From a0d88aaefbcd157eedc760884ef0b586e05d4cfa Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Thu, 23 Feb 2023 08:17:09 +0900
Subject: [PATCH] test

---
 Dockerfile  |  4 ++--
 renderer.py | 15 ++++++++++++++-
 server.py   | 53 ++++++++++++++++++++++++++++++-----------------------
 3 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6e34b93..7e4b62d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -37,14 +37,14 @@ ENV HS_SERVER="http://localhost/"
 ENV KEY=""
 ENV SCRIPT_NAME=/
 ENV DOMAIN_NAME=https://localhost
+ENV AUTH_TYPE=""
 
 # BasicAuth variables
-ENV AUTH_TYPE="basic"
 ENV BASIC_AUTH_USER="user"
 ENV BASIC_AUTH_PASS="pass"
 
 # Flask OIDC Variables
-ENV OIDC_ISSUER=https://localhost
+ENV OIDC_AUTH_URL=https://localhost
 ENV OIDC_CLIENT_ID=Headscale-WebUI
 ENV OIDC_CLIENT_SECRET=secret
 
diff --git a/renderer.py b/renderer.py
index 131e0cb..22d154d 100644
--- a/renderer.py
+++ b/renderer.py
@@ -558,7 +558,20 @@ def oidc_nav_dropdown(user_name, email_address, name):
             </a>
         </li>
     """
-
+    html_payload = """
+        <!-- Dropdown Structure -->
+        <ul id="dropdown1" class="dropdown-content">
+            <li><a href=""><i class="material-icons prefix">account_box</i> """+user_name+"""</li></a>
+            <li><a href=""><i class="material-icons prefix">email</i> """+email_address+"""</li></a>
+            <li class="divider"></li>
+            <li><a href="logout"><i class="material-icons left">exit_to_app</i> Logout</a></li>
+        </ul>
+        <li>
+            <a class="dropdown-trigger" href="#!" data-target="dropdown1">
+                """+name+""" <i class="material-icons right">account_circle</i>
+            </a>
+        </li>
+    """
     return Markup(html_payload)
 
 def oidc_nav_mobile(user_name, email_address, name):
diff --git a/server.py b/server.py
index b7ff46b..e19221a 100644
--- a/server.py
+++ b/server.py
@@ -1,6 +1,6 @@
 # pylint: disable=wrong-import-order
 
-import headscale, helper, json, os, pytz, renderer, secrets
+import headscale, helper, json, os, pytz, renderer, secrets, requests
 from functools                     import wraps
 from datetime                      import datetime
 from flask                         import Flask, Markup, redirect, render_template, request, url_for, logging
@@ -10,15 +10,14 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 
 # Global vars
 # Colors:  https://materializecss.com/color.html
-COLOR           = os.environ["COLOR"].replace('"', '')
-COLOR_NAV       = COLOR+" darken-1"
-COLOR_BTN       = COLOR+" darken-3"
-DEBUG_STATE     = True
-AUTH_TYPE       = os.environ["AUTH_TYPE"].replace('"', '').lower()
-STATIC_URL_PATH = "/static"
+COLOR       = os.environ["COLOR"].replace('"', '').lower()
+COLOR_NAV   = COLOR+" darken-1"
+COLOR_BTN   = COLOR+" darken-3"
+DEBUG_STATE = True
+AUTH_TYPE   = os.environ["AUTH_TYPE"].replace('"', '').lower()
 
 # Initiate the Flask application:
-app          = Flask(__name__, static_url_path=STATIC_URL_PATH)
+app          = Flask(__name__, static_url_path="/static")
 LOG          = logging.create_logger(app)
 executor     = Executor(app)
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
@@ -34,25 +33,33 @@ if AUTH_TYPE == "oidc":
     # https://github.com/steinarvk/flask_oidc_demo 
     LOG.error("Loading OIDC libraries and configuring app...")
 
-    DOMAIN_NAME       = os.environ["DOMAIN_NAME"]
-    BASE_PATH         = os.environ["SCRIPT_NAME"] if os.environ["SCRIPT_NAME"] != "/" else ""
-    OIDC_ISSUER       = os.environ["OIDC_ISSUER"].replace('"','')
-    OIDC_SECRET       = os.environ["OIDC_CLIENT_SECRET"]
-    OIDC_CLIENT_ID    = os.environ["OIDC_CLIENT_ID"]
+    DOMAIN_NAME    = os.environ["DOMAIN_NAME"]
+    BASE_PATH      = os.environ["SCRIPT_NAME"] if os.environ["SCRIPT_NAME"] != "/" else ""
+    OIDC_SECRET    = os.environ["OIDC_CLIENT_SECRET"]
+    OIDC_CLIENT_ID = os.environ["OIDC_CLIENT_ID"]
+    OIDC_AUTH_URL  = os.environ["OIDC_AUTH_URL"]
+
     # Construct client_secrets.json:
+    # TODO: Re-implement this using the well-known endpoint:
+    # https://auth.sysctl.io/.well-known/openid-configuration 
+
+    response = requests.get(str(OIDC_AUTH_URL))
+    oidc_info = response.json()
+
+    LOG.error("JSON Dumps for OIDC_INFO:  "+json.dumps(oidc_infO))
+
     client_secrets = """{
         "web": {
-            "issuer": \""""+OIDC_ISSUER+"""",
-            "auth_uri": \""""+OIDC_ISSUER+"""/api/oidc/authorization",
-            "client_id": \""""+OIDC_CLIENT_ID+"""",
-            "client_secret": \""""+OIDC_SECRET+"""",
+            "issuer": \""""+oidc_info["issuer"]+"""\",
+            "auth_uri": \""""+oidc_info[""]+"""\",
+            "client_id": \""""+OIDC_CLIENT_ID+"""\",
+            "client_secret": \""""+OIDC_SECRET+"""\",
             "redirect_uris": [
-                \""""+DOMAIN_NAME+BASE_PATH+"""/oidc_callback",
-                "https://headscale.sysctl.io/admin/oidc_callback"
+                \""""+DOMAIN_NAME+BASE_PATH+"""/oidc_callback"
             ],
-            "userinfo_uri": \""""+OIDC_ISSUER+"""/api/oidc/userinfo", 
-            "token_uri": \""""+OIDC_ISSUER+"""/api/oidc/token",
-            "token_introspection_uri": \""""+OIDC_ISSUER+"""/api/oidc/introspection"
+            "userinfo_uri": \""""+oidc_info["userinfo_endpoint"]+"""\", 
+            "token_uri": \""""+oidc_info["token_endpoint"]+"""\",
+            "token_introspection_uri": \""""+oidc_info["introspection_endpoint"]+"""\"
         }
     }
     """
@@ -61,7 +68,7 @@ if AUTH_TYPE == "oidc":
         secrets_json.write(client_secrets)
     LOG.debug("Client Secrets:  ")
     with open("/app/instance/secrets.json", "r+") as secrets_json:
-        LOG.debug(secrets_json.read())
+        LOG.error(secrets_json.read())
     
     app.config.update({
         'SECRET_KEY': secrets.token_urlsafe(32),