ske087/enterprise_digital-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor

Browse Source
This commit is contained in:
ske087
2026-05-10 21:07:50 +03:00
commit 8d9df56b0b
364 changed files with 73655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
portal/Dockerfile
+22
View File
@@ -0,0 +1,22 @@
FROM python:3.12-slim
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc \
&& rm -rf /var/lib/apt/lists/*
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
RUN mkdir -p /app/data
ENV FLASK_ENV=production
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
EXPOSE 5001
CMD ["gunicorn", "-b", "0.0.0.0:5001", "-w", "2", "--timeout", "60", "run:app"]
portal/app/__init__.py
+74
View File
@@ -0,0 +1,74 @@
import os
from datetime import datetime
from flask import Flask
from config import config
from app.extensions import db, migrate, login_manager
def create_app(config_name='production'):
app = Flask(__name__)
app.config.from_object(config.get(config_name, config['default']))
data_dir = os.environ.get('DATA_DIR', '/app/data')
os.makedirs(data_dir, exist_ok=True)
db.init_app(app)
migrate.init_app(app, db)
login_manager.init_app(app)
from app.models import user, app_access, api_key, module_config # noqa: F401
from app.routes.auth import bp as auth_bp
from app.routes.dashboard import bp as dashboard_bp
from app.routes.settings import bp as settings_bp
from app.routes.api import bp as api_bp
app.register_blueprint(auth_bp)
app.register_blueprint(dashboard_bp)
app.register_blueprint(settings_bp)
app.register_blueprint(api_bp)
with app.app_context():
db.create_all()
_seed_admin(app)
_seed_modules(app)
@app.context_processor
def inject_globals():
return {'now': datetime.utcnow(), 'registered_apps': app.config['REGISTERED_APPS']}
return app
def _seed_admin(app):
from app.models.user import PortalUser
from app.extensions import db
from werkzeug.security import generate_password_hash
if PortalUser.query.count() == 0:
admin = PortalUser(
username=app.config['ADMIN_USERNAME'],
email=app.config['ADMIN_EMAIL'],
password_hash=generate_password_hash(app.config['ADMIN_PASSWORD']),
is_admin=True,
is_active=True,
)
db.session.add(admin)
db.session.flush()
# Grant admin access to all apps with explicit admin role
from app.models.app_access import AppAccess
for reg_app in app.config['REGISTERED_APPS']:
db.session.add(AppAccess(user_id=admin.id, app_name=reg_app['id'],
is_active=True, app_role='admin'))
db.session.commit()
def _seed_modules(app):
"""Ensure every registered app has a ModuleConfig row (default: enabled)."""
from app.models.module_config import ModuleConfig
for reg_app in app.config['REGISTERED_APPS']:
if not ModuleConfig.query.filter_by(app_id=reg_app['id']).first():
db.session.add(ModuleConfig(app_id=reg_app['id'], enabled=True))
db.session.commit()
portal/app/extensions.py
+10
View File
@@ -0,0 +1,10 @@
from flask_sqlalchemy import SQLAlchemy
from flask_migrate import Migrate
from flask_login import LoginManager
db = SQLAlchemy()
migrate = Migrate()
login_manager = LoginManager()
login_manager.login_view = 'auth.login'
login_manager.login_message = 'Please sign in to access the platform.'
login_manager.login_message_category = 'info'
portal/app/models/__init__.py
+6
View File
@@ -0,0 +1,6 @@
from app.models.user import PortalUser
from app.models.app_access import AppAccess
from app.models.api_key import ApiKey
from app.models.module_config import ModuleConfig
__all__ = ['PortalUser', 'AppAccess', 'ApiKey', 'ModuleConfig']
portal/app/models/api_key.py
+24
View File
@@ -0,0 +1,24 @@
import secrets
from datetime import datetime
from app.extensions import db
class ApiKey(db.Model):
"""Per-user API keys for programmatic access to sub-applications."""
__tablename__ = 'api_keys'
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(db.Integer, db.ForeignKey('portal_users.id'), nullable=False)
key = db.Column(db.String(64), unique=True, nullable=False, index=True)
app_name = db.Column(db.String(50), nullable=False)
description = db.Column(db.String(200), nullable=True)
is_active = db.Column(db.Boolean, default=True)
created_at = db.Column(db.DateTime, default=datetime.utcnow)
last_used_at = db.Column(db.DateTime, nullable=True)
@staticmethod
def generate_key():
return secrets.token_hex(32)
def __repr__(self):
return f'<ApiKey user={self.user_id} app={self.app_name}>'
portal/app/models/app_access.py
+20
View File
@@ -0,0 +1,20 @@
from datetime import datetime
from app.extensions import db
class AppAccess(db.Model):
"""Controls which portal users have access to which sub-applications."""
__tablename__ = 'app_access'
id = db.Column(db.Integer, primary_key=True)
user_id = db.Column(db.Integer, db.ForeignKey('portal_users.id'), nullable=False)
app_name = db.Column(db.String(50), nullable=False) # 'digiserver' | 'networkview' | 'itassets'
is_active = db.Column(db.Boolean, default=True)
# Per-app role override: 'admin' | 'user' | None (None = inherit the portal-level role)
app_role = db.Column(db.String(20), nullable=True)
granted_at = db.Column(db.DateTime, default=datetime.utcnow)
__table_args__ = (db.UniqueConstraint('user_id', 'app_name', name='uq_user_app'),)
def __repr__(self):
return f'<AppAccess user={self.user_id} app={self.app_name} role={self.app_role}>'
portal/app/models/module_config.py
+15
View File
@@ -0,0 +1,15 @@
from datetime import datetime
from app.extensions import db
class ModuleConfig(db.Model):
"""Tracks whether each sub-application is enabled at the platform level."""
__tablename__ = 'module_config'
id = db.Column(db.Integer, primary_key=True)
app_id = db.Column(db.String(50), unique=True, nullable=False)
enabled = db.Column(db.Boolean, default=True, nullable=False)
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
def __repr__(self):
return f'<ModuleConfig {self.app_id}={self.enabled}>'
portal/app/models/user.py
+38
View File
@@ -0,0 +1,38 @@
from datetime import datetime
from flask_login import UserMixin
from app.extensions import db, login_manager
class PortalUser(UserMixin, db.Model):
__tablename__ = 'portal_users'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(80), unique=True, nullable=False, index=True)
email = db.Column(db.String(200), unique=True, nullable=False)
password_hash = db.Column(db.String(256), nullable=False)
is_admin = db.Column(db.Boolean, default=False)
is_active = db.Column(db.Boolean, default=True)
created_at = db.Column(db.DateTime, default=datetime.utcnow)
last_login = db.Column(db.DateTime, nullable=True)
app_accesses = db.relationship('AppAccess', backref='user', lazy='dynamic', cascade='all, delete-orphan')
api_keys = db.relationship('ApiKey', backref='user', lazy='dynamic', cascade='all, delete-orphan')
def get_accessible_apps(self):
return [a.app_name for a in self.app_accesses.filter_by(is_active=True).all()]
def can_access(self, app_name):
return self.app_accesses.filter_by(app_name=app_name, is_active=True).first() is not None
def app_role(self, app_name):
"""Return the per-app role override ('admin'|'user'), or None if not set."""
access = self.app_accesses.filter_by(app_name=app_name, is_active=True).first()
return access.app_role if access else None
def __repr__(self):
return f'<PortalUser {self.username}>'
@login_manager.user_loader
def load_user(user_id):
return PortalUser.query.get(int(user_id))
portal/app/routes/__init__.py
+6
View File
@@ -0,0 +1,6 @@
from app.routes.auth import bp as auth_bp
from app.routes.dashboard import bp as dashboard_bp
from app.routes.settings import bp as settings_bp
from app.routes.api import bp as api_bp
__all__ = ['auth_bp', 'dashboard_bp', 'settings_bp', 'api_bp']
portal/app/routes/api.py
+70
View File
@@ -0,0 +1,70 @@
from flask import Blueprint, request, make_response, current_app
import jwt
bp = Blueprint('api', __name__, url_prefix='/api')
@bp.route('/verify-token')
def verify_token():
"""
Called internally by nginx auth_request.
Reads the platform JWT cookie, verifies it, and returns 200 with user
identity headers on success, or 401/403 on failure.
"""
token = request.cookies.get(current_app.config['PORTAL_COOKIE_NAME'])
if not token:
return '', 401
try:
payload = jwt.decode(
token,
current_app.config['PORTAL_JWT_SECRET'],
algorithms=['HS256'],
options={'require': ['exp', 'sub', 'user_id']},
)
except jwt.ExpiredSignatureError:
return '', 401
except jwt.InvalidTokenError:
return '', 401
# Per-app access check based on the original request URI
original_uri = request.headers.get('X-Original-URI', '')
required_app = _app_from_uri(original_uri)
user_id = payload.get('user_id')
portal_role = payload.get('role', 'user')
if required_app:
user_apps = payload.get('apps', [])
if required_app not in user_apps:
return '', 403
# Resolve the effective role for this specific app.
# If the admin has set a per-app role override in AppAccess, use that;
# otherwise fall back to the portal-level role from the JWT.
effective_role = portal_role
if required_app and user_id:
try:
from app.models.app_access import AppAccess
access = AppAccess.query.filter_by(
user_id=user_id, app_name=required_app, is_active=True
).first()
if access and access.app_role:
effective_role = access.app_role
except Exception:
pass # fall back to portal role
resp = make_response('', 200)
resp.headers['X-Auth-User-Id'] = str(user_id or '')
resp.headers['X-Auth-Username'] = payload.get('sub', '')
resp.headers['X-Auth-Role'] = effective_role
return resp
def _app_from_uri(uri):
if uri.startswith('/digiserver/'):
return 'digiserver'
if uri.startswith('/itassets/'):
return 'itassets'
if uri.startswith('/networkview/'):
return 'networkview'
return None
portal/app/routes/auth.py
+76
View File
@@ -0,0 +1,76 @@
from datetime import datetime
from flask import Blueprint, render_template, redirect, url_for, flash, request, make_response, current_app
from flask_login import login_user, logout_user, login_required, current_user
from werkzeug.security import check_password_hash
import jwt
from app.extensions import db
from app.models.user import PortalUser
bp = Blueprint('auth', __name__)
def _issue_portal_cookie(user, response):
"""Sign and attach the platform-wide JWT cookie to a response."""
import time
expiry_hours = current_app.config['JWT_EXPIRY_HOURS']
now = int(time.time())
payload = {
'sub': user.username,
'user_id': user.id,
'email': user.email,
'role': 'admin' if user.is_admin else 'user',
'apps': user.get_accessible_apps(),
'iss': 'enterprise-digital-platform',
'iat': now,
'exp': now + expiry_hours * 3600,
}
token = jwt.encode(payload, current_app.config['PORTAL_JWT_SECRET'], algorithm='HS256')
response.set_cookie(
current_app.config['PORTAL_COOKIE_NAME'],
token,
httponly=True,
samesite='Lax',
max_age=expiry_hours * 3600,
path='/',
)
return response
@bp.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
return redirect(url_for('dashboard.index'))
if request.method == 'POST':
username = request.form.get('username', '').strip()
password = request.form.get('password', '')
if not username or not password:
flash('Please enter username and password.', 'danger')
return render_template('auth/login.html')
user = PortalUser.query.filter_by(username=username, is_active=True).first()
if user and check_password_hash(user.password_hash, password):
user.last_login = datetime.utcnow()
db.session.commit()
login_user(user, remember=False)
next_page = request.args.get('next') or url_for('dashboard.index')
resp = make_response(redirect(next_page))
_issue_portal_cookie(user, resp)
return resp
flash('Invalid username or password.', 'danger')
return render_template('auth/login.html')
@bp.route('/logout')
@login_required
def logout():
logout_user()
resp = make_response(redirect(url_for('auth.login')))
resp.delete_cookie(current_app.config['PORTAL_COOKIE_NAME'], path='/')
flash('You have been signed out.', 'info')
return resp
portal/app/routes/dashboard.py
+25
View File
@@ -0,0 +1,25 @@
from flask import Blueprint, render_template, redirect, url_for, current_app
from flask_login import login_required, current_user
bp = Blueprint('dashboard', __name__)
@bp.route('/')
@login_required
def index():
user_apps = set(current_user.get_accessible_apps())
apps = []
for app_def in current_app.config['REGISTERED_APPS']:
apps.append({**app_def, 'has_access': app_def['id'] in user_apps})
return render_template('dashboard/index.html', apps=apps)
@bp.route('/access-denied')
@login_required
def access_denied():
return render_template('dashboard/access_denied.html'), 403
@bp.route('/health')
def health():
return {'status': 'ok'}, 200
portal/app/routes/settings.py
+295
View File
@@ -0,0 +1,295 @@
from flask import Blueprint, render_template, redirect, url_for, flash, request, current_app
from flask_login import login_required, current_user
from werkzeug.security import generate_password_hash
from app.extensions import db
from app.models.user import PortalUser
from app.models.app_access import AppAccess
from app.models.api_key import ApiKey
bp = Blueprint('settings', __name__, url_prefix='/settings')
def _sync_user_to_app(app_id, username, role):
"""
Notify an app's internal /internal/sync-user endpoint so the user is
pre-created / role-updated in that app's own DB.
Silently swallows errors so it never breaks the portal flow.
"""
import urllib.request
import json
registered = {a['id']: a for a in current_app.config.get('REGISTERED_APPS', [])}
app_meta = registered.get(app_id)
if not app_meta or not app_meta.get('internal_url'):
return
secret = current_app.config.get('INTERNAL_SYNC_SECRET', '')
url = app_meta['internal_url'].rstrip('/') + '/internal/sync-user'
body = json.dumps({'username': username, 'role': role}).encode()
req = urllib.request.Request(
url,
data=body,
headers={
'Content-Type': 'application/json',
'X-Internal-Token': secret,
},
method='POST',
)
try:
with urllib.request.urlopen(req, timeout=3):
pass
except Exception:
pass # Best-effort; SSO will sync on first login anyway
def _admin_required(f):
from functools import wraps
from flask_login import current_user
from flask import abort
@wraps(f)
def decorated(*args, **kwargs):
if not current_user.is_admin:
abort(403)
return f(*args, **kwargs)
return decorated
@bp.route('/')
@login_required
@_admin_required
def index():
users = PortalUser.query.order_by(PortalUser.username).all()
registered_apps = current_app.config['REGISTERED_APPS']
return render_template('settings/index.html', users=users, registered_apps=registered_apps)
# ── User management ────────────────────────────────────────────────────────────
@bp.route('/users/new', methods=['GET', 'POST'])
@login_required
@_admin_required
def new_user():
registered_apps = current_app.config['REGISTERED_APPS']
if request.method == 'POST':
username = request.form.get('username', '').strip()
email = request.form.get('email', '').strip()
password = request.form.get('password', '')
is_admin = request.form.get('is_admin') == 'on'
if not username or not email or not password:
flash('Username, email and password are required.', 'danger')
return render_template('settings/new_user.html', registered_apps=registered_apps)
if PortalUser.query.filter_by(username=username).first():
flash('Username already exists.', 'danger')
return render_template('settings/new_user.html', registered_apps=registered_apps)
user = PortalUser(
username=username,
email=email,
password_hash=generate_password_hash(password),
is_admin=is_admin,
is_active=True,
)
db.session.add(user)
db.session.flush()
for app in registered_apps:
app_id = app['id']
role_val = request.form.get(f'role_{app_id}', 'none').strip()
if role_val in ('admin', 'user'):
db.session.add(AppAccess(user_id=user.id, app_name=app_id,
is_active=True, app_role=role_val))
db.session.commit()
# Best-effort: pre-create user in each app that supports sync
for app in registered_apps:
app_id = app['id']
role_val = request.form.get(f'role_{app_id}', 'none').strip()
if role_val in ('admin', 'user'):
_sync_user_to_app(app_id, username, role_val)
flash(f'User "{username}" created successfully.', 'success')
return redirect(url_for('settings.index'))
return render_template('settings/new_user.html', registered_apps=registered_apps)
@bp.route('/users/<int:user_id>/access', methods=['POST'])
@login_required
@_admin_required
def update_access(user_id):
user = PortalUser.query.get_or_404(user_id)
registered_apps = current_app.config['REGISTERED_APPS']
for app in registered_apps:
app_id = app['id']
# The UI sends role_<app_id> = 'admin' | 'user' | 'none'
role_val = request.form.get(f'role_{app_id}', 'none').strip()
should_have = role_val in ('admin', 'user')
app_role = role_val if role_val in ('admin', 'user') else None
existing = AppAccess.query.filter_by(user_id=user.id, app_name=app_id).first()
if existing:
existing.is_active = should_have
existing.app_role = app_role
elif should_have:
db.session.add(AppAccess(user_id=user.id, app_name=app_id,
is_active=True, app_role=app_role))
db.session.commit()
# Best-effort: pre-create / update user in each app that supports sync
for app in registered_apps:
app_id = app['id']
role_val = request.form.get(f'role_{app_id}', 'none').strip()
if role_val in ('admin', 'user'):
_sync_user_to_app(app_id, user.username, role_val)
flash(f'Access for "{user.username}" updated.', 'success')
return redirect(url_for('settings.index'))
@bp.route('/users/<int:user_id>/delete', methods=['POST'])
@login_required
@_admin_required
def delete_user(user_id):
if user_id == current_user.id:
flash('You cannot delete your own account.', 'danger')
return redirect(url_for('settings.index'))
user = PortalUser.query.get_or_404(user_id)
db.session.delete(user)
db.session.commit()
flash(f'User "{user.username}" deleted.', 'success')
return redirect(url_for('settings.index'))
# ── API key management ─────────────────────────────────────────────────────────
@bp.route('/api-keys')
@login_required
@_admin_required
def api_keys():
keys = ApiKey.query.order_by(ApiKey.created_at.desc()).all()
registered_apps = current_app.config['REGISTERED_APPS']
users = PortalUser.query.order_by(PortalUser.username).all()
return render_template('settings/api_keys.html', keys=keys, registered_apps=registered_apps, users=users)
@bp.route('/api-keys/new', methods=['POST'])
@login_required
@_admin_required
def new_api_key():
user_id = request.form.get('user_id', type=int)
app_name = request.form.get('app_name', '').strip()
description = request.form.get('description', '').strip()
if not user_id or not app_name:
flash('User and application are required.', 'danger')
return redirect(url_for('settings.api_keys'))
key = ApiKey(
user_id=user_id,
key=ApiKey.generate_key(),
app_name=app_name,
description=description or None,
)
db.session.add(key)
db.session.commit()
flash(f'API key created: {key.key}', 'success')
return redirect(url_for('settings.api_keys'))
@bp.route('/api-keys/<int:key_id>/revoke', methods=['POST'])
@login_required
@_admin_required
def revoke_api_key(key_id):
key = ApiKey.query.get_or_404(key_id)
key.is_active = False
db.session.commit()
flash('API key revoked.', 'success')
return redirect(url_for('settings.api_keys'))
# ── Module management ──────────────────────────────────────────────────────────
@bp.route('/modules')
@login_required
@_admin_required
def modules():
from app.models.module_config import ModuleConfig
from app.services import module_manager
registered_apps = current_app.config['REGISTERED_APPS']
cfg_map = {m.app_id: m for m in ModuleConfig.query.all()}
module_statuses = []
for app in registered_apps:
cfg = cfg_map.get(app['id'])
enabled = cfg.enabled if cfg else True
running = module_manager.is_running(app['id'])
module_statuses.append({
'app': app,
'enabled': enabled,
'running': running,
})
return render_template('settings/modules.html', module_statuses=module_statuses)
@bp.route('/modules/<app_id>/toggle', methods=['POST'])
@login_required
@_admin_required
def toggle_module(app_id):
from app.models.module_config import ModuleConfig
from app.services import module_manager
registered_ids = {a['id'] for a in current_app.config['REGISTERED_APPS']}
if app_id not in registered_ids:
flash('Unknown application.', 'danger')
return redirect(url_for('settings.modules'))
action = request.form.get('action') # 'enable' or 'disable'
if action not in ('enable', 'disable'):
flash('Invalid action.', 'danger')
return redirect(url_for('settings.modules'))
cfg = ModuleConfig.query.filter_by(app_id=app_id).first()
if cfg is None:
cfg = ModuleConfig(app_id=app_id, enabled=True)
db.session.add(cfg)
app_meta = next(a for a in current_app.config['REGISTERED_APPS'] if a['id'] == app_id)
name = app_meta['name']
if action == 'disable':
cfg.enabled = False
db.session.commit()
module_manager.write_module_state(app_id, False)
if module_manager.is_running(app_id):
module_manager.stop_service(app_id)
flash(f'{name} has been disabled and stopped.', 'success')
else:
flash(f'{name} has been disabled.', 'success')
else: # enable
cfg.enabled = True
db.session.commit()
module_manager.write_module_state(app_id, True)
if not module_manager.is_running(app_id):
ok = module_manager.start_service(app_id)
if ok:
flash(f'{name} has been enabled and is starting up.', 'success')
else:
flash(
f'{name} enabled. No launch spec found — '
'run ./start-dev.sh to start it.',
'warning',
)
else:
flash(f'{name} is already running and has been re-enabled.', 'success')
return redirect(url_for('settings.modules'))
portal/app/services/__init__.py
+1
View File
@@ -0,0 +1 @@
# services package
portal/app/services/module_manager.py
+197
View File
@@ -0,0 +1,197 @@
"""
module_manager.py — start/stop/status helpers for EDP sub-services.
Used exclusively in development mode (start-dev.sh launcher). Each service
writes its PID to .dev-logs/<name>.pid so the portal can signal it.
Module state (enabled/disabled) is persisted in the portal's SQLite DB
(ModuleConfig table) and mirrored to .dev-module-state.json so that
start-dev.sh can respect it on the next launch.
"""
import json
import logging
import os
import signal
import subprocess
from typing import Optional
log = logging.getLogger(__name__)
# ── Directory helpers ─────────────────────────────────────────────────────────
def _root() -> str:
"""Return the Enterprise_digital-platform root directory at runtime."""
# This file lives at: portal/app/services/module_manager.py
# → services/ → app/ → portal/ → ROOT
return os.path.dirname(
os.path.dirname(
os.path.dirname(
os.path.dirname(os.path.abspath(__file__))
)
)
)
def _log_dir() -> str:
return os.path.join(_root(), '.dev-logs')
def _pid_path(app_id: str) -> str:
return os.path.join(_log_dir(), f'{app_id}.pid')
def _state_path() -> str:
return os.path.join(_root(), '.dev-module-state.json')
# ── PID file helpers ──────────────────────────────────────────────────────────
def _read_pid(app_id: str) -> Optional[int]:
path = _pid_path(app_id)
if not os.path.exists(path):
return None
try:
with open(path) as fp:
return int(fp.read().strip())
except (ValueError, OSError):
return None
def _write_pid(app_id: str, pid: int) -> None:
os.makedirs(_log_dir(), exist_ok=True)
with open(_pid_path(app_id), 'w') as fp:
fp.write(str(pid))
def _clear_pid(app_id: str) -> None:
path = _pid_path(app_id)
try:
os.unlink(path)
except OSError:
pass
# ── Module state file ─────────────────────────────────────────────────────────
def write_module_state(app_id: str, enabled: bool) -> None:
"""Mirror enabled/disabled state to .dev-module-state.json for start-dev.sh."""
path = _state_path()
state: dict = {}
if os.path.exists(path):
try:
with open(path) as fp:
state = json.load(fp)
except (json.JSONDecodeError, OSError):
state = {}
state[app_id] = enabled
with open(path, 'w') as fp:
json.dump(state, fp, indent=2)
# ── Public API ────────────────────────────────────────────────────────────────
def is_running(app_id: str) -> bool:
"""Return True if the service process is alive."""
pid = _read_pid(app_id)
if pid is None:
return False
try:
os.kill(pid, 0)
return True
except ProcessLookupError:
_clear_pid(app_id)
return False
except PermissionError:
return True # process exists, owned by another uid
def stop_service(app_id: str) -> bool:
"""Send SIGTERM to the service. Returns True if signal was delivered."""
pid = _read_pid(app_id)
if pid is None:
return False
try:
os.kill(pid, signal.SIGTERM)
_clear_pid(app_id)
log.info('Sent SIGTERM to %s (PID %d)', app_id, pid)
return True
except ProcessLookupError:
_clear_pid(app_id)
return False
def start_service(app_id: str) -> bool:
"""Spawn the service as a detached background process. Returns True on success."""
root = _root()
spec = _get_spec(app_id, root)
if spec is None:
log.warning('No service spec for app_id=%s', app_id)
return False
log_file = os.path.join(_log_dir(), f'{app_id}.log')
os.makedirs(_log_dir(), exist_ok=True)
env = {**os.environ, **spec.get('env', {})}
with open(log_file, 'a') as lf:
proc = subprocess.Popen(
spec['cmd'],
env=env,
cwd=spec.get('cwd'),
stdout=lf,
stderr=lf,
start_new_session=True, # detach from the Flask process group
)
_write_pid(app_id, proc.pid)
log.info('Started %s as PID %d', app_id, proc.pid)
return True
# ── Service command specs ─────────────────────────────────────────────────────
def _get_spec(app_id: str, root: str) -> Optional[dict]:
"""Return the launch spec for a given app_id, or None if unknown."""
jwt = os.environ.get('PORTAL_JWT_SECRET', 'change-this-jwt-secret-in-production')
specs: dict = {
'digiserver': {
'cmd': [
f'{root}/digiserver-v2/.venv/bin/gunicorn',
'--bind', '0.0.0.0:5002',
'--workers', '2',
'--timeout', '120',
'--chdir', f'{root}/digiserver-v2',
'wsgi:application',
],
'env': {
'FLASK_ENV': 'development',
'ADMIN_USERNAME': os.environ.get('ADMIN_USERNAME', 'admin'),
'ADMIN_PASSWORD': os.environ.get('ADMIN_PASSWORD', 'admin123'),
'PORTAL_JWT_SECRET': jwt,
},
'cwd': f'{root}/digiserver-v2',
},
'itassets': {
'cmd': [
f'{root}/IT_asset_management/.venv/bin/python',
f'{root}/IT_asset_management/run.py',
],
'env': {
'FLASK_ENV': 'development',
'SQLALCHEMY_DATABASE_URI': f'sqlite:///{root}/IT_asset_management/data/itassets.db',
'PORTAL_JWT_SECRET': jwt,
'FLASK_APP': 'run.py',
},
'cwd': f'{root}/IT_asset_management',
},
'networkview': {
'cmd': ['node', f'{root}/NetworkView/backend/src/index.js'],
'env': {
'PORT': '3001',
'PORTAL_JWT_SECRET': jwt,
'NODE_ENV': 'development',
'DB_PATH': f'{root}/NetworkView/data/networkview.db',
},
'cwd': f'{root}/NetworkView/backend',
},
}
return specs.get(app_id)
portal/app/static/css/portal.css
+448
View File
@@ -0,0 +1,448 @@
/* ─────────────────────────────────────────────────────────────────────────────
Enterprise Digital Platform — Portal CSS
Dark-mode enterprise dashboard
───────────────────────────────────────────────────────────────────────────── */
:root {
--bg-base: #0d1117;
--bg-surface: #161b22;
--bg-card: #1c2128;
--bg-card-hover: #21262d;
--border: #30363d;
--border-subtle: #21262d;
--text-primary: #e6edf3;
--text-secondary:#8b949e;
--text-muted: #6e7681;
--accent-blue: #388bfd;
--accent-green: #3fb950;
--accent-amber: #d29922;
--accent-red: #f85149;
--radius: 10px;
--radius-sm: 6px;
--shadow: 0 4px 24px rgba(0,0,0,0.4);
--font: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
}
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
html, body {
height: 100%;
background: var(--bg-base);
color: var(--text-primary);
font-family: var(--font);
font-size: 15px;
line-height: 1.6;
}
a { color: var(--accent-blue); text-decoration: none; }
a:hover { text-decoration: underline; }
code { font-family: 'SFMono-Regular', Consolas, monospace; font-size: 0.85em; }
/* ── Top Bar ────────────────────────────────────────────────────────────────── */
.topbar {
display: flex;
align-items: center;
gap: 1.5rem;
padding: 0 1.5rem;
height: 56px;
background: var(--bg-surface);
border-bottom: 1px solid var(--border);
position: sticky;
top: 0;
z-index: 100;
}
.topbar-brand {
display: flex;
align-items: center;
gap: 0.5rem;
font-weight: 700;
font-size: 1rem;
color: var(--text-primary);
flex-shrink: 0;
}
.brand-icon { font-size: 1.4rem; color: var(--accent-blue); }
.topbar-nav {
display: flex;
gap: 0.25rem;
flex: 1;
}
.nav-link {
padding: 0.35rem 0.75rem;
border-radius: var(--radius-sm);
color: var(--text-secondary);
font-size: 0.9rem;
transition: color 0.15s, background 0.15s;
}
.nav-link:hover { color: var(--text-primary); background: var(--bg-card); text-decoration: none; }
.nav-link.active { color: var(--text-primary); background: var(--bg-card); }
.topbar-user {
display: flex;
align-items: center;
gap: 0.5rem;
flex-shrink: 0;
}
.user-badge {
width: 30px;
height: 30px;
border-radius: 50%;
background: var(--accent-blue);
color: #fff;
display: flex;
align-items: center;
justify-content: center;
font-size: 0.8rem;
font-weight: 700;
}
.user-name { font-size: 0.9rem; color: var(--text-secondary); }
.role-tag {
font-size: 0.7rem;
padding: 2px 6px;
border-radius: 20px;
background: rgba(56,139,253,0.2);
color: var(--accent-blue);
font-weight: 600;
text-transform: uppercase;
letter-spacing: 0.04em;
}
.btn-logout {
color: var(--text-muted);
font-size: 1.1rem;
padding: 4px 8px;
border-radius: var(--radius-sm);
transition: color 0.15s, background 0.15s;
}
.btn-logout:hover { color: var(--accent-red); background: rgba(248,81,73,0.1); text-decoration: none; }
/* ── Flash Messages ─────────────────────────────────────────────────────────── */
.flash-container { padding: 0.75rem 1.5rem 0; }
.flash {
padding: 0.75rem 1rem;
border-radius: var(--radius-sm);
margin-bottom: 0.5rem;
font-size: 0.9rem;
border-left: 3px solid;
}
.flash-success { background: rgba(63,185,80,0.1); border-color: var(--accent-green); color: #7ee787; }
.flash-danger { background: rgba(248,81,73,0.1); border-color: var(--accent-red); color: #ff7b72; }
.flash-info { background: rgba(56,139,253,0.1); border-color: var(--accent-blue); color: #79c0ff; }
.flash-warning { background: rgba(210,153,34,0.1); border-color: var(--accent-amber); color: #e3b341; }
/* ── Page Content ────────────────────────────────────────────────────────────── */
.page-content { padding: 2rem 1.5rem; max-width: 1280px; margin: 0 auto; }
/* ── Login Page ─────────────────────────────────────────────────────────────── */
.login-wrapper {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 2rem;
background:
radial-gradient(ellipse at 20% 20%, rgba(56,139,253,0.08) 0%, transparent 60%),
radial-gradient(ellipse at 80% 80%, rgba(63,185,80,0.06) 0%, transparent 60%),
var(--bg-base);
}
.login-card {
width: 100%;
max-width: 400px;
background: var(--bg-surface);
border: 1px solid var(--border);
border-radius: var(--radius);
padding: 2.5rem;
box-shadow: var(--shadow);
}
.login-logo { text-align: center; margin-bottom: 2rem; }
.brand-icon-lg { font-size: 2.5rem; }
.login-title { font-size: 1.4rem; font-weight: 700; margin-top: 0.5rem; }
.login-subtitle { color: var(--text-secondary); font-size: 0.9rem; }
/* ── Forms ───────────────────────────────────────────────────────────────────── */
.form-group { margin-bottom: 1.25rem; }
.form-label { display: block; font-size: 0.875rem; font-weight: 600; margin-bottom: 0.4rem; color: var(--text-secondary); }
.form-input, .form-select {
width: 100%;
padding: 0.6rem 0.85rem;
background: var(--bg-card);
border: 1px solid var(--border);
border-radius: var(--radius-sm);
color: var(--text-primary);
font-size: 0.9rem;
transition: border-color 0.15s;
outline: none;
}
.form-input:focus, .form-select:focus { border-color: var(--accent-blue); box-shadow: 0 0 0 3px rgba(56,139,253,0.15); }
.form-select option { background: var(--bg-card); }
.form-row { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; }
.form-group--grow { flex: 1; }
.form-group--action { min-width: 140px; }
.form-actions { display: flex; gap: 0.75rem; margin-top: 1.5rem; }
.form-card { background: var(--bg-card); border: 1px solid var(--border); border-radius: var(--radius); padding: 1.5rem; margin-bottom: 1.5rem; }
.form-inline-card { background: var(--bg-card); border: 1px solid var(--border); border-radius: var(--radius); padding: 1rem 1.25rem; margin-bottom: 1.5rem; }
/* Toggle switch */
.toggle,
.module-toggle { display: flex; align-items: center; gap: 0.75rem; cursor: pointer; user-select: none; }
.toggle input,
.module-toggle-input { display: none; }
.toggle-slider {
width: 38px; height: 22px; border-radius: 11px;
background: var(--border); transition: background 0.2s; flex-shrink: 0; position: relative;
}
.toggle-slider::after {
content: '';
width: 16px; height: 16px;
border-radius: 50%; background: #fff;
position: absolute; top: 3px; left: 3px;
transition: transform 0.2s;
}
.toggle input:checked + .toggle-slider,
.module-toggle-input:checked + .toggle-slider { background: var(--accent, var(--accent-blue)); }
.toggle input:checked + .toggle-slider::after,
.module-toggle-input:checked + .toggle-slider::after { transform: translateX(16px); }
.toggle-label { font-size: 0.9rem; color: var(--text-secondary); }
/* ── Buttons ─────────────────────────────────────────────────────────────────── */
.btn {
display: inline-flex;
align-items: center;
justify-content: center;
padding: 0.55rem 1.1rem;
border-radius: var(--radius-sm);
font-size: 0.9rem;
font-weight: 600;
border: none;
cursor: pointer;
text-decoration: none;
transition: opacity 0.15s, filter 0.15s;
}
.btn:hover { filter: brightness(1.15); text-decoration: none; }
.btn:active { filter: brightness(0.9); }
.btn-primary { background: var(--accent-blue); color: #fff; }
.btn-secondary { background: var(--bg-card); color: var(--text-primary); border: 1px solid var(--border); }
.btn-danger { background: rgba(248,81,73,0.15); color: var(--accent-red); border: 1px solid rgba(248,81,73,0.3); }
.btn-full { width: 100%; }
.btn-sm { padding: 0.3rem 0.7rem; font-size: 0.82rem; }
/* App launch button */
.btn-app {
padding: 0.55rem 1.25rem;
border-radius: var(--radius-sm);
font-size: 0.9rem;
font-weight: 700;
background: color-mix(in srgb, var(--accent) 20%, transparent);
color: var(--accent);
border: 1px solid color-mix(in srgb, var(--accent) 40%, transparent);
cursor: pointer;
transition: background 0.15s, border-color 0.15s;
}
.btn-app:hover { background: color-mix(in srgb, var(--accent) 30%, transparent); text-decoration: none; }
.btn-app--disabled {
background: rgba(110,118,129,0.1);
color: var(--text-muted);
border: 1px solid var(--border-subtle);
cursor: not-allowed;
}
/* ── Dashboard App Grid ───────────────────────────────────────────────────────── */
.dashboard-wrapper { max-width: 1100px; }
.dashboard-header { margin-bottom: 2rem; }
.section-title { font-size: 1.5rem; font-weight: 700; margin-bottom: 0.25rem; }
.section-subtitle { color: var(--text-secondary); font-size: 0.9rem; }
.section-hint { color: var(--text-secondary); font-size: 0.875rem; margin-bottom: 1.25rem; }
.app-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
gap: 1.25rem;
}
.app-card {
background: var(--bg-card);
border: 1px solid var(--border);
border-top: 3px solid var(--accent);
border-radius: var(--radius);
padding: 1.5rem;
display: flex;
flex-direction: column;
gap: 1rem;
transition: transform 0.15s, box-shadow 0.15s;
}
.app-card:hover { transform: translateY(-2px); box-shadow: var(--shadow); }
.app-card--locked { opacity: 0.55; }
.app-card--locked:hover { transform: none; box-shadow: none; }
.app-card-header { display: flex; align-items: center; justify-content: space-between; }
.app-icon { font-size: 2rem; }
.app-status { display: flex; align-items: center; gap: 0.4rem; }
.status-dot { width: 8px; height: 8px; border-radius: 50%; }
.status-dot--active { background: var(--accent-green); box-shadow: 0 0 6px var(--accent-green); }
.status-dot--inactive { background: var(--text-muted); }
.status-label { font-size: 0.8rem; color: var(--text-secondary); }
.app-name { font-size: 1.1rem; font-weight: 700; }
.app-desc { font-size: 0.875rem; color: var(--text-secondary); line-height: 1.5; }
.app-card-body { flex: 1; }
.app-card-footer { padding-top: 0.5rem; border-top: 1px solid var(--border-subtle); }
/* ── Settings ────────────────────────────────────────────────────────────────── */
.settings-wrapper { max-width: 1200px; }
.settings-header { margin-bottom: 1.5rem; display: flex; flex-direction: column; gap: 0.75rem; }
.settings-tabs { display: flex; gap: 0.25rem; border-bottom: 1px solid var(--border); padding-bottom: 0; }
.tab-link {
padding: 0.5rem 1rem;
border-bottom: 2px solid transparent;
color: var(--text-secondary);
font-size: 0.9rem;
font-weight: 500;
transition: color 0.15s, border-color 0.15s;
margin-bottom: -1px;
}
.tab-link:hover { color: var(--text-primary); text-decoration: none; }
.tab-link.active { color: var(--accent-blue); border-bottom-color: var(--accent-blue); }
.settings-section { margin-top: 1.5rem; }
.section-toolbar { display: flex; align-items: center; justify-content: space-between; margin-bottom: 1rem; }
.section-toolbar h3 { font-size: 1rem; font-weight: 600; }
/* ── Table ───────────────────────────────────────────────────────────────────── */
.table-wrapper { overflow-x: auto; border: 1px solid var(--border); border-radius: var(--radius); }
.data-table { width: 100%; border-collapse: collapse; font-size: 0.875rem; }
.data-table th {
background: var(--bg-surface);
color: var(--text-secondary);
font-weight: 600;
font-size: 0.8rem;
text-transform: uppercase;
letter-spacing: 0.04em;
padding: 0.65rem 1rem;
text-align: left;
border-bottom: 1px solid var(--border);
}
.data-table td {
padding: 0.75rem 1rem;
border-bottom: 1px solid var(--border-subtle);
vertical-align: middle;
}
.data-table tr:last-child td { border-bottom: none; }
.data-table tr:hover td { background: var(--bg-card-hover); }
.row-inactive td { opacity: 0.5; }
.app-col { text-align: center; }
.center { text-align: center; }
.text-muted { color: var(--text-secondary); }
.empty-row { text-align: center; color: var(--text-muted); padding: 2rem; }
.key-cell { background: var(--bg-surface); padding: 2px 8px; border-radius: 4px; font-size: 0.8rem; }
/* ── Per-app role select ─────────────────────────────────────────────────────── */
.app-role-select {
appearance: none;
background: var(--bg-surface);
border: 1px solid var(--border);
border-radius: var(--radius-sm);
color: var(--text-secondary);
font-size: 0.78rem;
padding: 0.2rem 0.55rem;
cursor: pointer;
outline: none;
transition: border-color 0.15s, color 0.15s;
min-width: 90px;
}
.app-role-select:focus { border-color: var(--app-color, var(--accent-blue)); }
.app-role-select option { background: var(--bg-card); }
/* Colour the cell when a real role is selected */
.app-role-select:not([value="none"]) { border-color: var(--app-color, var(--accent-blue)); }
/* highlight the select based on selected option via JS */
.app-role-select.has-access { color: var(--app-color, var(--accent-blue)); border-color: var(--app-color, var(--accent-blue)); }
/* ── Badges ──────────────────────────────────────────────────────────────────── */
.badge {
display: inline-block;
padding: 2px 8px;
border-radius: 20px;
font-size: 0.72rem;
font-weight: 700;
text-transform: uppercase;
letter-spacing: 0.04em;
}
.badge-admin { background: rgba(56,139,253,0.2); color: var(--accent-blue); }
.badge-user { background: rgba(110,118,129,0.2); color: var(--text-secondary); }
.badge-active { background: rgba(63,185,80,0.2); color: var(--accent-green); }
.badge-inactive { background: rgba(110,118,129,0.2); color: var(--text-muted); }
/* ── App role grid (new user form) ───────────────────────────────────────────── */
.app-role-grid {
display: grid;
grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
gap: 1rem;
}
.app-role-card {
background: var(--bg-surface);
border: 1px solid var(--border);
border-top: 3px solid var(--app-color, var(--accent-blue));
border-radius: var(--radius-sm);
padding: 1rem;
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.app-role-card-header {
display: flex;
align-items: center;
gap: 0.5rem;
}
.app-role-desc {
font-size: 0.78rem;
color: var(--text-secondary);
margin: 0;
flex: 1;
}
.app-role-new-select {
appearance: none;
background: var(--bg-card);
border: 1px solid var(--border);
border-radius: var(--radius-sm);
color: var(--text-secondary);
font-size: 0.82rem;
padding: 0.3rem 0.55rem;
cursor: pointer;
width: 100%;
}
/* ── App checkbox grid (new user form, legacy) ──────────────────────────────── */
.app-checkbox-grid { display: flex; gap: 0.75rem; flex-wrap: wrap; }
.app-checkbox-item {
display: flex;
align-items: center;
gap: 0.5rem;
padding: 0.6rem 1rem;
border: 1px solid var(--border);
border-radius: var(--radius-sm);
cursor: pointer;
transition: border-color 0.15s, background 0.15s;
}
.app-checkbox-item:hover { border-color: var(--accent); background: color-mix(in srgb, var(--accent) 8%, transparent); }
.app-checkbox-item input { accent-color: var(--accent); cursor: pointer; }
.app-checkbox-icon { font-size: 1.1rem; }
.app-checkbox-name { font-size: 0.875rem; font-weight: 500; }
/* ── Error page ──────────────────────────────────────────────────────────────── */
.error-wrapper { min-height: 60vh; display: flex; align-items: center; justify-content: center; }
.error-card { text-align: center; max-width: 400px; }
.error-icon { font-size: 3rem; margin-bottom: 1rem; }
.error-card h2 { font-size: 1.4rem; margin-bottom: 0.5rem; }
.error-card p { color: var(--text-secondary); margin-bottom: 1.5rem; }
/* ── Access checkbox (inline form) ───────────────────────────────────────────── */
.inline-form { display: inline; }
.access-checkbox { cursor: pointer; accent-color: var(--accent-blue); width: 16px; height: 16px; }
portal/app/templates/auth/login.html
+49
View File
@@ -0,0 +1,49 @@
{% extends 'base.html' %}
{% block title %}Sign In — Enterprise Digital Platform{% endblock %}
{% block content %}
<div class="login-wrapper">
<div class="login-card">
<div class="login-logo">
<span class="brand-icon-lg"></span>
<h1 class="login-title">Enterprise Digital Platform</h1>
<p class="login-subtitle">Sign in to continue</p>
</div>
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
{% for category, message in messages %}
<div class="flash flash-{{ category }}">{{ message }}</div>
{% endfor %}
{% endif %}
{% endwith %}
<form method="POST" action="{{ url_for('auth.login', next=request.args.get('next', '')) }}" autocomplete="off">
<div class="form-group">
<label for="username" class="form-label">Username</label>
<input
id="username"
name="username"
type="text"
class="form-input"
placeholder="Enter username"
required
autofocus
/>
</div>
<div class="form-group">
<label for="password" class="form-label">Password</label>
<input
id="password"
name="password"
type="password"
class="form-input"
placeholder="Enter password"
required
/>
</div>
<button type="submit" class="btn btn-primary btn-full">Sign In</button>
</form>
</div>
</div>
{% endblock %}
portal/app/templates/base.html
+44
View File
@@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>{% block title %}Enterprise Digital Platform{% endblock %}</title>
<link rel="stylesheet" href="{{ url_for('static', filename='css/portal.css') }}" />
</head>
<body>
{% if current_user.is_authenticated %}
<header class="topbar">
<div class="topbar-brand">
<span class="brand-icon"></span>
<span class="brand-name">Enterprise Digital Platform</span>
</div>
<nav class="topbar-nav">
<a href="{{ url_for('dashboard.index') }}" class="nav-link {% if request.endpoint == 'dashboard.index' %}active{% endif %}">Dashboard</a>
{% if current_user.is_admin %}
<a href="{{ url_for('settings.index') }}" class="nav-link {% if request.blueprint == 'settings' %}active{% endif %}">Settings</a>
{% endif %}
</nav>
<div class="topbar-user">
<span class="user-badge">{{ current_user.username[0].upper() }}</span>
<span class="user-name">{{ current_user.username }}</span>
{% if current_user.is_admin %}<span class="role-tag">admin</span>{% endif %}
<a href="{{ url_for('auth.logout') }}" class="btn-logout" title="Sign out"></a>
</div>
</header>
{% endif %}
<main class="page-content">
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
<div class="flash-container">
{% for category, message in messages %}
<div class="flash flash-{{ category }}">{{ message }}</div>
{% endfor %}
</div>
{% endif %}
{% endwith %}
{% block content %}{% endblock %}
</main>
</body>
</html>
portal/app/templates/dashboard/access_denied.html
+13
View File
@@ -0,0 +1,13 @@
{% extends 'base.html' %}
{% block title %}Access Denied — Enterprise Digital Platform{% endblock %}
{% block content %}
<div class="error-wrapper">
<div class="error-card">
<div class="error-icon">🚫</div>
<h2>Access Denied</h2>
<p>You do not have permission to access this application.<br>Contact your administrator to request access.</p>
<a href="{{ url_for('dashboard.index') }}" class="btn btn-primary">← Back to Dashboard</a>
</div>
</div>
{% endblock %}
portal/app/templates/dashboard/index.html
+45
View File
@@ -0,0 +1,45 @@
{% extends 'base.html' %}
{% block title %}Dashboard — Enterprise Digital Platform{% endblock %}
{% block content %}
<div class="dashboard-wrapper">
<div class="dashboard-header">
<h2 class="section-title">Applications</h2>
<p class="section-subtitle">Click <strong>Open</strong> to launch an application. Your session carries over automatically.</p>
</div>
<div class="app-grid">
{% for app in apps %}
<div class="app-card {% if not app.has_access %}app-card--locked{% endif %}" style="--accent: {{ app.color }};">
<div class="app-card-header">
<span class="app-icon">{{ app.icon }}</span>
<div class="app-status">
{% if app.has_access %}
<span class="status-dot status-dot--active"></span>
<span class="status-label">Access granted</span>
{% else %}
<span class="status-dot status-dot--inactive"></span>
<span class="status-label">No access</span>
{% endif %}
</div>
</div>
<div class="app-card-body">
<h3 class="app-name">{{ app.name }}</h3>
<p class="app-desc">{{ app.description }}</p>
</div>
<div class="app-card-footer">
{% if app.has_access %}
<a href="{{ app.url }}" class="btn btn-app" style="--accent: {{ app.color }};" target="_self">
Open →
</a>
{% else %}
<span class="btn btn-app btn-app--disabled" title="Contact your administrator to request access.">
No Access
</span>
{% endif %}
</div>
</div>
{% endfor %}
</div>
</div>
{% endblock %}
portal/app/templates/settings/api_keys.html
+105
View File
@@ -0,0 +1,105 @@
{% extends 'base.html' %}
{% block title %}API Keys — Settings{% endblock %}
{% block content %}
<div class="settings-wrapper">
<div class="settings-header">
<h2 class="section-title">Settings</h2>
<div class="settings-tabs">
<a href="{{ url_for('settings.index') }}" class="tab-link">Users &amp; Access</a>
<a href="{{ url_for('settings.api_keys') }}" class="tab-link active">API Keys</a>
<a href="{{ url_for('settings.modules') }}" class="tab-link">Modules</a>
</div>
</div>
<div class="settings-section">
<div class="section-toolbar">
<h3>API Keys</h3>
</div>
<p class="section-hint">
API keys allow programmatic access to sub-applications.
Pass the key as an <code>X-Api-Key</code> header in your requests.
</p>
<!-- New key form -->
<form method="POST" action="{{ url_for('settings.new_api_key') }}" class="form-inline-card">
<div class="form-row">
<div class="form-group">
<label class="form-label">User</label>
<select name="user_id" class="form-select" required>
<option value="">— select user —</option>
{% for u in users %}
<option value="{{ u.id }}">{{ u.username }}</option>
{% endfor %}
</select>
</div>
<div class="form-group">
<label class="form-label">Application</label>
<select name="app_name" class="form-select" required>
<option value="">— select app —</option>
{% for app in registered_apps %}
<option value="{{ app['id'] }}">{{ app.icon }} {{ app.name }}</option>
{% endfor %}
</select>
</div>
<div class="form-group form-group--grow">
<label class="form-label">Description (optional)</label>
<input type="text" name="description" class="form-input" placeholder="e.g. CI/CD integration" />
</div>
<div class="form-group form-group--action">
<label class="form-label">&nbsp;</label>
<button type="submit" class="btn btn-primary">Generate Key</button>
</div>
</div>
</form>
<!-- Keys table -->
<div class="table-wrapper">
<table class="data-table">
<thead>
<tr>
<th>User</th>
<th>Application</th>
<th>Key</th>
<th>Description</th>
<th>Status</th>
<th>Created</th>
<th>Last Used</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
{% for k in keys %}
<tr class="{{ 'row-inactive' if not k.is_active }}">
<td>{{ k.user.username }}</td>
<td>{{ k.app_name }}</td>
<td><code class="key-cell">{{ k.key[:16] }}…</code></td>
<td class="text-muted">{{ k.description or '—' }}</td>
<td>
{% if k.is_active %}
<span class="badge badge-active">active</span>
{% else %}
<span class="badge badge-inactive">revoked</span>
{% endif %}
</td>
<td class="text-muted">{{ k.created_at.strftime('%Y-%m-%d') }}</td>
<td class="text-muted">{{ k.last_used_at.strftime('%Y-%m-%d') if k.last_used_at else '—' }}</td>
<td>
{% if k.is_active %}
<form method="POST" action="{{ url_for('settings.revoke_api_key', key_id=k.id) }}"
onsubmit="return confirm('Revoke this API key?')">
<button type="submit" class="btn btn-sm btn-danger">Revoke</button>
</form>
{% endif %}
</td>
</tr>
{% endfor %}
{% if not keys %}
<tr><td colspan="8" class="empty-row">No API keys yet.</td></tr>
{% endif %}
</tbody>
</table>
</div>
</div>
</div>
{% endblock %}
portal/app/templates/settings/index.html
+124
View File
@@ -0,0 +1,124 @@
{% extends 'base.html' %}
{% block title %}Settings — Enterprise Digital Platform{% endblock %}
{% block content %}
<div class="settings-wrapper">
<div class="settings-header">
<h2 class="section-title">Settings</h2>
<div class="settings-tabs">
<a href="{{ url_for('settings.index') }}" class="tab-link active">Users &amp; Access</a>
<a href="{{ url_for('settings.api_keys') }}" class="tab-link">API Keys</a>
<a href="{{ url_for('settings.modules') }}" class="tab-link">Modules</a>
</div>
</div>
<div class="settings-section">
<div class="section-toolbar">
<h3>Portal Users</h3>
<a href="{{ url_for('settings.new_user') }}" class="btn btn-primary btn-sm">+ New User</a>
</div>
<div class="table-wrapper">
<table class="data-table">
<thead>
<tr>
<th>Username</th>
<th>Email</th>
<th>Role</th>
<th>Last Login</th>
{% for app in registered_apps %}
<th class="app-col" style="border-top: 3px solid {{ app.color }};">
{{ app.icon }} {{ app.name }}<br/>
<small style="font-weight:400; color:var(--text-muted);">access / role</small>
</th>
{% endfor %}
<th>Actions</th>
</tr>
</thead>
<tbody>
{% for user in users %}
<tr>
<td><strong>{{ user.username }}</strong></td>
<td class="text-muted">{{ user.email }}</td>
<td>
{% if user.is_admin %}
<span class="badge badge-admin">admin</span>
{% else %}
<span class="badge badge-user">user</span>
{% endif %}
</td>
<td class="text-muted">
{{ user.last_login.strftime('%Y-%m-%d %H:%M') if user.last_login else '—' }}
</td>
{# Per-app role dropdown — auto-submits on change #}
{% for app in registered_apps %}
{% set cur_access = user.app_accesses.filter_by(app_name=app['id']).first() %}
{% set cur_role = cur_access.app_role if cur_access and cur_access.is_active and cur_access.app_role else ('active' if (cur_access and cur_access.is_active) else 'none') %}
<td class="center">
<form method="POST" action="{{ url_for('settings.update_access', user_id=user.id) }}"
class="inline-form">
{# Carry all other apps' current values as hidden inputs #}
{% for other in registered_apps %}
{% if other['id'] != app['id'] %}
{% set oa = user.app_accesses.filter_by(app_name=other['id']).first() %}
{% if oa and oa.is_active %}
<input type="hidden" name="role_{{ other['id'] }}"
value="{{ oa.app_role if oa.app_role else 'user' }}" />
{% else %}
<input type="hidden" name="role_{{ other['id'] }}" value="none" />
{% endif %}
{% endif %}
{% endfor %}
<select name="role_{{ app['id'] }}"
class="app-role-select"
style="--app-color: {{ app.color }};"
onchange="this.closest('form').submit()"
title="{{ app['name'] }} access for {{ user.username }}"
{% if user.id == current_user.id and app['id'] == 'portal' %}disabled{% endif %}>
<option value="none" {% if not (cur_access and cur_access.is_active) %}selected{% endif %}>
— no access
</option>
<option value="user"
{% if cur_access and cur_access.is_active and (not cur_access.app_role or cur_access.app_role == 'user') %}selected{% endif %}>
✓ user
</option>
<option value="admin"
{% if cur_access and cur_access.is_active and cur_access.app_role == 'admin' %}selected{% endif %}>
★ admin
</option>
</select>
</form>
</td>
{% endfor %}
<td>
{% if user.id != current_user.id %}
<form method="POST" action="{{ url_for('settings.delete_user', user_id=user.id) }}"
onsubmit="return confirm('Delete user {{ user.username }}?')">
<button type="submit" class="btn btn-sm btn-danger">Delete</button>
</form>
{% else %}
<span class="text-muted"></span>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
<script>
document.querySelectorAll('.app-role-select').forEach(function(sel) {
function refresh() {
if (sel.value !== 'none') sel.classList.add('has-access');
else sel.classList.remove('has-access');
}
refresh();
sel.addEventListener('change', refresh);
});
</script>
{% endblock %}
portal/app/templates/settings/modules.html
+109
View File
@@ -0,0 +1,109 @@
{% extends 'base.html' %}
{% block title %}Modules — Enterprise Digital Platform{% endblock %}
{% block content %}
<div class="settings-wrapper">
<div class="settings-header">
<h2 class="section-title">Settings</h2>
<div class="settings-tabs">
<a href="{{ url_for('settings.index') }}" class="tab-link">Users &amp; Access</a>
<a href="{{ url_for('settings.api_keys') }}" class="tab-link">API Keys</a>
<a href="{{ url_for('settings.modules') }}" class="tab-link active">Modules</a>
</div>
</div>
<div class="settings-section">
<div class="section-toolbar">
<h3>Installed Modules</h3>
<span class="text-muted" style="font-size:0.875rem;">
Enable or disable services to control which applications run on this instance.
</span>
</div>
<div class="app-grid" style="margin-top:1.25rem;">
{% for ms in module_statuses %}
{% set app = ms.app %}
{% set on = ms.enabled %}
{% set alive = ms.running %}
<div class="app-card {% if not on %}app-card--locked{% endif %}"
style="--accent: {{ app.color }};">
<div class="app-card-header">
<span class="app-icon">{{ app.icon }}</span>
<span class="app-status">
<span class="status-dot {% if alive %}status-dot--active{% else %}status-dot--inactive{% endif %}"></span>
<span class="status-label">{% if alive %}running{% else %}stopped{% endif %}</span>
</span>
</div>
<div class="app-card-body">
<div class="app-name">{{ app.name }}</div>
<div class="app-desc" style="margin-top:0.4rem;">{{ app.description }}</div>
</div>
<div class="app-card-footer" style="display:flex; align-items:center; justify-content:space-between; gap:1rem;">
{# Toggle switch — submits a hidden form on change #}
<label class="module-toggle" title="{% if on %}Disable {{ app.name }}{% else %}Enable {{ app.name }}{% endif %}">
<input
type="checkbox"
class="module-toggle-input"
data-app="{{ app.id }}"
data-action-enable="{{ url_for('settings.toggle_module', app_id=app.id) }}"
{% if on %}checked{% endif %}
/>
<span class="toggle-slider"></span>
<span class="toggle-label">{% if on %}Enabled{% else %}Disabled{% endif %}</span>
</label>
{# Hidden forms — one per action #}
<form id="form-enable-{{ app.id }}" method="POST"
action="{{ url_for('settings.toggle_module', app_id=app.id) }}" style="display:none;">
<input type="hidden" name="action" value="enable" />
</form>
<form id="form-disable-{{ app.id }}" method="POST"
action="{{ url_for('settings.toggle_module', app_id=app.id) }}" style="display:none;">
<input type="hidden" name="action" value="disable" />
</form>
{% if on and alive %}
<a href="{{ app.url }}" class="btn btn-sm btn-secondary" target="_blank">Open ↗</a>
{% endif %}
</div>
</div>
{% endfor %}
</div>
<div class="form-inline-card" style="margin-top:1.5rem; display:flex; align-items:flex-start; gap:0.75rem;">
<span style="font-size:1.25rem; flex-shrink:0;"></span>
<div style="font-size:0.875rem; color:var(--text-secondary); line-height:1.6;">
<strong style="color:var(--text-primary);">How modules work</strong><br/>
Disabling a module sends a stop signal to its process and prevents it from being proxied.
Enabling a module starts its process in the background.
Module state is preserved across page reloads and respected by
<code>./start-dev.sh</code> on next launch.
</div>
</div>
</div>
</div>
<script>
document.querySelectorAll('.module-toggle-input').forEach(function(cb) {
cb.addEventListener('change', function() {
var appId = this.dataset.app;
var action = this.checked ? 'enable' : 'disable';
var confirmed = true;
if (action === 'disable') {
confirmed = confirm(
'Disable and stop this service?\n\n' +
'Users will lose access until it is re-enabled.'
);
}
if (confirmed) {
document.getElementById('form-' + action + '-' + appId).submit();
} else {
// Revert visual state without submitting
this.checked = !this.checked;
}
});
});
</script>
{% endblock %}
portal/app/templates/settings/new_user.html
+96
View File
@@ -0,0 +1,96 @@
{% extends 'base.html' %}
{% block title %}New User — Settings{% endblock %}
{% block content %}
<div class="settings-wrapper">
<div class="settings-header">
<h2 class="section-title">Settings</h2>
<div class="settings-tabs">
<a href="{{ url_for('settings.index') }}" class="tab-link active">Users &amp; Access</a>
<a href="{{ url_for('settings.api_keys') }}" class="tab-link">API Keys</a>
<a href="{{ url_for('settings.modules') }}" class="tab-link">Modules</a>
</div>
</div>
<div class="settings-section">
<div class="section-toolbar">
<h3>Create New User</h3>
<a href="{{ url_for('settings.index') }}" class="btn btn-sm btn-secondary">← Back</a>
</div>
<form method="POST" class="form-card">
<div class="form-row">
<div class="form-group">
<label class="form-label">Username</label>
<input type="text" name="username" class="form-input" required autofocus />
</div>
<div class="form-group">
<label class="form-label">Email</label>
<input type="email" name="email" class="form-input" required />
</div>
</div>
<div class="form-row">
<div class="form-group">
<label class="form-label">Password</label>
<input type="password" name="password" class="form-input" required />
</div>
<div class="form-group form-group--check">
<label class="form-label">Portal Role</label>
<label class="toggle">
<input type="checkbox" name="is_admin" />
<span class="toggle-slider"></span>
<span class="toggle-label">Platform administrator</span>
</label>
</div>
</div>
<div class="form-group">
<label class="form-label">Application Access &amp; Role</label>
<p style="font-size:0.82rem; color:var(--text-secondary); margin-bottom:0.75rem;">
Select the access level for each application. "Admin" grants full management rights
inside that app regardless of the portal role above.
</p>
<div class="app-role-grid">
{% for app in registered_apps %}
<div class="app-role-card" style="--app-color: {{ app.color }}; border-top-color: {{ app.color }};">
<div class="app-role-card-header">
<span style="font-size:1.5rem;">{{ app.icon }}</span>
<strong>{{ app.name }}</strong>
</div>
<p class="app-role-desc">{{ app.description }}</p>
<select name="role_{{ app['id'] }}" class="form-select app-role-new-select"
data-color="{{ app.color }}">
<option value="none">— No access</option>
<option value="user">✓ User</option>
<option value="admin">★ Admin</option>
</select>
</div>
{% endfor %}
</div>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary">Create User</button>
<a href="{{ url_for('settings.index') }}" class="btn btn-secondary">Cancel</a>
</div>
</form>
</div>
</div>
<script>
document.querySelectorAll('.app-role-new-select').forEach(function(sel) {
function refresh() {
var color = sel.dataset.color;
if (sel.value !== 'none') {
sel.style.borderColor = color;
sel.style.color = color;
} else {
sel.style.borderColor = '';
sel.style.color = '';
}
}
refresh();
sel.addEventListener('change', refresh);
});
</script>
{% endblock %}
portal/config.py
+77
View File
@@ -0,0 +1,77 @@
import os
from dotenv import load_dotenv
load_dotenv()
class Config:
SECRET_KEY = os.environ.get('SECRET_KEY', 'change-this-portal-secret')
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL', 'sqlite:///portal.db')
SQLALCHEMY_TRACK_MODIFICATIONS = False
# JWT settings for platform-wide SSO token
PORTAL_JWT_SECRET = os.environ.get('PORTAL_JWT_SECRET', 'change-this-jwt-secret')
JWT_EXPIRY_HOURS = int(os.environ.get('JWT_EXPIRY_HOURS', 8))
PORTAL_COOKIE_NAME = 'edp_portal_token'
# Initial admin seeded on first run
ADMIN_USERNAME = os.environ.get('ADMIN_USERNAME', 'admin')
ADMIN_PASSWORD = os.environ.get('ADMIN_PASSWORD', 'admin123')
ADMIN_EMAIL = os.environ.get('ADMIN_EMAIL', 'admin@localhost')
# App registry — display metadata for the three sub-apps
REGISTERED_APPS = [
{
'id': 'digiserver',
'name': 'DigiServer',
'description': 'Digital signage player & content management platform.',
'icon': '🖥️',
'url': '/digiserver/',
'color': '#22c55e',
# Internal URL for portal→app user sync (not through nginx)
'internal_url': os.environ.get('DIGISERVER_INTERNAL_URL', 'http://localhost:5002'),
},
{
'id': 'networkview',
'name': 'NetworkView',
'description': 'Infrastructure topology — sites, rooms, racks & cabling.',
'icon': '🌐',
'url': '/networkview/',
'color': '#3b82f6',
},
{
'id': 'itassets',
'name': 'IT Asset Management',
'description': 'Track hardware assets, assignments and compliance.',
'icon': '💼',
'url': '/itassets/',
'color': '#f59e0b',
},
{
'id': 'srvmonitor',
'name': 'Server Monitor',
'description': 'Real-time monitoring for Raspberry Pi clients — logs, devices & Ansible automation.',
'icon': '📡',
'url': '/srvmonitor/',
'color': '#a855f7',
},
]
# Internal service-to-service sync secret — must match INTERNAL_SYNC_SECRET in sub-apps
INTERNAL_SYNC_SECRET = os.environ.get('INTERNAL_SYNC_SECRET', 'change-this-internal-secret')
class DevelopmentConfig(Config):
DEBUG = True
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL', 'sqlite:///portal_dev.db')
class ProductionConfig(Config):
DEBUG = False
config = {
'development': DevelopmentConfig,
'production': ProductionConfig,
'default': ProductionConfig,
}
portal/requirements.txt
+8
View File
@@ -0,0 +1,8 @@
Flask==3.1.0
Flask-SQLAlchemy==3.1.1
Flask-Migrate==4.1.0
Flask-Login==0.6.3
Werkzeug==3.1.3
PyJWT>=2.8.0
python-dotenv==1.0.1
gunicorn==23.0.0
portal/run.py
+8
View File
@@ -0,0 +1,8 @@
import os
from app import create_app
app = create_app(os.environ.get('FLASK_ENV', 'production'))
if __name__ == '__main__':
port = int(os.environ.get('PORT', 5001))
app.run(host='0.0.0.0', port=port, debug=(os.environ.get('FLASK_ENV') == 'development'))