2641a1b874
- R11: pin requirements.txt to the versions running in the image, so a rebuild can't pull a breaking upstream release. Documented how to upgrade. - R12: log rotation now also prunes job_runs rows older than 90 days (nulling the manual_imports FK reference first), so the table doesn't grow without bound. dedup/genre candidates are review state and left alone. - U5: credential form shows non-secret fields (URLs, usernames, prefs) as plain text so they can be verified while typing; only real secrets stay masked. Dashboard IP card reworded from gluetun-specific to generic "Outbound IP". - S9: enforce ALLOWED_EMAIL at the OIDC callback, before any user row or session is created, instead of only on later requests. Verified: pinned build resolves; prune deletes only old rows and keeps the manual_imports record; credentials page renders text+password inputs; a disallowed email gets 403 with no user row, an allowed one succeeds. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
70 lines
2.8 KiB
Python
70 lines
2.8 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, Request
|
|
from fastapi.responses import RedirectResponse
|
|
from fastapi.templating import Jinja2Templates
|
|
|
|
from app.db import get_db
|
|
from app.security import crypto
|
|
from app.security.deps import require_auth
|
|
from app.services import credential_service
|
|
|
|
router = APIRouter(prefix="/settings/credentials", tags=["credentials"])
|
|
templates = Jinja2Templates(directory="app/templates")
|
|
|
|
|
|
@router.get("")
|
|
async def credentials_index(request: Request, user: dict = Depends(require_auth), db=Depends(get_db)):
|
|
# Write-only by design: never send a previously-saved secret value back
|
|
# to the browser. Each scope just reports which fields are already set.
|
|
configured = {
|
|
scope: set(credential_service.get_scope(db, scope).keys())
|
|
for scope in credential_service.SCOPE_FIELDS
|
|
}
|
|
enabled = {
|
|
scope: credential_service.is_scope_enabled(db, scope)
|
|
for scope in credential_service.SCOPE_FIELDS
|
|
}
|
|
return templates.TemplateResponse(
|
|
request,
|
|
"credentials/index.html",
|
|
{
|
|
"scope_fields": credential_service.SCOPE_FIELDS,
|
|
"scope_descriptions": credential_service.SCOPE_DESCRIPTIONS,
|
|
"core_scopes": credential_service.CORE_SCOPES,
|
|
"secret_keys": credential_service.SECRET_KEYS,
|
|
"configured": configured,
|
|
"enabled": enabled,
|
|
"key_present": crypto.key_present(),
|
|
},
|
|
)
|
|
|
|
|
|
@router.post("/{scope}")
|
|
async def save_credentials(
|
|
scope: str, request: Request, user: dict = Depends(require_auth), db=Depends(get_db)
|
|
):
|
|
if scope not in credential_service.SCOPE_FIELDS:
|
|
raise HTTPException(404, "unknown credential scope")
|
|
form = await request.form()
|
|
values = {
|
|
field: value
|
|
for field, value in form.items()
|
|
if field in credential_service.SCOPE_FIELDS[scope] and value != ""
|
|
}
|
|
try:
|
|
credential_service.set_credentials(db, scope, values)
|
|
except RuntimeError:
|
|
# Almost always the encryption key is missing, so the value can't be
|
|
# encrypted. Redirect back; the page shows a key-missing banner with
|
|
# exactly what to do.
|
|
return RedirectResponse(url="/settings/credentials", status_code=303)
|
|
return RedirectResponse(url="/settings/credentials", status_code=303)
|
|
|
|
|
|
@router.post("/{scope}/toggle")
|
|
async def toggle_scope(scope: str, user: dict = Depends(require_auth), db=Depends(get_db)):
|
|
if scope not in credential_service.OPTIONAL_SCOPES:
|
|
raise HTTPException(404, "unknown or non-toggleable credential scope")
|
|
currently_enabled = credential_service.is_scope_enabled(db, scope)
|
|
credential_service.set_scope_enabled(db, scope, not currently_enabled)
|
|
return RedirectResponse(url="/settings/credentials", status_code=303)
|