Skip to content

Commit

Permalink
VI print police copy and submit (#173)
Browse files Browse the repository at this point in the history
  • Loading branch information
JustinMacaulay authored Oct 10, 2023
1 parent 3f7f943 commit 8701279
Show file tree
Hide file tree
Showing 27 changed files with 1,019 additions and 157 deletions.
35 changes: 22 additions & 13 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,8 @@ services:
build:
context: python
dockerfile: prohibition_web_svc/Dockerfile-local
env_file:
- .env
environment:
FLASK_SECRET_KEY: "${FLASK_SECRET_KEY}"
ICBC_API_ROOT: "http://icbc_mock_svc:5000/vips/icbc"
Expand All @@ -118,11 +120,18 @@ services:
ADMIN_USERNAME: "${ADMIN_USERNAME}"
FLASK_BASIC_AUTH_USER: "${FLASK_BASIC_AUTH_USER}"
FLASK_BASIC_AUTH_PASS: "${FLASK_BASIC_AUTH_PASS}"
MINIO_SK: "${MINIO_SK}"
MINIO_AK: "${MINIO_AK}"
command: bash -c "cd /home/appuser/python/prohibition_web_svc && flask db upgrade && gunicorn --bind 0.0.0.0:5000 --pythonpath /home/appuser/python/prohibition_web_svc 'app:create_app()'"
networks:
- docker-network
# network_mode: "host"
ports:
- "5002:5000"
x-develop:
watch:
- action: rebuild
path: './python/prohibition_web_svc'
depends_on:
db:
condition: service_healthy
Expand All @@ -146,19 +155,19 @@ services:
timeout: 5s
retries: 5

mock_svcs:
build:
context: mock_services
dockerfile: all_mock_svc/Dockerfile-local
environment:
FLASK_SECRET_KEY: 1234
API_USERNAME: user
API_PASSWORD: password
LOG_LEVEL: "DEBUG"
networks:
- docker-network
ports:
- "5003:5000"
# mock_svcs:
# build:
# context: mock_services
# dockerfile: all_mock_svc/Dockerfile-local
# environment:
# FLASK_SECRET_KEY: 1234
# API_USERNAME: user
# API_PASSWORD: password
# LOG_LEVEL: "DEBUG"
# networks:
# - docker-network
# ports:
# - "5003:5000"

networks:
docker-network:
Expand Down
5 changes: 2 additions & 3 deletions python/prohibition_web_svc/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@
from datetime import datetime
from python.prohibition_web_svc.models import db, migrate, Form, UserRole, User
from python.prohibition_web_svc.config import Config
from python.prohibition_web_svc.blueprints import static, forms, admin_forms
from python.prohibition_web_svc.blueprints import icbc
from python.prohibition_web_svc.blueprints import user_roles, admin_user_roles, admin_users, users
from python.prohibition_web_svc.blueprints import static, forms, admin_forms, icbc, user_roles, admin_user_roles, admin_users, users, events


application = FlaskAPI(__name__)
Expand All @@ -23,6 +21,7 @@
application.register_blueprint(static.bp)
application.register_blueprint(user_roles.bp)
application.register_blueprint(users.bp)
application.register_blueprint(events.bp)

db.init_app(application)
migrate.init_app(application, db)
Expand Down
126 changes: 126 additions & 0 deletions python/prohibition_web_svc/blueprints/events.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
from python.prohibition_web_svc.config import Config
from python.common.helper import middle_logic
from flask import request, Blueprint, make_response, jsonify
from flask_cors import CORS
import logging.config
import python.common.splunk as splunk
import python.prohibition_web_svc.middleware.splunk_middleware as splunk_middleware
import python.prohibition_web_svc.middleware.event_middleware as event_middleware
import python.prohibition_web_svc.http_responses as http_responses
from python.prohibition_web_svc.business.keycloak_logic import get_authorized_keycloak_user


logging.config.dictConfig(Config.LOGGING)
logging.info('*** forms blueprint loaded ***')

bp = Blueprint('event', __name__, url_prefix=Config.URL_PREFIX + '/api/v1')
CORS(bp, resources={Config.URL_PREFIX + "/api/v1/event/*": {"origins": Config.ACCESS_CONTROL_ALLOW_ORIGIN}})


@bp.route('', methods=['GET'])
def index(form_type):
"""
List all forms for a user
"""
# if request.method == 'GET':
# kwargs = helper.middle_logic(
# get_authorized_keycloak_user() + [
# {"try": splunk_middleware.log_form_index, "fail": []},
# {"try": form_middleware.list_all_users_forms, "fail": [
# {"try": http_responses.server_error_response, "fail": []},
# ]},
# {"try": splunk.log_to_splunk, "fail": []}
# ],
# required_permission='forms-index',
# request=request,
# form_type=form_type,
# config=Config)
# return kwargs.get('response')


@bp.route('', methods=['GET'])
def get(form_type, form_id):
"""
Get a specific form
"""
if request.method == 'GET':
return make_response({'error': 'method not implemented'}, 405)


@bp.route('/event', methods=['POST'])
def create():
"""
Save a new form. The web_app uses this endpoint to lease a unique form_id
for 30 days and save the user's name in the form table. This endpoint is not
used to submit a new form. All payloads to this endpoint are ignored.
"""
# logging.debug("new event post: {}".format(request.data))
if request.method == 'POST':
logging.debug("-------------Made it here---------------")
kwargs = middle_logic(
get_authorized_keycloak_user() + [
{"try": event_middleware.request_contains_a_payload, "fail": [
{"try": splunk.log_to_splunk, "fail": []},
{"try": http_responses.server_error_response, "fail": []},
]},
{"try": event_middleware.save_event_data, "fail": [
{"try": http_responses.bad_request_response, "fail": []}
]},
{"try": event_middleware.save_event_pdf, "fail": []},
{"try": splunk.log_to_splunk, "fail": []},
{"try": http_responses.successful_create_response, "fail": []},
],
required_permission='forms-create',
request=request,
config=Config)
return kwargs.get('response')


@bp.route('', methods=['PATCH'])
def update(form_type, form_id):
"""
Update an existing form is used when either a) submitting a form using an previously
leased form_id; or, b) renewing the lease of a form_id. If a patch request is
received without a payload, this endpoint assumes the form lease should be renewed;
otherwise, the payload is received as a form submission.
"""
# if request.method == 'PATCH':
# kwargs = helper.middle_logic(
# get_authorized_keycloak_user() + [
# {"try": form_middleware.request_contains_a_payload, "fail": [
# # Request contains no payload - renew form lease
# {"try": form_middleware.renew_form_id_lease, "fail": [
# {"try": splunk_middleware.unable_to_renew_lease, "fail": []},
# {"try": splunk.log_to_splunk, "fail": []},
# {"try": http_responses.bad_request_response, "fail": []},
# ]},
# {"try": splunk_middleware.form_lease_renewed, "fail": []},
# {"try": splunk.log_to_splunk, "fail": []},
# {"try": http_responses.successful_update_response, "fail": []},
# ]},
# # Request contains a payload - process submitted form
# {"try": splunk_middleware.form_submitted, "fail": []},
# {"try": splunk.log_to_splunk, "fail": []},
# {"try": form_middleware.mark_form_as_printed, "fail": [
# # TODO - Write to RabbitMQ fail queue
# {"try": http_responses.record_not_found, "fail": []},
# ]},
# # TODO - Write to RabbitMQ ingested queue
# {"try": http_responses.successful_update_response, "fail": []}
# ],
# required_permission='forms-update',
# form_type=form_type,
# form_id=form_id,
# request=request,
# config=Config)
# return kwargs.get('response')


@bp.route("", methods=['DELETE'])
def delete(form_type, form_id):
"""
Delete a specific form
"""
if request.method == 'DELETE':
return make_response({'error': 'method not implemented'}, 405)

25 changes: 22 additions & 3 deletions python/prohibition_web_svc/business/cryptography_logic.py
Original file line number Diff line number Diff line change
@@ -1,16 +1,18 @@
import fitz
import logging
import base64
import os
import pyaes, pbkdf2, binascii, os, secrets
from python.prohibition_web_svc.config import Config

enc_password_salt = Config.ENCRYPT_KEY
enc_password = Config.ENCRYPT_KEY_SALT
enc_password_salt = Config.ENCRYPT_KEY_SALT
enc_password = Config.ENCRYPT_KEY




def method2_encrypt(plaintext):
logging.debug(f'salt: {enc_password_salt}')

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
as clear text.
password = enc_password
passwordsalt = bytes(enc_password_salt, 'utf-8')
key = pbkdf2.PBKDF2(password, passwordsalt).read(32)
Expand All @@ -29,4 +31,21 @@ def method2_decrypt(ciphertext,iv):
decrypted = aes.decrypt(ciphertext)
# converrt bytes to string
decrypted = decrypted.decode('utf-8')
return decrypted
return decrypted


def encryptPdf_method1(pdfPath, password,outfile):
doc = fitz.open(pdfPath)
doc.save(outfile, encryption=fitz.PDF_ENCRYPT_AES_256, owner_pw=password, user_pw=password)
doc.close()

def decryptPdf_method1(pdfPath, password,outfile):
doc = fitz.open(pdfPath)
if doc.authenticate(password):
doc.save('decrypted.pdf')

if doc.save:
print("PDF decrypted")
else:
print('Incorrect Password')
doc.close()
12 changes: 9 additions & 3 deletions python/prohibition_web_svc/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,13 @@ class Config(BaseConfig):

MAX_RECORDS_RETURNED = 1000
VANCOUVER_TIMEZONE = 'America/Vancouver'

ENCRYPT_KEY = os.getenv('ENCRYPT_KEY')
ENCRYPT_KEY_SALT = os.getenv('ENCRYPT_KEY_SALT')

MINIO_AK = os.environ.get("MINIO_AK", "test")
MINIO_SK = os.environ.get("MINIO_SK", "test")
MINIO_BUCKET_URL = os.environ.get("MINIO_BUCKET_URL", 'minio:9000')
MINIO_SECURE = os.environ.get("MINIO_SECURE", False)
STORAGE_BUCKET_NAME = os.environ.get("STORAGE_BUCKET_NAME", "test")

ENCRYPT_KEY = os.environ.get('ENCRYPT_KEY')
ENCRYPT_KEY_SALT = os.environ.get('ENCRYPT_KEY_SALT')

Loading

0 comments on commit 8701279

Please sign in to comment.