Phillip Tarrant
abc682a634
Implemented comprehensive Flask-Login authentication with single-user support. New Features: - Flask-Login integration with User model - Bcrypt password hashing via PasswordManager - Login, logout, and initial password setup routes - @login_required and @api_auth_required decorators - All API endpoints now require authentication - Bootstrap 5 dark theme UI templates - Dashboard with navigation - Remember me and next parameter redirect support Files Created (12): - web/auth/__init__.py, models.py, decorators.py, routes.py - web/routes/__init__.py, main.py - web/templates/login.html, setup.html, dashboard.html, scans.html, scan_detail.html - tests/test_authentication.py (30+ tests) Files Modified (6): - web/app.py: Added Flask-Login initialization and main routes - web/api/scans.py: Protected all endpoints with @api_auth_required - web/api/settings.py: Protected all endpoints with @api_auth_required - web/api/schedules.py: Protected all endpoints with @api_auth_required - web/api/alerts.py: Protected all endpoints with @api_auth_required - tests/conftest.py: Added authentication test fixtures Security: - Session-based authentication for both web UI and API - Secure password storage with bcrypt - Protected routes redirect to login page - Protected API endpoints return 401 Unauthorized - Health check endpoints remain accessible for monitoring Testing: - User model authentication and properties - Login success/failure flows - Logout and session management - Password setup workflow - API endpoint authentication requirements - Session persistence and remember me functionality - Next parameter redirect behavior Total: ~1,200 lines of code added 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
159 lines
3.6 KiB
Python
159 lines
3.6 KiB
Python
"""
|
|
Schedules API blueprint.
|
|
|
|
Handles endpoints for managing scheduled scans including CRUD operations
|
|
and manual triggering.
|
|
"""
|
|
|
|
from flask import Blueprint, jsonify, request
|
|
|
|
from web.auth.decorators import api_auth_required
|
|
|
|
bp = Blueprint('schedules', __name__)
|
|
|
|
|
|
@bp.route('', methods=['GET'])
|
|
@api_auth_required
|
|
def list_schedules():
|
|
"""
|
|
List all schedules.
|
|
|
|
Returns:
|
|
JSON response with schedules list
|
|
"""
|
|
# TODO: Implement in Phase 3
|
|
return jsonify({
|
|
'schedules': [],
|
|
'message': 'Schedules list endpoint - to be implemented in Phase 3'
|
|
})
|
|
|
|
|
|
@bp.route('/<int:schedule_id>', methods=['GET'])
|
|
@api_auth_required
|
|
def get_schedule(schedule_id):
|
|
"""
|
|
Get details for a specific schedule.
|
|
|
|
Args:
|
|
schedule_id: Schedule ID
|
|
|
|
Returns:
|
|
JSON response with schedule details
|
|
"""
|
|
# TODO: Implement in Phase 3
|
|
return jsonify({
|
|
'schedule_id': schedule_id,
|
|
'message': 'Schedule detail endpoint - to be implemented in Phase 3'
|
|
})
|
|
|
|
|
|
@bp.route('', methods=['POST'])
|
|
@api_auth_required
|
|
def create_schedule():
|
|
"""
|
|
Create a new schedule.
|
|
|
|
Request body:
|
|
name: Schedule name
|
|
config_file: Path to YAML config
|
|
cron_expression: Cron-like schedule expression
|
|
|
|
Returns:
|
|
JSON response with created schedule ID
|
|
"""
|
|
# TODO: Implement in Phase 3
|
|
data = request.get_json() or {}
|
|
|
|
return jsonify({
|
|
'schedule_id': None,
|
|
'status': 'not_implemented',
|
|
'message': 'Schedule creation endpoint - to be implemented in Phase 3',
|
|
'data': data
|
|
}), 501
|
|
|
|
|
|
@bp.route('/<int:schedule_id>', methods=['PUT'])
|
|
@api_auth_required
|
|
def update_schedule(schedule_id):
|
|
"""
|
|
Update an existing schedule.
|
|
|
|
Args:
|
|
schedule_id: Schedule ID to update
|
|
|
|
Request body:
|
|
name: Schedule name (optional)
|
|
config_file: Path to YAML config (optional)
|
|
cron_expression: Cron-like schedule expression (optional)
|
|
enabled: Whether schedule is active (optional)
|
|
|
|
Returns:
|
|
JSON response with update status
|
|
"""
|
|
# TODO: Implement in Phase 3
|
|
data = request.get_json() or {}
|
|
|
|
return jsonify({
|
|
'schedule_id': schedule_id,
|
|
'status': 'not_implemented',
|
|
'message': 'Schedule update endpoint - to be implemented in Phase 3',
|
|
'data': data
|
|
}), 501
|
|
|
|
|
|
@bp.route('/<int:schedule_id>', methods=['DELETE'])
|
|
@api_auth_required
|
|
def delete_schedule(schedule_id):
|
|
"""
|
|
Delete a schedule.
|
|
|
|
Args:
|
|
schedule_id: Schedule ID to delete
|
|
|
|
Returns:
|
|
JSON response with deletion status
|
|
"""
|
|
# TODO: Implement in Phase 3
|
|
return jsonify({
|
|
'schedule_id': schedule_id,
|
|
'status': 'not_implemented',
|
|
'message': 'Schedule deletion endpoint - to be implemented in Phase 3'
|
|
}), 501
|
|
|
|
|
|
@bp.route('/<int:schedule_id>/trigger', methods=['POST'])
|
|
@api_auth_required
|
|
def trigger_schedule(schedule_id):
|
|
"""
|
|
Manually trigger a scheduled scan.
|
|
|
|
Args:
|
|
schedule_id: Schedule ID to trigger
|
|
|
|
Returns:
|
|
JSON response with triggered scan ID
|
|
"""
|
|
# TODO: Implement in Phase 3
|
|
return jsonify({
|
|
'schedule_id': schedule_id,
|
|
'scan_id': None,
|
|
'status': 'not_implemented',
|
|
'message': 'Manual schedule trigger endpoint - to be implemented in Phase 3'
|
|
}), 501
|
|
|
|
|
|
# Health check endpoint
|
|
@bp.route('/health', methods=['GET'])
|
|
def health_check():
|
|
"""
|
|
Health check endpoint for monitoring.
|
|
|
|
Returns:
|
|
JSON response with API health status
|
|
"""
|
|
return jsonify({
|
|
'status': 'healthy',
|
|
'api': 'schedules',
|
|
'version': '1.0.0-phase1'
|
|
})
|