Avroid/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add myoffice scripts

Browse Source
This commit is contained in:
aleksandr.vodyanov
2024-04-09 10:19:48 +03:00
parent 6596117571
commit 9f2c40e688
28 changed files with 1310 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
myoffice_projects/co_scripts/pgs_avatar_sync/Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM python:3.11-alpine
ARG FLASK_PORT=8085
ENV FLASK_PORT=$FLASK_PORT
WORKDIR /opt/pgs_avatar
COPY . /opt/pgs_avatar
RUN python -m venv venv && \
source venv/bin/activate && \
pip install -U -r requirements.txt
EXPOSE $FLASK_PORT
CMD ["/bin/sh", "-c", "source venv/bin/activate; flask run --host 0.0.0.0 --port ${FLASK_PORT}"]

52
myoffice_projects/co_scripts/pgs_avatar_sync/README.md Normal file
View File

@@ -0,0 +1,52 @@
# PGS_AVATAR_SYNC
Скрипт использует Flask для REST API.
Позволяет при входе пользователей в CO обращаться на IPA сервер для получения фотографии пользователя, а затем, при необходимости, отправляет её в COAPI для обновления в профиле пользователя.
## Переменные окружения
| Название | Значение по умолчанию | Описание |
| ------------ | ---------------------------------------- | --------------------------------------------------- |
| CO_API_URL | "https://coapi.hyperus.team/api/v1/auth" | Конечная точка COAPI для работы с "profile/picture" |
| IPA_ADDRESS | ipa.hyperus.team | Адрес сервера IPA |
| IPA_LOGIN | automated.carbon | Учетная запись подключения к IPA |
| IPA_PASSWORD | - | Пароль учетной записи подключения к IPA |
## Установка
1. Собрать образ и запустить контейнер на сервере CO.
```bash
docker build . --build-arg FLASK_PORT=8085 --tag pgs_avatar_sync:0.0.1
docker run -d -e IPA_PASSWORD="securepassword" --name pgs_avatar_sync --network host --restart always pgs_avatar_sync:0.0.1
```
2. Добавить дополнительную обработку на стороне `openresty-lb-core-auth`:
#### `/opt/openresty/nginx/conf/co/lua/auth/co_auth_login.lua`
Ищем строку в конце файла (~60):
```lua
ngx.say(cjson.encode({ success = "true", token = token }));
```
Добавляем перед ней:
```lua
-- Send data for update avatars
local httpc = http:new();
local request = {
method = "POST",
body = cjson.encode({ login = login, token = token }),
headers = {
["Content-Type"] = "application/json; charset utf-8"
},
ssl_verify = false
};
--- Необходимо указать корректный порт, FLASK_PORT переданный при сборке
local avatar_res, avatar_err = httpc:request_uri("http://172.17.0.1:8085/avatar", request);
if not avatar_res then
ngx.log(ngx.ERR, "Request failed: ", avatar_err)
end
httpc:close();
ngx.log(ngx_INFO, "Update avatar for <" .. login .. ">.");
```

8
myoffice_projects/co_scripts/pgs_avatar_sync/app.py Normal file
View File

@@ -0,0 +1,8 @@
from flask import Flask
from flask_restful import Api
from modules.flask_view import PGSAvatarListener
app = Flask(__name__)
api = Api(app)
api.add_resource(PGSAvatarListener, "/avatar", methods=["POST"])

0
myoffice_projects/co_scripts/pgs_avatar_sync/modules/__init__.py Normal file
View File

48
myoffice_projects/co_scripts/pgs_avatar_sync/modules/flask_model.py Normal file
View File

@@ -0,0 +1,48 @@
import base64
import os
import python_freeipa
import requests
import warnings
warnings = warnings.filterwarnings("ignore")
class PGSAvatarModule:
def __init__(self):
self.CO_API_URL = os.getenv("COAPI_URL", "https://coapi.hyperus.team/api/v1/auth")
self.IPA_ADDRESS = os.getenv("IPA_ADDRESS", "ipa01.hyperus.team")
self.IPA_LOGIN = os.getenv("IPA_LOGIN", "automated.carbon")
self.IPA_PASSWORD = os.getenv("IPA_PASSWORD")
def get_avatar_ipa(self, login) -> str:
ipa_user = {}
ipa_user_avatar = ""
ipa_client = python_freeipa.ClientMeta(host=self.IPA_ADDRESS, verify_ssl=False)
ipa_client.login(self.IPA_LOGIN, self.IPA_PASSWORD)
ipa_users = ipa_client.user_find(o_uid=login)
ipa_client.logout()
if ipa_users["count"] == 1:
ipa_user = ipa_users["result"][0]
if "jpegphoto" in ipa_user:
ipa_user_avatar = ipa_user["jpegphoto"][-1]["__base64__"]
else:
return "User doesnt have avatar photo", 406
else:
return "User not found", 404
return base64.b64decode(ipa_user_avatar), 200
def get_avatar_pgs(self, token) -> str:
header = {"X-co-auth-token": token}
request = requests.get(url=f"{self.CO_API_URL}/profile/picture", headers=header)
if request.status_code == 200:
return request.content, 200
elif request.status_code == 204:
return "Avatar not exist", 204
return "Bad response from COAPI", 400
def update_avatar(self, login, token, photo) -> list:
header = {"X-co-auth-token": token}
file = [("file", ("avatar.jpg", photo, "image/jpeg"))]
request = requests.post(url=f"{self.CO_API_URL}/profile/picture", headers=header, data={}, files=file)
if request.status_code == 200:
return f"Avatar has been updated for user <{login}>", 200
return "Something bad with update process", 401

30
myoffice_projects/co_scripts/pgs_avatar_sync/modules/flask_view.py Normal file
View File

@@ -0,0 +1,30 @@
from flask_restful import reqparse, Resource
from .flask_model import PGSAvatarModule
class PGSAvatarListener(Resource):
parser = reqparse.RequestParser()
def get(self):
return "Method not allowed", 405
def delete(self):
return "Method not allowed", 405
def post(self):
self.parser.add_argument("login")
self.parser.add_argument("token")
args = self.parser.parse_args()
if not args["login"] or not args["token"]:
return "Not correct query", 400
login = args["login"].split("@")[0]
token = args["token"]
avatar_module = PGSAvatarModule()
ipa_photo = avatar_module.get_avatar_ipa(login)
pgs_photo = avatar_module.get_avatar_pgs(token)
if 400 in ipa_photo:
return ipa_photo
if 400 in pgs_photo:
return pgs_photo
if ipa_photo != pgs_photo:
return avatar_module.update_avatar(login, token, ipa_photo[0])
else:
return f"Avatar photo of user <{login}> is actual", 208

5
myoffice_projects/co_scripts/pgs_avatar_sync/requirements.txt Normal file
View File

@@ -0,0 +1,5 @@
flask
flask-restful
pip
python-freeipa
requests