From 616b85300999570ba0e23d8f5827b665c6093874 Mon Sep 17 00:00:00 2001
From: Thomas Sileo <t@a4.io>
Date: Thu, 2 May 2019 21:53:17 +0200
Subject: [PATCH] Add IndieAuth security logs in the admin

---
 app.py                         | 23 +++++++++++++++++++++--
 templates/admin.html           |  5 +++++
 templates/admin_indieauth.html | 28 ++++++++++++++++++++++++++++
 3 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 templates/admin_indieauth.html

diff --git a/app.py b/app.py
index db04e06..1698b97 100644
--- a/app.py
+++ b/app.py
@@ -365,6 +365,16 @@ def format_time(val):
     return val
 
 
+@app.template_filter()
+def format_ts(val):
+    return datetime.fromtimestamp(val).strftime("%B %d, %Y, %H:%M %p")
+
+
+@app.template_filter()
+def gt_ts(val):
+    return datetime.now() > datetime.fromtimestamp(val)
+
+
 @app.template_filter()
 def format_timeago(val):
     if val:
@@ -1356,6 +1366,15 @@ def admin():
     )
 
 
+@app.route("/admin/indieauth", methods=["GET"])
+@login_required
+def admin_indieauth():
+    return render_template(
+        "admin_indieauth.html",
+        indieauth_actions=DB.indieauth.find().sort("ts", -1).limit(100),
+    )
+
+
 @app.route("/admin/tasks", methods=["GET"])
 @login_required
 def admin_tasks():
@@ -2205,7 +2224,7 @@ def indieauth_endpoint():
         {
             "$set": {
                 "verified": True,
-                "verified_by": "login",
+                "verified_by": "id",
                 "verified_at": datetime.now().timestamp(),
             }
         },
@@ -2252,7 +2271,7 @@ def token_endpoint():
             {
                 "$set": {
                     "verified": True,
-                    "verified_by": "token",
+                    "verified_by": "code",
                     "verified_at": now.timestamp(),
                 }
             },
diff --git a/templates/admin.html b/templates/admin.html
index d2e1e95..e2c6261 100644
--- a/templates/admin.html
+++ b/templates/admin.html
@@ -6,6 +6,11 @@
 {% include "header.html" %}
 <div id="admin">
 <h3>Admin</h3>
+<h4>Links</h4>
+<ul>
+    <li><a href="/admin/indieauth">IndieAuth logs</a></li>
+    <li><a href="/admin/tasks">Poussetaches tasks</a></li>
+</ul>
 <h4>DB</h4>
 <ul>
 	<li>Inbox size: <strong>{{ inbox_size }}</strong></li>
diff --git a/templates/admin_indieauth.html b/templates/admin_indieauth.html
new file mode 100644
index 0000000..ab62522
--- /dev/null
+++ b/templates/admin_indieauth.html
@@ -0,0 +1,28 @@
+{% extends "layout.html" %}
+{% import 'utils.html' as utils %}
+{% block title %}IndieAuth logs - {{ config.NAME }}{% endblock %}
+{% block content %}
+<div id="container">
+{% include "header.html" %}
+<div id="admin">
+<h3>IndieAuth logs</h3>
+<ul style="list-style-type:none;padding:0;">
+{% for action in indieauth_actions %}
+<li style="margin-bottom:15px;"><span class="lcolor">{{action.ts|format_ts}}</span>
+<strong>{% if action.verified_by == "login" %}Authorization{% else %}Token{% endif %}</strong>
+requested by <a style="font-weight:bold" href="{{ action.client_id }}">{{ action.client_id }}</a>
+<a style="font-weight:bold;" href="{{action.me}}">{{action.me}}</a>
+({% if action.scope %}scope=<code>{{action.scope}}</code>,{% endif %}redirect_uri={{action.redirect_uri}}).
+{% if action.token_expires %}
+<br>
+The token <code title="{{action.token}}">{{action.token[:20]}}...</code>
+{% if action.token_expires|gt_ts%}has expired on{% else %}expires{% endif %} {{ action.token_expires|format_ts }}
+{% endif %}
+
+</li>
+{% endfor %}
+</ul>
+</div>
+
+</div>
+{% endblock %}