OpenSMN/berretin.py

import os
import json
import hashlib
import requests
from datetime import datetime, timedelta
from flask import Flask, jsonify, Response, request
from urllib.parse import urljoin
import tokenext
from healthcheck import ensure_config_exists

config = ensure_config_exists()
server_cfg = config["server"]

PORT = int(server_cfg.get("port", 6942))
PASSWORD = server_cfg.get("password", "").strip()
CACHE_DIR = server_cfg.get("cache_dir", "cache")
BASE_API = server_cfg.get("base_api", "https://ws1.smn.gob.ar")
LOG_FILE = server_cfg.get("log_file", "").strip()
SMN_TOKEN_FILE = "token"
CACHE_TTL = timedelta(minutes=60)
AUTH_ENABLED = PASSWORD != ""

app = Flask(__name__)

def log(msg: str):
    if LOG_FILE:
        with open(LOG_FILE, "a") as f:
            f.write(f"[{datetime.now().isoformat()}] {msg}\n")
    print(msg)

def get_cache_filename(url: str) -> str:
    h = hashlib.sha256(url.encode()).hexdigest()
    return os.path.join(CACHE_DIR, f"{h}.json")

def load_cache(url: str):
    path = get_cache_filename(url)
    if not os.path.exists(path):
        return None
    mtime = datetime.fromtimestamp(os.path.getmtime(path))
    if datetime.now() - mtime > CACHE_TTL:
        return None
    try:
        with open(path, "r", encoding="utf-8") as f:
            return json.load(f)
    except Exception:
        return None

def save_cache(url: str, data: dict):
    os.makedirs(CACHE_DIR, exist_ok=True)
    path = get_cache_filename(url)
    with open(path, "w", encoding="utf-8") as f:
        json.dump(data, f, indent=2, ensure_ascii=False)

def load_smn_token():
    with open(SMN_TOKEN_FILE, "r") as f:
        return f.read().strip()

def refresh_smn_token():
    log("[TOKEN] Refreshing SMN token...")
    ok = tokenext.refresh_token(output_file=SMN_TOKEN_FILE, headless=True, wait_seconds=8)
    if ok:
        log("[TOKEN] Token refreshed successfully.")
    else:
        log("[TOKEN] Failed to refresh token.")

def check_access_token():
    if not AUTH_ENABLED:
        return True
    header_token = request.headers.get("Authorization", "").strip()
    return header_token == PASSWORD

def fetch_from_smn(url: str, retry: bool = True):
    token = load_smn_token()
    headers = {
        "Authorization": f"JWT {token}",
        "Accept": "application/json",
        "User-Agent": "Mozilla/5.0"
    }

    try:
        resp = requests.get(url, headers=headers, timeout=10)
    except requests.RequestException as e:
        return Response(str(e), status=502)

    if resp.status_code == 401 and retry:
        log("[AUTH] SMN token expired, trying to refresh...")
        refresh_smn_token()
        return fetch_from_smn(url, retry=False)

    return resp

@app.route("/smn/<path:subpath>")
def smn_proxy(subpath):
    if not check_access_token():
        return jsonify({"error": "Unauthorized"}), 401

    if ".." in subpath or subpath.startswith("/"):
        return jsonify({"error": "Invalid path"}), 400

    url = urljoin(BASE_API + "/", subpath)

    cached = load_cache(url)
    if cached:
        log(f"[CACHE] Loaded {subpath}")
        return jsonify(cached)

    log(f"[FETCH] {url}")
    resp = fetch_from_smn(url)

    if not hasattr(resp, "status_code"):
        return Response("Upstream error", status=502)

    if resp.status_code != 200:
        return Response(resp.text, status=resp.status_code,
                        content_type=resp.headers.get("Content-Type", "text/plain"))

    try:
        data = resp.json()
        save_cache(url, data)
        return jsonify(data)
    except Exception:
        return Response("Invalid JSON from SMN", status=502)

if __name__ == "__main__":
    os.makedirs(CACHE_DIR, exist_ok=True)
    log(f"[STARTUP] Server starting on port {PORT}")
    app.run(host="0.0.0.0", port=PORT)