mirror of
https://github.com/FAUSheppy/atlantis-event-dispatcher
synced 2025-12-06 06:21:36 +01:00
298 lines
9.3 KiB
Python
Executable File
298 lines
9.3 KiB
Python
Executable File
#!/usr/bin/python3
|
|
|
|
import argparse
|
|
import flask
|
|
import sys
|
|
import subprocess
|
|
import os
|
|
import datetime
|
|
import secrets
|
|
|
|
import ldaptools
|
|
import messagetools
|
|
|
|
from sqlalchemy import Column, Integer, String, Boolean, or_, and_
|
|
from sqlalchemy.orm import sessionmaker
|
|
from sqlalchemy.exc import IntegrityError
|
|
from sqlalchemy.sql import func
|
|
import sqlalchemy
|
|
from flask_sqlalchemy import SQLAlchemy
|
|
from sqlalchemy.sql.expression import func
|
|
|
|
|
|
HOST = "icinga.atlantishq.de"
|
|
app = flask.Flask("Signal Notification Gateway")
|
|
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///sqlite.db"
|
|
db = SQLAlchemy(app)
|
|
|
|
class DispatchObject(db.Model):
|
|
|
|
__tablename__ = "dispatch_queue"
|
|
|
|
username = Column(String, primary_key=True)
|
|
timestamp = Column(Integer, primary_key=True)
|
|
phone = Column(String)
|
|
email = Column(String)
|
|
|
|
title = Column(String)
|
|
message = Column(String, primary_key=True)
|
|
method = Column(String)
|
|
|
|
dispatch_secret = Column(String)
|
|
dispatch_error = Column(String)
|
|
|
|
def serialize(self):
|
|
ret = {
|
|
"person" : self.username, # legacy field TODO remove at some point
|
|
"username" : self.username,
|
|
"timestamp" : self.timestamp,
|
|
"phone" : self.phone,
|
|
"email" : self.email,
|
|
"title" : self.title,
|
|
"message" : self.message,
|
|
"uuid" : self.dispatch_secret,
|
|
"method" : self.method,
|
|
"error" : self.dispatch_error,
|
|
}
|
|
|
|
# fix bytes => string from LDAP #
|
|
for key, value in ret.items():
|
|
if type(value) == bytes:
|
|
ret[key] = value.decode("utf-8")
|
|
|
|
return ret
|
|
|
|
@app.route('/get-dispatch-status')
|
|
def get_dispatch_status():
|
|
'''Retrive the status of a specific dispatch by it's secret'''
|
|
|
|
secret = flask.request.args.get("secret")
|
|
do = db.session.query(DispatchObject).filter(DispatchObject.dispatch_secret == secret).first()
|
|
if not do:
|
|
return ("Not in Queue", 200)
|
|
else:
|
|
return ("Waiting for dispatch", 200)
|
|
|
|
|
|
@app.route('/get-dispatch')
|
|
def get_dispatch():
|
|
'''Retrive consolidated list of dispatched objects'''
|
|
|
|
method = flask.request.args.get("method")
|
|
timeout = flask.request.args.get("timeout") or 5 # timeout in seconds
|
|
timeout = int(timeout)
|
|
|
|
if not method:
|
|
return (500, "Missing Dispatch Target (signal|email|phone|ntfy|all)")
|
|
|
|
# prevent message floods #
|
|
timeout_cutoff = datetime.datetime.now() - datetime.timedelta(seconds=timeout)
|
|
timeout_cutoff_timestamp = timeout_cutoff.timestamp()
|
|
|
|
lines_unfiltered = db.session.query(DispatchObject)
|
|
lines_timeout = lines_unfiltered.filter(DispatchObject.timestamp < timeout_cutoff_timestamp)
|
|
|
|
if method != "all":
|
|
dispatch_objects = lines_timeout.filter(DispatchObject.method == method).all()
|
|
else:
|
|
dispatch_objects = lines_timeout.all()
|
|
|
|
# TODO THIS IS THE NEW MASTER PART
|
|
if method and method != "signal":
|
|
print([ d.serialize() for d in dispatch_objects])
|
|
return flask.jsonify([ d.serialize() for d in dispatch_objects])
|
|
else:
|
|
# TODO THIS PART WILL BE REMOVED ##
|
|
# accumulate messages by person #
|
|
dispatch_by_person = dict()
|
|
dispatch_secrets = []
|
|
for dobj in dispatch_objects:
|
|
if dobj.username not in dispatch_by_person:
|
|
dispatch_by_person.update({ dobj.username : dobj.message })
|
|
dispatch_secrets.append(dobj.dispatch_secret)
|
|
else:
|
|
dispatch_by_person[dobj.username] += "\n{}".format(dobj.message)
|
|
dispatch_secrets.append(dobj.dispatch_secret)
|
|
|
|
response = [ { "person" : tupel[0].decode("utf-8"),
|
|
"message" : tupel[1],
|
|
"method" : method,
|
|
"uids" : dispatch_secrets
|
|
} for tupel in dispatch_by_person.items() ]
|
|
|
|
# add phone numbers and emails #
|
|
for obj in response:
|
|
for person in dispatch_objects:
|
|
if obj["person"] == person.username.decode("utf-8"):
|
|
if person.email:
|
|
obj.update({ "email" : person.email.decode("utf-8") })
|
|
if person.phone:
|
|
obj.update({ "phone" : person.phone.decode("utf-8") })
|
|
|
|
return flask.jsonify(response)
|
|
|
|
@app.route('/report-dispatch-failed', methods=["POST"])
|
|
def reject_dispatch():
|
|
'''Inform the server that a dispatch has failed'''
|
|
|
|
rejects = flask.request.json
|
|
|
|
for r in rejects:
|
|
|
|
uuid = r["uuid"]
|
|
error = r["error"]
|
|
dpo = db.session.query(DispatchObject).filter(
|
|
DispatchObject.dispatch_secret == uuid).first()
|
|
|
|
if not dpo:
|
|
return ("No pending dispatch for this UID/Secret", 404)
|
|
|
|
dpo.dispatch_error = error
|
|
db.session.merge(dpo)
|
|
db.session.commit()
|
|
|
|
return ("", 204)
|
|
|
|
@app.route('/confirm-dispatch', methods=["POST"])
|
|
def confirm_dispatch():
|
|
'''Confirm that a message has been dispatched by replying with its dispatch secret/uid'''
|
|
|
|
confirms = flask.request.json
|
|
|
|
for c in confirms:
|
|
|
|
uuid = c["uuid"]
|
|
dpo = db.session.query(DispatchObject).filter(
|
|
DispatchObject.dispatch_secret == uuid).first()
|
|
|
|
if not dpo:
|
|
return ("No pending dispatch for this UID/Secret", 404)
|
|
|
|
db.session.delete(dpo)
|
|
db.session.commit()
|
|
|
|
return ("", 204)
|
|
|
|
|
|
@app.route('/smart-send', methods=["POST"])
|
|
def smart_send_to_clients():
|
|
'''Send to clients based on querying the LDAP
|
|
requests MAY include:
|
|
- list of usernames under key "users"
|
|
- list of groups under key "groups"
|
|
- neither of the above to automatically target the configured administrators group"
|
|
retuest MUST include:
|
|
- message as STRING in field "msg"
|
|
OR
|
|
- supported struct of type "ICINGA|ZABBIX|GENERIC" (see docs) in field "data"
|
|
'''
|
|
|
|
instructions = flask.request.json
|
|
|
|
users = instructions.get("users")
|
|
groups = instructions.get("groups")
|
|
message = instructions.get("msg")
|
|
method = instructions.get("method")
|
|
|
|
# allow single use string instead of array #
|
|
if type(users) == str:
|
|
users = [users]
|
|
|
|
struct = instructions.get("data")
|
|
if struct:
|
|
try:
|
|
message = messagetools.load_struct(struct)
|
|
except messagetools.UnsupportedStruct as e:
|
|
print(str(e), file=sys.stderr)
|
|
return (e.response(), 408)
|
|
|
|
if method in ["debug", "debug-fail"]:
|
|
persons = [ldaptools.Person(cn="none", username=users[0], name="Mr. Debug",
|
|
email="invalid@nope.notld", phone="0")]
|
|
else:
|
|
persons = ldaptools.select_targets(users, groups, app.config["LDAP_ARGS"])
|
|
|
|
dispatch_secrets = save_in_dispatch_queue(persons, message, method)
|
|
return flask.jsonify(dispatch_secrets)
|
|
|
|
|
|
def save_in_dispatch_queue(persons, message, method):
|
|
|
|
|
|
dispatch_secrets = []
|
|
for p in persons:
|
|
|
|
if not p:
|
|
continue
|
|
|
|
# this secret will be needed to confirm the message as dispatched #
|
|
dispatch_secret = secrets.token_urlsafe(32)
|
|
|
|
# TODO fix this
|
|
master_method = "signal"
|
|
|
|
obj = DispatchObject(username=p.username,
|
|
phone=p.phone,
|
|
email=p.email,
|
|
method=method or master_method,
|
|
timestamp=datetime.datetime.now().timestamp(),
|
|
dispatch_secret=dispatch_secret,
|
|
message=message)
|
|
|
|
db.session.merge(obj)
|
|
db.session.commit()
|
|
|
|
dispatch_secrets.append(dispatch_secret)
|
|
|
|
return dispatch_secrets
|
|
|
|
def create_app():
|
|
|
|
db.create_all()
|
|
|
|
if not app.config.get("LDAP_NO_READ_ENV"):
|
|
ldap_args = {
|
|
"LDAP_SERVER" : os.environ["LDAP_SERVER"],
|
|
"LDAP_BIND_DN" : os.environ["LDAP_BIND_DN"],
|
|
"LDAP_BIND_PW" : os.environ["LDAP_BIND_PW"],
|
|
"LDAP_BASE_DN" : os.environ["LDAP_BASE_DN"]
|
|
}
|
|
app.config["LDAP_ARGS"] = ldap_args
|
|
print("Setting LDAP_ARGS...")
|
|
|
|
if __name__ == "__main__":
|
|
|
|
parser = argparse.ArgumentParser(description='Simple Telegram Notification Interface',
|
|
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
|
|
|
|
parser.add_argument('--interface', default="localhost", help='Interface on which to listen')
|
|
parser.add_argument('--port', default="5000", help='Port on which to listen')
|
|
parser.add_argument("--signal-cli-bin", default=None, type=str,
|
|
help="Path to signal-cli binary if no in $PATH")
|
|
|
|
parser.add_argument('--ldap-server')
|
|
parser.add_argument('--ldap-base-dn')
|
|
parser.add_argument('--ldap-manager-dn')
|
|
parser.add_argument('--ldap-manager-password')
|
|
|
|
args = parser.parse_args()
|
|
|
|
# define ldap args #
|
|
ldap_args = {
|
|
"LDAP_SERVER" : args.ldap_server,
|
|
"LDAP_BIND_DN" : args.ldap_manager_dn,
|
|
"LDAP_BIND_PW" : args.ldap_manager_password,
|
|
"LDAP_BASE_DN" : args.ldap_base_dn,
|
|
}
|
|
app.config["LDAP_NO_READ_ENV"] = True
|
|
|
|
if not any([value is None for value in ldap_args.values()]):
|
|
app.config["LDAP_ARGS"] = ldap_args
|
|
else:
|
|
app.config["LDAP_ARGS"] = None
|
|
|
|
with app.app_context():
|
|
create_app()
|
|
|
|
app.run(host=args.interface, port=args.port, debug=True)
|