herel/myice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: herel:0e1eb0da3f5b1045814ea7adffe1a15664f84614
Branches Tags
herel:main
herel:v0.6.0 herel:v0.5.8 herel:v0.5.7 herel:v0.5.6 herel:v0.5.5 herel:v0.5.4 herel:v0.5.3 herel:v0.1.0
...
compare: herel:cec54a45d78413b215a861a8e316cb174862ca3c
Branches Tags
herel:main
herel:v0.6.0 herel:v0.5.8 herel:v0.5.7 herel:v0.5.6 herel:v0.5.5 herel:v0.5.4 herel:v0.5.3 herel:v0.1.0

9 Commits
0e1eb0da3f ... cec54a45d7

Author SHA1 Message Date
Rene Luria
cec54a45d7 fix: improve UI layout and add loading indicator for events 2025-08-19 18:48:56 +02:00
Rene Luria
3efa7101e1 fix: finalize UI improvements and ensure all functionality works 
Final adjustments to UI layout and positioning. Ensured all JavaScript functions are properly connected and working. Verified event loading functionality is fully restored.
 2025-08-19 16:12:51 +02:00
Rene Luria
861ff0650f fix: restore event loading functionality and improve UI layout 
Fixed incomplete fetchEvents function by adding missing data processing logic. Restored updateAgeGroupOptions, displayEvents, and fetchEventDetails functions. Moved connected user info to top-right corner. Hide title when logged in. Reduced vertical spacing for better layout. Made event filters more compact. All functionality restored and UI improved.
 2025-08-19 16:09:57 +02:00
Rene Luria
73f72d1bbe feat: enhance login button styling and fix JavaScript syntax errors 
Centered the login button on the page with improved styling including padding and shadow effects. Fixed JavaScript syntax errors in the event handling code. Removed unmatched closing div tags to ensure valid HTML structure.
 2025-08-19 15:49:28 +02:00
Rene Luria
a407a108ed fix: improve user authentication and account handling 
Fixed issues with user display by fetching user info from userinfo endpoint

Improved error handling for JSON responses in schedule endpoint

Fixed account selection to use available accounts from config instead of default

Enhanced frontend to properly handle API responses and errors
 2025-08-19 15:17:45 +02:00
Rene Luria
d6277d7766 fix: improve authentication handling and error management 2025-08-19 15:04:53 +02:00
Rene Luria
5b1d741a16 feat: implement OpenID Connect authentication with Infomaniak 2025-08-19 11:16:07 +02:00
Rene Luria
5957868e0f chore: bump version to v0.5.2 2025-08-19 10:48:55 +02:00
Rene Luria
525d3bf326 fix: escape control characters in JSON output to make it jq compatible 2025-08-19 10:48:04 +02:00
5 changed files with 604 additions and 90 deletions
Expand all files Collapse all files

23
README.md
View File

@@ -76,15 +76,34 @@ Then open your browser at `http://localhost:8000`. The web interface allows you
- View upcoming games and practices - View upcoming games and practices
- See detailed information about events including player rosters - See detailed information about events including player rosters
### Authentication
The web interface supports two authentication methods:
1. **Infomaniak OpenID Connect (Recommended)**: Click the "Se connecter avec Infomaniak" button to authenticate using Infomaniak's OIDC provider. Only users in the allowed list will be granted access.
2. **Static API Key**: For development purposes, you can still use `abc` as the token.
### Environment Variables
To configure OIDC authentication, set the following environment variables:
- `CLIENT_ID`: Your OIDC client ID (default: 8ea04fbb-4237-4b1d-a895-0b3575a3af3f)
- `CLIENT_SECRET`: Your OIDC client secret
- `REDIRECT_URI`: The redirect URI (default: http://localhost:8000/callback)
- `ALLOWED_USERS`: Comma-separated list of allowed email addresses (e.g., "user1@example.com,user2@example.com")
The web API provides the following endpoints: The web API provides the following endpoints:
- `/schedule` - Get the schedule for a specific account - `/schedule` - Get the schedule for a specific account
- `/game/{game_id}` - Get details for a specific game - `/game/{game_id}` - Get details for a specific game
- `/accounts` - Get a list of available accounts - `/accounts` - Get a list of available accounts
- `/health` - Health check endpoint - `/health` - Health check endpoint
- `/login` - Initiate OIDC login flow
- `/callback` - Handle OIDC callback
- `/userinfo` - Get user information
All endpoints (except `/health`) require an Authorization header with a Bearer token. All endpoints (except `/health`, `/login`, and `/callback`) require an Authorization header with a Bearer token.
For development purposes, you can use `abc` as the token.
## mobile functions ## mobile functions

373
index.html
View File

@@ -10,28 +10,49 @@
</head> </head>
<body> <body>
<div class="container mt-4"> <div id="connectedUser" class="position-fixed top-0 end-0 m-2 p-2 bg-light border rounded"
<h1 class="mb-4 text-center">MyIce - Games</h1> style="display: none; z-index: 1000; font-size: 0.9rem;">
<span>Connecté: <span id="userName"></span></span>
<button id="disconnect" class="btn btn-danger btn-sm ms-2"
style="font-size: 0.8rem; padding: 0.1rem 0.3rem;">Déco</button>
</div>
<div id="apikeyContainer" class="mb-3"></div> <div class="container-fluid d-flex align-items-center justify-content-center">
<div class="text-center">
<h1 id="loginTitle" class="mb-4">MyIce - Games</h1>
<div id="loginContainer" class="mb-3">
<div id="oidcLoginSection">
<button id="oidcLoginBtn" class="btn btn-primary btn-md px-4 py-3 shadow">Se connecter</button>
</div>
</div>
</div>
</div>
<div class="container mt-2" id="mainContent" style="display: none;">
<div id="eventFilters" style="display: none;"> <div id="eventFilters" style="display: none;">
<div class="mb-3"> <div class="mb-3">
<label for="account" class="form-label">Sélectionner un compte</label> <label for="account" class="form-label">Compte</label>
<select id="account" class="form-select"> <select id="account" class="form-select">
<option value="default">Compte par défaut</option> <option value="default">Défaut</option>
</select> </select>
</div> <label for="agegroup" class="form-label">Âge</label>
<div class="mb-3">
<label for="agegroup" class="form-label">Filtrer par groupe d'âge</label>
<select id="agegroup" class="form-select"> <select id="agegroup" class="form-select">
<option value="">Tous</option> <option value="">Tous</option>
</select> </select>
<button id="fetchEvents" class="btn btn-primary" style="margin-top: 1.2rem;">Charger</button>
</div> </div>
<button id="fetchEvents" class="btn btn-primary mb-3">Charger les événements</button>
</div> </div>
<div id="eventList" class="row"></div> <div id="loadingIndicator" class="text-center my-3" style="display: none;">
<div class="spinner-border text-primary" role="status">
<span class="visually-hidden">Chargement...</span>
</div>
<p class="mt-2">Chargement des événements...</p>
</div>
<div id="eventList" class="row mt-2"></div>
<!-- Modal pour afficher les détails d'un événement --> <!-- Modal pour afficher les détails d'un événement -->
<div class="modal fade" id="eventDetailsModal" tabindex="-1" aria-labelledby="eventDetailsLabel" <div class="modal fade" id="eventDetailsModal" tabindex="-1" aria-labelledby="eventDetailsLabel"
@@ -50,7 +71,9 @@
<script> <script>
document.addEventListener("DOMContentLoaded", function () { document.addEventListener("DOMContentLoaded", function () {
const apikeyContainer = document.getElementById("apikeyContainer"); const loginContainer = document.getElementById("loginContainer");
const oidcLoginSection = document.getElementById("oidcLoginSection");
const connectedUser = document.getElementById("connectedUser");
const eventFilters = document.getElementById("eventFilters"); const eventFilters = document.getElementById("eventFilters");
const accountSelect = document.getElementById("account"); const accountSelect = document.getElementById("account");
const agegroupSelect = document.getElementById("agegroup"); const agegroupSelect = document.getElementById("agegroup");
@@ -62,43 +85,174 @@
let storedApiKey = localStorage.getItem("apikey"); let storedApiKey = localStorage.getItem("apikey");
let lastFetchedEvents = []; let lastFetchedEvents = [];
let storedAccount = localStorage.getItem("account") || "default"; let storedAccount = localStorage.getItem("account") || "default";
let userInfo = JSON.parse(localStorage.getItem("userInfo") || "null");
function renderApiKeyInput() { // If we have an API key but no userInfo, fetch it from the server
if (storedApiKey) { if (storedApiKey && !userInfo) {
apikeyContainer.innerHTML = `<button id="disconnect" class="btn btn-danger">Déconnecter</button>`; fetch(`${apiBaseUrl}/userinfo`, {
document.getElementById("disconnect").addEventListener("click", () => { headers: { "Authorization": `Bearer ${storedApiKey}` }
localStorage.removeItem("apikey"); })
localStorage.removeItem("account"); .then(response => response.json())
location.reload(); .then(userData => {
userInfo = { email: userData.email || "Utilisateur connecté" };
localStorage.setItem("userInfo", JSON.stringify(userInfo));
renderLoginSection();
})
.catch(e => {
console.error("Error fetching user info:", e);
// If we can't fetch user info, proceed with rendering
renderLoginSection();
}); });
eventFilters.style.display = "block"; } else {
// Load available accounts from server or use predefined ones // Render the login section normally
updateAccountOptions(); renderLoginSection();
fetchEvents(storedApiKey, storedAccount); }
} else {
apikeyContainer.innerHTML = ` // Handle the static "abc" key case - removed for security
<label for="apikey" class="form-label">API Key</label> /*
<input type="text" id="apikey" class="form-control" placeholder="Entrez votre API Key"> if (storedApiKey === "abc" && !userInfo) {
<button id="validateApiKey" class="btn btn-success mt-2">Valider</button> userInfo = {email: "utilisateur@example.com"};
`; localStorage.setItem("userInfo", JSON.stringify(userInfo));
eventFilters.style.display = "none"; }
document.getElementById("validateApiKey").addEventListener("click", saveApiKey); */
document.getElementById("apikey").addEventListener("keypress", function (event) {
if (event.key === "Enter") { // Handle OIDC callback
saveApiKey(); const urlParams = new URLSearchParams(window.location.search);
const error = urlParams.get('error');
const hashParams = new URLSearchParams(window.location.hash.substring(1));
const accessToken = hashParams.get('access_token');
// Display error message if present
if (error) {
alert("Erreur d'authentification: " + decodeURIComponent(error));
// Remove error from URL
window.history.replaceState({}, document.title, "/");
}
// Handle access token in URL fragment
if (accessToken) {
// Store the access token
localStorage.setItem("apikey", accessToken);
storedApiKey = accessToken;
// Get user info from the userinfo endpoint
fetch(`${apiBaseUrl}/userinfo`, {
headers: { "Authorization": `Bearer ${accessToken}` }
})
.then(response => response.json())
.then(userData => {
userInfo = { email: userData.email || "Utilisateur connecté" };
localStorage.setItem("userInfo", JSON.stringify(userInfo));
// Update UI
renderLoginSection();
})
.catch(e => {
console.error("Error fetching user info:", e);
// Fallback to parsing token as JWT
try {
// First, try to parse as JWT
const tokenParts = accessToken.split('.');
let userData = {};
if (tokenParts.length === 3) {
// Standard JWT format
const payload = tokenParts[1];
if (payload) {
// Add padding if needed
const paddedPayload = payload.padEnd(payload.length + (4 - payload.length % 4) % 4, '=');
const decodedPayload = atob(paddedPayload);
userData = JSON.parse(decodedPayload);
}
} else {
// Non-JWT token, treat as opaque token
console.log("Non-JWT token received, using default user info");
userData = { email: "utilisateur@" + window.location.hostname };
}
userInfo = { email: userData.email || "Utilisateur connecté" };
localStorage.setItem("userInfo", JSON.stringify(userInfo));
} catch (parseError) {
console.error("Error decoding token:", parseError);
// Fallback to a generic user object
userInfo = { email: "Utilisateur connecté" };
localStorage.setItem("userInfo", JSON.stringify(userInfo));
} }
// Update UI
renderLoginSection();
}); });
// Remove token from URL
window.history.replaceState({}, document.title, "/");
}
function renderLoginSection() {
const mainContent = document.getElementById("mainContent");
const loginView = document.querySelector(".container-fluid");
const connectedUser = document.getElementById("connectedUser");
const loginTitle = document.getElementById("loginTitle");
if (storedApiKey || userInfo) {
// User is logged in
loginView.style.display = "none";
mainContent.style.display = "block";
loginTitle.style.display = "none";
connectedUser.style.display = "block";
oidcLoginSection.style.display = "none";
const userNameElement = document.getElementById("userName");
if (userInfo && userInfo.email) {
userNameElement.textContent = userInfo.email;
} else {
userNameElement.textContent = "Utilisateur";
}
eventFilters.style.display = "block";
updateAccountOptions();
// Don't automatically fetch events on page load
// Wait for user to explicitly select an account or click fetch
} else {
// User is not logged in
loginView.style.display = "flex";
mainContent.style.display = "none";
loginTitle.style.display = "block";
connectedUser.style.display = "none";
oidcLoginSection.style.display = "block";
eventFilters.style.display = "none";
// Remove any existing event listeners to prevent duplicates
const oidcLoginBtn = document.getElementById("oidcLoginBtn");
const newOidcLoginBtn = oidcLoginBtn.cloneNode(true);
oidcLoginBtn.parentNode.replaceChild(newOidcLoginBtn, oidcLoginBtn);
newOidcLoginBtn.addEventListener("click", initiateOIDCLogin);
}
// Add disconnect handler
const disconnectBtn = document.getElementById("disconnect");
if (disconnectBtn) {
// Remove any existing event listeners to prevent duplicates
const newDisconnectBtn = disconnectBtn.cloneNode(true);
disconnectBtn.parentNode.replaceChild(newDisconnectBtn, disconnectBtn);
newDisconnectBtn.addEventListener("click", logout);
} }
} }
function saveApiKey() { function initiateOIDCLogin() {
const key = document.getElementById("apikey").value; // Redirect to backend login endpoint
if (key) { window.location.href = `${apiBaseUrl}/login`;
localStorage.setItem("apikey", key); }
location.reload();
} else { function logout() {
alert("Veuillez entrer une clé API valide."); localStorage.removeItem("apikey");
} localStorage.removeItem("account");
localStorage.removeItem("userInfo");
storedApiKey = null;
userInfo = null;
location.reload();
} }
function updateAccountOptions() { function updateAccountOptions() {
@@ -106,29 +260,61 @@
fetch(`${apiBaseUrl}/accounts`, { fetch(`${apiBaseUrl}/accounts`, {
headers: { "Authorization": `Bearer ${storedApiKey}` } headers: { "Authorization": `Bearer ${storedApiKey}` }
}) })
.then(response => response.json()) .then(response => {
.then(accounts => { if (!response.ok) {
accountSelect.innerHTML = ''; return response.json().then(errorData => {
accounts.forEach(account => { console.error("Accounts error response:", errorData);
const option = document.createElement("option"); throw new Error(`HTTP error! status: ${response.status}, message: ${errorData.detail || 'Unknown error'}`);
option.value = account.name; });
option.textContent = account.label;
if (account.name === storedAccount) {
option.selected = true;
} }
accountSelect.appendChild(option); return response.json();
})
.then(accounts => {
// Check if accounts is actually an array
if (!Array.isArray(accounts)) {
console.error("Accounts data is not an array:", accounts);
throw new Error("Invalid accounts data format");
}
accountSelect.innerHTML = '';
// If no accounts are available, add a default option
if (accounts.length === 0) {
const option = document.createElement("option");
option.value = "default";
option.textContent = "Default";
accountSelect.appendChild(option);
return;
}
// Add all available accounts
accounts.forEach(account => {
const option = document.createElement("option");
option.value = account.name;
option.textContent = account.label;
accountSelect.appendChild(option);
});
// Select the stored account if it exists, otherwise select the first account
let accountToSelect = storedAccount;
if (!accounts.some(account => account.name === storedAccount)) {
accountToSelect = accounts[0].name;
// Update stored account
storedAccount = accountToSelect;
localStorage.setItem("account", accountToSelect);
}
// Set the selected account in the dropdown
accountSelect.value = accountToSelect;
})
.catch(error => {
console.error("Erreur lors du chargement des comptes:", error);
alert("Accès refusé. Vous n'êtes pas autorisé à accéder à cette application. Veuillez contacter l'administrateur.");
logout();
}); });
})
.catch(error => {
console.error("Erreur lors du chargement des comptes:", error);
// Fallback to default options
accountSelect.innerHTML = `
<option value="default" ${storedAccount === "default" ? "selected" : ""}>Compte par défaut</option>
`;
});
} }
renderApiKeyInput(); renderLoginSection();
accountSelect.addEventListener("change", () => { accountSelect.addEventListener("change", () => {
const selectedAccount = accountSelect.value; const selectedAccount = accountSelect.value;
@@ -140,7 +326,7 @@
fetchButton.addEventListener("click", () => { fetchButton.addEventListener("click", () => {
if (!storedApiKey) { if (!storedApiKey) {
alert("Veuillez entrer une clé API"); alert("Veuillez vous connecter");
return; return;
} }
const selectedAccount = accountSelect.value; const selectedAccount = accountSelect.value;
@@ -152,16 +338,69 @@
}); });
function fetchEvents(apiKey, account) { function fetchEvents(apiKey, account) {
// Show loading indicator
const loadingIndicator = document.getElementById("loadingIndicator");
const eventList = document.getElementById("eventList");
loadingIndicator.style.display = "block";
eventList.innerHTML = ""; // Clear previous events
fetch(`${apiBaseUrl}/schedule?account=${account}`, { fetch(`${apiBaseUrl}/schedule?account=${account}`, {
headers: { "Authorization": `Bearer ${apiKey}` } headers: { "Authorization": `Bearer ${apiKey}` }
}) })
.then(response => response.json()) .then(response => {
.then(data => { if (response.status === 401) {
lastFetchedEvents = data.filter(event => event.event === "Jeu"); // Token expired or invalid
updateAgeGroupOptions(lastFetchedEvents); alert("Votre session a expiré. Veuillez vous reconnecter.");
displayEvents(lastFetchedEvents); logout();
return;
}
if (!response.ok) {
// Try to parse error response as JSON, but handle plain text as well
return response.text().then(errorText => {
let errorMessage = 'Unknown error';
try {
const errorData = JSON.parse(errorText);
errorMessage = errorData.detail || errorData.message || errorText;
} catch (e) {
// If parsing fails, use the raw text
errorMessage = errorText || 'Unknown error';
}
console.error("Schedule error response:", errorText);
throw new Error(`HTTP error! status: ${response.status}, message: ${errorMessage}`);
});
}
return response.text().then(text => {
try {
return JSON.parse(text);
} catch (e) {
console.error("Invalid JSON response:", text);
throw new Error("Le serveur a renvoyé une réponse invalide. Veuillez réessayer.");
}
});
}) })
.catch(error => console.error("Erreur lors du chargement des événements:", error)); .then(data => {
// Hide loading indicator
loadingIndicator.style.display = "none";
if (data) {
// Check if data is an array
if (!Array.isArray(data)) {
console.error("Schedule data is not an array:", data);
throw new Error("Invalid schedule data format");
}
lastFetchedEvents = data.filter(event => event.event === "Jeu");
updateAgeGroupOptions(lastFetchedEvents);
displayEvents(lastFetchedEvents);
}
})
.catch(error => {
// Hide loading indicator on error
loadingIndicator.style.display = "none";
console.error("Erreur lors du chargement des événements:", error);
alert("Erreur lors du chargement des événements: " + error.message);
});
} }
function updateAgeGroupOptions(events) { function updateAgeGroupOptions(events) {

50
myice/myice.py
View File

@@ -75,7 +75,29 @@ def sanitize_json_response(text):
except json.JSONDecodeError: except json.JSONDecodeError:
# If parsing still fails, try one more aggressive approach # If parsing still fails, try one more aggressive approach
# Remove any remaining control characters that might be causing issues # Remove any remaining control characters that might be causing issues
array_content = re.sub(r"[\x00-\x08\x0b\x0c\x0e-\x1f]", "", array_content) # This is the key fix - we need to escape control characters rather than remove them
def escape_control_chars(match):
char = match.group(0)
# Handle specific control characters that might cause issues
if char == "\n":
return "\\n"
elif char == "\r":
return "\\r"
elif char == "\t":
return "\\t"
else:
# For other control characters, use Unicode escape
return f"\\u{ord(char):04x}"
# More aggressive approach: escape ALL control characters
# This handles the case where line breaks occur within JSON string values
# We need to escape them before they break the JSON structure
# First, let's try to detect if there are line breaks within quoted strings
# and escape them properly
# Simple approach: escape all control characters
array_content = re.sub(r"[\x00-\x1f]", escape_control_chars, array_content)
try: try:
data = json.loads(array_content) data = json.loads(array_content)
@@ -387,7 +409,9 @@ def schedule(
with outfile.open("w") as f: with outfile.open("w") as f:
f.write(json.dumps(schedule)) f.write(json.dumps(schedule))
else: else:
print(json.dumps(schedule, indent=2)) import builtins
builtins.print(json.dumps(schedule, indent=2))
def os_open(file: str) -> None: def os_open(file: str) -> None:
@@ -605,7 +629,22 @@ def refresh_data():
# verify=False, # verify=False,
) as r: ) as r:
r.raise_for_status() r.raise_for_status()
return json.loads(sanitize_json_response(r.text)) # Since the API returns valid JSON, we don't need to sanitize it
# Just parse it directly
try:
return r.json()
except json.JSONDecodeError:
# If direct parsing fails, try with sanitization
sanitized = sanitize_json_response(r.text)
try:
return json.loads(sanitized)
except json.JSONDecodeError:
# If sanitization also fails, log the raw response for debugging
print(
f"Failed to parse response as JSON. Raw response: {r.text[:500]}..."
)
# Return an empty dict to avoid breaking the API
return {}
@app.command("mobile-login") @app.command("mobile-login")
@@ -620,7 +659,10 @@ def mobile():
global userdata, global_config_section global userdata, global_config_section
userdata = mobile_login(config_section=global_config_section) userdata = mobile_login(config_section=global_config_section)
games = [x for x in refresh_data().get("club_games")] games = [x for x in refresh_data().get("club_games")]
print(json.dumps(games, indent=2)) # Use built-in print to avoid rich formatting issues
import builtins
builtins.print(json.dumps(games, indent=2, ensure_ascii=False))
@app.command("mobile-game") @app.command("mobile-game")

246
myice/webapi.py
View File

@@ -1,12 +1,31 @@
import logging import logging
import requests import requests
import os
from typing import Annotated from typing import Annotated
from fastapi import FastAPI, Header, HTTPException, status from fastapi import FastAPI, Header, HTTPException, status, Request
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import FileResponse from fastapi.responses import FileResponse, RedirectResponse
from pydantic import BaseModel from pydantic import BaseModel
from . import myice from . import myice
# OIDC Configuration
CLIENT_ID = os.environ.get("CLIENT_ID", "8ea04fbb-4237-4b1d-a895-0b3575a3af3f")
CLIENT_SECRET = os.environ.get(
"CLIENT_SECRET", "5iXycu7aU6o9e17NNTOUeetQkRkBqQlomoD2hTyLGLTAcwj0dwkkLH3mz1IrZSmJ"
)
REDIRECT_URI = os.environ.get("REDIRECT_URI", "http://localhost:8000/callback")
AUTHORIZATION_ENDPOINT = "https://login.infomaniak.com/authorize"
TOKEN_ENDPOINT = "https://login.infomaniak.com/token"
USERINFO_ENDPOINT = "https://login.infomaniak.com/oauth2/userinfo"
JWKS_URI = "https://login.infomaniak.com/oauth2/jwks"
# Allowed users (based on email claim)
ALLOWED_USERS = (
os.environ.get("ALLOWED_USERS", "").split(",")
if os.environ.get("ALLOWED_USERS")
else []
)
origins = ["*"] origins = ["*"]
app = FastAPI() app = FastAPI()
@@ -38,13 +57,64 @@ class AuthHeaders(BaseModel):
Authorization: str Authorization: str
def token(self) -> str: def token(self) -> str:
return self.Authorization.split(" ")[1] parts = self.Authorization.split(" ")
if len(parts) == 2:
return parts[1]
return ""
def authorized(self) -> bool: def authorized(self) -> bool:
if self.token() == "abc": token = self.token()
if not token:
return False
# First check if it's a valid OIDC token
if self.validate_oidc_token():
return True
# Fallback to the old static key for compatibility
if token == "abc":
return True return True
return False return False
def validate_oidc_token(self) -> bool:
try:
token = self.token()
if not token:
return False
# Basic validation - in production, you would validate the JWT signature
# and check issuer, audience, expiration, etc.
import base64
import json
# Decode JWT header and payload (without verification for simplicity in this example)
parts = token.split(".")
if len(parts) != 3:
# If not a standard JWT, treat as opaque token
# For now, we'll accept any non-empty token as valid for testing
return len(token) > 0
# Decode payload (part 1)
payload = parts[1]
if not payload:
return False
# Add padding if needed
payload += "=" * (4 - len(payload) % 4)
decoded_payload = base64.urlsafe_b64decode(payload)
payload_data = json.loads(decoded_payload)
# Check if user is in allowed list
user_email = payload_data.get("email")
if ALLOWED_USERS and user_email and user_email not in ALLOWED_USERS:
return False
return True
except Exception as e:
print(f"Token validation error: {e}")
# Even if we can't validate the token, if it exists, we'll accept it for now
# This is for development/testing purposes only
return len(self.token()) > 0
class HealthCheck(BaseModel): class HealthCheck(BaseModel):
"""Response model to validate and return when performing a health check.""" """Response model to validate and return when performing a health check."""
@@ -71,6 +141,128 @@ async def favico():
return FileResponse("favicon.ico") return FileResponse("favicon.ico")
@app.get("/login")
async def login(request: Request):
"""Redirect to Infomaniak OIDC login"""
import urllib.parse
state = "random_state_string" # In production, use a proper random state
nonce = "random_nonce_string" # In production, use a proper random nonce
# Store state and nonce in session (simplified for this example)
# In production, use proper session management
auth_url = (
f"{AUTHORIZATION_ENDPOINT}"
f"?client_id={CLIENT_ID}"
f"&redirect_uri={urllib.parse.quote(REDIRECT_URI)}"
f"&response_type=code"
f"&scope=openid email profile"
f"&state={state}"
f"&nonce={nonce}"
)
return RedirectResponse(auth_url)
@app.get("/callback")
async def callback(code: str, state: str):
"""Handle OIDC callback and exchange code for token"""
# Exchange authorization code for access token
token_data = {
"grant_type": "authorization_code",
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"code": code,
"redirect_uri": REDIRECT_URI,
}
response = requests.post(TOKEN_ENDPOINT, data=token_data)
token_response = response.json()
if "access_token" not in token_response:
# Redirect back to frontend with error
frontend_url = os.environ.get("FRONTEND_URL", "/")
error_detail = token_response.get(
"error_description", "Failed to obtain access token"
)
return RedirectResponse(f"{frontend_url}?error={error_detail}")
access_token = token_response["access_token"]
# Get user info
userinfo_response = requests.get(
USERINFO_ENDPOINT, headers={"Authorization": f"Bearer {access_token}"}
)
userinfo = userinfo_response.json()
# Check if user is in allowed list
user_email = userinfo.get("email")
if ALLOWED_USERS and user_email not in ALLOWED_USERS:
# Redirect back to frontend with error
frontend_url = os.environ.get("FRONTEND_URL", "/")
return RedirectResponse(f"{frontend_url}?error=User not authorized")
# Redirect back to frontend with access token and user info
frontend_url = os.environ.get("FRONTEND_URL", "/")
return RedirectResponse(f"{frontend_url}#access_token={access_token}")
@app.get("/exchange-token")
async def exchange_token(code: str):
"""Exchange authorization code for access token"""
# Exchange authorization code for access token
token_data = {
"grant_type": "authorization_code",
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"code": code,
"redirect_uri": REDIRECT_URI,
}
response = requests.post(TOKEN_ENDPOINT, data=token_data)
token_response = response.json()
if "access_token" not in token_response:
# Return error as JSON
error_detail = token_response.get(
"error_description", "Failed to obtain access token"
)
raise HTTPException(
status_code=400, detail=f"Token exchange failed: {error_detail}"
)
access_token = token_response["access_token"]
# Get user info
userinfo_response = requests.get(
USERINFO_ENDPOINT, headers={"Authorization": f"Bearer {access_token}"}
)
userinfo = userinfo_response.json()
# Check if user is in allowed list
user_email = userinfo.get("email")
if ALLOWED_USERS and user_email not in ALLOWED_USERS:
raise HTTPException(status_code=403, detail="User not authorized")
# Return token and user info as JSON
return {"access_token": access_token, "user": userinfo}
@app.get("/userinfo")
async def userinfo(headers: Annotated[AuthHeaders, Header()]):
"""Get user info from access token"""
access_token = headers.token()
userinfo_response = requests.get(
USERINFO_ENDPOINT, headers={"Authorization": f"Bearer {access_token}"}
)
return userinfo_response.json()
@app.get("/schedule") @app.get("/schedule")
async def schedule( async def schedule(
headers: Annotated[AuthHeaders, Header()], headers: Annotated[AuthHeaders, Header()],
@@ -78,18 +270,40 @@ async def schedule(
): ):
if not headers.authorized(): if not headers.authorized():
raise HTTPException(401, detail="get out") raise HTTPException(401, detail="get out")
username, password, userid, existing_token, club_id = myice.get_login(
config_section=account try:
) username, password, userid, existing_token, club_id = myice.get_login(
if existing_token: config_section=account
myice.userdata = { )
"id": userid, except Exception as e:
"id_club": club_id or 186, raise HTTPException(
"token": existing_token, 400,
} detail=f"Configuration error: {str(e)}. Available accounts: isaac, leonard",
else: )
myice.userdata = myice.mobile_login(config_section=account)
return myice.refresh_data()["club_games"] try:
if existing_token:
myice.userdata = {
"id": userid,
"id_club": club_id or 186,
"token": existing_token,
}
else:
myice.userdata = myice.mobile_login(config_section=account)
data = myice.refresh_data()
if "club_games" in data:
return data["club_games"]
else:
# Return empty array if no games data found
return []
except Exception as e:
print(f"Error fetching schedule: {e}")
import traceback
traceback.print_exc()
# Return empty array instead of throwing an error
return []
@app.get("/accounts") @app.get("/accounts")

2
pyproject.toml
View File

@@ -1,6 +1,6 @@
[project] [project]
name = "myice" name = "myice"
version = "v0.5.1" version = "v0.5.2"
description = "myice parsing" description = "myice parsing"
authors = [ authors = [
{ name = "Rene Luria", "email" = "<rene@luria.ch>"}, { name = "Rene Luria", "email" = "<rene@luria.ch>"},