from django.http import JsonResponse from django.shortcuts import render from django.views.decorators.csrf import csrf_exempt from .models import PasswordEntry, MasterHash from .utils import authenticate, derive_key, encrypt_password, decrypt_password from dotenv import dotenv_values import json import threading import paho.mqtt.client as mqtt import paho.mqtt.publish as publish config = dotenv_values(".env") @csrf_exempt def publish_message(request): request_data = json.loads(request.body) publish.single(topic=request_data['topic'], payload=json.dumps(request_data['msg']), hostname=config['MQTT_HOST'], port=int(config['MQTT_PORT']), keepalive=int(config['MQTT_KEEPALIVE']), auth={'username': config['MQTT_USER'], 'password': config['MQTT_PASSWORD']}, protocol=mqtt.MQTTv5) return JsonResponse({'request_data': request_data}) def list_users(request): users = PasswordEntry.objects.all() lock_users = threading.Lock() return render(request, 'wallet_api/list_users.html', {'users': users}) def edit_user(request, user_id): user = PasswordEntry.objects.filter(id=user_id).first() return render(request, 'wallet_api/edit_user.html', {'user': user}) def add_user(request): return render(request, 'wallet_api/add_user.html') def view_role(request, role): return render(request, 'wallet_api/role_info.html', {'role': role }) @csrf_exempt def disable_password_api(request): if request.method == 'POST': data = json.loads(request.body) master_password = data.get('master_password') site = data.get('site') username = data.get('username') password = data.get('password') client_id = data.get('client_id') topic = data.get('topic') if not authenticate(master_password): return JsonResponse({"error": "Master password errata"}, status=403) key = derive_key(master_password) encrypted_password = encrypt_password(password, key) PasswordEntry.objects.create( site=site, username=username, password=encrypted_password, client_id=client_id, topic=topic ) return JsonResponse({"message": "Password aggiunta con successo"}) @csrf_exempt def get_password_api(request): if request.method == 'POST': data = json.loads(request.body) master_password = data.get('master_password') site = data.get('site') if not authenticate(master_password): return JsonResponse({"error": "Master password errata"}, status=403) key = derive_key(master_password) try: entry = PasswordEntry.objects.get(site=site) decrypted_password = decrypt_password(entry.password, key) return JsonResponse({ "site": entry.site, "username": entry.username, "password": decrypted_password, "client_id": entry.client_id, "topic": entry.topic }) except PasswordEntry.DoesNotExist: return JsonResponse({"error": "Sito non trovato"}, status=404) @csrf_exempt def list_sites_api(request): if request.method == 'POST': data = json.loads(request.body) master_password = data.get('master_password') if not authenticate(master_password): return JsonResponse({"error": "Master password errata"}, status=403) sites = PasswordEntry.objects.values_list('site', flat=True) return JsonResponse({"sites": list(sites)}) @csrf_exempt def add_password_api(request): if request.method == 'POST': data = json.loads(request.body) master_password = data.get('master_password') site = data.get('site') username = data.get('username') password = data.get('password') client_id = data.get('client_id') topic = data.get('topic') if not authenticate(master_password): return JsonResponse({"error": "Master password errata"}, status=403) key = derive_key(master_password) encrypted_password = encrypt_password(password, key) PasswordEntry.objects.create( site=site, username=username, password=encrypted_password, client_id=client_id, topic=topic, role='', acls='{}' ) return JsonResponse({"message": "Password aggiunta con successo"})