = os.path.expanduser(args.signal_cli_bin)
+    with app.app_context():
-    app.config["PASSWORD"] = os.environ["SIGNAL_API_PASS"]
+        create_app()
-    app.run(host=args.interface, port=args.port)
+    app.run(host=args.interface, port=args.port, debug=True)
--- a/ldaptools.py
+++ b/ldaptools.py
@@ -42,18 +42,18 @@ def ldap_query(search_filter, ldap_args, alt_base_dn=None):
 def _person_from_search_result(cn, entry):
    username = entry.get("uid", [None])[0]
-    name = entry..get("firstName", [None])[0]
+    name = entry.get("firstName", [None])[0]
    email = entry.get("email", [None])[0]
    phone = entry.get("telephoneNumber", [None])[0]
    return Person(cn, username, name, email, phone)
-def get_user_by_uid(username):
+def get_user_by_uid(username, ldap_args):
    if not username:
        return None
-    search_filter = "(&(objectClass=inetOrgPerson)(uid={username}))".format(username)
+    search_filter = "(&(objectClass=inetOrgPerson)(uid={username}))".format(username=username)
    results = ldap_query(search_filter, ldap_args)
    if not results or len(results) < 1:
@@ -100,10 +100,10 @@ def select_targets(users, groups, ldap_args, admin_group="pki"):
    persons = []
    if users:
        for username in users:
-            persons.append(get_user_by_uid(username))
+            persons.append(get_user_by_uid(username, ldap_args))
    elif groups:
        for group in groups:
-            persons.append(get_members_of_group(group))
+            persons.append(get_members_of_group(group, ldap_args))
    else:
        # send to administrators #
        persons.append(get_members_of_group())
--- a/messagetools.py
+++ b/messagetools.py
@@ -0,0 +1,26 @@
 class UnsupportedStruct(Exception):
    def __init__(self, struct):
        self.message = "{} is invalid struct and not a message".format(str(struct))
        super().__init__(self.message)
 def make_icinga_message(struct):
    pass
 def make_generic_message(struct):
    pass
 def load_struct(struct):
    if type(struct) == str:
        return struct
    elif not struct.get("type"):
        raise UnsupportedStruct(struct)
    if struct.get("type") == "icinga":
        return make_icinga_message(struct)
    elif struct.get("type") == "generic":
        return make_generic_message(struct)
    else:
        raise UnsupportedStruct(struct)