Skip to content
Snippets Groups Projects
Commit b91f5eb0 authored by jaannigu's avatar jaannigu
Browse files

security tweaks

parent af55901c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
tutorials/apps/login/awscontroller.py
+ 6
1
View file @ b91f5eb0
...@@ -5,7 +5,11 @@ import os ...@@ -5,7 +5,11 @@ import os
import json import json
load_dotenv() load_dotenv()
task_arn_dict = {} task_arn_dict = {}
from login import log_into_file from datetime import datetime
def log_into_file(info):
with open("log/app.log", "a", encoding="utf-8") as f:
f.write(f"{datetime.now().strftime('%d-%m-%Y %H:%M:%S')} - {info}\n")
def run_ecs_container_fargate(new_image, email): def run_ecs_container_fargate(new_image, email):
""" """
1. Describes 'atlas-task' to get its container definitions. 1. Describes 'atlas-task' to get its container definitions.
...@@ -22,6 +26,7 @@ def run_ecs_container_fargate(new_image, email): ...@@ -22,6 +26,7 @@ def run_ecs_container_fargate(new_image, email):
security_groups = json.loads(os.getenv("SECURITY_GROUPS", [])) security_groups = json.loads(os.getenv("SECURITY_GROUPS", []))
try: try:
# Check if user email based task definition exists first
try: try:
existing_td_resp = ecs_client.describe_task_definition(taskDefinition=user_family) existing_td_resp = ecs_client.describe_task_definition(taskDefinition=user_family)
print(f"Found existing task definition family: {user_family}") print(f"Found existing task definition family: {user_family}")
......
tutorials/apps/login/login.py
+ 18
27
View file @ b91f5eb0
...@@ -44,8 +44,8 @@ oauth.register( ...@@ -44,8 +44,8 @@ oauth.register(
def log_into_file(info): def log_into_file(info):
with open("../../log/app.log", "a", encoding="utf-8") as f: with open("log/app.log", "a", encoding="utf-8") as f:
f.write(f"{datetime.now().strftime("%d-%m-%Y %H:%M:%S")} - {info}\n") f.write(f"{datetime.now().strftime('%d-%m-%Y %H:%M:%S')} - {info}\n")
def sanitize_email(email): def sanitize_email(email):
return re.sub(r'[^a-zA-Z0-9_-]', '-', email) return re.sub(r'[^a-zA-Z0-9_-]', '-', email)
...@@ -120,13 +120,15 @@ def index(): ...@@ -120,13 +120,15 @@ def index():
@app.route('/dashboard') @app.route('/dashboard')
def dashboard(): def dashboard():
userinfo = session.get('user') userinfo = session.get('user')
if not userinfo: if not userinfo:
return redirect(url_for('index')) return redirect(url_for('index'))
containerImage = userinfo.get("custom:containerImage", "<not found>") containerImage = userinfo.get("custom:containerImage", "<not found>")
log_into_file(f"User {userinfo.get('sub')} - launching container with image name: {containerImage}") id_token = request.args.get("token", "")
return f""" log_into_file(f"User {userinfo.get('sub')} - launching container with image name: {containerImage}")
return f"""
<html> <html>
<head> <head>
<title>Starting Container</title> <title>Starting Container</title>
...@@ -137,7 +139,6 @@ def dashboard(): ...@@ -137,7 +139,6 @@ def dashboard():
font-family: Arial, sans-serif; font-family: Arial, sans-serif;
background-color: #f8f9fa; background-color: #f8f9fa;
}} }}
.container {{ .container {{
max-width: 600px; max-width: 600px;
margin: 60px auto; margin: 60px auto;
...@@ -147,19 +148,16 @@ def dashboard(): ...@@ -147,19 +148,16 @@ def dashboard():
border-radius: 8px; border-radius: 8px;
box-shadow: 0 0 10px rgba(0,0,0,0.1); box-shadow: 0 0 10px rgba(0,0,0,0.1);
}} }}
h1 {{ h1 {{
margin-top: 0; margin-top: 0;
font-size: 2em; font-size: 2em;
color: #333; color: #333;
}} }}
p {{ p {{
font-size: 1em; font-size: 1em;
color: #666; color: #666;
line-height: 1.5; line-height: 1.5;
}} }}
.loader {{ .loader {{
margin: 40px auto; margin: 40px auto;
border: 16px solid #f3f3f3; border: 16px solid #f3f3f3;
...@@ -169,27 +167,21 @@ def dashboard(): ...@@ -169,27 +167,21 @@ def dashboard():
height: 60px; height: 60px;
animation: spin 2s linear infinite; animation: spin 2s linear infinite;
}} }}
@keyframes spin {{ @keyframes spin {{
0% {{ transform: rotate(0deg); }} 0% {{ transform: rotate(0deg); }}
100% {{ transform: rotate(360deg); }} 100% {{ transform: rotate(360deg); }}
}} }}
</style> </style>
<script> <script>
function getCookie(name) {{ const idToken = "{id_token}";
const match = document.cookie.match(new RegExp('(^| )' + name + '=([^;]+)'));
return match ? match[2] : '';
}}
window.addEventListener('DOMContentLoaded', () => {{ window.addEventListener('DOMContentLoaded', () => {{
const myToken = getCookie('my_token');
fetch('/launch?containerImage={containerImage}') fetch('/launch?containerImage={containerImage}')
.then(response => response.json()) .then(response => response.json())
.then(data => {{ .then(data => {{
if (data.public_ip) {{ if (data.public_ip) {{
window.location.href = 'http://' + data.public_ip + ':5006/app?token=' window.location.href = 'http://' + data.public_ip + ':5006/app?token='
+ encodeURIComponent(myToken) + '&ip=' + encodeURIComponent(data.public_ip); + encodeURIComponent(idToken) + '&ip=' + encodeURIComponent(data.public_ip);
}} else {{ }} else {{
document.body.innerHTML = ` document.body.innerHTML = `
<div class="container"> <div class="container">
...@@ -203,7 +195,7 @@ def dashboard(): ...@@ -203,7 +195,7 @@ def dashboard():
document.body.innerHTML = ` document.body.innerHTML = `
<div class="container"> <div class="container">
<h1>Request Failed</h1> <h1>Request Failed</h1>
<p>(err)</p> <p>${{err}}</p>
</div> </div>
`; `;
}}); }});
...@@ -266,6 +258,7 @@ def authorize(): ...@@ -266,6 +258,7 @@ def authorize():
""" """
if 'code' not in request.args: if 'code' not in request.args:
return redirect(url_for('index')) return redirect(url_for('index'))
token = oauth.oidc.authorize_access_token() token = oauth.oidc.authorize_access_token()
# token usually includes 'access_token', 'id_token', 'refresh_token', etc. # token usually includes 'access_token', 'id_token', 'refresh_token', etc.
...@@ -275,17 +268,15 @@ def authorize(): ...@@ -275,17 +268,15 @@ def authorize():
return redirect(url_for('index')) return redirect(url_for('index'))
session['user'] = userinfo session['user'] = userinfo
id_token = token.get('id_token') id_token = token.get('id_token')
user_sub = userinfo.get('sub') user_sub = userinfo.get('sub')
if user_sub: if user_sub:
log_into_file(f"User {user_sub} logged in successfully.") log_into_file(f"User {user_sub} logged in successfully.")
else: else:
log_into_file("User with no 'sub' property logged in.") log_into_file("User with no 'sub' property logged in.")
#decoded = jwt.decode(id_token, options={"verify_signature": False})# debugging #decoded = jwt.decode(id_token, options={"verify_signature": False})# debugging
resp = make_response(redirect(url_for('dashboard'))) resp = make_response(redirect(url_for('dashboard', token=id_token)))
if 'sub' in userinfo:
resp.set_cookie('my_token', id_token, httponly=False)
else:
resp.set_cookie('my_token', 'No_id_token', httponly=False)
return resp return resp
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment