custom_components/bahmcloud_store/views.py aktualisiert
This commit is contained in:
@@ -1,128 +1,144 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import logging
|
||||
from dataclasses import asdict
|
||||
from pathlib import Path
|
||||
from typing import TYPE_CHECKING
|
||||
from typing import Any
|
||||
|
||||
from aiohttp import web
|
||||
from homeassistant.components.http import HomeAssistantView
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from .core import BCSCore
|
||||
from homeassistant.components.http import HomeAssistantView
|
||||
from homeassistant.core import HomeAssistant
|
||||
|
||||
from .core import BCSCore
|
||||
|
||||
_LOGGER = logging.getLogger(__name__)
|
||||
|
||||
DOMAIN = "bahmcloud_store"
|
||||
|
||||
|
||||
class StaticAssetsView(HomeAssistantView):
|
||||
"""
|
||||
Static panel assets MUST be public (no auth), because Home Assistant loads
|
||||
custom panel JS modules without auth headers.
|
||||
"""
|
||||
requires_auth = False
|
||||
name = "bahmcloud_store_static"
|
||||
url = "/api/bahmcloud_store_static/{path:.*}"
|
||||
name = "api:bahmcloud_store_static"
|
||||
requires_auth = True
|
||||
|
||||
async def get(self, request, path):
|
||||
async def get(self, request: web.Request, path: str) -> web.Response:
|
||||
base = Path(__file__).resolve().parent / "panel"
|
||||
if not path:
|
||||
path = "panel.js"
|
||||
target = (base / path).resolve()
|
||||
|
||||
f = (base / path).resolve()
|
||||
if not str(target).startswith(str(base.resolve())):
|
||||
return web.Response(status=404)
|
||||
|
||||
# Prevent path traversal
|
||||
if not str(f).startswith(str(base)) or not f.exists() or not f.is_file():
|
||||
return web.Response(status=404, text="Not found")
|
||||
if target.is_dir():
|
||||
target = target / "index.html"
|
||||
|
||||
suffix = f.suffix.lower()
|
||||
if suffix == ".js":
|
||||
return web.Response(body=f.read_bytes(), content_type="application/javascript")
|
||||
if suffix == ".css":
|
||||
return web.Response(body=f.read_bytes(), content_type="text/css")
|
||||
if suffix in (".html", ".htm"):
|
||||
return web.Response(body=f.read_bytes(), content_type="text/html")
|
||||
if not target.exists():
|
||||
return web.Response(status=404)
|
||||
|
||||
return web.Response(body=f.read_bytes(), content_type="application/octet-stream")
|
||||
# Basic content types
|
||||
ct = "text/plain"
|
||||
if target.suffix == ".js":
|
||||
ct = "application/javascript"
|
||||
elif target.suffix == ".html":
|
||||
ct = "text/html"
|
||||
elif target.suffix == ".css":
|
||||
ct = "text/css"
|
||||
elif target.suffix == ".svg":
|
||||
ct = "image/svg+xml"
|
||||
elif target.suffix == ".png":
|
||||
ct = "image/png"
|
||||
|
||||
return web.Response(body=target.read_bytes(), content_type=ct)
|
||||
|
||||
|
||||
class BCSApiView(HomeAssistantView):
|
||||
"""
|
||||
BCS API (auth required)
|
||||
- GET /api/bcs
|
||||
- POST /api/bcs (op=add_custom_repo)
|
||||
"""
|
||||
requires_auth = True
|
||||
name = "bcs_api"
|
||||
url = "/api/bcs"
|
||||
name = "api:bcs"
|
||||
requires_auth = True
|
||||
|
||||
def __init__(self, core: "BCSCore") -> None:
|
||||
def __init__(self, core: BCSCore) -> None:
|
||||
self.core = core
|
||||
|
||||
async def get(self, request):
|
||||
# Refresh on-demand so the UI "Refresh" button updates immediately.
|
||||
await self.core.refresh()
|
||||
|
||||
return self.json(
|
||||
{
|
||||
"repos": self.core.list_repos_public(),
|
||||
"store_url": self.core.config.store_url,
|
||||
"refresh_seconds": self.core.refresh_seconds,
|
||||
async def get(self, request: web.Request) -> web.Response:
|
||||
payload: dict[str, Any] = {
|
||||
"ok": True,
|
||||
"version": self.core.version,
|
||||
"repos": self.core.list_repos_public(),
|
||||
}
|
||||
)
|
||||
return web.json_response(payload)
|
||||
|
||||
async def post(self, request):
|
||||
async def post(self, request: web.Request) -> web.Response:
|
||||
data = await request.json()
|
||||
op = str(data.get("op") or "").strip()
|
||||
|
||||
if op != "add_custom_repo":
|
||||
return self.json({"error": "unknown op"}, status_code=400)
|
||||
op = data.get("op")
|
||||
|
||||
if op == "add_custom_repo":
|
||||
url = str(data.get("url") or "").strip()
|
||||
name = data.get("name")
|
||||
name = str(name).strip() if isinstance(name, str) and name.strip() else None
|
||||
|
||||
name = str(name).strip() if name else None
|
||||
if not url:
|
||||
return self.json({"error": "url missing"}, status_code=400)
|
||||
|
||||
return web.json_response({"ok": False, "message": "Missing url"}, status=400)
|
||||
repo = await self.core.add_custom_repo(url=url, name=name)
|
||||
return self.json({"ok": True, "repo": {"id": repo.id, "url": repo.url, "name": repo.name}})
|
||||
return web.json_response({"ok": True, "repo": asdict(repo)})
|
||||
|
||||
return web.json_response({"ok": False, "message": "Unknown operation"}, status=400)
|
||||
|
||||
|
||||
class BCSCustomRepoView(HomeAssistantView):
|
||||
url = "/api/bcs/custom_repo"
|
||||
name = "api:bcs_custom_repo"
|
||||
requires_auth = True
|
||||
|
||||
def __init__(self, core: BCSCore) -> None:
|
||||
self.core = core
|
||||
|
||||
async def delete(self, request: web.Request) -> web.Response:
|
||||
repo_id = request.query.get("id")
|
||||
if not repo_id:
|
||||
return web.json_response({"ok": False, "message": "Missing id"}, status=400)
|
||||
await self.core.remove_custom_repo(repo_id)
|
||||
return web.json_response({"ok": True})
|
||||
|
||||
|
||||
class BCSReadmeView(HomeAssistantView):
|
||||
"""
|
||||
- GET /api/bcs/readme?repo_id=<id>
|
||||
Returns README markdown from repository root (best-effort).
|
||||
"""
|
||||
requires_auth = True
|
||||
name = "bcs_readme"
|
||||
url = "/api/bcs/readme"
|
||||
name = "api:bcs_readme"
|
||||
requires_auth = True
|
||||
|
||||
def __init__(self, core: "BCSCore") -> None:
|
||||
def __init__(self, core: BCSCore) -> None:
|
||||
self.core = core
|
||||
|
||||
async def get(self, request):
|
||||
repo_id = str(request.query.get("repo_id") or "").strip()
|
||||
async def get(self, request: web.Request) -> web.Response:
|
||||
repo_id = request.query.get("repo_id")
|
||||
if not repo_id:
|
||||
return self.json({"error": "repo_id missing"}, status_code=400)
|
||||
|
||||
repo = self.core.get_repo(repo_id)
|
||||
if not repo:
|
||||
return self.json({"error": "repo not found"}, status_code=404)
|
||||
return web.json_response({"ok": False, "message": "Missing repo_id"}, status=400)
|
||||
|
||||
md = await self.core.fetch_readme_markdown(repo_id)
|
||||
if md is None:
|
||||
return self.json(
|
||||
{
|
||||
"ok": False,
|
||||
"repo_id": repo_id,
|
||||
"url": repo.url,
|
||||
"readme": None,
|
||||
"message": "README not found in repository root.",
|
||||
}
|
||||
)
|
||||
if not md:
|
||||
return web.json_response({"ok": False, "message": "README not found."}, status=404)
|
||||
|
||||
return self.json(
|
||||
{
|
||||
"ok": True,
|
||||
"repo_id": repo_id,
|
||||
"url": repo.url,
|
||||
"readme": md,
|
||||
}
|
||||
)
|
||||
html = None
|
||||
|
||||
# Render markdown via HA util (best effort, version-dependent)
|
||||
try:
|
||||
# Most HA versions ship a markdown renderer utility
|
||||
from homeassistant.util.markdown import async_render_markdown # type: ignore
|
||||
|
||||
rendered = await async_render_markdown(self.core.hass, md) # returns HTML string
|
||||
html = rendered
|
||||
except Exception as e:
|
||||
_LOGGER.debug("Markdown render failed (util.markdown): %s", e)
|
||||
html = None
|
||||
|
||||
# Sanitize HTML if sanitizer exists
|
||||
if html:
|
||||
try:
|
||||
from homeassistant.util.sanitize_html import async_sanitize_html # type: ignore
|
||||
|
||||
html = await async_sanitize_html(self.core.hass, html)
|
||||
except Exception as e:
|
||||
_LOGGER.debug("HTML sanitize not available/failed: %s", e)
|
||||
# If sanitizer is missing, still return rendered HTML (HA renderer is typically safe-ish),
|
||||
# but keep it best-effort.
|
||||
pass
|
||||
|
||||
return web.json_response({"ok": True, "readme": md, "html": html})
|
||||
|
||||
Reference in New Issue
Block a user