diff --git a/container-compose.yml b/container-compose.yml index 1aa71a5b..69e49db8 100644 --- a/container-compose.yml +++ b/container-compose.yml @@ -47,6 +47,7 @@ services: orbit_version_info: "singularity ${SINGULARITY_VERSION} ${SINGULARITY_DEPLOYMENT_STATUS} https://github.com/underground-software/singularity" environment: TZ: ${SINGULARITY_TIMEZONE} + HOSTNAME: ${SINGULARITY_HOSTNAME} volumes: - type: volume source: orbit-db diff --git a/nginx_snippets/server_https/00-orbit-paths.conf b/nginx_snippets/server_https/00-orbit-paths.conf index 104af9fa..bb80eaf0 100644 --- a/nginx_snippets/server_https/00-orbit-paths.conf +++ b/nginx_snippets/server_https/00-orbit-paths.conf @@ -5,7 +5,7 @@ location @login { return 303 /login?target=$uri; } -location ~* ^((.*\.md)|/log(in|out)|/activity|/dashboard|/register|/cgit.*)$ { +location ~* ^((.*\.md)|/log(in|out)|/activity|/dashboard|/register|/Containerfile|/cgit.*)$ { include uwsgi_params; proxy_intercept_errors on; proxy_pass http://orbit:9098; diff --git a/orbit/radius.py b/orbit/radius.py index 2c480949..bd3d89fd 100644 --- a/orbit/radius.py +++ b/orbit/radius.py @@ -636,6 +636,17 @@ def form_respond():

Password: {password}


''') +def extract_basic_auth(rocket): + if (auth_str := rocket.env.get('HTTP_AUTHORIZATION')) is None: + return + if not auth_str.startswith('Basic '): + return + cred_str = base64.b64decode(auth_str.removeprefix('Basic ')) + username, password = cred_str.decode().split(':', maxsplit=1) + + return username, password + + def determine_cache_entry(cred_str): import hashlib import time @@ -647,15 +658,12 @@ def determine_cache_entry(cred_str): def http_basic_auth(rocket): import authcache - if (auth_str := rocket.env.get('HTTP_AUTHORIZATION')) is None: + if not (creds := extract_basic_auth(rocket)): return - if not auth_str.startswith('Basic '): - return - cred_str = base64.b64decode(auth_str.removeprefix('Basic ')) - cache_entry = determine_cache_entry(cred_str) + username, password = creds + cache_entry = determine_cache_entry(':'.join(creds)) if authcache.entry_exists(cache_entry): return True - username, password = cred_str.decode().split(':', maxsplit=1) if not check_credentials(username, password): return authcache.add_entry(cache_entry) @@ -713,6 +721,85 @@ def cgit_internal_server_error(msg): return cgit_internal_server_error(type(ex)) +def handle_containerfile(rocket): + nano_default_editor = 'nano-default-editor' \ + if not rocket.queries_query('vim') else '' + + hostname = os.getenv("HOSTNAME") + if creds := extract_basic_auth(rocket): + username, password = creds + if not creds or not check_credentials(username, password): + rocket.headers.append(('WWW-Authenticate', 'Basic realm="podman"')) + return rocket.raw_respond(HTTPStatus.UNAUTHORIZED) + return rocket.raw_respond(HTTPStatus.OK, f''' +FROM fedora:41 + +RUN < ~/.muttrc +set realname="Your Name Here" +set my_username="{username}" +set my_password="{password}" +set course_domain="{hostname}" +set spoolfile= +set record= +set folder= +set sort=threads +set from="$my_username@$course_domain" +set header_cache=~/.cache/mutt +set smtp_url="smtps://$my_username:$my_password@$course_domain:465" +push "pops://$my_username:$my_password@$course_domain:995"\n +macro index l "|git am -s"\n +MUTTRC + +RUN cat <<'GITCONFIG' > ~/.gitconfig +[user] +name = Your Name Here +email = {username}@{hostname} +[sendemail] +smtpUser = {username} +smtpPass = {password} +smtpserver = {hostname} +smtpserverport = 465 +smtpencryption = ssl +GITCONFIG + +VOLUME /home + +ENTRYPOINT ["/usr/bin/bash", "-l", "-i"] + '''.strip().encode()) + + def handle_error(rocket): error_num_str = rocket.queries_query('num') try: @@ -762,6 +849,8 @@ def application(env, SR): return handle_logout(rocket) case '/mail_auth': return handle_mail_auth(rocket) + case '/Containerfile': + return handle_containerfile(rocket) case '/activity': return handle_activity(rocket) case '/error':