jegomez/attendance-flask-mini-app
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Sample attendance checking via a unique QR code
8 Commits 1 Branch 0 Tags 431 KiB
HTML 51.6%
Python 48.4%
6e88c25339
Go to file
Jorge Enrique Gómez Gómez 6e88c25339 Adds hash to URL and effects to new content. Avoids page refresh
2022-08-02 07:29:12 +00:00
static Adds hash to URL and effects to new content. Avoids page refresh 2022-08-02 07:29:12 +00:00
templates Adds hash to URL and effects to new content. Avoids page refresh 2022-08-02 07:29:12 +00:00
.gitignore Changes for use in a proper domain 2022-07-28 19:38:44 +00:00
init_db.py Initial version 2022-07-28 01:42:30 -05:00
main.py Adds hash to URL and effects to new content. Avoids page refresh 2022-08-02 07:29:12 +00:00
README.md Minor adjustments for prototype 2022-07-28 22:49:18 +00:00
requirements.txt Minor adjustments for prototype 2022-07-28 22:49:18 +00:00
schema.sql Initial version 2022-07-28 01:42:30 -05:00

README.md

Sample application for verifying attendance through a unique QR code

To run in a Python virtual environment, using Flask:

mkvenv flask
venv flask
pip install Flask Flask-QRcode Flask-UUID

To create an empty database.db sqlite file with the table described in schema.sql:

./init_db.py

Nginx reverse proxy configuration

Add this code to the nginx configuration file for the virtual host:

    location /socket.io {
        set $webapp http://attendance.lxd:5000;
        include proxy_params;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass $webapp;
    }

Decided, pending to be done

  • Create a separate group in LDAP for non-Workspace users
  • Change Google Cloud Directory Sync configuration to skip users in this group
  • List all non-Workspace users with access to Odoo and create them in LDAP

To be decided

  • The Flask app will be installed in a central container? or a separate instance on every Raspberry Pi display?
  • If every display has an instance, how to prevent direct connections to it, that bypass Authelia?
  • Different QR codes pointing to different URLs (perhaps with the same UUID?) for entrance/exit, very clearly labeled.
  • How to allow the display to show the main screen without having to login to Authelia? (remember that the Authelia registration cookie expires every month), and still requiring login for everyone else?
  • How to prevent users from accessing the main page and displaying the QR code? Perhaps using a separate attendance-checking domain?

Odoo login: OIDC or LDAP?

  • Install OIDC module in Odoo to allow access and login via Authelia

  • Configure Authelia to require password from users in this LDAP group when accessing Odoo.

  • Change nginx configuration in Odoo server to force users to go through Authelia (internal connections will be allowed using the bypass option in Authelia; non-Workspace users who have logged into Authelia will be able to login to Odoo using one click).

  • Another option is to install the LDAP authentication module in Odoo, and allow users to enter their username and password, instead of their personal Google account (not sure if it's possible), or a manually assigned password. The user would login twice in this scenario: once to Authelia for their attendance registration, and again in Odoo (using the same user and password).