search

A-c0rN / ASMARA

Automated System for Monitoring And Relaying Alerts
https://eas.missingtextures.net
Open Data Commons Open Database License v1.0
9 stars 8 forks source link

Web Services #4

Open A-c0rN opened 5 months ago

reggietorres commented 5 months ago

im gonna test some things here and there, maybe get a prototype going

reggietorres commented 5 months ago

mc-sneakpeak Here's a sneak peak! It all runs off of python, and a bit of mysql which is easy as shit to setup

reggietorres commented 5 months ago

Ive added 2FA, via discord webhook

reggietorres commented 4 months ago

Is there any system in place currently in ASMARA for handling localserver (eg socket) alert sending, and if so, are we able to implement a way to upload custom audio or have a custom description of the alert, and allow something like flite to read it?

A-c0rN commented 4 months ago

Is there any system in place currently in ASMARA for handling localserver (eg socket) alert sending

Not yet, however an older version had a console system that is for the most part still available in the backend, just the console was removed due to unneeded complexity. I would like a REST API to be hooked into this system for management, as I would like the API to allow users to make their own web interfaces if wanted, or modules to interface with other things, such as Character Generators and such.

are we able to implement a way to upload custom audio or have a custom description of the alert, and allow something like flite to read it?

This would be easier to implement via CAP, so that's probably going to go with that. One should be able to use the Override feature for audio embedding if they need to though.

reggietorres commented 4 months ago

BREAKING NEWS new webserver update soon! (not major) some changes to the readme, using logos, all of that..

reggietorres commented 4 months ago

Flask has a good way of setting up REST API's, so I'm thinking we can do it like this for best productivity, where you could work on setting up a good way of sending alerts, and il setup a secure(ish) way of doing api's for sending.. What do you think about that?

A-c0rN commented 4 months ago

where you could work on setting up a good way of sending alerts, and il setup a secure(ish) way of doing api's for sending.

The only thing this needs is a handler to import a Flask backend that communicates with ASMARA's interface directly. I can write something like that when I have time.

The API should be a standardized, easy to understand and well documented script that should expose both ingest and output information from the ENDEC.

Also, when it comes to security, this may sound like a bit of a pain, but we may want to focus on this after we have a working API. Make it work, then make it pretty.

Thanks!

reggietorres commented 4 months ago

The API should be a standardized, easy to understand and well documented script that should expose both ingest and output information from the ENDEC.

That seems easy enough to work on once we get there..

Also, when it comes to security, this may sound like a bit of a pain, but we may want to focus on this after we have a working API. Make it work, then make it pretty.

Completely agree, wouldn't want to push a flawed and hackable system to prod and have someone hack into an exposed system and release an EAN right?

reggietorres commented 4 months ago

Ana,

What do you think about this, we could implement email based 2FA, but the user would have to setup an email account specifically for it, OR, we could push a prototype 2FA system back about a week or two, and have an authenticator app system..

Until you get back to me on this, i will be exploring both ideas,

reggietorres commented 4 months ago

Ana,

Ive made a working prototype authenticator app system, it works for authy and google authenticator.. will send a pull once its fully fleshed out

reggietorres commented 4 months ago

Look at this beauty!

image

reggietorres commented 4 months ago

working on SSL/HTTPS, kinda stupid that we didn't think to do this sooner..

reggietorres commented 4 months ago

SSL/HTTPS is done, its optional but it slightly berates you for running without it cause of 1. how insecure the webserver becomes, 2. because of how easy it is to setup

atm all you have to do is run userdb with the argument mkSSL

it selfsigns a cert, and if you look at the cert it has asmara info, it expires after a year it was created, i haven't set a warn for that yet, il probably put it on the web interface though

A-c0rN commented 4 months ago

it selfsigns a cert, and if you look at the cert it has asmara info, it expires after a year it was created, i haven't set a warn for that yet, il probably put it on the web interface though

I'll look into also the ability submit an external cert for use, as some of us (Physprop) has their own SSL signing server for a domain. If we can get that working, we can avoid self-signed warnings.

reggietorres commented 4 months ago

it selfsigns a cert, and if you look at the cert it has asmara info, it expires after a year it was created, i haven't set a warn for that yet, il probably put it on the web interface though

I'll look into also the ability submit an external cert for use, as some of us (Physprop) has their own SSL signing server for a domain. If we can get that working, we can avoid self-signed warnings.

Sounds good..