Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor

Server_Monitorizare_v2/app/utils/portal_sso.py

@@ -0,0 +1,27 @@
+"""
+Portal SSO middleware for Server Monitor.
+
+When the umbrella nginx verifies the portal JWT it sets two headers:
+  X-Auth-Username  — the portal username
+  X-Auth-Role      — 'admin' or 'user'
+
+This before_request handler stores them in Flask's g so templates
+and routes can access the current user without a local user DB.
+"""
+from flask import request, g, redirect, current_app
+
+
+def init_portal_sso(app):
+    """Register the SSO before_request handler on the given Flask app."""
+
+    @app.before_request
+    def _portal_sso():
+        g.portal_user = request.headers.get('X-Auth-Username', '').strip() or None
+        g.portal_role = request.headers.get('X-Auth-Role', 'user').strip()
+
+    @app.context_processor
+    def _inject_portal_user():
+        return {
+            'portal_user': getattr(g, 'portal_user', None),
+            'portal_role': getattr(g, 'portal_role', 'user'),
+        }

Server_Monitorizare_v2/app/utils/script_name_fix.py

@@ -0,0 +1,22 @@
+"""
+ScriptNameFix WSGI middleware.
+
+When nginx strips the path prefix before forwarding to a Flask app it also
+sets the X-Script-Name header (e.g. /srvmonitor).  This middleware reads
+that header and sets SCRIPT_NAME in the WSGI environ so that Flask's
+url_for() generates absolute URLs with the correct prefix.
+"""
+
+
+class ScriptNameFix:
+    def __init__(self, app):
+        self.app = app
+
+    def __call__(self, environ, start_response):
+        script_name = environ.get('HTTP_X_SCRIPT_NAME', '').rstrip('/')
+        if script_name:
+            environ['SCRIPT_NAME'] = script_name
+            path_info = environ.get('PATH_INFO', '/')
+            if path_info.startswith(script_name):
+                environ['PATH_INFO'] = path_info[len(script_name):] or '/'
+        return self.app(environ, start_response)