adrian/contact-mailer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

setup local test env

Browse Source
This commit is contained in:
Adrian Amaglio 2021-01-14 00:00:40 +01:00
parent 5ebd46de77
commit 416960ac6c
4 changed files with 53 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
adminer/index.js
View File

@ -4,9 +4,9 @@ var app = new Vue({
type: 'admin_pass', /* admin_pass or token */ type: 'admin_pass', /* admin_pass or token */
password: 'test', password: 'test',
loggedin: false, loggedin: false,
mailerHost: 'https://mailer.jean-cloud.net', //mailerHost: 'https://mailer.jean-cloud.net',
//mailerHost: 'http://localhost:8080', //mailerHost: 'http://localhost:8080',
//mailerHost: '/api', mailerHost: '/api',
forms: [], forms: [],
users: [], users: [],
newUser: '', newUser: '',

99
server/main.py
View File

@ -96,8 +96,7 @@ def submission ():
if 'token' in request.forms: if 'token' in request.forms:
token = request.forms.getunicode('token') token = request.forms.getunicode('token')
else: else:
response.status = 400 return resp(400, 'Le jeton dautentification est requis')
return resp('error', 'Le jeton dautentification est requis')
# Getting mail address # Getting mail address
if 'mail' in request.forms: if 'mail' in request.forms:
@ -110,39 +109,32 @@ def submission ():
try: try:
form = mongodb_database['forms'].find({'token': token})[0] form = mongodb_database['forms'].find({'token': token})[0]
except IndexError as e: except IndexError as e:
response.status = 400 return resp(400, 'Le formulaire demandé est introuvable, merci de vérifier que le token utilisé est le bon')
return resp('error', 'Le formulaire demandé est introuvable, merci de vérifier que le token utilisé est le bon')
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible.')
return resp('error', 'La base de donnée nest pas accessible.')
# Did the bot filled the honeypot field? # Did the bot filled the honeypot field?
if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '': if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '':
response.status = 400 return resp(400, 'We identified you as a bot. If this is an error, try to contact us via another way.')
print('honeypotfield')
return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
# Is the js timer enabled? # Is the js timer enabled?
if 'timerdelay' in form: if 'timerdelay' in form:
# Did it work? # Did it work?
if 'timerfield' not in request.forms or int(request.forms.get('timerfield')) < int(form['timerdelay']): if 'timerfield' not in request.forms or int(request.forms.get('timerfield')) < int(form['timerdelay']):
print('timer : {}/{}'.format(request.forms.get('timerfield'), form['timerdelay'])) print('timer : {}/{}'.format(request.forms.get('timerfield'), form['timerdelay']))
response.status = 400 return resp(400, 'We identified you as a bot. If this is an error, try to contact us via another way.')
return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
try: try:
subject_fields = fill_fields(request, get_fields(form['subject'])) subject_fields = fill_fields(request, get_fields(form['subject']))
content_fields = fill_fields(request, get_fields(form['content'])) content_fields = fill_fields(request, get_fields(form['content']))
except MissingParameterException as e: except MissingParameterException as e:
response.status = 400 return resp(400, str(e))
return resp('error', str(e))
subject = re.sub(form_regex, r'{\1}', form['subject']).format(**subject_fields) subject = re.sub(form_regex, r'{\1}', form['subject']).format(**subject_fields)
content = re.sub(form_regex, r'{\1}', form['content']).format(**content_fields) content = re.sub(form_regex, r'{\1}', form['content']).format(**content_fields)
try: try:
if not send_mail(from_address, form['mail'], subject, content): if not send_mail(from_address, form['mail'], subject, content):
response.status = 500 return resp(500, 'Le mail na pas pu être envoyé.')
return resp('error', 'Le mail na pas pu être envoyé.')
except smtplib.SMTPDataError as e: except smtplib.SMTPDataError as e:
response.status = 500 response.status = 500
error = 'Le mail a été refusé. Merci de réessayer plus tard.' error = 'Le mail a été refusé. Merci de réessayer plus tard.'
@ -156,11 +148,12 @@ def submission ():
# Redirection # Redirection
#bottle.redirect(success_redirect_default) #bottle.redirect(success_redirect_default)
origin = request.headers.get('origin') origin = request.headers.get('origin')
return resp('success', 'Mail envoyé !') return resp(200, 'Mail envoyé !')
##################################################### Helpers ############################################ ##################################################### Helpers ############################################
def resp (status, msg, data='{}'): def resp (status, msg, data='{}'):
response.status = status
return '{{"status": "{}", "msg": "{}", "data": {}}}'.format(status, msg, data) return '{{"status": "{}", "msg": "{}", "data": {}}}'.format(status, msg, data)
def get_fields (string): def get_fields (string):
@ -248,30 +241,26 @@ def create_form ():
elif mail_default_subject != '': elif mail_default_subject != '':
subject = mail_default_subject subject = mail_default_subject
else: else:
response.status = 400 return resp(400, 'Le champs « sujet » est requis')
return resp('error', 'Le champs « sujet » est requis')
# Getting mail content # Getting mail content
if 'content' in request.forms: if 'content' in request.forms:
content = request.forms.getunicode('content') content = request.forms.getunicode('content')
else: else:
response.status = 400 return resp(400, 'Le champs « contenu » est requis')
return resp('error', 'Le champs « contenu » est requis')
# Getting from address # Getting from address
if 'mail' in request.forms: if 'mail' in request.forms:
mail = request.forms.getunicode('mail') mail = request.forms.getunicode('mail')
else: else:
response.status = 400 return resp(4000, 'Le champs « adresse » est requis')
return resp('error', 'Le champs « adresse » est requis')
user = login(request) user = login(request)
print('post form') print('post form')
print(user) print(user)
if user['_privilege'] > 1: if user['_privilege'] > 1:
response.status = 400 return resp(400, 'Privilèges insufisants')
return resp('error', 'Privilèges insufisants')
# TODO limit the insertion rate # TODO limit the insertion rate
token = ''.join(random.sample(token_chars, token_len)) token = ''.join(random.sample(token_chars, token_len))
@ -290,10 +279,9 @@ def create_form ():
inserted = mongodb_database['forms'].insert_one(newEntry) inserted = mongodb_database['forms'].insert_one(newEntry)
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible')
return resp('error', 'La base de donnée nest pas accessible')
return resp('success', 'Créé : ' + token) return resp(200, 'Créé : ' + token)
@app.post('/form/list') @app.post('/form/list')
def list_forms (): def list_forms ():
@ -304,13 +292,11 @@ def list_forms ():
elif user['_privilege'] == 1: elif user['_privilege'] == 1:
filt = {'user_id': user['_id']} filt = {'user_id': user['_id']}
else: else:
response.status = 400 return resp(400, 'Privilèges insufisants')
return resp('error', 'Privilèges insufisants')
data = mongodb_database['forms'].find(filt) data = mongodb_database['forms'].find(filt)
return resp('success','', dumps(list(data))) return resp(200,'', dumps(list(data)))
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500,'La base de donnée nest pas accessible')
return resp('error','La base de donnée nest pas accessible')
@ -319,18 +305,15 @@ def delete_form(token):
# TODO If admin or form owner # TODO If admin or form owner
user = login(request) user = login(request)
if user['_privilege'] > 1: if user['_privilege'] > 1:
response.status = 400 return resp(400, 'Privilèges insufisants')
return resp('error', 'Privilèges insufisants')
# Actually delete # Actually delete
try: try:
form = mongodb_database['forms'].find({'token':token })[0] form = mongodb_database['forms'].find({'token':token })[0]
except IndexError as e: except IndexError as e:
response.status = 400 return resp(400, 'Le token nest pas valide')
return resp('error', 'Le token nest pas valide')
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible')
return resp('error', 'La base de donnée nest pas accessible')
if user['_privilege'] == 0 or (form['user_id'] == user['_id']): if user['_privilege'] == 0 or (form['user_id'] == user['_id']):
try: try:
@ -338,11 +321,9 @@ def delete_form(token):
'token': token, 'token': token,
}) })
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible')
return resp('error', 'La base de donnée nest pas accessible') return resp(200, 'Supprimé ' + token)
return resp('success', 'Supprimé ' + token) return resp(400, 'Privilèges insufisants')
response.status = 400
return resp('error', 'Privilèges insufisants')
##################################################### Users ############################################ ##################################################### Users ############################################
@ -351,58 +332,50 @@ def delete_form(token):
def list_users (): def list_users ():
user = login(request) user = login(request)
if user['_privilege'] > 0: if user['_privilege'] > 0:
response.status = 400 return resp(400, 'Privilèges insufisants')
return resp('error', 'Privilèges insufisants')
try: try:
data = mongodb_database['users'].find() data = mongodb_database['users'].find()
return resp('success', '', dumps(list(data))) return resp(200, '', dumps(list(data)))
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible')
return resp('error', 'La base de donnée nest pas accessible')
@app.route('/user/<username>', method=['OPTIONS', 'PUT']) @app.route('/user/<username>', method=['OPTIONS', 'PUT'])
def create_user (username): def create_user (username):
user = login(request) user = login(request)
if user['_privilege'] > 0: if user['_privilege'] > 0:
response.status = 400 return resp(400, 'Privilèges insufisants')
return resp('error', 'Privilèges insufisants')
try: try:
mongodb_database['users'].find({'username': username})[0] mongodb_database['users'].find({'username': username})[0]
return resp('error', 'Lutilisateur existe déjà') return resp(400, 'Lutilisateur existe déjà')
except IndexError as e: except IndexError as e:
try: try:
inserted = mongodb_database['users'].insert_one({ inserted = mongodb_database['users'].insert_one({
'username': username, 'username': username,
'token': ''.join(random.sample(token_chars, token_len)) 'token': ''.join(random.sample(token_chars, token_len))
}) })
return resp('success', 'Créé : ' + username) return resp(200, 'Créé : ' + username)
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible')
return resp('error', 'La base de donnée nest pas accessible')
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500,'La base de donnée nest pas accessible')
return resp('error','La base de donnée nest pas accessible')
@app.delete('/user/<username>') @app.delete('/user/<username>')
def delete_user (username): def delete_user (username):
user = login(request) user = login(request)
if user['_privilege'] > 0: if user['_privilege'] > 0:
response.status = 400 return resp(400, 'Privilèges insufisants')
return resp('error', 'Privilèges insufisants')
try: try:
mongodb_database['users'].find({'username': username})[0] mongodb_database['users'].find({'username': username})[0]
mongodb_database['users'].delete_one({ mongodb_database['users'].delete_one({
'username': username, 'username': username,
}) })
return resp('success', 'Supprimé ' + username) return resp(200, 'Supprimé ' + username)
except IndexError as e: except IndexError as e:
response.status = 400 return resp(400, 'Lutilisateur nexiste pas')
return resp('error', 'Lutilisateur nexiste pas')
except pymongo.errors.ServerSelectionTimeoutError as e: except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 return resp(500, 'La base de donnée nest pas accessible')
return resp('error', 'La base de donnée nest pas accessible')
##################################################### app startup ############################################ ##################################################### app startup ############################################

12
test/docker-compose.yml
View File

@ -17,13 +17,21 @@ services:
SMTP_SERVER_USERNAME: toto SMTP_SERVER_USERNAME: toto
SMTP_SERVER_PASSWORD: lol SMTP_SERVER_PASSWORD: lol
SMTP_SERVER_SENDER: moi SMTP_SERVER_SENDER: moi
ADMIN_PASSWORD: admin ADMIN_PASSWORD: test
SMTP_SSL: 'true' SMTP_SSL: 'true'
UID: 101
MOUNT: /api
proxy: proxy:
image: nginx image: nginx
ports: ports:
- 8080:8080 - 8080:8080
volumes: volumes:
- ./nginx.conf:/etc/nginx.conf - ./nginx.conf:/etc/nginx/nginx.conf
- ../:/usr/app - ../:/usr/app
- ./uwsgi:/tmp/uwsgi
environment:
nginx_uid: 1000
depends_on:
- mailer

7
test/nginx.conf
View File

@ -24,7 +24,7 @@ http {
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS';
listen 8080; listen 8080;
location /admin { location /admin {
root /usr/app/adminer; alias /usr/app/adminer;
index index.html; index index.html;
} }
location / { location / {
@ -32,7 +32,10 @@ http {
index test.html; index test.html;
} }
location /api/ { location /api/ {
proxy_pass http://mailer:8080; include uwsgi_params;
uwsgi_pass unix:/tmp/uwsgi/uwsgi.sock;
#uwsgi_param PATH_INFO "$1";
#uwsgi_param SCRIPT_NAME /;
} }
} }
} }