fix: change output to stderr

..to prevent problems with mail internal hosts

.github/workflows/main.yaml

@@ -5,6 +5,8 @@ on:
     branches:
       - "master"
       - "ldap-ng-dev"
+  schedule:
+      - cron: "0 2 * * 0"
 
 jobs:
   docker:
@@ -35,7 +37,7 @@ jobs:
           context: ./server/
           platforms: linux/amd64
           push: true
-          tags: "${{ secrets.REGISTRY }}/athq/event-dispatcher:latest"
+          tags: "${{ secrets.REGISTRY }}/atlantishq/event-dispatcher:latest"
       -
         name: Build and push event-dispatcher
         uses: docker/build-push-action@v3
@@ -43,4 +45,4 @@ jobs:
           context: ./client/
           platforms: linux/amd64
           push: true
-          tags: "${{ secrets.REGISTRY }}/athq/event-dispatcher-worker:latest"
+          tags: "${{ secrets.REGISTRY }}/atlantishq/event-dispatcher-worker:latest"

.gitignore

@@ -4,3 +4,6 @@ sqlite.db
 instance/
 __pycache__/
 signal_targets.txt
+sqlite.db
+substitutions.yaml
+test.env

client/dispatch-query.py

@@ -12,7 +12,7 @@ import json
 HTTP_NOT_FOUND = 404
 
 DISPATCH_SERVER = None
-AUTH = None
+DISPATCH_ACCESS_TOKEN = None
 
 def debug_send(uuid, data, fail_it=False):
     '''Dummy function to print and ack a dispatch for debugging'''
@@ -24,12 +24,19 @@ def debug_send(uuid, data, fail_it=False):
         confirm_dispatch(uuid)
 
 
-def email_send(dispatch_uuid, email_address, message, smtp_target, smtp_user, smtp_pass):
+def email_send(dispatch_uuid, email_address, message, smtp_target,
+                smtp_target_port, smtp_user, smtp_pass):
     '''Send message via email'''
-   
+  
+    if not email_address:
+        print("Missing E-Mail Address for STMP send", file=sys.stderr)
+        report_failed_dispatch(dispatch_uuid, "Missing email-field in dispatch infor")
+        return
+
     subject = "Atlantis Dispatch"
-    smtphelper.smtp_send(smtp_target, smtp_user, smtp_pass, email_address, subject, message)
+    smtphelper.smtp_send(smtp_target, smtp_target_port, smtp_user, smtp_pass, email_address,
-    report_failed_dispatch(uuid, "Email dispatch not yet implemented")
+                            subject, message)
+    confirm_dispatch(dispatch_uuid)
 
 def ntfy_api_get_topic(ntfy_api_server, ntfy_api_token, username):
     '''Get the topic of the user'''
@@ -85,7 +92,7 @@ def report_failed_dispatch(uuid, error):
     '''Inform the server that the dispatch has failed'''
 
     payload = [{ "uuid" : uuid, "error" : error }]
-    response = requests.post(DISPATCH_SERVER + "/report-dispatch-failed", json=payload, auth=AUTH)
+    response = requests.post(DISPATCH_SERVER + "/report-dispatch-failed", json=payload)
 
     if response.status_code not in [200, 204]:
         print("Failed to report back failed dispatch for {} ({})".format(
@@ -95,7 +102,7 @@ def confirm_dispatch(uuid):
     '''Confirm to server that message has been dispatched and can be removed'''
 
     payload = [{ "uuid" : uuid }]
-    response = requests.post(DISPATCH_SERVER + "/confirm-dispatch", json=payload, auth=AUTH)
+    response = requests.post(DISPATCH_SERVER + "/confirm-dispatch", json=payload)
 
     if response.status_code not in [200, 204]:
         print("Failed to confirm dispatch with server for {} ({})".format(
@@ -108,8 +115,7 @@ if __name__ == "__main__":
                         formatter_class=argparse.ArgumentDefaultsHelpFormatter)
 
     parser.add_argument('--dispatch-server')
-    parser.add_argument('--dispatch-user')
+    parser.add_argument('--dispatch-access-token')
-    parser.add_argument('--dispatch-password')
 
     parser.add_argument('--ntfy-api-server')
     parser.add_argument('--ntfy-api-token')
@@ -121,18 +127,19 @@ if __name__ == "__main__":
     parser.add_argument('--smtp-target')
     parser.add_argument('--smtp-user')
     parser.add_argument('--smtp-pass')
+    parser.add_argument('--smtp-port', type=int)
 
     parser.add_argument('--loop', default=True, action=argparse.BooleanOptionalAction)
 
     args = parser.parse_args() 
 
-    # set dispatch server & authentication #
-    DISPATCH_SERVER = args.dispatch_server
-    AUTH = (args.dispatch_user, args.dispatch_password)
 
     dispatch_server = args.dispatch_server or os.environ.get("DISPATCH_SERVER")
-    dispatch_user = args.dispatch_user or os.environ.get("DISPATCH_USER")
+    dispatch_access_token = args.dispatch_access_token or os.environ.get("DISPATCH_ACCESS_TOKEN")
-    dispatch_password = args.dispatch_password or os.environ.get("DISPATCH_PASSWORD")
+
+    # set dispatch server & authentication global #
+    DISPATCH_SERVER = dispatch_server
+    DISPATCH_ACCESS_TOKEN = dispatch_access_token
 
     ntfy_api_server = args.ntfy_api_server or os.environ.get("NTFY_API_SERVER")
     ntfy_api_token = args.ntfy_api_token or os.environ.get("NTFY_API_TOKEN")
@@ -144,12 +151,14 @@ if __name__ == "__main__":
     smtp_target = args.smtp_target or os.environ.get("SMTP_TARGET")
     smtp_user = args.smtp_user or os.environ.get("SMTP_USER")
     smtp_pass = args.smtp_pass or os.environ.get("SMTP_PASS")
+    smtp_port = args.smtp_port or os.environ.get("SMTP_PORT")
 
     first_run = True
     while args.loop or first_run:
 
         # request dispatches #
-        response = requests.get(args.dispatch_server + "/get-dispatch?method=all&timeout=0", auth=AUTH)
+        response = requests.get(dispatch_server + 
+            "/get-dispatch?method=all&timeout=0&dispatch-access-token={}".format(DISPATCH_ACCESS_TOKEN))
 
         # check status #
         if response.status_code == HTTP_NOT_FOUND:
@@ -185,7 +194,8 @@ if __name__ == "__main__":
                 ntfy_send(dispatch_uuid, user_topic, title, message,
                                 ntfy_push_target, ntfy_user, ntfy_pass)
             elif method == "email":
-                email_send(dispatch_uuid, email_address, message, smtp_target, smtp_user, smtp_pass)
+                email_send(dispatch_uuid, email_address, message, smtp_target,
+                                smtp_port, smtp_user, smtp_pass)
             elif method == "debug":
                 debug_send(dispatch_uuid, entry)
             elif method == "debug-fail":

client/smtphelper.py

@@ -2,10 +2,10 @@ import smtplib
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 
-def smtp_send(server, user, password, recipient, subject, body):
+def smtp_send(server, port, user, password, recipient, subject, body):
 
     # Email and password for authentication
-    sender_email = f'{user}@{server}'
+    sender_email = user
     sender_password = password
     
     # Recipient email address
@@ -13,7 +13,7 @@ def smtp_send(server, user, password, recipient, subject, body):
     
     # SMTP server details
     smtp_server = server
-    smtp_port = 587  # Default port for TLS connection
+    smtp_port = port or 25
     
     # Create a message
     message = MIMEMultipart()

server/Dockerfile

@@ -14,7 +14,7 @@ RUN python3 -m pip install --no-cache-dir --break-system-packages -r req.txt
 
 # precreate database directory for mount (will otherwise be created at before_first_request)
 COPY ./ .
-RUN mkdir /app/instance/
+RUN mkdir -p /app/instance/
 
 EXPOSE 5000/tcp
 

server/interface.py

@@ -7,6 +7,7 @@ import subprocess
 import os
 import datetime
 import secrets
+import yaml
 
 import ldaptools
 import messagetools
@@ -25,6 +26,52 @@ app = flask.Flask("Signal Notification Gateway")
 app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///sqlite.db"
 db = SQLAlchemy(app)
 
+BAD_DISPATCH_ACCESS_TOKEN = "Invalid or missing dispatch-access-token parameter in URL"
+
+def _apply_substitution(string):
+
+    if not string:
+        return string
+
+    for replace, match in app.config["SUBSTITUTIONS"].items():
+        string = string.replace(match, replace)
+
+    return string
+
+class WebHookPaths(db.Model):
+
+    __tablename__ = "webhook_paths"
+
+    username = Column(String, primary_key=True)
+    path = Column(String, primary_key=True)
+
+class UserSettings(db.Model):
+
+    __tablename__ = "user_settings"
+
+    username = Column(String, primary_key=True)
+    signal_priority = Column(Integer)
+    email_priority = Column(Integer)
+    ntfy_priority = Column(Integer)
+
+    def get_highest_prio_method(self):
+
+        if self.signal_priority >= max(self.email_priority, self.ntfy_priority):
+            return "signal"
+        elif self.email_priority >= max(self.signal_priority, self.ntfy_priority):
+            return "email"
+        else:
+            return "ntfy"
+
+    def serizalize(self):
+        return {
+            "username" : self.username,
+            "signal_priority" : self.signal_priority,
+            "email_priority" : self.email_priority,
+            "ntfy_priority" : self.ntfy_priority,
+        }
+        
+
 class DispatchObject(db.Model):
 
     __tablename__ = "dispatch_queue"
@@ -42,24 +89,38 @@ class DispatchObject(db.Model):
     dispatch_error = Column(String)
 
     def serialize(self):
+
         ret = {
             "person" : self.username, # legacy field TODO remove at some point
             "username" : self.username,
             "timestamp" : self.timestamp,
             "phone" : self.phone,
             "email" : self.email,
-            "title" : self.title,
+            "title" : _apply_substitution(self.title),
-            "message" : self.message,
+            "message" : _apply_substitution(self.message),
             "uuid" : self.dispatch_secret,
             "method" : self.method,
             "error" : self.dispatch_error,
         }
-        
+
         # fix bytes => string from LDAP #
         for key, value in ret.items():
             if type(value) == bytes:
                 ret[key] = value.decode("utf-8")
 
+        if ret["method"] == "any":
+            user_settings = db.session.query(UserSettings).filter(
+                                UserSettings.username == ret["username"]).first()
+
+            if not user_settings and self.phone:
+                ret["method"] = "signal"
+            elif not user_settings and self.email:
+                ret["method"] = "email"
+            elif user_settings:
+                ret["method"] = user_settings.get_highest_prio_method()
+            else:
+                ret["method"] = "ntfy"
+
         return ret
 
 @app.route('/get-dispatch-status')
@@ -74,6 +135,88 @@ def get_dispatch_status():
         return ("Waiting for dispatch", 200)
 
 
+@app.route('/webhooks', methods=["GET", "POST", "DELETE"])
+def webhooks():
+
+    # check static access token #
+    token = flask.request.args.get("token")
+    if token != app.config["SETTINGS_ACCESS_TOKEN"]:
+        return ("SETTINGS_ACCESS_TOKEN incorrect. Refusing to access webhooks", 401)
+
+    user = flask.request.args.get("user")
+    if not user:
+        return ("Missing user paramter in URL", 500)
+
+    if flask.request.method == "POST":
+        posted = WebHookPaths(username=user, path=secrets.token_urlsafe(20))
+        db.session.merge(posted)
+        db.session.commit()
+        return ("", 204)
+    elif flask.request.method == "GET":
+        webhooks = db.session.query(WebHookPaths).filter(WebHookPaths.username==user).all()
+        if not webhooks:
+            return flask.jsonify([])
+        else:
+            return flask.jsonify([ wh.path for wh in webhooks])
+    elif flask.request.method == "DELETE":
+        path = flask.request.json["path"]
+        webhook_to_be_deleted = db.session.query(WebHookPaths).filter(WebHookPaths.username==user,
+                                    WebHookPaths.path==path).first()
+        if not webhook_to_be_deleted:
+            return ("Webhook to be deleted was not found ({}, {})".format(user, path), 404)
+        else:
+            db.session.delete(webhook_to_be_deleted)
+            db.session.commit()
+            return ("", 204)
+
+@app.route('/downtime', methods=["DELETE","POST"])
+def downtime():
+
+    # check static access token #
+    token = flask.request.args.get("token")
+    if token != app.config["SETTINGS_ACCESS_TOKEN"]:
+        return ("SETTINGS_ACCESS_TOKEN incorrect. Refusing to access downtime settings", 401)
+
+    if flask.request.method == "DELETE":
+        app.config["DOWNTIME"] = datetime.datetime.now()
+    elif flask.request.method == "POST":
+        minutes = int(flask.request.args.get("minutes") or 5)
+        app.config["DOWNTIME"] = datetime.datetime.now() + datetime.timedelta(minutes=minutes)
+
+    return ('', 204)
+
+
+@app.route('/settings', methods=["GET", "POST"])
+def settings():
+
+    # check static access token #
+    token = flask.request.args.get("token")
+    if token != app.config["SETTINGS_ACCESS_TOKEN"]:
+        return ("SETTINGS_ACCESS_TOKEN incorrect. Refusing to access settings", 401)
+
+    user = flask.request.args.get("user")
+    if not user:
+        return ("Missing user paramter in URL", 500)
+
+    if flask.request.method == "POST":
+        posted = UserSettings(username=user,
+                        signal_priority=flask.request.json.get("signal_priority") or 0,
+                        email_priority=flask.request.json.get("email_priority") or 0,
+                        ntfy_priority=flask.request.json.get("ntfy_priority") or 0)
+        db.session.merge(posted)
+        db.session.commit()
+        return ('', 204)
+
+    if flask.request.method == "GET":
+        user_settings = db.session.query(UserSettings).filter(UserSettings.username==user).first()
+        if not user_settings:
+            posted = UserSettings(username=user, signal_priority=5, email_priority=7, ntfy_priority=3)
+            db.session.merge(posted)
+            db.session.commit()
+            user_settings = posted
+        return flask.jsonify(user_settings.serizalize())
+
+
 @app.route('/get-dispatch')
 def get_dispatch():
     '''Retrive consolidated list of dispatched objects'''
@@ -82,8 +225,12 @@ def get_dispatch():
     timeout = flask.request.args.get("timeout") or 5 # timeout in seconds
     timeout = int(timeout)
 
+    dispatch_acces_token = flask.request.args.get("dispatch-access-token") or ""
+    if dispatch_acces_token != app.config["DISPATCH_ACCESS_TOKEN"]:
+        return (BAD_DISPATCH_ACCESS_TOKEN, 401)
+
     if not method:
-        return (500, "Missing Dispatch Target (signal|email|phone|ntfy|all)")
+        return (500, "Missing Dispatch Target (signal|email|phone|ntfy|all|any)")
 
     # prevent message floods #
     timeout_cutoff = datetime.datetime.now() - datetime.timedelta(seconds=timeout)
@@ -93,13 +240,23 @@ def get_dispatch():
     lines_timeout = lines_unfiltered.filter(DispatchObject.timestamp < timeout_cutoff_timestamp)
 
     if method != "all":
-        dispatch_objects = lines_timeout.filter(DispatchObject.method == method).all()
+
+        dispatch_objects = lines_timeout.filter(DispatchObject.method==method).all()
+
+        dispatch_objects_any = lines_timeout.filter(DispatchObject.method=="any").all()
+        for d in dispatch_objects_any:
+            user_str = str(d.username, "utf-8")
+            user_settings = db.session.query(UserSettings).filter(UserSettings.username==user_str).first()
+            if user_settings and user_settings.get_highest_prio_method() == method:
+                dispatch_objects += [d]
     else:
         dispatch_objects = lines_timeout.all()
 
     # TODO THIS IS THE NEW MASTER PART
     if method and method != "signal":
-        print([ d.serialize() for d in dispatch_objects])
+        debug = [ d.serialize() for d in dispatch_objects]
+        if debug:
+            print(debug)
         return flask.jsonify([ d.serialize() for d in dispatch_objects])
     else:
         # TODO THIS PART WILL BE REMOVED ##
@@ -114,6 +271,10 @@ def get_dispatch():
                 dispatch_by_person[dobj.username] += "\n{}".format(dobj.message)
                 dispatch_secrets.append(dobj.dispatch_secret)
 
+        # legacy hack #
+        if method == "any":
+            method = "signal"
+
         response = [ { "person" : tupel[0].decode("utf-8"),
                         "message" : tupel[1],
                         "method" : method,
@@ -174,8 +335,9 @@ def confirm_dispatch():
     return ("", 204)
 
 
+@app.route('/smart-send/<path:path>', methods=["POST"])
 @app.route('/smart-send', methods=["POST"])
-def smart_send_to_clients():
+def smart_send_to_clients(path=None):
     '''Send to clients based on querying the LDAP
         requests MAY include:
             - list of usernames under key "users"
@@ -195,6 +357,24 @@ def smart_send_to_clients():
     title = instructions.get("title")
     method = instructions.get("method")
 
+    if app.config["DOWNTIME"] > datetime.datetime.now():
+        print("Ignoring because of Downtime:", title, message, users, file=sys.stderr)
+        print("Downtime until", app.config["DOWNTIME"].isoformat(), file=sys.stderr)
+        return ("Ignored because of Downtime", 200)
+
+    # authenticated by access token or webhook path #
+    dispatch_acces_token = flask.request.args.get("dispatch-access-token") or ""
+    print(path)
+    if path:
+        webhook_path = db.session.query(WebHookPaths).filter(WebHookPaths.path==path).first()
+        if webhook_path:
+            users = webhook_path.username
+            groups = None
+        else:
+            return ("Invalid Webhook path", 401)
+    elif dispatch_acces_token != app.config["DISPATCH_ACCESS_TOKEN"]:
+        return (BAD_DISPATCH_ACCESS_TOKEN, 401)
+
     # allow single use string instead of array #
     if type(users) == str:
         users = [users]
@@ -229,9 +409,7 @@ def save_in_dispatch_queue(persons, title, message, method):
         # this secret will be needed to confirm the message as dispatched #
         dispatch_secret = secrets.token_urlsafe(32)
 
-        # TODO fix this
+        master_method = "any"
-        master_method = "signal"
-
         obj = DispatchObject(username=p.username,
                         phone=p.phone,
                         email=p.email,
@@ -248,6 +426,12 @@ def save_in_dispatch_queue(persons, title, message, method):
 
     return dispatch_secrets
 
+@app.route("/")
+@app.route("/health")
+def health():
+
+    return ("Not Iplemented, but at least it's running", 200)
+
 def create_app():
 
     db.create_all()
@@ -260,7 +444,19 @@ def create_app():
             "LDAP_BASE_DN" : os.environ["LDAP_BASE_DN"]
         }
         app.config["LDAP_ARGS"] = ldap_args
-        print("Setting LDAP_ARGS...")
+        app.config["SETTINGS_ACCESS_TOKEN"] = os.environ["SETTINGS_ACCESS_TOKEN"]
+        app.config["DISPATCH_ACCESS_TOKEN"] = os.environ["DISPATCH_ACCESS_TOKEN"]
+
+    substitution_config_file = os.environ.get("SUBSTITUTION_MAP") or "substitutions.yaml"
+    app.config["SUBSTITUTIONS"] = {}
+    if os.path.isfile(substitution_config_file):
+        with open(substitution_config_file) as f:
+            app.config["SUBSTITUTIONS"] = yaml.safe_load(f)
+
+    print("Loaded subs:", substitution_config_file, app.config["SUBSTITUTIONS"], file=sys.stderr)
+
+    # set small downtime #
+    app.config["DOWNTIME"] = datetime.datetime.now() + datetime.timedelta(minutes=1)
 
 if __name__ == "__main__":
 
@@ -277,6 +473,9 @@ if __name__ == "__main__":
     parser.add_argument('--ldap-manager-dn')
     parser.add_argument('--ldap-manager-password')
 
+    parser.add_argument('--settings-access-token')
+    parser.add_argument('--dispatch-access-token')
+
     args = parser.parse_args()
 
     # define ldap args #
@@ -288,6 +487,9 @@ if __name__ == "__main__":
     }
     app.config["LDAP_NO_READ_ENV"] = True
 
+    app.config["SETTINGS_ACCESS_TOKEN"] = args.settings_access_token
+    app.config["DISPATCH_ACCESS_TOKEN"] = args.dispatch_access_token
+
     if not any([value is None for value in ldap_args.values()]):
         app.config["LDAP_ARGS"] = ldap_args
     else:

server/ldaptools.py

@@ -44,7 +44,7 @@ def _person_from_search_result(cn, entry):
 
     username = entry.get("uid", [None])[0]
     name = entry.get("firstName", [None])[0]
-    email = entry.get("email", [None])[0]
+    email = entry.get("mail", [None])[0]
     phone = entry.get("telephoneNumber", [None])[0]
 
     return Person(cn, username, name, email, phone)

server/req.txt

@@ -1,4 +1,5 @@
 python-ldap
+pyyaml
 flask
 flask-sqlalchemy
 sqlalchemy

signal-query-dispatch.py

@@ -14,8 +14,7 @@ def signal_send(phone, message):
     '''Send message via signal'''
     cmd = [signal_cli_bin, "send", "-m", "'{}'".format(message.replace("'","")), phone]
     p = subprocess.run(cmd)
-    # TODO check return code # 
+    p.check_returncode()
-    
 
 def report_dispatch_error(target, uid, error):
     '''Report an error for a give dispatch'''
@@ -25,8 +24,7 @@ def report_dispatch_error(target, uid, error):
 def confirm_dispatch(target, uid):
     '''Confirm to server that message has been dispatched and can be removed'''
 
-    response = requests.post(target + "/confirm-dispatch", json=[{ "uid" : uid }],
+    response = requests.post(target + "/confirm-dispatch", json=[{ "uuid" : uid }])
-                                auth=(args.user, args.password))
 
     if response.status_code not in [200, 204]:
         print("Failed to confirm disptach with server for {} ({})".format(
@@ -52,8 +50,8 @@ if __name__ == "__main__":
         signal_cli_bin = args.signal_cli_bin
 
     # request dispatches #
-    response = requests.get(args.target + "/get-dispatch?method={}".format(args.method),
+    response = requests.get(args.target +
-                            auth=(args.user, args.password))
+            "/get-dispatch?method={}&dispatch-access-token={}".format(args.method, args.password))
 
     # check status #
     if response.status_code == HTTP_NOT_FOUND:
@@ -64,21 +62,31 @@ if __name__ == "__main__":
 
     # track dispatches that were confirmed to avoid duplicate confirmation #
     dispatch_confirmed = []
+    dispatch_failed = []
+    errors = {}
 
-    # track failed dispatches #
-    errors = dict()
-
-    # iterate over dispatch requests #
     for entry in response.json():
 
+        print(entry)
         user = entry["person"]
-        phone = entry["phone"]
+        phone = entry.get("phone")
+        if not phone:
+            print("No phone number! Skipping...", file=sys.stderr)
+            continue
+
         message = entry["message"]
         uid_list = entry["uids"]
 
         # send message #
         if entry["method"] == "signal":
-            uid, error = signal_send(phone, message)
+            try:
+                signal_send(phone, message)
+            except subprocess.CalledProcessError as e:
+                for uid in uid_list:
+                    errors.update({uid:str(e)})
+
+                print("Dispatch failed {}".format(e))
+                continue
         else:
             print("Unsupported dispatch method {}".format(entry["method"]),
                         sys=sys.stderr)
@@ -89,7 +97,7 @@ if __name__ == "__main__":
                 if uid not in dispatch_confirmed:
 
                     # confirm or report fail #
-                    if errors[uid]:
+                    if errors.get(uid):
                         report_dispatch_error(args.target, uid, errors[uid])
                     else:
                         confirm_dispatch(args.target, uid)