Merge branch 'develop'

etag is added to header,
If etag is the same a not modified will be respond

.gitignore

@@ -67,7 +67,8 @@ instance/
 
 # Sphinx documentation
 docs/_build/
-docs/
+# pdoc
+docs/html
 
 # PyBuilder
 target/
@@ -121,6 +122,7 @@ dmypy.json
 *.swo
 .vscode/
 *.log
+.fleet/
 
 data/
 

.woodpecker/lint.yml

@@ -1,6 +1,6 @@
 pipeline:
   lint:
-    image: python:alpine
+    image: python:slim
     commands:
       - pip install black
-      - black --check --line-length 120 --target-version=py37 .
+      - black --check --line-length 120 --target-version=py39 .

.woodpecker/test.yml

@@ -0,0 +1,19 @@
+pipeline:
+  install:
+    image: python:${PYTHON}-slim
+    commands:
+      - python -m venv --clear venv
+      - export PATH=venv/bin:$PATH
+      - python -m pip install --upgrade pip
+      - pip install -v ".[tests]"
+  test:
+    image: python:${PYTHON}-slim
+    commands:
+      - export PATH=venv/bin:$PATH
+      - python -m pytest
+
+
+matrix:
+  PYTHON:
+    - 3.10
+    - 3.9

README.md

@@ -7,33 +7,65 @@ This is the backend of the Flaschengeist.
 ### Requirements
 - `mysql` or `mariadb`
     - maybe `libmariadb` development files[1]
-- python 3.7+
+- python 3.9+
+- pip 21.0+
 
-[1] By default Flaschengeist uses mysql as database backend, if you are on Windows Flaschengeist uses `PyMySQL`, but on
+*[1] By default Flaschengeist uses mysql as database backend, if you are on Windows Flaschengeist uses `PyMySQL`, but on
 Linux / Mac the faster `mysqlclient` is used, if it is not already installed installing from pypi requires the
-development files for `libmariadb` to be present on your system.
+development files for `libmariadb` to be present on your system.*
 
 ### Install python files
-    pip3 install --user .
+It is recommended to upgrade pip to the latest version before installing:
+
+    python -m pip install --upgrade pip
+
+Default installation with *mariadb*/*mysql* support:
+
+    pip3 install --user ".[mysql]"
+
 or with ldap support
 
     pip3 install --user ".[ldap]"
+
 or if you want to also run the tests:
 
-    pip3 install --user ".[ldap,test]"
+    pip3 install --user ".[ldap,tests]"
 
-You will also need a MySQL driver, recommended drivers are
-- `mysqlclient`
-- `PyMySQL`
+You will also need a MySQL driver, by default one of this is installed:
+- `mysqlclient` (non Windows)
+- `PyMySQL` (on Windows)
 
-`setup.py` will try to install a matching driver.
+#### Hint on MySQL driver on Windows:
+If you want to use `mysqlclient` instead of `PyMySQL` (performance?) you have to follow [this guide](https://www.radishlogic.com/coding/python-3/installing-mysqldb-for-python-3-in-windows/)
 
-#### Windows
-Same as above, but if you want to use `mysqlclient` instead of `PyMySQL` (performance?) you have to follow this guide:
+### Install database
+The user needs to have full permissions to the database.
+If not you need to create user and database manually do (or similar on Windows):
 
-https://www.radishlogic.com/coding/python-3/installing-mysqldb-for-python-3-in-windows/
+    (
+        echo "CREATE DATABASE flaschengeist;"
+        echo "CREATE USER 'flaschengeist'@'localhost' IDENTIFIED BY 'flaschengeist';"
+        echo "GRANT ALL PRIVILEGES ON flaschengeist.* TO 'flaschengeist'@'localhost';"
+        echo "FLUSH PRIVILEGES;"
+    ) | sudo mysql
 
-### Configuration
+Then you can install the database tables, this will update all tables from core + all enabled plugins.
+And also install all enabled plugins:
+
+    $ flaschengeist install
+
+*Hint:* To only install the database tables, or upgrade the database after plugins or core are updated later
+you can use this command:
+
+    $ flaschengeist db upgrade heads
+
+
+## Plugins
+To only upgrade one plugin (for example the `events` plugin):
+
+    $ flaschengeist db upgrade events@head
+
+## Configuration
 Configuration is done within the a `flaschengeist.toml`file, you can copy the one located inside the module path
 (where flaschegeist is installed) or create an empty one and place it inside either:
 1. `~/.config/`
@@ -54,23 +86,15 @@ So you have to configure one of the following options to call flaschengeists CRO
   - Pros: Guaranteed execution interval, no impact on user experience (at least if you do not limit wsgi worker threads)
   - Cons: Uses one of the webserver threads while executing
 
-### Database installation
-The user needs to have full permissions to the database.
-If not you need to create user and database manually do (or similar on Windows):
-
-    (
-        echo "CREATE DATABASE flaschengeist;"
-        echo "CREATE USER 'flaschengeist'@'localhost' IDENTIFIED BY 'flaschengeist';"
-        echo "GRANT ALL PRIVILEGES ON flaschengeist.* TO 'flaschengeist'@'localhost';"
-        echo "FLUSH PRIVILEGES;"
-    ) | sudo mysql
-
-Then you can install the database tables and initial entries:
-
-    $ flaschengeist install
-
 ### Run
+Flaschengeist provides a CLI, based on the flask CLI, respectivly called `flaschengeist`.
+
+⚠️ When using the CLI for running Flaschengeist, please note that logging will happen as configured,
+with the difference of the main logger will be forced to output to `stderr` and the logging level
+of the CLI will override the logging level you have configured for the main logger.
+
     $ flaschengeist run
+
 or with debug messages:
 
     $ flaschengeist run --debug

docs/plugin_development.md

@@ -0,0 +1,57 @@
+# Plugin Development
+
+## File Structure
+
+    - your_plugin/
+        - __init__.py
+        - ...
+        - migrations/ (optional)
+            - ...
+    - setup.cfg
+
+The basic layout of a plugin is quite simple, you will only need the `setup.cfg` or `setup.py` and
+the package containing your plugin code, at lease a `__init__.py` file with your `Plugin` class.
+
+If you use custom database tables you need to provide a `migrations` directory within your package,
+see next section.
+
+## Database Tables / Migrations
+To allow upgrades of installed plugins, the database is versioned and handled
+through [Alembic](https://alembic.sqlalchemy.org/en/latest/index.html) migrations.
+Each plugin, which uses custom database tables, is represented as an other base.
+So you could simply follow the Alembic tutorial on [how to work with multiple bases](https://alembic.sqlalchemy.org/en/latest/branches.html#creating-a-labeled-base-revision).
+
+A quick overview on how to work with migrations for your plugin:
+
+    $ flaschengeist db revision -m "Create my super plugin" \
+      --head=base --branch-label=myplugin_name --version-path=your/plugin/migrations
+
+This would add a new base named `myplugin_name`, which should be the same as the pypi name of you plugin.
+If your tables depend on an other plugin or a specific base version you could of cause add
+
+    --depends-on=VERSION
+
+or
+
+    --depends-on=other_plugin
+
+
+### Plugin Removal and Database Tables
+As generic downgrades are most often hard to write, your plugin is not required to provide such functionallity.
+For Flaschengeist only instable versions provide meaningful downgrade migrations down to the latest stable version.
+
+So this means if you do not provide downgrades you must at lease provide a series of migrations toward removal of
+the database tables in case the users wants to delete the plugin.
+
+    (base) ----> 1.0 <----> 1.1 <----> 1.2
+                  |         
+                  --> removal
+
+After the removal step the database is stamped to to "remove" your
+
+## Useful Hooks
+There are some predefined hooks, which might get handy for you.
+
+For more information, please refer to
+- `flaschengeist.utils.hook.HookBefore` and
+- `flaschengeist.utils.hook.HookAfter`

flaschengeist/__init__.py

@@ -1,12 +1,9 @@
 """Flaschengeist"""
 import logging
-import pkg_resources
-from pathlib import Path
-from werkzeug.local import LocalProxy
+from importlib.metadata import version
 
-__version__ = pkg_resources.get_distribution("flaschengeist").version
-_module_path = Path(__file__).parent
+__version__ = version("flaschengeist")
 __pdoc__ = {}
 
-logger: logging.Logger = LocalProxy(lambda: logging.getLogger(__name__))
+logger = logging.getLogger(__name__)
 __pdoc__["logger"] = "Flaschengeist's logger instance (`werkzeug.local.LocalProxy`)"

flaschengeist/alembic/__init__.py

@@ -0,0 +1,5 @@
+from pathlib import Path
+
+
+alembic_migrations_path = str(Path(__file__).resolve().parent / "migrations")
+alembic_script_path = str(Path(__file__).resolve().parent)

flaschengeist/alembic/alembic.ini

@@ -0,0 +1,53 @@
+# A generic, single database configuration.
+# No used by flaschengeist
+
+[alembic]
+# template used to generate migration files
+# file_template = %%(rev)s_%%(slug)s
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+version_path_separator = os
+version_locations = %(here)s/migrations
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic,flask_migrate
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[logger_flask_migrate]
+level = INFO
+handlers =
+qualname = flask_migrate
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S

flaschengeist/alembic/env.py

@@ -0,0 +1,74 @@
+import logging
+from logging.config import fileConfig
+from pathlib import Path
+from flask import current_app
+from alembic import context
+
+# this is the Alembic Config object, which provides
+# access to the values within the .ini file in use.
+config = context.config
+
+# Interpret the config file for Python logging.
+# This line sets up loggers basically.
+fileConfig(Path(config.get_main_option("script_location")) / config.config_file_name.split("/")[-1])
+logger = logging.getLogger("alembic.env")
+
+config.set_main_option("sqlalchemy.url", str(current_app.extensions["migrate"].db.get_engine().url).replace("%", "%%"))
+target_metadata = current_app.extensions["migrate"].db.metadata
+
+
+def run_migrations_offline():
+    """Run migrations in 'offline' mode.
+
+    This configures the context with just a URL
+    and not an Engine, though an Engine is acceptable
+    here as well.  By skipping the Engine creation
+    we don't even need a DBAPI to be available.
+
+    Calls to context.execute() here emit the given string to the
+    script output.
+
+    """
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(url=url, target_metadata=target_metadata, literal_binds=True)
+
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online():
+    """Run migrations in 'online' mode.
+
+    In this scenario we need to create an Engine
+    and associate a connection with the context.
+
+    """
+
+    # this callback is used to prevent an auto-migration from being generated
+    # when there are no changes to the schema
+    # reference: http://alembic.zzzcomputing.com/en/latest/cookbook.html
+    def process_revision_directives(context, revision, directives):
+        if getattr(config.cmd_opts, "autogenerate", False):
+            script = directives[0]
+            if script.upgrade_ops.is_empty():
+                directives[:] = []
+                logger.info("No changes in schema detected.")
+
+    connectable = current_app.extensions["migrate"].db.get_engine()
+
+    with connectable.connect() as connection:
+        context.configure(
+            connection=connection,
+            target_metadata=target_metadata,
+            process_revision_directives=process_revision_directives,
+            **current_app.extensions["migrate"].configure_args,
+        )
+
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

flaschengeist/alembic/migrations/20482a003db8_initial_core_db.py

@@ -0,0 +1,154 @@
+"""Initial core db
+
+Revision ID: 20482a003db8
+Revises: 
+Create Date: 2022-08-25 15:13:34.900996
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import flaschengeist
+
+
+# revision identifiers, used by Alembic.
+revision = "20482a003db8"
+down_revision = None
+branch_labels = ("flaschengeist",)
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "image",
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("filename", sa.String(length=255), nullable=False),
+        sa.Column("mimetype", sa.String(length=127), nullable=False),
+        sa.Column("thumbnail", sa.String(length=255), nullable=True),
+        sa.Column("path", sa.String(length=255), nullable=True),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_image")),
+    )
+    op.create_table(
+        "plugin",
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("name", sa.String(length=127), nullable=False),
+        sa.Column("version", sa.String(length=30), nullable=False),
+        sa.Column("enabled", sa.Boolean(), nullable=True),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_plugin")),
+    )
+    op.create_table(
+        "role",
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("name", sa.String(length=30), nullable=True),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_role")),
+        sa.UniqueConstraint("name", name=op.f("uq_role_name")),
+    )
+    op.create_table(
+        "permission",
+        sa.Column("name", sa.String(length=30), nullable=True),
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("plugin", flaschengeist.database.types.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["plugin"], ["plugin.id"], name=op.f("fk_permission_plugin_plugin")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_permission")),
+        sa.UniqueConstraint("name", name=op.f("uq_permission_name")),
+    )
+    op.create_table(
+        "plugin_setting",
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("plugin", flaschengeist.database.types.Serial(), nullable=True),
+        sa.Column("name", sa.String(length=127), nullable=False),
+        sa.Column("value", sa.PickleType(), nullable=True),
+        sa.ForeignKeyConstraint(["plugin"], ["plugin.id"], name=op.f("fk_plugin_setting_plugin_plugin")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_plugin_setting")),
+    )
+    op.create_table(
+        "user",
+        sa.Column("userid", sa.String(length=30), nullable=False),
+        sa.Column("display_name", sa.String(length=30), nullable=True),
+        sa.Column("firstname", sa.String(length=50), nullable=False),
+        sa.Column("lastname", sa.String(length=50), nullable=False),
+        sa.Column("deleted", sa.Boolean(), nullable=True),
+        sa.Column("birthday", sa.Date(), nullable=True),
+        sa.Column("mail", sa.String(length=60), nullable=True),
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("avatar", flaschengeist.database.types.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["avatar"], ["image.id"], name=op.f("fk_user_avatar_image")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_user")),
+        sa.UniqueConstraint("userid", name=op.f("uq_user_userid")),
+    )
+    op.create_table(
+        "notification",
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("text", sa.Text(), nullable=True),
+        sa.Column("data", sa.PickleType(), nullable=True),
+        sa.Column("time", flaschengeist.database.types.UtcDateTime(), nullable=False),
+        sa.Column("user", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("plugin", flaschengeist.database.types.Serial(), nullable=False),
+        sa.ForeignKeyConstraint(["plugin"], ["plugin.id"], name=op.f("fk_notification_plugin_plugin")),
+        sa.ForeignKeyConstraint(["user"], ["user.id"], name=op.f("fk_notification_user_user")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_notification")),
+    )
+    op.create_table(
+        "password_reset",
+        sa.Column("user", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("token", sa.String(length=32), nullable=True),
+        sa.Column("expires", flaschengeist.database.types.UtcDateTime(), nullable=True),
+        sa.ForeignKeyConstraint(["user"], ["user.id"], name=op.f("fk_password_reset_user_user")),
+        sa.PrimaryKeyConstraint("user", name=op.f("pk_password_reset")),
+    )
+    op.create_table(
+        "role_x_permission",
+        sa.Column("role_id", flaschengeist.database.types.Serial(), nullable=True),
+        sa.Column("permission_id", flaschengeist.database.types.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["permission_id"], ["permission.id"], name=op.f("fk_role_x_permission_permission_id_permission")
+        ),
+        sa.ForeignKeyConstraint(["role_id"], ["role.id"], name=op.f("fk_role_x_permission_role_id_role")),
+    )
+    op.create_table(
+        "session",
+        sa.Column("expires", flaschengeist.database.types.UtcDateTime(), nullable=True),
+        sa.Column("token", sa.String(length=32), nullable=True),
+        sa.Column("lifetime", sa.Integer(), nullable=True),
+        sa.Column("browser", sa.String(length=127), nullable=True),
+        sa.Column("platform", sa.String(length=64), nullable=True),
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("user_id", flaschengeist.database.types.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["user_id"], ["user.id"], name=op.f("fk_session_user_id_user")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_session")),
+        sa.UniqueConstraint("token", name=op.f("uq_session_token")),
+    )
+    op.create_table(
+        "user_attribute",
+        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("user", flaschengeist.database.types.Serial(), nullable=False),
+        sa.Column("name", sa.String(length=30), nullable=True),
+        sa.Column("value", sa.PickleType(), nullable=True),
+        sa.ForeignKeyConstraint(["user"], ["user.id"], name=op.f("fk_user_attribute_user_user")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_user_attribute")),
+    )
+    op.create_table(
+        "user_x_role",
+        sa.Column("user_id", flaschengeist.database.types.Serial(), nullable=True),
+        sa.Column("role_id", flaschengeist.database.types.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["role_id"], ["role.id"], name=op.f("fk_user_x_role_role_id_role")),
+        sa.ForeignKeyConstraint(["user_id"], ["user.id"], name=op.f("fk_user_x_role_user_id_user")),
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table("user_x_role")
+    op.drop_table("user_attribute")
+    op.drop_table("session")
+    op.drop_table("role_x_permission")
+    op.drop_table("password_reset")
+    op.drop_table("notification")
+    op.drop_table("user")
+    op.drop_table("plugin_setting")
+    op.drop_table("permission")
+    op.drop_table("role")
+    op.drop_table("plugin")
+    op.drop_table("image")
+    # ### end Alembic commands ###

flaschengeist/alembic/script.py.mako

@@ -0,0 +1,25 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import flaschengeist
+${imports if imports else ""}
+
+# revision identifiers, used by Alembic.
+revision = ${repr(up_revision)}
+down_revision = ${repr(down_revision)}
+branch_labels = ${repr(branch_labels)}
+depends_on = ${repr(depends_on)}
+
+
+def upgrade():
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade():
+    ${downgrades if downgrades else "pass"}

flaschengeist/app.py

@@ -1,18 +1,21 @@
 import enum
+import json
 
-import pkg_resources
-from flask import Flask, current_app
+from flask import Flask
 from flask_cors import CORS
 from datetime import datetime, date
-from flask.json import JSONEncoder, jsonify
+from flask.json import jsonify
+from json import JSONEncoder
+from flask.json.provider import JSONProvider
 from sqlalchemy.exc import OperationalError
 from werkzeug.exceptions import HTTPException
 
-from . import logger
-from .plugins import AuthPlugin
-from flaschengeist.config import config, configure_app
-from flaschengeist.controller import roleController
+from flaschengeist import logger
+from flaschengeist.controller import pluginController
 from flaschengeist.utils.hook import Hook
+from flaschengeist.config import configure_app
+
+from flaschengeist.database import db
 
 
 class CustomJSONEncoder(JSONEncoder):
@@ -36,82 +39,65 @@ class CustomJSONEncoder(JSONEncoder):
         return JSONEncoder.default(self, o)
 
 
+class CustomJSONProvider(JSONProvider):
+    ensure_ascii: bool = True
+    sort_keys: bool = True
+
+    def dumps(self, obj, **kwargs):
+        kwargs.setdefault("ensure_ascii", self.ensure_ascii)
+        kwargs.setdefault("sort_keys", self.sort_keys)
+        return json.dumps(obj, **kwargs, cls=CustomJSONEncoder)
+
+    def loads(self, s: str | bytes, **kwargs):
+        return json.loads(s, **kwargs)
+
+
 @Hook("plugins.loaded")
-def __load_plugins(app):
-    logger.debug("Search for plugins")
-
+def load_plugins(app: Flask):
     app.config["FG_PLUGINS"] = {}
-    for entry_point in pkg_resources.iter_entry_points("flaschengeist.plugins"):
-        logger.debug(f"Found plugin: >{entry_point.name}<")
 
-        if entry_point.name == config["FLASCHENGEIST"]["auth"] or (
-            entry_point.name in config and config[entry_point.name].get("enabled", False)
-        ):
-            logger.debug(f"Load plugin {entry_point.name}")
+    for plugin in pluginController.get_enabled_plugins():
+        logger.debug(f"Searching for enabled plugin {plugin.name}")
         try:
-                plugin = entry_point.load()
-                if not hasattr(plugin, "name"):
-                    setattr(plugin, "name", entry_point.name)
-                plugin = plugin(config.get(entry_point.name, {}))
+            # Load class
+            cls = plugin.entry_point.load()
+            # plugin = cls.query.get(plugin.id) if plugin.id is not None else plugin
+            # plugin = db.session.query(cls).get(plugin.id) if plugin.id is not None else plugin
+            plugin = db.session.get(cls, plugin.id) if plugin.id is not None else plugin
+            # Custom loading tasks
+            plugin.load()
+            # Register blueprint
             if hasattr(plugin, "blueprint") and plugin.blueprint is not None:
                 app.register_blueprint(plugin.blueprint)
         except:
             logger.error(
-                    f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.",
+                f"Plugin {plugin.name} was enabled, but could not be loaded due to an error.",
                 exc_info=True,
             )
             continue
-            if isinstance(plugin, AuthPlugin):
-                if entry_point.name != config["FLASCHENGEIST"]["auth"]:
-                    logger.debug(f"Unload not configured AuthPlugin {entry_point.name}")
-                    del plugin
-                    continue
-                else:
-                    logger.info(f"Using authentication plugin: {entry_point.name}")
-                    app.config["FG_AUTH_BACKEND"] = plugin
-            else:
-                logger.info(f"Using plugin: {entry_point.name}")
-            app.config["FG_PLUGINS"][entry_point.name] = plugin
-        else:
-            logger.debug(f"Skip disabled plugin {entry_point.name}")
-    if "FG_AUTH_BACKEND" not in app.config:
-        logger.error("No authentication plugin configured or authentication plugin not found")
-        raise RuntimeError("No authentication plugin configured or authentication plugin not found")
-
-
-@Hook("plugins.installed")
-def install_all():
-    from flaschengeist.database import db
-
-    db.create_all()
-    db.session.commit()
-    for name, plugin in current_app.config["FG_PLUGINS"].items():
-        if not plugin:
-            logger.debug(f"Skip disabled plugin: {name}")
-            continue
-        logger.info(f"Install plugin {name}")
-        plugin.install()
-        if plugin.permissions:
-            roleController.create_permissions(plugin.permissions)
+        logger.info(f"Loaded plugin: {plugin.name}")
+        app.config["FG_PLUGINS"][plugin.name] = plugin
 
 
 def create_app(test_config=None, cli=False):
-    app = Flask(__name__)
-    app.json_encoder = CustomJSONEncoder
+    app = Flask("flaschengeist")
+    app.json_provider_class = CustomJSONProvider
+    app.json = CustomJSONProvider(app)
     CORS(app)
 
     with app.app_context():
-        from flaschengeist.database import db
+        from flaschengeist.database import db, migrate
 
-        configure_app(app, test_config, cli)
+        configure_app(app, test_config)
         db.init_app(app)
-        __load_plugins(app)
+        migrate.init_app(app, db, compare_type=True)
+        load_plugins(app)
 
     @app.route("/", methods=["GET"])
     def __get_state():
         from . import __version__ as version
 
-        return jsonify({"plugins": app.config["FG_PLUGINS"], "version": version})
+        return jsonify({"plugins": pluginController.get_loaded_plugins(), "version": version})
 
     @app.errorhandler(Exception)
     def handle_exception(e):

flaschengeist/cli/InterfaceGenerator.py

@@ -1,3 +1,4 @@
+import io
 import sys
 import inspect
 import logging
@@ -36,7 +37,6 @@ class InterfaceGenerator:
         if origin is typing.ForwardRef:  # isinstance(cls, typing.ForwardRef):
             return "", "this" if cls.__forward_arg__ == self.this_type else cls.__forward_arg__
         if origin is typing.Union:
-
             if len(arguments) == 2 and arguments[1] is type(None):
                 return "?", self.pytype(arguments[0])[1]
             else:
@@ -80,7 +80,6 @@ class InterfaceGenerator:
             d = {}
             for param, ptype in typing.get_type_hints(module[1], globalns=None, localns=None).items():
                 if not param.startswith("_") and not param.endswith("_"):
-
                     d[param] = self.pytype(ptype)
 
             if len(d) == 1:
@@ -93,15 +92,32 @@ class InterfaceGenerator:
         self.basename = models.__name__
         self.walker(("models", models))
 
-    def write(self):
-        with (open(self.filename, "w") if self.filename else sys.stdout) as file:
-            file.write("declare namespace {} {{\n".format(self.namespace))
-            for cls, params in self.classes.items():
-                if isinstance(params, str):
-                    file.write("\ttype {} = {};\n".format(cls, params))
+    def _write_types(self):
+        TYPE = "type {name} = {alias};\n"
+        INTERFACE = "interface {name} {{\n{properties}}}\n"
+        PROPERTY = "\t{name}{modifier}: {type};\n"
+
+        buffer = io.StringIO()
+        for cls, props in self.classes.items():
+            if isinstance(props, str):
+                buffer.write(TYPE.format(name=cls, alias=props))
             else:
-                    file.write("\tinterface {} {{\n".format(cls))
-                    for name in params:
-                        file.write("\t\t{}{}: {};\n".format(name, *params[name]))
-                    file.write("\t}\n")
+                buffer.write(
+                    INTERFACE.format(
+                        name=cls,
+                        properties="".join(
+                            [PROPERTY.format(name=name, modifier=props[name][0], type=props[name][1]) for name in props]
+                        ),
+                    )
+                )
+        return buffer
+
+    def write(self):
+        with open(self.filename, "w") if self.filename else sys.stdout as file:
+            if self.namespace:
+                file.write(f"declare namespace {self.namespace} {{\n")
+                for line in self._write_types().getvalue().split("\n"):
+                    file.write(f"\t{line}\n")
                 file.write("}\n")
+            else:
+                file.write(self._write_types().getvalue())

flaschengeist/cli/__init__.py

@@ -1,12 +1,14 @@
-import pathlib
-import subprocess
-import click
 from os import environ
-from flask import current_app
-from flask.cli import FlaskGroup, run_command, with_appcontext
-import pkg_resources
+import sys
+import click
+import logging
+
+from flask.cli import FlaskGroup, with_appcontext
+from flaschengeist import logger
 from flaschengeist.app import create_app
-from flaschengeist.config import configure_logger
+
+LOGGING_MIN = 5  # TRACE (custom)
+LOGGING_MAX = logging.ERROR
 
 
 def get_version(ctx, param, value):
@@ -28,19 +30,37 @@ def get_version(ctx, param, value):
     ctx.exit()
 
 
+def configure_logger(level):
+    """Reconfigure main logger"""
+    global logger
+
+    # Handle TRACE -> meaning enable debug even for werkzeug
+    if level == 5:
+        level = 10
+        logging.getLogger("werkzeug").setLevel(level)
+
+    logger.setLevel(level)
+    environ["FG_LOGGING"] = logging.getLevelName(level)
+    for h in logger.handlers:
+        if isinstance(h, logging.StreamHandler) and h.name == "wsgi":
+            h.setLevel(level)
+            h.setStream(sys.stderr)
+
+
 @with_appcontext
 def verbosity(ctx, param, value):
-    """Toggle verbosity between WARNING <-> DEBUG"""
+    """Callback: Toggle verbosity between ERROR <-> TRACE"""
+
     if not value or ctx.resilient_parsing:
         return
-    configure_logger(cli=30 - max(0, min(value * 10, 20)))
+    configure_logger(LOGGING_MAX - max(LOGGING_MIN, min(value * 10, LOGGING_MAX - LOGGING_MIN)))
 
 
 @click.group(
     cls=FlaskGroup,
     add_version_option=False,
     add_default_commands=False,
-    create_app=lambda: create_app(cli=30),
+    create_app=create_app,
 )
 @click.option(
     "--version",
@@ -63,98 +83,21 @@ def cli():
     pass
 
 
-@cli.command()
-@with_appcontext
-def install():
-    """Install and initialize enabled plugins.
+def main(*args, **kwargs):
+    from .plugin_cmd import plugin
+    from .export_cmd import export
+    from .docs_cmd import docs
+    from .run_cmd import run
+    from .install_cmd import install
+    from .docker_cmd import docker
 
-    Most plugins need to install custom tables into the database
-    running this command will lookup all enabled plugins and run
-    their database initalization routines.
-    """
-    from flaschengeist.app import install_all
+    # Override logging level
+    environ.setdefault("FG_LOGGING", logging.getLevelName(LOGGING_MAX))
 
-    install_all()
-
-
-@cli.command()
-@click.option("--output", "-o", help="Output file, default is stdout", type=click.Path())
-@click.option("--namespace", "-n", help="TS namespace for the interfaces", type=str, show_default=True)
-@click.option("--plugin", "-p", help="Also export types for a plugin (even if disabled)", multiple=True, type=str)
-@click.option("--no-core", help="Skip models / types from flaschengeist core", is_flag=True)
-def export(namespace, output, no_core, plugin):
-    from flaschengeist import models
-    from flaschengeist import logger
-    from .InterfaceGenerator import InterfaceGenerator
-
-    gen = InterfaceGenerator(namespace, output, logger)
-    if not no_core:
-        gen.run(models)
-    if plugin:
-        for entry_point in pkg_resources.iter_entry_points("flaschengeist.plugins"):
-            if len(plugin) == 0 or entry_point.name in plugin:
-                plg = entry_point.load()
-                if hasattr(plg, "models") and plg.models is not None:
-                    gen.run(plg.models)
-    gen.write()
-
-
-@cli.command()
-@click.option("--host", help="set hostname to listen on", default="127.0.0.1", show_default=True)
-@click.option("--port", help="set port to listen on", type=int, default=5000, show_default=True)
-@click.option("--debug", help="run in debug mode", is_flag=True)
-@with_appcontext
-@click.pass_context
-def run(ctx, host, port, debug):
-    """Run Flaschengeist using a development server."""
-
-    class PrefixMiddleware(object):
-        def __init__(self, app, prefix=""):
-            self.app = app
-            self.prefix = prefix
-
-        def __call__(self, environ, start_response):
-
-            if environ["PATH_INFO"].startswith(self.prefix):
-                environ["PATH_INFO"] = environ["PATH_INFO"][len(self.prefix) :]
-                environ["SCRIPT_NAME"] = self.prefix
-                return self.app(environ, start_response)
-            else:
-                start_response("404", [("Content-Type", "text/plain")])
-                return ["This url does not belong to the app.".encode()]
-
-    from flaschengeist.config import config
-
-    # re configure logger, as we are no logger in CLI mode
-    configure_logger()
-    current_app.wsgi_app = PrefixMiddleware(current_app.wsgi_app, prefix=config["FLASCHENGEIST"].get("root", ""))
-    if debug:
-        environ["FLASK_DEBUG"] = "1"
-        environ["FLASK_ENV"] = "development"
-
-    ctx.invoke(run_command, host=host, port=port, debugger=debug)
-
-
-@cli.command()
-@click.option(
-    "--output",
-    "-o",
-    help="Documentation output path",
-    default="./docs",
-    type=click.Path(file_okay=False, path_type=pathlib.Path),
-)
-def docs(output: pathlib.Path):
-    """Generate and export API documentation using pdoc3"""
-    output.mkdir(parents=True, exist_ok=True)
-    command = [
-        "python",
-        "-m",
-        "pdoc",
-        "--skip-errors",
-        "--html",
-        "--output-dir",
-        str(output),
-        "flaschengeist",
-    ]
-    click.echo(f"Running command: {command}")
-    subprocess.check_call(command)
+    cli.add_command(export)
+    cli.add_command(docs)
+    cli.add_command(install)
+    cli.add_command(plugin)
+    cli.add_command(run)
+    cli.add_command(docker)
+    cli(*args, **kwargs)

flaschengeist/cli/docker_cmd.py

@@ -0,0 +1,54 @@
+import click
+from click.decorators import pass_context
+from flask.cli import with_appcontext
+from os import environ
+
+from flaschengeist import logger
+from flaschengeist.controller import pluginController
+from werkzeug.exceptions import NotFound
+import traceback
+
+
+@click.group()
+def docker():
+    pass
+
+
+@docker.command()
+@with_appcontext
+@pass_context
+def setup(ctx):
+    """Setup flaschengesit in docker container"""
+    click.echo("Setup docker")
+
+    plugins = environ.get("FG_ENABLE_PLUGINS")
+
+    if not plugins:
+        click.secho("no evironment variable is set for 'FG_ENABLE_PLUGINS'", fg="yellow")
+        click.secho("set 'FG_ENABLE_PLUGINS' to 'auth_ldap', 'mail', 'balance', 'pricelist_old', 'events'")
+        plugins = ("auth_ldap", "mail", "pricelist_old", "events", "balance")
+    else:
+        plugins = plugins.split(" ")
+
+    print(plugins)
+
+    for name in plugins:
+        click.echo(f"Installing {name}{'.'*(20-len(name))}", nl=False)
+        try:
+            pluginController.install_plugin(name)
+        except Exception as e:
+            click.secho(" failed", fg="red")
+            if logger.getEffectiveLevel() > 10:
+                ctx.fail(f"[{e.__class__.__name__}] {e}")
+            else:
+                ctx.fail(traceback.format_exc())
+        else:
+            click.secho(" ok", fg="green")
+
+    for name in plugins:
+        click.echo(f"Enabling {name}{'.'*(20-len(name))}", nl=False)
+        try:
+            pluginController.enable_plugin(name)
+            click.secho(" ok", fg="green")
+        except NotFound:
+            click.secho(" not installed / not found", fg="red")

flaschengeist/cli/docs_cmd.py

@@ -0,0 +1,38 @@
+import click
+import pathlib
+import subprocess
+
+
+@click.command()
+@click.option(
+    "--output",
+    "-o",
+    help="Documentation output path",
+    default="./docs/html",
+    type=click.Path(file_okay=False, path_type=pathlib.Path),
+)
+@click.pass_context
+def docs(ctx: click.Context, output: pathlib.Path):
+    """Generate and export API documentation using pdoc"""
+    import pkg_resources
+
+    try:
+        pkg_resources.get_distribution("pdoc>=8.0.1")
+    except pkg_resources.DistributionNotFound:
+        click.echo(
+            f"Error: pdoc was not found, maybe you need to install it. Try:\n" "\n" '$ pip install "pdoc>=8.0.1"\n'
+        )
+        ctx.exit(1)
+    output.mkdir(parents=True, exist_ok=True)
+    command = [
+        "python",
+        "-m",
+        "pdoc",
+        "--docformat",
+        "google",
+        "--output-directory",
+        str(output),
+        "flaschengeist",
+    ]
+    click.echo(f"Running command: {command}")
+    subprocess.check_call(command)

flaschengeist/cli/export_cmd.py

@@ -0,0 +1,29 @@
+import click
+from importlib.metadata import entry_points
+
+
+@click.command()
+@click.option("--output", "-o", help="Output file, default is stdout", type=click.Path())
+@click.option("--namespace", "-n", help="TS namespace for the interfaces", type=str, show_default=True)
+@click.option("--plugin", "-p", help="Also export types for a plugin (even if disabled)", multiple=True, type=str)
+@click.option("--no-core", help="Skip models / types from flaschengeist core", is_flag=True)
+def export(namespace, output, no_core, plugin):
+    from flaschengeist import logger, models
+    from flaschengeist.cli.InterfaceGenerator import InterfaceGenerator
+
+    gen = InterfaceGenerator(namespace, output, logger)
+    if not no_core:
+        gen.run(models)
+    if plugin:
+        for entry_point in entry_points(group="flaschengeist.plugins"):
+            if len(plugin) == 0 or entry_point.name in plugin:
+                try:
+                    plugin = entry_point.load()
+                    gen.run(plugin.models)
+                except:
+                    logger.error(
+                        f"Plugin {entry_point.name} could not be loaded due to an error.",
+                        exc_info=True,
+                    )
+                    continue
+    gen.write()

flaschengeist/cli/install_cmd.py

@@ -0,0 +1,23 @@
+import click
+from click.decorators import pass_context
+from flask.cli import with_appcontext
+from flask_migrate import upgrade
+
+from flaschengeist.controller import pluginController
+from flaschengeist.utils.hook import Hook
+
+
+@click.command()
+@with_appcontext
+@pass_context
+@Hook("plugins.installed")
+def install(ctx: click.Context):
+    plugins = pluginController.get_enabled_plugins()
+
+    # Install database
+    upgrade(revision="flaschengeist@head")
+
+    # Install plugins
+    for plugin in plugins:
+        plugin = pluginController.install_plugin(plugin.name)
+        pluginController.enable_plugin(plugin.id)

flaschengeist/cli/plugin_cmd.py

@@ -0,0 +1,144 @@
+import traceback
+import click
+from click.decorators import pass_context
+from flask import current_app
+from flask.cli import with_appcontext
+from importlib.metadata import EntryPoint, entry_points
+
+from flaschengeist import logger
+from flaschengeist.controller import pluginController
+from werkzeug.exceptions import NotFound
+
+
+@click.group()
+def plugin():
+    pass
+
+
+@plugin.command()
+@click.argument("plugin", nargs=-1, required=True, type=str)
+@with_appcontext
+@pass_context
+def enable(ctx, plugin):
+    """Enable one or more plugins"""
+    for name in plugin:
+        click.echo(f"Enabling {name}{'.'*(20-len(name))}", nl=False)
+        try:
+            pluginController.enable_plugin(name)
+            click.secho(" ok", fg="green")
+        except NotFound:
+            click.secho(" not installed / not found", fg="red")
+
+
+@plugin.command()
+@click.argument("plugin", nargs=-1, required=True, type=str)
+@with_appcontext
+@pass_context
+def disable(ctx, plugin):
+    """Disable one or more plugins"""
+    for name in plugin:
+        click.echo(f"Disabling {name}{'.'*(20-len(name))}", nl=False)
+        try:
+            pluginController.disable_plugin(name)
+            click.secho(" ok", fg="green")
+        except NotFound:
+            click.secho(" not installed / not found", fg="red")
+
+
+@plugin.command()
+@click.argument("plugin", nargs=-1, type=str)
+@click.option("--all", help="Install all enabled plugins", is_flag=True)
+@with_appcontext
+@pass_context
+def install(ctx: click.Context, plugin, all):
+    """Install one or more plugins"""
+    all_plugins = entry_points(group="flaschengeist.plugins")
+    if all:
+        plugins = [ep.name for ep in all_plugins]
+    elif len(plugin) > 0:
+        plugins = plugin
+        for name in plugin:
+            if not all_plugins.select(name=name):
+                ctx.fail(f"Invalid plugin name, could not find >{name}<")
+    else:
+        ctx.fail("At least one plugin must be specified, or use `--all` flag.")
+
+    for name in plugins:
+        click.echo(f"Installing {name}{'.'*(20-len(name))}", nl=False)
+        try:
+            pluginController.install_plugin(name)
+        except Exception as e:
+            click.secho(" failed", fg="red")
+            if logger.getEffectiveLevel() > 10:
+                ctx.fail(f"[{e.__class__.__name__}] {e}")
+            else:
+                ctx.fail(traceback.format_exc())
+        else:
+            click.secho(" ok", fg="green")
+
+
+@plugin.command()
+@click.argument("plugin", nargs=-1, required=True, type=str)
+@with_appcontext
+@pass_context
+def uninstall(ctx: click.Context, plugin):
+    """Uninstall one or more plugins"""
+
+    plugins = {plg.name: plg for plg in pluginController.get_installed_plugins() if plg.name in plugin}
+    try:
+        for name in plugin:
+            pluginController.disable_plugin(plugins[name])
+            if (
+                click.prompt(
+                    "You are going to uninstall:\n\n"
+                    f"\t{', '.join([plugin_name for plugin_name in plugins.keys()])}\n\n"
+                    "Are you sure?",
+                    default="n",
+                    show_choices=True,
+                    type=click.Choice(["y", "N"], False),
+                ).lower()
+                != "y"
+            ):
+                ctx.exit()
+            click.echo(f"Uninstalling {name}{'.'*(20-len(name))}", nl=False)
+            pluginController.uninstall_plugin(plugins[name])
+            click.secho(" ok", fg="green")
+    except KeyError:
+        ctx.fail(f"Invalid plugin ID, could not find >{name}<")
+
+
+@plugin.command()
+@click.option("--enabled", "-e", help="List only enabled plugins", is_flag=True)
+@click.option("--no-header", "-n", help="Do not show header", is_flag=True)
+@with_appcontext
+def ls(enabled, no_header):
+    def plugin_version(p):
+        if isinstance(p, EntryPoint):
+            return p.dist.version
+        return p.version
+
+    plugins = entry_points(group="flaschengeist.plugins")
+    installed_plugins = {plg.name: plg for plg in pluginController.get_installed_plugins()}
+    loaded_plugins = current_app.config["FG_PLUGINS"].keys()
+
+    if not no_header:
+        print(f"{' '*13}{'name': <20}|   version   | {' ' * 8} state")
+        print("-" * 63)
+    for plugin in plugins:
+        is_installed = plugin.name in installed_plugins.keys()
+        is_enabled = is_installed and installed_plugins[plugin.name].enabled
+        if enabled and is_enabled:
+            continue
+        print(f"{plugin.name: <33}|{plugin_version(plugin): >12} |  ", end="")
+        if is_enabled:
+            if plugin.name in loaded_plugins:
+                print(click.style("      enabled", fg="green"))
+            else:
+                print(click.style("(failed to load)", fg="red"))
+        elif is_installed:
+            print(click.style("     disabled", fg="yellow"))
+        else:
+            print("not installed")
+    for name, plugin in installed_plugins.items():
+        if plugin.enabled and name not in loaded_plugins:
+            print(f"{name: <33}|{'': >12} |" f"{click.style(' failed to load', fg='red')}")

flaschengeist/cli/run_cmd.py

@@ -0,0 +1,37 @@
+import click
+from os import environ
+from flask import current_app
+from flask.cli import with_appcontext, run_command
+
+
+class PrefixMiddleware(object):
+    def __init__(self, app, prefix=""):
+        self.app = app
+        self.prefix = prefix
+
+    def __call__(self, environ, start_response):
+        if environ["PATH_INFO"].startswith(self.prefix):
+            environ["PATH_INFO"] = environ["PATH_INFO"][len(self.prefix) :]
+            environ["SCRIPT_NAME"] = self.prefix
+            return self.app(environ, start_response)
+        else:
+            start_response("404", [("Content-Type", "text/plain")])
+            return ["This url does not belong to the app.".encode()]
+
+
+@click.command()
+@click.option("--host", help="set hostname to listen on", default="127.0.0.1", show_default=True)
+@click.option("--port", help="set port to listen on", type=int, default=5000, show_default=True)
+@click.option("--debug", help="run in debug mode", is_flag=True)
+@with_appcontext
+@click.pass_context
+def run(ctx, host, port, debug):
+    """Run Flaschengeist using a development server."""
+    from flaschengeist.config import config
+
+    current_app.wsgi_app = PrefixMiddleware(current_app.wsgi_app, prefix=config["FLASCHENGEIST"].get("root", ""))
+    if debug:
+        environ["FLASK_DEBUG"] = "1"
+        environ["FLASK_ENV"] = "development"
+
+    ctx.invoke(run_command, reload=True, host=host, port=port, debugger=debug)

flaschengeist/config.py

@@ -1,12 +1,12 @@
 import os
 import toml
-import logging.config
 import collections.abc
 
 from pathlib import Path
+from logging.config import dictConfig
 from werkzeug.middleware.proxy_fix import ProxyFix
-from flaschengeist import _module_path, logger
 
+from flaschengeist import logger
 
 # Default config:
 config = {"DATABASE": {"engine": "mysql", "port": 3306}}
@@ -23,12 +23,12 @@ def update_dict(d, u):
 
 def read_configuration(test_config):
     global config
-    paths = [_module_path]
+    paths = [Path(__file__).parent]
 
     if not test_config:
         paths.append(Path.home() / ".config")
         if "FLASCHENGEIST_CONF" in os.environ:
-            paths.append(Path(os.environ.get("FLASCHENGEIST_CONF")))
+            paths.append(Path(str(os.environ.get("FLASCHENGEIST_CONF"))))
 
     for loc in paths:
         try:
@@ -41,52 +41,46 @@ def read_configuration(test_config):
         update_dict(config, test_config)
 
 
-def configure_logger(cli=False):
-    global config
-    # Read default config
-    logger_config = toml.load(_module_path / "logging.toml")
+def configure_logger():
+    """Configure the logger
 
+    force_console: Force a console handler
+    """
+
+    def set_level(level):
+        # TRACE means even with werkzeug's request traces
+        if isinstance(level, str) and level.lower() == "trace":
+            level = "DEBUG"
+            logger_config["loggers"]["werkzeug"] = {"level": level}
+        logger_config["loggers"]["flaschengeist"] = {"level": level}
+        logger_config["handlers"]["wsgi"]["level"] = level
+
+    # Read default config
+    logger_config = toml.load(Path(__file__).parent / "logging.toml")
     if "LOGGING" in config:
         # Override with user config
         update_dict(logger_config, config.get("LOGGING"))
         # Check for shortcuts
-        if "level" in config["LOGGING"] or isinstance(cli, int):
-            level = cli if cli and isinstance(cli, int) else config["LOGGING"]["level"]
-            logger_config["loggers"]["flaschengeist"] = {"level": level}
-            logger_config["handlers"]["console"]["level"] = level
-            logger_config["handlers"]["file"]["level"] = level
-        if cli is True or not config["LOGGING"].get("console", True):
-            logger_config["handlers"]["console"]["level"] = "CRITICAL"
-        if not cli and isinstance(config["LOGGING"].get("file", False), str):
-            logger_config["root"]["handlers"].append("file")
-            logger_config["handlers"]["file"]["filename"] = config["LOGGING"]["file"]
-            Path(config["LOGGING"]["file"]).parent.mkdir(parents=True, exist_ok=True)
-        else:
-            del logger_config["handlers"]["file"]
-    logging.config.dictConfig(logger_config)
+        if "level" in config["LOGGING"]:
+            set_level(config["LOGGING"]["level"])
+
+    # Override logging, used e.g. by CLI
+    if "FG_LOGGING" in os.environ:
+        set_level(os.environ.get("FG_LOGGING", "CRITICAL"))
+
+    dictConfig(logger_config)
 
 
-def configure_app(app, test_config=None, cli=False):
+def configure_app(app, test_config=None):
     global config
     read_configuration(test_config)
 
-    configure_logger(cli)
-
-    # Always enable this builtin plugins!
-    update_dict(
-        config,
-        {
-            "auth": {"enabled": True},
-            "roles": {"enabled": True},
-            "users": {"enabled": True},
-            "scheduler": {"enabled": True},
-        },
-    )
+    configure_logger()
 
     if "secret_key" not in config["FLASCHENGEIST"]:
-        logger.warning("No secret key was configured, please configure one for production systems!")
-        app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29"
-    else:
+        logger.critical("No secret key was configured, please configure one for production systems!")
+        raise RuntimeError("No secret key was configured")
+
     app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"]
 
     if test_config is not None:

flaschengeist/controller/imageController.py

@@ -1,15 +1,14 @@
 from datetime import date
-from flask import send_file
 from pathlib import Path
+from flask import send_file
 from PIL import Image as PImage
-
-from werkzeug.exceptions import NotFound, UnprocessableEntity
-from werkzeug.datastructures import FileStorage
 from werkzeug.utils import secure_filename
+from werkzeug.datastructures import FileStorage
+from werkzeug.exceptions import NotFound, UnprocessableEntity
 
-from flaschengeist.models.image import Image
-from flaschengeist.database import db
-from flaschengeist.config import config
+from ..models import Image
+from ..database import db
+from ..config import config
 
 
 def check_mimetype(mime: str):

flaschengeist/controller/messageController.py

@@ -1,5 +1,5 @@
-from flaschengeist.utils.hook import Hook
-from flaschengeist.models.user import User, Role
+from ..utils.hook import Hook
+from ..models import User, Role
 
 
 class Message:

flaschengeist/controller/pluginController.py

@@ -0,0 +1,172 @@
+"""Controller for Plugin logic
+
+Used by plugins for setting and notification functionality.
+"""
+
+from typing import Union, List
+from flask import current_app
+from werkzeug.exceptions import NotFound, BadRequest
+from sqlalchemy.exc import OperationalError, ProgrammingError
+from flask_migrate import upgrade as database_upgrade
+from importlib.metadata import entry_points
+
+from flaschengeist import version as flaschengeist_version
+
+from .. import logger
+from ..database import db
+from ..utils.hook import Hook
+from ..plugins import Plugin, AuthPlugin
+from ..models import Notification
+
+
+__required_plugins = ["users", "roles", "scheduler", "auth"]
+
+
+def get_authentication_provider():
+    return [
+        current_app.config["FG_PLUGINS"][plugin.name]
+        for plugin in get_loaded_plugins().values()
+        if isinstance(plugin, AuthPlugin)
+    ]
+
+
+def get_loaded_plugins(plugin_name: str = None):
+    """Get loaded plugin(s)"""
+    plugins = current_app.config["FG_PLUGINS"]
+    if plugin_name is not None:
+        plugins = [plugins[plugin_name]]
+    return {name: db.session.merge(plugins[name], load=False) for name in plugins}
+
+
+def get_installed_plugins() -> list[Plugin]:
+    """Get all installed plugins"""
+    return Plugin.query.all()
+
+
+def get_enabled_plugins() -> list[Plugin]:
+    """Get all installed and enabled plugins"""
+    try:
+        enabled_plugins = Plugin.query.filter(Plugin.enabled == True).all()
+    except (OperationalError, ProgrammingError) as e:
+        logger.error("Could not connect to database or database not initialized! No plugins enabled!")
+        logger.debug("Can not query enabled plugins", exc_info=True)
+        # Fake load required plugins so the database can at least be installed
+        enabled_plugins = [
+            entry_points(group="flaschengeist.plugins", name=name)[0].load()(
+                name=name, enabled=True, installed_version=flaschengeist_version
+            )
+            for name in __required_plugins
+        ]
+    return enabled_plugins
+
+
+def notify(plugin_id: int, user, text: str, data=None):
+    """Create a new notification for an user
+
+    Args:
+        plugin_id: ID of the plugin
+        user: `flaschengeist.models.user.User` to notify
+        text: Visibile notification text
+        data: Optional data passed to the notificaton
+    Returns:
+        ID of the created `flaschengeist.models.notification.Notification`
+
+    Hint: use the data for frontend actions.
+    """
+    if not user.deleted:
+        n = Notification(text=text, data=data, plugin_id_=plugin_id, user_=user)
+        db.session.add(n)
+        db.session.commit()
+        return n.id
+
+
+def get_notifications(plugin_id) -> List[Notification]:
+    """Get all notifications for a plugin
+
+    Args:
+        plugin_id: ID of the plugin
+    Returns:
+        List of `flaschengeist.models.notification.Notification`
+    """
+    return db.session.execute(db.select(Notification).where(Notification.plugin_id_ == plugin_id)).scalars().all()
+
+
+@Hook("plugins.installed")
+def install_plugin(plugin_name: str):
+    logger.debug(f"Installing plugin {plugin_name}")
+    entry_point = entry_points(group="flaschengeist.plugins", name=plugin_name)
+    if not entry_point:
+        raise NotFound
+
+    cls = entry_point[0].load()
+    plugin: Plugin = cls.query.filter(Plugin.name == plugin_name).one_or_none()
+    if plugin is None:
+        plugin = cls(name=plugin_name, installed_version=entry_point[0].dist.version)
+        db.session.add(plugin)
+    db.session.commit()
+    # Custom installation steps
+    plugin.install()
+    # Check migrations
+    directory = entry_point[0].dist.locate_file("")
+    logger.debug(f"Checking for migrations in {directory}")
+    for loc in entry_point[0].module.split(".") + ["migrations"]:
+        directory /= loc
+        logger.debug(f"Checking for migrations with loc in {directory}")
+    if directory.exists():
+        logger.debug(f"Found migrations in {directory}")
+        database_upgrade(revision=f"{plugin_name}@head")
+    db.session.commit()
+    return plugin
+
+
+@Hook("plugin.uninstalled")
+def uninstall_plugin(plugin_id: Union[str, int, Plugin]):
+    plugin = disable_plugin(plugin_id)
+    logger.debug(f"Uninstall plugin {plugin.name}")
+    plugin.uninstall()
+    db.session.delete(plugin)
+    db.session.commit()
+
+
+@Hook("plugins.enabled")
+def enable_plugin(plugin_id: Union[str, int]) -> Plugin:
+    logger.debug(f"Enabling plugin {plugin_id}")
+    plugin = Plugin.query
+    if isinstance(plugin_id, str):
+        plugin = plugin.filter(Plugin.name == plugin_id).one_or_none()
+    elif isinstance(plugin_id, int):
+        plugin = plugin.get(plugin_id)
+    else:
+        raise TypeError
+    if plugin is None:
+        raise NotFound
+    plugin.enabled = True
+    db.session.commit()
+    plugin = plugin.entry_point.load().query.get(plugin.id)
+    current_app.config["FG_PLUGINS"][plugin.name] = plugin
+    return plugin
+
+
+@Hook("plugins.disabled")
+def disable_plugin(plugin_id: Union[str, int, Plugin]):
+    logger.debug(f"Disabling plugin {plugin_id}")
+    plugin: Plugin = Plugin.query
+    if isinstance(plugin_id, str):
+        plugin = plugin.filter(Plugin.name == plugin_id).one_or_none()
+    elif isinstance(plugin_id, int):
+        plugin = plugin.get(plugin_id)
+    elif isinstance(plugin_id, Plugin):
+        plugin = plugin_id
+    else:
+        raise TypeError
+    if plugin is None:
+        raise NotFound
+    if plugin.name in __required_plugins:
+        raise BadRequest
+    plugin.enabled = False
+    db.session.commit()
+
+    if plugin.name in current_app.config["FG_PLUGINS"].keys():
+        del current_app.config["FG_PLUGINS"][plugin.name]
+
+    return plugin

flaschengeist/controller/roleController.py

@@ -2,10 +2,10 @@ from typing import Union
 from sqlalchemy.exc import IntegrityError
 from werkzeug.exceptions import BadRequest, Conflict, NotFound
 
-from flaschengeist import logger
-from flaschengeist.models.user import Role, Permission
-from flaschengeist.database import db, case_sensitive
-from flaschengeist.utils.hook import Hook
+from .. import logger
+from ..models import Role, Permission
+from ..database import db, case_sensitive
+from ..utils.hook import Hook
 
 
 def get_all():

flaschengeist/controller/sessionController.py

@@ -1,14 +1,22 @@
 import secrets
-from flaschengeist.models.session import Session
-from flaschengeist.database import db
-from flaschengeist import logger
-from werkzeug.exceptions import Forbidden, Unauthorized
+
 from datetime import datetime, timezone
+from werkzeug.exceptions import Forbidden, Unauthorized
+from ua_parser import user_agent_parser
+
+from .. import logger
+from ..models import Session
+from ..database import db
+
 
 lifetime = 1800
 
 
-def validate_token(token, user_agent, permission):
+def get_user_agent(request_headers):
+    return user_agent_parser.Parse(request_headers.get("User-Agent", "") if request_headers else "")
+
+
+def validate_token(token, request_headers, permission):
     """Verify session
 
     Verify a Session and Roles so if the User has permission or not.
@@ -16,7 +24,7 @@ def validate_token(token, user_agent, permission):
 
     Args:
         token: Token to verify.
-        user_agent: User agent of browser to check
+        request_headers: Headers to validate user agent of browser
         permission: Permission needed to access restricted routes
     Returns:
         A Session for this given Token
@@ -28,8 +36,12 @@ def validate_token(token, user_agent, permission):
     session = Session.query.filter_by(token=token).one_or_none()
     if session:
         logger.debug("token found, check if expired or invalid user agent differs")
+        user_agent = get_user_agent(request_headers)
+        platform = user_agent["os"]["family"]
+        browser = user_agent["user_agent"]["family"]
+
         if session.expires >= datetime.now(timezone.utc) and (
-            session.browser == user_agent.browser and session.platform == user_agent.platform
+            session.browser == browser and session.platform == platform
         ):
             if not permission or session.user_.has_permission(permission):
                 session.refresh()
@@ -44,24 +56,26 @@ def validate_token(token, user_agent, permission):
     raise Unauthorized
 
 
-def create(user, user_agent=None) -> Session:
+def create(user, request_headers=None) -> Session:
     """Create a Session
 
     Args:
         user: For which User is to create a Session
-        user_agent: User agent to identify session
+        request_headers: Headers to validate user agent of browser
 
     Returns:
             Session: A created Token for User
     """
     logger.debug("create access token")
     token_str = secrets.token_hex(16)
+    user_agent = get_user_agent(request_headers)
+    logger.debug(f"platform: {user_agent['os']['family']}, browser: {user_agent['user_agent']['family']}")
     session = Session(
         token=token_str,
         user_=user,
         lifetime=lifetime,
-        browser=user_agent.browser,
-        platform=user_agent.platform,
+        platform=user_agent["os"]["family"],
+        browser=user_agent["user_agent"]["family"],
     )
     session.refresh()
     db.session.add(session)

flaschengeist/controller/userController.py

@@ -1,21 +1,31 @@
-import secrets
 import re
+import secrets
+import hashlib
+
 from io import BytesIO
+from typing import Optional, Union
+from flask import make_response
+from flask.json import provider
 from sqlalchemy import exc
-from flask import current_app
-from datetime import datetime, timedelta, timezone
+from sqlalchemy_utils import merge_references
+from datetime import datetime, timedelta, timezone, date
 from flask.helpers import send_file
 from werkzeug.exceptions import NotFound, BadRequest, Forbidden
 
-from flaschengeist import logger
-from flaschengeist.config import config
-from flaschengeist.database import db
-from flaschengeist.models.notification import Notification
-from flaschengeist.utils.hook import Hook
-from flaschengeist.utils.datetime import from_iso_format
-from flaschengeist.utils.foreign_keys import merge_references
-from flaschengeist.models.user import User, Role, _PasswordReset
-from flaschengeist.controller import imageController, messageController, sessionController
+from .. import logger
+from ..config import config
+from ..database import db
+from ..models import Notification, User, Role
+from ..models.user import _PasswordReset
+from ..utils.hook import Hook
+from ..utils.datetime import from_iso_format
+from ..controller import (
+    imageController,
+    messageController,
+    pluginController,
+    sessionController,
+)
+from ..plugins import AuthPlugin
 
 
 def __active_users():
@@ -40,16 +50,34 @@ def _generate_password_reset(user):
     return reset
 
 
+def get_provider(userid: str) -> AuthPlugin:
+    return [p for p in pluginController.get_authentication_provider() if p.user_exists(userid)][0]
+
+
+@Hook
+def update_user(user: User, backend: Optional[AuthPlugin] = None):
+    """Update user data from backend
+
+    This is seperate function to provide a hook"""
+    if not backend:
+        backend = get_provider(user.userid)
+    backend.update_user(user)
+    if not user.display_name:
+        user.display_name = "{} {}.".format(user.firstname, user.lastname[0])
+    db.session.commit()
+
+
 def login_user(username, password):
     logger.info("login user {{ {} }}".format(username))
-
-    user = find_user(username)
+    for provider in pluginController.get_authentication_provider():
+        uid = provider.login(username, password)
+        if isinstance(uid, str):
+            user = get_user(uid)
             if not user:
                 logger.debug("User not found in Database.")
-        user = User(userid=username)
+                user = User(userid=uid)
                 db.session.add(user)
-    if current_app.config["FG_AUTH_BACKEND"].login(user, password):
-        update_user(user)
+            update_user(user, provider)
             return user
     return None
 
@@ -83,14 +111,6 @@ def reset_password(token: str, password: str):
     db.session.commit()
 
 
-@Hook
-def update_user(user):
-    current_app.config["FG_AUTH_BACKEND"].update_user(user)
-    if not user.display_name:
-        user.display_name = "{} {}.".format(user.firstname, user.lastname[0])
-    db.session.commit()
-
-
 def set_roles(user: User, roles: list[str], create=False):
     """Set roles of user
 
@@ -101,7 +121,7 @@ def set_roles(user: User, roles: list[str], create=False):
     Raises:
         BadRequest if invalid arguments given or not all roles found while *create* is set to false
     """
-    from roleController import create_role
+    from .roleController import create_role
 
     if not isinstance(roles, list) and any([not isinstance(r, str) for r in roles]):
         raise BadRequest("Invalid role name")
@@ -114,7 +134,7 @@ def set_roles(user: User, roles: list[str], create=False):
     user.roles_ = fetched
 
 
-def modify_user(user, password, new_password=None):
+def modify_user(user: User, password: str, new_password: str = None):
     """Modify given user on the backend
 
     Args:
@@ -126,7 +146,8 @@ def modify_user(user, password, new_password=None):
         NotImplemented: If backend is not capable of this operation
         BadRequest: Password is wrong or other logic issues
     """
-    current_app.config["FG_AUTH_BACKEND"].modify_user(user, password, new_password)
+    provider = get_provider(user.userid)
+    provider.modify_user(user, password, new_password)
 
     if new_password:
         logger.debug(f"Password changed for user {user.userid}")
@@ -149,7 +170,7 @@ def get_user_by_role(role: Role):
     return User.query.join(User.roles_).filter_by(role_id=role.id).all()
 
 
-def get_user(uid, deleted=False):
+def get_user(uid, deleted=False) -> User:
     """Get an user by userid from database
     Args:
         uid: Userid to search for
@@ -164,37 +185,13 @@ def get_user(uid, deleted=False):
     return user
 
 
-def find_user(uid_mail):
-    """Finding an user by userid or mail in database or auth-backend
-    Args:
-        uid_mail: userid and or mail to search for
-    Returns:
-        User if found or None
-    """
-    mail = uid_mail.split("@")
-    mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0
-
-    query = User.userid == uid_mail
-    if mail:
-        query |= User.mail == uid_mail
-    user = User.query.filter(query).one_or_none()
-    if user:
-        update_user(user)
-    else:
-        user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None)
-        if user:
-            if not user.display_name:
-                user.display_name = "{} {}.".format(user.firstname, user.lastname[0])
-            db.session.add(user)
-            db.session.commit()
-    return user
-
-
 @Hook
 def delete_user(user: User):
     """Delete given user"""
     # First let the backend delete the user, as this might fail
-    current_app.config["FG_AUTH_BACKEND"].delete_user(user)
+    provider = get_provider(user.userid)
+    provider.delete_user(user)
+
     # Clear all easy relationships
     user.avatar_ = None
     user._attributes.clear()
@@ -206,7 +203,11 @@ def delete_user(user: User):
         deleted_user = get_user("__deleted_user__", True)
     except NotFound:
         deleted_user = User(
-            userid="__deleted_user__", firstname="USER", lastname="DELETED", display_name="DELETED USER", deleted=True
+            userid="__deleted_user__",
+            firstname="USER",
+            lastname="DELETED",
+            display_name="DELETED USER",
+            deleted=True,
         )
         db.session.add(user)
         db.session.flush()
@@ -217,7 +218,10 @@ def delete_user(user: User):
         db.session.delete(user)
         db.session.commit()
     except exc.IntegrityError:
-        logger.error("Delete of user failed, there might be ForeignKey contraits from disabled plugins", exec_info=True)
+        logger.error(
+            "Delete of user failed, there might be ForeignKey contraits from disabled plugins",
+            exec_info=True,
+        )
         # Remove at least all personal data
         user.userid = f"__deleted_user__{user.id_}"
         user.display_name = "DELETED USER"
@@ -239,6 +243,9 @@ def register(data, passwd=None):
     values = {key: value for key, value in data.items() if key in allowed_keys}
     roles = values.pop("roles", [])
     if "birthday" in data:
+        if isinstance(data["birthday"], date):
+            values["birthday"] = data["birthday"]
+        else:
             values["birthday"] = from_iso_format(data["birthday"]).date()
     if "mail" in data and not re.match(r"[^@]+@[^@]+\.[^@]+", data["mail"]):
         raise BadRequest("Invalid mail given")
@@ -246,10 +253,14 @@ def register(data, passwd=None):
     set_roles(user, roles)
 
     password = passwd if passwd else secrets.token_urlsafe(16)
-    current_app.config["FG_AUTH_BACKEND"].create_user(user, password)
     try:
+        provider = [p for p in pluginController.get_authentication_provider() if p.can_register()][0]
+        provider.create_user(user, password)
         db.session.add(user)
         db.session.commit()
+    except IndexError as e:
+        logger.error("No authentication backend, allowing registering new users, found.")
+        raise e
     except exc.IntegrityError:
         raise BadRequest("userid already in use")
 
@@ -264,28 +275,37 @@ def register(data, passwd=None):
         )
         messageController.send_message(messageController.Message(user, text, subject))
 
-    find_user(user.userid)
+    provider.update_user(user)
 
     return user
 
 
-def load_avatar(user: User):
+def get_last_modified(user: User):
+    """Get the last modification date of the user"""
+    return get_provider(user.userid).get_last_modified(user)
+
+
+def load_avatar(user: User, etag: Union[str, None] = None):
     if user.avatar_ is not None:
         return imageController.send_image(image=user.avatar_)
     else:
-        avatar = current_app.config["FG_AUTH_BACKEND"].get_avatar(user)
+        provider = get_provider(user.userid)
+        avatar = provider.get_avatar(user)
+        new_etag = hashlib.md5(avatar.binary).hexdigest()
+        if new_etag == etag:
+            return make_response("", 304)
         if len(avatar.binary) > 0:
-            return send_file(BytesIO(avatar.binary), avatar.mimetype)
+            return send_file(BytesIO(avatar.binary), avatar.mimetype, etag=new_etag)
     raise NotFound
 
 
 def save_avatar(user, file):
-    current_app.config["FG_AUTH_BACKEND"].set_avatar(user, file)
+    get_provider(user.userid).set_avatar(user, file)
     db.session.commit()
 
 
 def delete_avatar(user):
-    current_app.config["FG_AUTH_BACKEND"].delete_avatar(user)
+    get_provider(user.userid).delete_avatar(user)
     db.session.commit()
 
 

flaschengeist/database.py

@@ -1,33 +0,0 @@
-from flask_sqlalchemy import SQLAlchemy
-from sqlalchemy import MetaData
-
-# https://alembic.sqlalchemy.org/en/latest/naming.html
-metadata = MetaData(
-    naming_convention={
-        "pk": "pk_%(table_name)s",
-        "ix": "ix_%(table_name)s_%(column_0_name)s",
-        "uq": "uq_%(table_name)s_%(column_0_name)s",
-        "ck": "ck_%(table_name)s_%(constraint_name)s",
-        "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
-    }
-)
-
-
-db = SQLAlchemy(metadata=metadata)
-
-
-def case_sensitive(s):
-    """
-        Compare string as case sensitive on the database
-
-    Args:
-        s: string to compare
-
-    Example:
-        User.query.filter(User.name == case_sensitive(some_string))
-    """
-    if db.session.bind.dialect.name == "mysql":
-        from sqlalchemy import func
-
-        return func.binary(s)
-    return s

flaschengeist/database/__init__.py

@@ -0,0 +1,75 @@
+import os
+from flask_migrate import Migrate, Config
+from flask_sqlalchemy import SQLAlchemy
+from importlib.metadata import EntryPoint, entry_points, distribution
+from sqlalchemy import MetaData
+
+from flaschengeist.alembic import alembic_script_path
+from flaschengeist import logger
+
+# from flaschengeist.controller import pluginController
+
+# https://alembic.sqlalchemy.org/en/latest/naming.html
+metadata = MetaData(
+    naming_convention={
+        "pk": "pk_%(table_name)s",
+        "ix": "ix_%(table_name)s_%(column_0_name)s",
+        "uq": "uq_%(table_name)s_%(column_0_name)s",
+        "ck": "ck_%(table_name)s_%(constraint_name)s",
+        "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
+    }
+)
+
+
+db = SQLAlchemy(metadata=metadata, session_options={"expire_on_commit": False})
+migrate = Migrate()
+
+
+@migrate.configure
+def configure_alembic(config: Config):
+    """Alembic configuration hook
+
+    Inject all migrations paths into the ``version_locations`` config option.
+    This includes even disabled plugins, as simply disabling a plugin without
+    uninstall can break the alembic version management.
+    """
+    # Set main script location
+    config.set_main_option("script_location", alembic_script_path)
+
+    # Set Flaschengeist's migrations
+    migrations = [config.get_main_option("script_location") + "/migrations"]
+
+    # Gather all migration paths
+    for entry_point in entry_points(group="flaschengeist.plugins"):
+        try:
+            directory = entry_point.dist.locate_file("")
+            for loc in entry_point.module.split(".") + ["migrations"]:
+                directory /= loc
+            if directory.exists():
+                logger.debug(f"Adding migration version path {directory}")
+                migrations.append(str(directory.resolve()))
+        except:
+            logger.warning(f"Could not load migrations of plugin {entry_point.name} for database migration.")
+            logger.debug("Plugin loading failed", exc_info=True)
+
+    # write back seperator (we changed it if neither seperator nor locations were specified)
+    config.set_main_option("version_path_separator", os.pathsep)
+    config.set_main_option("version_locations", os.pathsep.join(set(migrations)))
+    return config
+
+
+def case_sensitive(s):
+    """
+        Compare string as case sensitive on the database
+
+    Args:
+        s: string to compare
+
+    Example:
+        User.query.filter(User.name == case_sensitive(some_string))
+    """
+    if db.session.bind.dialect.name == "mysql":
+        from sqlalchemy import func
+
+        return func.binary(s)
+    return s

flaschengeist/database/types.py

@@ -0,0 +1,97 @@
+from importlib import import_module
+import datetime
+
+from sqlalchemy import BigInteger, util
+from sqlalchemy.dialects import mysql, sqlite
+from sqlalchemy.types import DateTime, TypeDecorator
+
+
+class ModelSerializeMixin:
+    """Mixin class used for models to serialize them automatically
+    Ignores private and protected members as well as members marked as not to publish (name ends with _)
+    """
+
+    def __is_optional(self, param):
+        import typing
+
+        module = import_module("flaschengeist.models").__dict__
+
+        try:
+            hint = typing.get_type_hints(self.__class__, globalns=module, locals=locals())[param]
+            if (
+                typing.get_origin(hint) is typing.Union
+                and len(typing.get_args(hint)) == 2
+                and typing.get_args(hint)[1] is type(None)
+            ):
+                return getattr(self, param) is None
+        except:
+            pass
+
+    def serialize(self):
+        """Serialize class to dict
+        Returns:
+            Dict of all not private or protected annotated member variables.
+        """
+        d = {
+            param: getattr(self, param)
+            for param in self.__class__.__annotations__
+            if not param.startswith("_") and not param.endswith("_") and not self.__is_optional(param)
+        }
+        if len(d) == 1:
+            _, value = d.popitem()
+            return value
+        return d
+
+    def __str__(self) -> str:
+        return self.serialize().__str__()
+
+
+class Serial(TypeDecorator):
+    """Same as MariaDB Serial used for IDs"""
+
+    cache_ok = True
+    impl = BigInteger().with_variant(mysql.BIGINT(unsigned=True), "mysql").with_variant(sqlite.INTEGER(), "sqlite")
+
+    # https://alembic.sqlalchemy.org/en/latest/autogenerate.html?highlight=custom%20column#affecting-the-rendering-of-types-themselves
+    def __repr__(self) -> str:
+        return util.generic_repr(self)
+
+
+class UtcDateTime(TypeDecorator):
+    """Almost equivalent to `sqlalchemy.types.DateTime` with
+    ``timezone=True`` option, but it differs from that by:
+
+    - Never silently take naive :class:`datetime.datetime`, instead it
+      always raise :exc:`ValueError` unless time zone aware value.
+    - :class:`datetime.datetime` value's :attr:`datetime.datetime.tzinfo`
+      is always converted to UTC.
+    - Unlike SQLAlchemy's built-in :class:`sqlalchemy.types.DateTime`,
+      it never return naive :class:`datetime.datetime`, but time zone
+      aware value, even with SQLite or MySQL.
+    """
+
+    cache_ok = True
+    impl = DateTime(timezone=True)
+
+    @staticmethod
+    def current_utc():
+        return datetime.datetime.now(tz=datetime.timezone.utc)
+
+    def process_bind_param(self, value, dialect):
+        if value is not None:
+            if not isinstance(value, datetime.datetime):
+                raise TypeError("expected datetime.datetime, not " + repr(value))
+            elif value.tzinfo is None:
+                raise ValueError("naive datetime is disallowed")
+            return value.astimezone(datetime.timezone.utc)
+
+    def process_result_value(self, value, dialect):
+        if value is not None:
+            if value.tzinfo is not None:
+                value = value.astimezone(datetime.timezone.utc)
+            value = value.replace(tzinfo=datetime.timezone.utc)
+        return value
+
+    # https://alembic.sqlalchemy.org/en/latest/autogenerate.html?highlight=custom%20column#affecting-the-rendering-of-types-themselves
+    def __repr__(self) -> str:
+        return util.generic_repr(self)

flaschengeist/flaschengeist.toml

@@ -12,23 +12,6 @@ root = "/api"
 secret_key = "V3ryS3cr3t"
 # Domain used by frontend
 
-[scheduler]
-# Possible values are: "passive_web" (default), "active_web" and "system"
-# See documentation
-# cron = "passive_web"
-
-[LOGGING]
-# You can override all settings from the logging.toml here
-# E.g. override the formatters etc
-#
-# Logging level, possible: DEBUG INFO WARNING ERROR
-level = "DEBUG"
-# Logging to a file is simple, just add the path
-# file = "/tmp/flaschengeist-debug.log"
-file = false
-# Uncomment to disable console logging
-# console = false
-
 [DATABASE]
 # engine = "mysql" (default)
 host = "localhost"
@@ -36,6 +19,22 @@ user = "flaschengeist"
 password = "flaschengeist"
 database = "flaschengeist"
 
+[LOGGING]
+# You can override all settings from the logging.toml here
+# Default: Logging to WSGI stream (commonly stderr)
+
+# Logging level, possible: TRACE DEBUG INFO WARNING ERROR CRITICAL
+# On TRACE level additionally every request will get logged
+level = "DEBUG"
+
+# If you want the logger to log to a file, you could use:
+#[LOGGING.handlers.file]
+#    class = "logging.handlers.WatchedFileHandler"
+#    level = "WARNING"
+#    formatter = "extended"
+#    encoding = "utf8"
+#    filename = "flaschengeist.log"
+
 [FILES]
 # Path for file / image uploads
 data_path = "./data"
@@ -49,6 +48,11 @@ allowed_mimetypes = [
     "image/webp"
 ]
 
+[scheduler]
+# Possible values are: "passive_web" (default), "active_web" and "system"
+# See documentation
+# cron = "passive_web"
+
 [auth_ldap]
 # Full documentation https://flaschengeist.dev/Flaschengeist/flaschengeist/wiki/plugins_auth_ldap
 # host = "localhost"

flaschengeist/logging.toml

@@ -6,22 +6,16 @@ disable_existing_loggers = false
 
 [formatters]
   [formatters.simple]
-    format = "%(asctime)s - %(levelname)s - %(message)s"
+    format = "[%(asctime)s] %(levelname)s - %(message)s"
   [formatters.extended]
-    format = "%(asctime)s — %(filename)s - %(funcName)s - %(lineno)d - %(threadName)s - %(name)s — %(levelname)s — %(message)s"
+    format = "[%(asctime)s] %(levelname)s %(filename)s - %(funcName)s - %(lineno)d - %(threadName)s - %(name)s — %(message)s"
 
 [handlers]
-  [handlers.console]
+  [handlers.wsgi]
+    stream = "ext://flask.logging.wsgi_errors_stream"
     class = "logging.StreamHandler"
-    level = "DEBUG"
     formatter = "simple"
-    stream = "ext://sys.stderr"
-  [handlers.file]
-    class = "logging.handlers.WatchedFileHandler"
-    level = "WARNING"
-    formatter = "extended"
-    encoding = "utf8"
-    filename = "flaschengeist.log"
+    level = "DEBUG"
 
 [loggers]
   [loggers.werkzeug]
@@ -29,4 +23,4 @@ disable_existing_loggers = false
 
 [root]
   level = "WARNING"
-  handlers = ["console"]
+  handlers = ["wsgi"]

flaschengeist/models/__init__.py

@@ -1,87 +1,5 @@
-import sys
-import datetime
-
-from sqlalchemy import BigInteger
-from sqlalchemy.dialects import mysql, sqlite
-from sqlalchemy.types import DateTime, TypeDecorator
-
-
-class ModelSerializeMixin:
-    """Mixin class used for models to serialize them automatically
-    Ignores private and protected members as well as members marked as not to publish (name ends with _)
-    """
-
-    def __is_optional(self, param):
-        if sys.version_info < (3, 8):
-            return False
-
-        import typing
-
-        hint = typing.get_type_hints(self.__class__)[param]
-        if (
-            typing.get_origin(hint) is typing.Union
-            and len(typing.get_args(hint)) == 2
-            and typing.get_args(hint)[1] is type(None)
-        ):
-            return getattr(self, param) is None
-
-    def serialize(self):
-        """Serialize class to dict
-        Returns:
-            Dict of all not private or protected annotated member variables.
-        """
-        d = {
-            param: getattr(self, param)
-            for param in self.__class__.__annotations__
-            if not param.startswith("_") and not param.endswith("_") and not self.__is_optional(param)
-        }
-        if len(d) == 1:
-            key, value = d.popitem()
-            return value
-        return d
-
-    def __str__(self) -> str:
-        return self.serialize().__str__()
-
-
-class Serial(TypeDecorator):
-    """Same as MariaDB Serial used for IDs"""
-
-    cache_ok = True
-    impl = BigInteger().with_variant(mysql.BIGINT(unsigned=True), "mysql").with_variant(sqlite.INTEGER, "sqlite")
-
-
-class UtcDateTime(TypeDecorator):
-    """Almost equivalent to `sqlalchemy.types.DateTime` with
-    ``timezone=True`` option, but it differs from that by:
-
-    - Never silently take naive :class:`datetime.datetime`, instead it
-      always raise :exc:`ValueError` unless time zone aware value.
-    - :class:`datetime.datetime` value's :attr:`datetime.datetime.tzinfo`
-      is always converted to UTC.
-    - Unlike SQLAlchemy's built-in :class:`sqlalchemy.types.DateTime`,
-      it never return naive :class:`datetime.datetime`, but time zone
-      aware value, even with SQLite or MySQL.
-    """
-
-    cache_ok = True
-    impl = DateTime(timezone=True)
-
-    @staticmethod
-    def current_utc():
-        return datetime.datetime.now(tz=datetime.timezone.utc)
-
-    def process_bind_param(self, value, dialect):
-        if value is not None:
-            if not isinstance(value, datetime.datetime):
-                raise TypeError("expected datetime.datetime, not " + repr(value))
-            elif value.tzinfo is None:
-                raise ValueError("naive datetime is disallowed")
-            return value.astimezone(datetime.timezone.utc)
-
-    def process_result_value(self, value, dialect):
-        if value is not None:
-            if value.tzinfo is not None:
-                value = value.astimezone(datetime.timezone.utc)
-            value = value.replace(tzinfo=datetime.timezone.utc)
-        return value
+from .session import *
+from .user import *
+from .plugin import *
+from .notification import *
+from .image import *

flaschengeist/models/image.py

@@ -1,19 +1,20 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 
 from sqlalchemy import event
 from pathlib import Path
 
-from . import ModelSerializeMixin, Serial
 from ..database import db
+from ..database.types import ModelSerializeMixin, Serial
 
 
 class Image(db.Model, ModelSerializeMixin):
+    __allow_unmapped__ = True
     __tablename__ = "image"
-    id: int = db.Column("id", Serial, primary_key=True)
-    filename_: str = db.Column(db.String(127), nullable=False)
-    mimetype_: str = db.Column(db.String(30), nullable=False)
-    thumbnail_: str = db.Column(db.String(127))
-    path_: str = db.Column(db.String(127))
+    id: int = db.Column(Serial, primary_key=True)
+    filename_: str = db.Column("filename", db.String(255), nullable=False)
+    mimetype_: str = db.Column("mimetype", db.String(127), nullable=False)
+    thumbnail_: str = db.Column("thumbnail", db.String(255))
+    path_: str = db.Column("path", db.String(255))
 
     def open(self):
         return open(self.path_, "rb")

flaschengeist/models/notification.py

@@ -1,19 +1,28 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
 from datetime import datetime
 from typing import Any
 
-from . import Serial, UtcDateTime, ModelSerializeMixin
 from ..database import db
-from .user import User
+from ..database.types import Serial, UtcDateTime, ModelSerializeMixin
 
 
 class Notification(db.Model, ModelSerializeMixin):
+    __allow_unmapped__ = True
     __tablename__ = "notification"
     id: int = db.Column("id", Serial, primary_key=True)
-    plugin: str = db.Column(db.String(127), nullable=False)
     text: str = db.Column(db.Text)
     data: Any = db.Column(db.PickleType(protocol=4))
     time: datetime = db.Column(UtcDateTime, nullable=False, default=UtcDateTime.current_utc)
 
-    user_id_: int = db.Column("user_id", Serial, db.ForeignKey("user.id"), nullable=False)
+    user_id_: int = db.Column("user", Serial, db.ForeignKey("user.id"), nullable=False)
+    plugin_id_: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"), nullable=False)
     user_: User = db.relationship("User")
+    plugin_: Plugin = db.relationship(
+        "Plugin", backref=db.backref("notifications_", cascade="all, delete, delete-orphan")
+    )
+    plugin: str
+
+    @property
+    def plugin(self) -> str:
+        return self.plugin_.name

flaschengeist/models/plugin.py

@@ -0,0 +1,74 @@
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
+
+from typing import Any, List, Dict
+from sqlalchemy.orm.collections import attribute_mapped_collection
+
+from ..database import db
+from ..database.types import Serial
+
+
+class PluginSetting(db.Model):
+    __allow_unmapped__ = True
+    __tablename__ = "plugin_setting"
+    id = db.Column("id", Serial, primary_key=True)
+    plugin_id: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"))
+    name: str = db.Column(db.String(127), nullable=False)
+    value: Any = db.Column(db.PickleType(protocol=4))
+
+
+class BasePlugin(db.Model):
+    __allow_unmapped__ = True
+    __tablename__ = "plugin"
+    id: int = db.Column("id", Serial, primary_key=True)
+    name: str = db.Column(db.String(127), nullable=False)
+    """Name of the plugin, loaded from distribution"""
+    installed_version: str = db.Column("version", db.String(30), nullable=False)
+    """The latest installed version"""
+    enabled: bool = db.Column(db.Boolean, default=False)
+    """Enabled state of the plugin"""
+    permissions: List["Permission"] = db.relationship(
+        "Permission", cascade="all, delete, delete-orphan", back_populates="plugin_", lazy="select"
+    )
+    """Optional list of custom permissions used by the plugin
+    
+    A good style is to name the permissions with a prefix related to the plugin name,
+    to prevent clashes with other plugins. E. g. instead of *delete* use *plugin_delete*.
+    """
+
+    __settings: Dict[str, "PluginSetting"] = db.relationship(
+        "PluginSetting",
+        collection_class=attribute_mapped_collection("name"),
+        cascade="all, delete, delete-orphan",
+        lazy="subquery",
+    )
+
+    def get_setting(self, name: str, **kwargs):
+        """Get plugin setting
+
+        Args:
+            name: string identifying the setting
+            default: Default value
+        Returns:
+            Value stored in database (native python)
+        Raises:
+            `KeyError` if no such setting exists in the database
+        """
+        try:
+            return self.__settings[name].value
+        except KeyError as e:
+            if "default" in kwargs:
+                return kwargs["default"]
+            raise e
+
+    def set_setting(self, name: str, value):
+        """Save setting in database
+
+        Args:
+            name: String identifying the setting
+            value: Value to be stored
+        """
+        if value is None and name in self.__settings.keys():
+            del self.__settings[name]
+        else:
+            setting = self.__settings.setdefault(name, PluginSetting(plugin_id=self.id, name=name, value=None))
+            setting.value = value

flaschengeist/models/session.py

@@ -1,12 +1,11 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 
 from datetime import datetime, timedelta, timezone
-
-from . import ModelSerializeMixin, UtcDateTime, Serial
-from .user import User
-from flaschengeist.database import db
 from secrets import compare_digest
-from flaschengeist import logger
+
+from .. import logger
+from ..database import db
+from ..database.types import ModelSerializeMixin, UtcDateTime, Serial
 
 
 class Session(db.Model, ModelSerializeMixin):
@@ -18,12 +17,13 @@ class Session(db.Model, ModelSerializeMixin):
         token:  String to verify access later.
     """
 
+    __allow_unmapped__ = True
     __tablename__ = "session"
     expires: datetime = db.Column(UtcDateTime)
     token: str = db.Column(db.String(32), unique=True)
     lifetime: int = db.Column(db.Integer)
-    browser: str = db.Column(db.String(30))
-    platform: str = db.Column(db.String(30))
+    browser: str = db.Column(db.String(127))
+    platform: str = db.Column(db.String(64))
     userid: str = ""
 
     _id = db.Column("id", Serial, primary_key=True)

flaschengeist/models/setting.py

@@ -1,13 +0,0 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
-from typing import Any
-
-from . import Serial
-from ..database import db
-
-
-class _PluginSetting(db.Model):
-    __tablename__ = "plugin_setting"
-    id = db.Column("id", Serial, primary_key=True)
-    plugin: str = db.Column(db.String(30))
-    name: str = db.Column(db.String(30), nullable=False)
-    value: Any = db.Column(db.PickleType(protocol=4))

flaschengeist/models/user.py

@@ -1,14 +1,13 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import (
+    annotations,
+)  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 
-from flask import url_for
-from typing import Optional
+from typing import Optional, Union, List
 from datetime import date, datetime
 from sqlalchemy.orm.collections import attribute_mapped_collection
 
 from ..database import db
-from . import ModelSerializeMixin, UtcDateTime, Serial
-from .image import Image
-
+from ..database.types import ModelSerializeMixin, UtcDateTime, Serial
 
 association_table = db.Table(
     "user_x_role",
@@ -24,17 +23,21 @@ role_permission_association_table = db.Table(
 
 
 class Permission(db.Model, ModelSerializeMixin):
+    __allow_unmapped__ = True
     __tablename__ = "permission"
     name: str = db.Column(db.String(30), unique=True)
 
-    _id = db.Column("id", Serial, primary_key=True)
+    id_ = db.Column("id", Serial, primary_key=True)
+    plugin_id_: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"))
+    plugin_ = db.relationship("Plugin", lazy="subquery", back_populates="permissions", enable_typechecks=False)
 
 
 class Role(db.Model, ModelSerializeMixin):
+    __allow_unmapped__ = True
     __tablename__ = "role"
     id: int = db.Column(Serial, primary_key=True)
     name: str = db.Column(db.String(30), unique=True)
-    permissions: list[Permission] = db.relationship("Permission", secondary=role_permission_association_table)
+    permissions: List[Permission] = db.relationship("Permission", secondary=role_permission_association_table)
 
 
 class User(db.Model, ModelSerializeMixin):
@@ -44,7 +47,7 @@ class User(db.Model, ModelSerializeMixin):
 
     Attributes:
         id: Id in Database as Primary Key.
-        uid: User ID used by authentication provider
+        userid: User ID used by authentication provider
         display_name: Name to show
         firstname: Firstname of the User
         lastname: Lastname of the User
@@ -52,6 +55,7 @@ class User(db.Model, ModelSerializeMixin):
         birthday: Birthday of the user
     """
 
+    __allow_unmapped__ = True
     __tablename__ = "user"
     userid: str = db.Column(db.String(30), unique=True, nullable=False)
     display_name: str = db.Column(db.String(30))
@@ -60,17 +64,15 @@ class User(db.Model, ModelSerializeMixin):
     deleted: bool = db.Column(db.Boolean(), default=False)
     birthday: Optional[date] = db.Column(db.Date)
     mail: str = db.Column(db.String(60))
-    roles: list[str] = []
-    permissions: Optional[list[str]] = None
+    roles: List[str] = []
+    permissions: Optional[list[str]] = []
 
     # Protected stuff for backend use only
     id_ = db.Column("id", Serial, primary_key=True)
-    roles_: list[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
-    sessions_: list["Session"] = db.relationship(
-        "Session", back_populates="user_", cascade="all, delete, delete-orphan"
-    )
+    roles_: List[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
+    sessions_: List[Session] = db.relationship("Session", back_populates="user_", cascade="all, delete, delete-orphan")
     avatar_: Optional[Image] = db.relationship("Image", cascade="all, delete, delete-orphan", single_parent=True)
-    reset_requests_: list["_PasswordReset"] = db.relationship("_PasswordReset", cascade="all, delete, delete-orphan")
+    reset_requests_: List["_PasswordReset"] = db.relationship("_PasswordReset", cascade="all, delete, delete-orphan")
 
     # Private stuff for internal use
     _avatar_id = db.Column("avatar", Serial, db.ForeignKey("image.id"))
@@ -81,7 +83,7 @@ class User(db.Model, ModelSerializeMixin):
     )
 
     @property
-    def roles(self):
+    def roles(self) -> List[str]:
         return [role.name for role in self.roles_]
 
     def set_attribute(self, name, value):
@@ -110,6 +112,7 @@ class User(db.Model, ModelSerializeMixin):
 
 
 class _UserAttribute(db.Model, ModelSerializeMixin):
+    __allow_unmapped__ = True
     __tablename__ = "user_attribute"
     id = db.Column("id", Serial, primary_key=True)
     user: User = db.Column("user", Serial, db.ForeignKey("user.id"), nullable=False)
@@ -120,6 +123,7 @@ class _UserAttribute(db.Model, ModelSerializeMixin):
 class _PasswordReset(db.Model):
     """Table containing password reset requests"""
 
+    __allow_unmapped__ = True
     __tablename__ = "password_reset"
     _user_id: User = db.Column("user", Serial, db.ForeignKey("user.id"), primary_key=True)
     user: User = db.relationship("User", back_populates="reset_requests_", foreign_keys=[_user_id])

flaschengeist/plugins/__init__.py

@@ -1,133 +1,132 @@
-import sqlalchemy
-import pkg_resources
-from werkzeug.datastructures import FileStorage
-from werkzeug.exceptions import MethodNotAllowed, NotFound
-from flaschengeist.controller import imageController
+"""Flaschengeist Plugins
 
-from flaschengeist.database import db
-from flaschengeist.models.notification import Notification
-from flaschengeist.models.user import _Avatar, User
-from flaschengeist.models.setting import _PluginSetting
+.. include:: docs/plugin_development.md
+
+"""
+
+from typing import Union, List
+from importlib.metadata import entry_points
+from werkzeug.exceptions import NotFound
+from werkzeug.datastructures import FileStorage
+
+from flaschengeist.models.plugin import BasePlugin
+from flaschengeist.models.user import _Avatar, Permission
 from flaschengeist.utils.hook import HookBefore, HookAfter
 
-plugins_installed = HookAfter("plugins.installed")
-"""Hook decorator for when all plugins are installed
-    Possible use case would be to populate the database with some presets.
+__all__ = [
+    "plugins_installed",
+    "plugins_loaded",
+    "before_delete_user",
+    "before_role_updated",
+    "before_update_user",
+    "after_role_updated",
+    "Plugin",
+    "AuthPlugin",
+]
 
-    Args:
-        hook_result: void (kwargs)
+# Documentation hacks, see https://github.com/mitmproxy/pdoc/issues/320
+plugins_installed = HookAfter("plugins.installed")
+plugins_installed.__doc__ = """Hook decorator for when all plugins are installed
+
+Possible use case would be to populate the database with some presets.
 """
+
 plugins_loaded = HookAfter("plugins.loaded")
-"""Hook decorator for when all plugins are loaded
+plugins_loaded.__doc__ = """Hook decorator for when all plugins are loaded
+
 Possible use case would be to check if a specific other plugin is loaded and change own behavior
 
-    Args:
-        app: Current flask app instance (args)
-        hook_result: void (kwargs)
+Passed args:
+    - *app:* Current flask app instance (args)
 """
+
 before_role_updated = HookBefore("update_role")
-"""Hook decorator for when roles are modified
-Args:
-    role: Role object to modify
-    new_name: New name if the name was changed (None if delete)
+before_role_updated.__doc__ = """Hook decorator for when roles are modified
+    
+Passed args:
+    - *role:* `flaschengeist.models.user.Role` to modify
+    - *new_name:* New name if the name was changed (*None* if delete)
 """
+
 after_role_updated = HookAfter("update_role")
-"""Hook decorator for when roles are modified
-Args:
-    role: Role object containing the modified role
-    new_name: New name if the name was changed (None if deleted)
+after_role_updated.__doc__ = """Hook decorator for when roles are modified
+
+Passed args:
+    - *role:* modified `flaschengeist.models.user.Role`
+    - *new_name:* New name if the name was changed (*None* if deleted)
 """
+
 before_update_user = HookBefore("update_user")
-"""Hook decorator, when ever an user update is done, this is called before.
-Args:
-    user: User object
+before_update_user.__doc__ = """Hook decorator, when ever an user update is done, this is called before.
+
+Passed args:
+    - *user:* `flaschengeist.models.user.User` object
 """
+
 before_delete_user = HookBefore("delete_user")
-"""Hook decorator,this is called before an user gets deleted.
-Args:
-    user: User object
+before_delete_user.__doc__ = """Hook decorator,this is called before an user gets deleted.
+
+Passed args:
+    - *user:* `flaschengeist.models.user.User` object
 """
 
 
-class Plugin:
+class Plugin(BasePlugin):
     """Base class for all Plugins
-    If your class uses custom models add a static property called ``models``"""
 
-    blueprint = None  # You have to override
-    """Override with a `flask.blueprint` if the plugin uses custom routes"""
-    permissions = []  # You have to override
-    """Override to add custom permissions used by the plugin
+    All plugins must derived from this class.
 
-    A good style is to name the permissions with a prefix related to the plugin name,
-    to prevent clashes with other plugins. E. g. instead of *delete* use *plugin_delete*.
+    Optional:
+        - *blueprint*: `flask.Blueprint` providing your routes
+        - *permissions*: List of your custom permissions
+        - *models*: Your models, used for API export
     """
-    id = "dev.flaschengeist.plugin"  # You have to override
-    """Override with the unique ID of the plugin (Hint: FQN)"""
-    name = "plugin"  # You have to override
-    """Override with human readable name of the plugin"""
-    models = None  # You have to override
-    """Override with models module"""
-    migrations_path = None  # Override this with the location of your db migrations directory
-    """Override with path to migration files, if custome db tables are used"""
 
-    def __init__(self, config=None):
-        """Constructor called by create_app
-        Args:
-            config: Dict configuration containing the plugin section
-        """
-        self.version = pkg_resources.get_distribution(self.__module__.split(".")[0]).version
+    blueprint = None
+    """Optional `flask.blueprint` if the plugin uses custom routes"""
+
+    models = None
+    """Optional module containing the SQLAlchemy models used by the plugin"""
+
+    @property
+    def version(self) -> str:
+        """Version of the plugin, loaded from Distribution"""
+        return self.dist.version
+
+    @property
+    def dist(self):
+        """Distribution of this plugin"""
+        return self.entry_point.dist
+
+    @property
+    def entry_point(self):
+        ep = tuple(entry_points(group="flaschengeist.plugins", name=self.name))
+        return ep[0]
+
+    def load(self):
+        """__init__ like function that is called when the plugin is initially loaded"""
+        pass
 
     def install(self):
         """Installation routine
 
-        Is always called with Flask application context
+        Also called when updating the plugin, compare `version` and `installed_version`.
+
+        Is always called with Flask application context,
+        it is called after the plugin permissions are installed.
         """
         pass
 
-    def get_setting(self, name: str, **kwargs):
-        """Get plugin setting from database
+    def uninstall(self):
+        """Uninstall routine
 
-        Args:
-            name: string identifying the setting
-            default: Default value
-        Returns:
-            Value stored in database (native python)
-        Raises:
-            `KeyError` if no such setting exists in the database
+        If the plugin has custom database tables, make sure to remove them.
+        This can be either done by downgrading the plugin *head* to the *base*.
+        Or use custom migrations for the uninstall and *stamp* some version.
+
+        Is always called with Flask application context.
         """
-        try:
-            setting = (
-                _PluginSetting.query.filter(_PluginSetting.plugin == self.name)
-                .filter(_PluginSetting.name == name)
-                .one()
-            )
-            return setting.value
-        except sqlalchemy.orm.exc.NoResultFound:
-            if "default" in kwargs:
-                return kwargs["default"]
-            else:
-                raise KeyError
-
-    def set_setting(self, name: str, value):
-        """Save setting in database
-
-        Args:
-            name: String identifying the setting
-            value: Value to be stored
-        """
-        setting = (
-            _PluginSetting.query.filter(_PluginSetting.plugin == self.name)
-            .filter(_PluginSetting.name == name)
-            .one_or_none()
-        )
-        if setting is not None:
-            if value is None:
-                db.session.delete(setting)
-            else:
-                setting.value = value
-        else:
-            db.session.add(_PluginSetting(plugin=self.name, name=name, value=value))
-        db.session.commit()
+        pass
 
     def notify(self, user, text: str, data=None):
         """Create a new notification for an user
@@ -141,11 +140,20 @@ class Plugin:
 
         Hint: use the data for frontend actions.
         """
-        if not user.deleted:
-            n = Notification(text=text, data=data, plugin=self.id, user_=user)
-            db.session.add(n)
-            db.session.commit()
-            return n.id
+        from ..controller import pluginController
+
+        return pluginController.notify(self.id, user, text, data)
+
+    @property
+    def notifications(self) -> List["Notification"]:
+        """Get all notifications for this plugin
+
+        Returns:
+            List of `flaschengeist.models.notification.Notification`
+        """
+        from ..controller import pluginController
+
+        return pluginController.get_notifications(self.id)
 
     def serialize(self):
         """Serialize a plugin into a dict
@@ -155,35 +163,53 @@ class Plugin:
         """
         return {"version": self.version, "permissions": self.permissions}
 
+    def install_permissions(self, permissions: list[str]):
+        """Helper for installing a list of strings as permissions
+
+        Args:
+            permissions: List of permissions to install
+        """
+        cur_perm = set(x for x in self.permissions or [])
+        all_perm = set(permissions)
+
+        new_perms = all_perm - cur_perm
+        _perms = [Permission(name=x, plugin_=self) for x in new_perms]
+        # self.permissions = list(filter(lambda x: x.name in permissions, self.permissions and isinstance(self.permissions, list) or []))
+        self.permissions.extend(_perms)
+
 
 class AuthPlugin(Plugin):
-    def login(self, user, pw):
+    """Base class for all authentification plugins
+
+    See also `Plugin`
+    """
+
+    def login(self, login_name, password) -> Union[bool, str]:
         """Login routine, MUST BE IMPLEMENTED!
 
         Args:
-            user: User class containing at least the uid
-            pw: given password
+            login_name: The name the user entered
+            password: The password the user used to log in
         Returns:
-            Must return False if not found or invalid credentials, True if success
+            Must return False if not found or invalid credentials, otherwise the UID is returned
         """
         raise NotImplemented
 
-    def update_user(self, user):
+    def update_user(self, user: "User"):
         """If backend is using external data, then update this user instance with external data
         Args:
             user: User object
         """
         pass
 
-    def find_user(self, userid, mail=None):
-        """Find an user by userid or mail
+    def user_exists(self, userid) -> bool:
+        """Check if user exists on this backend
         Args:
             userid: Userid to search
-            mail: If set, mail to search
         Returns:
-            None or User
+            True or False
         """
-        return None
+        raise NotImplemented
 
     def modify_user(self, user, password, new_password=None):
         """If backend is using (writeable) external data, then update the external database with the user provided.
@@ -194,11 +220,14 @@ class AuthPlugin(Plugin):
             password: Password (some backends need the current password for changes) if None force edit (admin)
             new_password: If set a password change is requested
         Raises:
-            NotImplemented: If backend does not support this feature (or no password change)
             BadRequest: Logic error, e.g. password is wrong.
             Error: Other errors if backend went mad (are not handled and will result in a 500 error)
         """
-        raise NotImplemented
+        pass
+
+    def can_register(self):
+        """Check if this backend allows to register new users"""
+        return False
 
     def create_user(self, user, password):
         """If backend is using (writeable) external data, then create a new user on the external database.
@@ -208,7 +237,7 @@ class AuthPlugin(Plugin):
             password: string
 
         """
-        raise MethodNotAllowed
+        raise NotImplementedError
 
     def delete_user(self, user):
         """If backend is using (writeable) external data, then delete the user from external database.
@@ -217,9 +246,19 @@ class AuthPlugin(Plugin):
             user: User object
 
         """
-        raise MethodNotAllowed
+        raise NotImplementedError
 
-    def get_avatar(self, user: User) -> _Avatar:
+    def get_modified_time(self, user):
+        """If backend is using external data, then return the timestamp of the last modification
+
+        Args:
+            user: User object
+        Returns:
+            Timestamp of last modification
+        """
+        pass
+
+    def get_avatar(self, user) -> _Avatar:
         """Retrieve avatar for given user (if supported by auth backend)
 
         Default behavior is to use native Image objects,
@@ -233,21 +272,25 @@ class AuthPlugin(Plugin):
         """
         raise NotFound
 
-    def set_avatar(self, user: User, file: FileStorage):
+    def set_avatar(self, user, file: FileStorage):
         """Set the avatar for given user (if supported by auth backend)
 
         Default behavior is to use native Image objects stored on the Flaschengeist server
 
         Args:
             user: User to set the avatar for
-            file: FileStorage object uploaded by the user
+            file: `werkzeug.datastructures.FileStorage` uploaded by the user
         Raises:
             MethodNotAllowed: If not supported by Backend
             Any valid HTTP exception
         """
+        # By default save the image to the avatar,
+        # deleting would happen by unsetting it
+        from ..controller import imageController
+
         user.avatar_ = imageController.upload_image(file)
 
-    def delete_avatar(self, user: User):
+    def delete_avatar(self, user):
         """Delete the avatar for given user (if supported by auth backend)
 
         Default behavior is to use the imageController and native Image objects.

flaschengeist/plugins/auth/__init__.py

@@ -13,8 +13,7 @@ from flaschengeist.controller import sessionController, userController
 
 
 class AuthRoutePlugin(Plugin):
-    name = "auth"
-    blueprint = Blueprint(name, __name__)
+    blueprint = Blueprint("auth", __name__)
 
 
 @AuthRoutePlugin.blueprint.route("/auth", methods=["POST"])
@@ -41,7 +40,7 @@ def login():
     user = userController.login_user(userid, password)
     if not user:
         raise Unauthorized
-    session = sessionController.create(user, user_agent=request.user_agent)
+    session = sessionController.create(user, request_headers=request.headers)
     logger.debug(f"token is {session.token}")
     logger.info(f"User {userid} logged in.")
 
@@ -166,7 +165,7 @@ def get_assocd_user(token, current_session, **kwargs):
 def reset_password():
     data = request.get_json()
     if "userid" in data:
-        user = userController.find_user(data["userid"])
+        user = userController.get_user(data["userid"])
         if user:
             userController.request_reset(user)
     elif "password" in data and "token" in data:

flaschengeist/plugins/auth_ldap/__init__.py

@@ -10,70 +10,73 @@ from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
 from werkzeug.datastructures import FileStorage
 
+from datetime import datetime
+
 from flaschengeist import logger
+from flaschengeist.config import config
 from flaschengeist.controller import userController
-from flaschengeist.models.user import User, Role, _Avatar
+from flaschengeist.models import User, Role
+from flaschengeist.models.user import _Avatar
 from flaschengeist.plugins import AuthPlugin, before_role_updated
 
 
 class AuthLDAP(AuthPlugin):
-    def __init__(self, config):
-        super().__init__()
+    def load(self):
+        self.config = config.get("auth_ldap", None)
+        if self.config is None:
+            logger.error("auth_ldap was not configured in flaschengeist.toml", exc_info=True)
+            raise InternalServerError
         app.config.update(
-            LDAP_SERVER=config.get("host", "localhost"),
-            LDAP_PORT=config.get("port", 389),
-            LDAP_BINDDN=config.get("bind_dn", None),
-            LDAP_SECRET=config.get("secret", None),
-            LDAP_USE_SSL=config.get("use_ssl", False),
+            LDAP_SERVER=self.config.get("host", "localhost"),
+            LDAP_PORT=self.config.get("port", 389),
+            LDAP_BINDDN=self.config.get("bind_dn", None),
+            LDAP_SECRET=self.config.get("secret", None),
+            LDAP_USE_SSL=self.config.get("use_ssl", False),
             # That's not TLS, its dirty StartTLS on unencrypted LDAP
             LDAP_USE_TLS=False,
             LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
             FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
         )
         if "ca_cert" in config:
-            app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
+            app.config["LDAP_CA_CERTS_FILE"] = self.config["ca_cert"]
         else:
             # Default is CERT_REQUIRED
             app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
         self.ldap = LDAPConn(app)
-        self.base_dn = config["base_dn"]
-        self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
-        self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
-        self.password_hash = config.get("password_hash", "SSHA").upper()
-        self.object_classes = config.get("object_classes", ["inetOrgPerson"])
-        self.user_attributes: dict = config.get("user_attributes", {})
-        self.dn_template = config.get("dn_template")
+        self.base_dn = self.config["base_dn"]
+        self.search_dn = self.config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
+        self.group_dn = self.config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
+        self.password_hash = self.config.get("password_hash", "SSHA").upper()
+        self.object_classes = self.config.get("object_classes", ["inetOrgPerson"])
+        self.user_attributes: dict = self.config.get("user_attributes", {})
+        self.dn_template = self.config.get("dn_template")
 
         # TODO: might not be set if modify is called
-        self.root_dn = config.get("root_dn", None)
-        self.root_secret = config.get("root_secret", None)
+        self.root_dn = self.config.get("root_dn", None)
+        self.root_secret = self.config.get("root_secret", None)
 
         @before_role_updated
         def _role_updated(role, new_name):
             logger.debug(f"LDAP: before_role_updated called with ({role}, {new_name})")
             self.__modify_role(role, new_name)
 
-    def login(self, user, password):
-        if not user:
+    def login(self, login_name, password):
+        if not login_name:
             return False
-        return self.ldap.authenticate(user.userid, password, "uid", self.base_dn)
+        return login_name if self.ldap.authenticate(login_name, password, "uid", self.base_dn) else False
 
-    def find_user(self, userid, mail=None):
-        attr = self.__find(userid, mail)
-        if attr is not None:
-            user = User(userid=attr["uid"][0])
-            self.__update(user, attr)
-            return user
+    def user_exists(self, userid) -> bool:
+        attr = self.__find(userid, None)
+        return attr is not None
 
     def update_user(self, user):
         attr = self.__find(user.userid)
         self.__update(user, attr)
 
-    def create_user(self, user, password):
-        if self.root_dn is None:
-            logger.error("root_dn missing in ldap config!")
-            raise InternalServerError
+    def can_register(self):
+        return self.root_dn is not None
 
+    def create_user(self, user, password):
         try:
             ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
             attributes = self.user_attributes.copy()
@@ -125,9 +128,12 @@ class AuthLDAP(AuthPlugin):
     def modify_user(self, user: User, password=None, new_password=None):
         try:
             dn = user.get_attribute("DN")
+            logger.debug(f"LDAP: modify_user for user {user.userid} with dn {dn}")
             if password:
+                logger.debug(f"LDAP: modify_user for user {user.userid} with password")
                 ldap_conn = self.ldap.connect(dn, password)
             else:
+                logger.debug(f"LDAP: modify_user for user {user.userid} with root_dn")
                 if self.root_dn is None:
                     logger.error("root_dn missing in ldap config!")
                     raise InternalServerError
@@ -140,14 +146,31 @@ class AuthLDAP(AuthPlugin):
                 ("display_name", "displayName"),
             ]:
                 if hasattr(user, name):
+                    attribute = getattr(user, name)
+                    if attribute:
                         modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])]
             if new_password:
                 modifier["userPassword"] = [(MODIFY_REPLACE, [self.__hash(new_password)])]
+            if "userPassword" in modifier:
+                logger.debug(f"LDAP: modify_user for user {user.userid} with password change (can't show >modifier<)")
+            else:
+                logger.debug(f"LDAP: modify_user for user {user.userid} with modifier {modifier}")
             ldap_conn.modify(dn, modifier)
             self._set_roles(user)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest
 
+    def get_modified_time(self, user):
+        self.ldap.connection.search(
+            self.search_dn,
+            "(uid={})".format(user.userid),
+            SUBTREE,
+            attributes=["modifyTimestamp"],
+        )
+        r = self.ldap.connection.response[0]["attributes"]
+        modified_time = r["modifyTimestamp"][0]
+        return datetime.strptime(modified_time, "%Y%m%d%H%M%SZ")
+
     def get_avatar(self, user):
         self.ldap.connection.search(
             self.search_dn,
@@ -305,3 +328,5 @@ class AuthLDAP(AuthPlugin):
 
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest
+        except IndexError as e:
+            logger.error("Roles in LDAP", exc_info=True)

flaschengeist/plugins/auth_ldap/cli.py

@@ -1,20 +1,25 @@
 import click
 from flask import current_app
 from flask.cli import with_appcontext
+from werkzeug.exceptions import NotFound
 
 
 @click.command(no_args_is_help=True)
 @click.option("--sync", is_flag=True, default=False, help="Synchronize users from LDAP -> database")
+@click.option("--sync-ldap", is_flag=True, default=False, help="Synchronize users from database -> LDAP")
 @with_appcontext
 @click.pass_context
-def ldap(ctx, sync):
+def ldap(ctx, sync, sync_ldap):
     """Tools for the LDAP authentification"""
-    if sync:
     from flaschengeist.controller import userController
     from flaschengeist.plugins.auth_ldap import AuthLDAP
+    if sync:
+        click.echo("Synchronizing users from LDAP -> database")
         from ldap3 import SUBTREE
+        from flaschengeist.models import User
+        from flaschengeist.database import db
 
-        auth_ldap: AuthLDAP = current_app.config.get("FG_AUTH_BACKEND")
+        auth_ldap: AuthLDAP = current_app.config.get("FG_PLUGINS").get("auth_ldap")
         if auth_ldap is None or not isinstance(auth_ldap, AuthLDAP):
             ctx.fail("auth_ldap plugin not found or not enabled!")
         conn = auth_ldap.ldap.connection
@@ -24,4 +29,19 @@ def ldap(ctx, sync):
         ldap_users_response = conn.response
         for ldap_user in ldap_users_response:
             uid = ldap_user["attributes"]["uid"][0]
-            userController.find_user(uid)
+            try:
+                user = userController.get_user(uid)
+            except NotFound:
+                user = User(userid=uid)
+                db.session.add(user)
+            userController.update_user(user, auth_ldap)
+    if sync_ldap:
+        click.echo("Synchronizing users from database -> LDAP")
+
+        auth_ldap: AuthLDAP = current_app.config.get("FG_PLUGINS").get("auth_ldap")
+        if auth_ldap is None or not isinstance(auth_ldap, AuthLDAP):
+            ctx.fail("auth_ldap plugin not found or not enabled!")
+        users = userController.get_users()
+        for user in users:
+            userController.update_user(user, auth_ldap)
+

flaschengeist/plugins/auth_plain/__init__.py

@@ -7,42 +7,25 @@ import os
 import hashlib
 import binascii
 from werkzeug.exceptions import BadRequest
-from flaschengeist.plugins import AuthPlugin, plugins_installed
-from flaschengeist.models.user import User, Role, Permission
+from flaschengeist.plugins import AuthPlugin
+from flaschengeist.models import User, Role, Permission
 from flaschengeist.database import db
 from flaschengeist import logger
 
 
 class AuthPlain(AuthPlugin):
-    def install(self):
-        plugins_installed(self.post_install)
+    def can_register(self):
+        return True
 
-    def post_install(self, **kwargs):
-        if User.query.filter(User.deleted == False).count() == 0:
-            logger.info("Installing admin user")
-            role = Role.query.filter(Role.name == "Superuser").first()
-            if role is None:
-                role = Role(name="Superuser", permissions=Permission.query.all())
-            admin = User(
-                userid="admin",
-                firstname="Admin",
-                lastname="Admin",
-                mail="",
-                roles_=[role],
+    def login(self, login_name, password):
+        users: list[User] = (
+            User.query.filter((User.userid == login_name) | (User.mail == login_name))
+            .filter(User._attributes.any(name="password"))
+            .all()
         )
-            self.modify_user(admin, None, "admin")
-            db.session.add(admin)
-            db.session.commit()
-            logger.warning(
-                "New administrator user was added, please change the password or remove it before going into"
-                "production mode. Initial credentials:\n"
-                "name: admin\n"
-                "password: admin"
-            )
-
-    def login(self, user: User, password: str):
-        if user.has_attribute("password"):
-            return AuthPlain._verify_password(user.get_attribute("password"), password)
+        for user in users:
+            if AuthPlain._verify_password(user.get_attribute("password"), password):
+                return user.userid
         return False
 
     def modify_user(self, user, password, new_password=None):
@@ -51,6 +34,12 @@ class AuthPlain(AuthPlugin):
         if new_password:
             user.set_attribute("password", AuthPlain._hash_password(new_password))
 
+    def user_exists(self, userid) -> bool:
+        return (
+            db.session.query(User.id_).filter(User.userid == userid, User._attributes.any(name="password")).first()
+            is not None
+        )
+
     def create_user(self, user, password):
         if not user.userid:
             raise BadRequest("userid is missing for new user")
@@ -68,7 +57,7 @@ class AuthPlain(AuthPlugin):
         return (salt + pass_hash).decode("ascii")
 
     @staticmethod
-    def _verify_password(stored_password, provided_password):
+    def _verify_password(stored_password: str, provided_password: str):
         salt = stored_password[:64]
         stored_password = stored_password[64:]
         pass_hash = hashlib.pbkdf2_hmac("sha3-512", provided_password.encode("utf-8"), salt.encode("ascii"), 100000)

flaschengeist/plugins/balance/__init__.py

@@ -3,11 +3,12 @@
 Extends users plugin with balance functions
 """
 
-from flask import Blueprint, current_app
-from werkzeug.local import LocalProxy
+from flask import current_app
 from werkzeug.exceptions import NotFound
+from werkzeug.local import LocalProxy
 
 from flaschengeist import logger
+from flaschengeist.config import config
 from flaschengeist.plugins import Plugin, plugins_loaded, before_update_user
 from flaschengeist.plugins.scheduler import add_scheduled
 
@@ -56,16 +57,16 @@ def service_debit():
 
 
 class BalancePlugin(Plugin):
-    name = "balance"
-    id = "dev.flaschengeist.balance"
-    blueprint = Blueprint(name, __name__)
-    permissions = permissions.permissions
-    plugin: "BalancePlugin" = LocalProxy(lambda: current_app.config["FG_PLUGINS"][BalancePlugin.name])
+    # id = "dev.flaschengeist.balance"
     models = models
 
-    def __init__(self, config):
-        super(BalancePlugin, self).__init__(config)
-        from . import routes
+    def install(self):
+        self.install_permissions(permissions.permissions)
+
+    def load(self):
+        from .routes import blueprint
+
+        self.blueprint = blueprint
 
         @plugins_loaded
         def post_loaded(*args, **kwargs):
@@ -73,7 +74,7 @@ class BalancePlugin(Plugin):
                 add_scheduled(f"{id}.service_debit", service_debit, minutes=1)
 
         @before_update_user
-        def set_default_limit(user):
+        def set_default_limit(user, *args):
             from . import balance_controller
 
             try:
@@ -82,3 +83,7 @@ class BalancePlugin(Plugin):
                 balance_controller.set_limit(user, limit, override=False)
             except KeyError:
                 pass
+
+    @staticmethod
+    def getPlugin() -> LocalProxy["BalancePlugin"]:
+        return LocalProxy(lambda: current_app.config["FG_PLUGINS"]["balance"])

flaschengeist/plugins/balance/balance_controller.py

@@ -3,13 +3,14 @@
 # English: Debit -> from account
 #         Credit -> to account
 from enum import IntEnum
-from sqlalchemy import func, case, and_
+from sqlalchemy import func, case, and_, or_
 from sqlalchemy.ext.hybrid import hybrid_property
 from datetime import datetime
 from werkzeug.exceptions import BadRequest, NotFound, Conflict
 
 from flaschengeist.database import db
 from flaschengeist.models.user import User, _UserAttribute
+from flaschengeist.app import logger
 
 from .models import Transaction
 from . import permissions, BalancePlugin
@@ -20,6 +21,8 @@ __attribute_limit = "balance_limit"
 class NotifyType(IntEnum):
     SEND_TO = 0x01
     SEND_FROM = 0x02
+    ADD_FROM = 0x03
+    SUB_FROM = 0x04
 
 
 def set_limit(user: User, limit: float, override=True):
@@ -33,7 +36,7 @@ def get_limit(user: User) -> float:
 
 
 def get_balance(user, start: datetime = None, end: datetime = None):
-    query = db.session.query(func.sum(Transaction.amount))
+    query = db.session.query(func.sum(Transaction._amount))
     if start:
         query = query.filter(start <= Transaction.time)
     if end:
@@ -44,10 +47,26 @@ def get_balance(user, start: datetime = None, end: datetime = None):
     return credit, debit, credit - debit
 
 
-def get_balances(start: datetime = None, end: datetime = None, limit=None, offset=None, descending=None, sortBy=None):
+def get_balances(
+    start: datetime = None,
+    end: datetime = None,
+    limit=None,
+    offset=None,
+    descending=None,
+    sortBy=None,
+    _filter=None,
+):
+    logger.debug(
+        f"get_balances(start={start}, end={end}, limit={limit}, offset={offset}, descending={descending}, sortBy={sortBy}, _filter={_filter})"
+    )
+
     class _User(User):
         _debit = db.relationship(Transaction, back_populates="sender_", foreign_keys=[Transaction._sender_id])
-        _credit = db.relationship(Transaction, back_populates="receiver_", foreign_keys=[Transaction._receiver_id])
+        _credit = db.relationship(
+            Transaction,
+            back_populates="receiver_",
+            foreign_keys=[Transaction._receiver_id],
+        )
 
         @hybrid_property
         def debit(self):
@@ -56,8 +75,8 @@ def get_balances(start: datetime = None, end: datetime = None, limit=None, offse
         @debit.expression
         def debit(cls):
             a = (
-                db.select(func.sum(Transaction.amount))
-                .where(cls.id_ == Transaction._sender_id, Transaction.amount)
+                db.select(func.sum(Transaction._amount))
+                .where(cls.id_ == Transaction._sender_id, Transaction._amount)
                 .scalar_subquery()
             )
             return case([(a, a)], else_=0)
@@ -69,8 +88,8 @@ def get_balances(start: datetime = None, end: datetime = None, limit=None, offse
         @credit.expression
         def credit(cls):
             b = (
-                db.select(func.sum(Transaction.amount))
-                .where(cls.id_ == Transaction._receiver_id, Transaction.amount)
+                db.select(func.sum(Transaction._amount))
+                .where(cls.id_ == Transaction._receiver_id, Transaction._amount)
                 .scalar_subquery()
             )
             return case([(b, b)], else_=0)
@@ -83,7 +102,12 @@ def get_balances(start: datetime = None, end: datetime = None, limit=None, offse
         def limit(cls):
             return (
                 db.select(_UserAttribute.value)
-                .where(and_(cls.id_ == _UserAttribute.user, _UserAttribute.name == "balance_limit"))
+                .where(
+                    and_(
+                        cls.id_ == _UserAttribute.user,
+                        _UserAttribute.name == "balance_limit",
+                    )
+                )
                 .scalar_subquery()
             )
 
@@ -116,11 +140,27 @@ def get_balances(start: datetime = None, end: datetime = None, limit=None, offse
         q2 = query.join(_User._debit).filter(Transaction.time <= end)
         query = q1.union(q2)
 
+    if _filter:
+        query = query.filter(
+            or_(
+                _User.firstname.ilike(f"%{_filter.lower()}%"),
+                _User.lastname.ilike(f"%{_filter.lower()}%"),
+            )
+        )
+
     if sortBy == "balance":
         if descending:
-            query = query.order_by((_User.credit - _User.debit).desc(), _User.lastname.asc(), _User.firstname.asc())
+            query = query.order_by(
+                (_User.credit - _User.debit).desc(),
+                _User.lastname.asc(),
+                _User.firstname.asc(),
+            )
         else:
-            query = query.order_by((_User.credit - _User.debit).asc(), _User.lastname.asc(), _User.firstname.asc())
+            query = query.order_by(
+                (_User.credit - _User.debit).asc(),
+                _User.lastname.asc(),
+                _User.firstname.asc(),
+            )
     elif sortBy == "limit":
         if descending:
             query = query.order_by(_User.limit.desc(), User.lastname.asc(), User.firstname.asc())
@@ -147,7 +187,6 @@ def get_balances(start: datetime = None, end: datetime = None, limit=None, offse
     all = {}
 
     for user in users:
-
         all[user.userid] = [user.get_credit(start, end), 0]
         all[user.userid][1] = user.get_debit(start, end)
 
@@ -167,6 +206,7 @@ def send(sender: User, receiver, amount: float, author: User):
     Raises:
         BadRequest if amount <= 0
     """
+    logger.debug(f"send(sender={sender}, receiver={receiver}, amount={amount}, author={author})")
     if amount <= 0:
         raise BadRequest
 
@@ -180,7 +220,8 @@ def send(sender: User, receiver, amount: float, author: User):
     db.session.add(transaction)
     db.session.commit()
     if sender is not None and sender.id_ != author.id_:
-        BalancePlugin.plugin.notify(
+        if receiver is not None:
+            BalancePlugin.getPlugin().notify(
                 sender,
                 "Neue Transaktion",
                 {
@@ -190,9 +231,36 @@ def send(sender: User, receiver, amount: float, author: User):
                     "amount": amount,
                 },
             )
+        else:
+            BalancePlugin.getPlugin().notify(
+                sender,
+                "Neue Transaktion",
+                {
+                    "type": NotifyType.SUB_FROM,
+                    "author_id": author.userid,
+                    "amount": amount,
+                },
+            )
     if receiver is not None and receiver.id_ != author.id_:
-        BalancePlugin.plugin.notify(
-            receiver, "Neue Transaktion", {"type": NotifyType.SEND_TO, "sender_id": sender.userid, "amount": amount}
+        if sender is not None:
+            BalancePlugin.getPlugin().notify(
+                receiver,
+                "Neue Transaktion",
+                {
+                    "type": NotifyType.SEND_TO,
+                    "sender_id": sender.userid,
+                    "amount": amount,
+                },
+            )
+        else:
+            BalancePlugin.getPlugin().notify(
+                receiver,
+                "Neue Transaktion",
+                {
+                    "type": NotifyType.ADD_FROM,
+                    "author_id": author.userid,
+                    "amount": amount,
+                },
             )
     return transaction
 

flaschengeist/plugins/balance/migrations/98f2733bbe45_balance_initial.py

@@ -0,0 +1,47 @@
+"""balance: initial
+
+Revision ID: 98f2733bbe45
+Revises: 
+Create Date: 2022-02-23 14:41:03.089145
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import flaschengeist
+
+
+# revision identifiers, used by Alembic.
+revision = "98f2733bbe45"
+down_revision = None
+branch_labels = ("balance",)
+depends_on = "flaschengeist"
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "balance_transaction",
+        sa.Column("receiver_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("sender_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("author_id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("time", flaschengeist.models.UtcDateTime(), nullable=False),
+        sa.Column("amount", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=False),
+        sa.Column("reversal_id", flaschengeist.models.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["author_id"], ["user.id"], name=op.f("fk_balance_transaction_author_id_user")),
+        sa.ForeignKeyConstraint(["receiver_id"], ["user.id"], name=op.f("fk_balance_transaction_receiver_id_user")),
+        sa.ForeignKeyConstraint(
+            ["reversal_id"],
+            ["balance_transaction.id"],
+            name=op.f("fk_balance_transaction_reversal_id_balance_transaction"),
+        ),
+        sa.ForeignKeyConstraint(["sender_id"], ["user.id"], name=op.f("fk_balance_transaction_sender_id_user")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_balance_transaction")),
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table("balance_transaction")
+    # ### end Alembic commands ###

flaschengeist/plugins/balance/models.py

@@ -1,15 +1,16 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
-
 from datetime import datetime
 from typing import Optional
 from sqlalchemy.ext.hybrid import hybrid_property
+from math import floor
 
+from flaschengeist import logger
 from flaschengeist.database import db
 from flaschengeist.models.user import User
 from flaschengeist.models import ModelSerializeMixin, UtcDateTime, Serial
 
 
 class Transaction(db.Model, ModelSerializeMixin):
+    __allow_unmapped__ = True
     __tablename__ = "balance_transaction"
     # Protected foreign key properties
     _receiver_id = db.Column("receiver_id", Serial, db.ForeignKey("user.id"))
@@ -19,8 +20,9 @@ class Transaction(db.Model, ModelSerializeMixin):
     # Public and exported member
     id: int = db.Column("id", Serial, primary_key=True)
     time: datetime = db.Column(UtcDateTime, nullable=False, default=UtcDateTime.current_utc)
-    amount: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
+    _amount: float = db.Column("amount", db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
     reversal_id: Optional[int] = db.Column(Serial, db.ForeignKey("balance_transaction.id"))
+    amount: float
 
     # Dummy properties used for JSON serialization (userid instead of full user)
     author_id: Optional[str] = None
@@ -57,3 +59,14 @@ class Transaction(db.Model, ModelSerializeMixin):
     @property
     def original_id(self):
         return self.original_.id if self.original_ else None
+
+    @property
+    def amount(self):
+        return self._amount
+
+    @amount.setter
+    def amount(self, value):
+        self._amount = floor(value * 100) / 100
+
+    def __repr__(self):
+        return f"<Transaction {self.id} {self.amount} {self.time} {self.sender_id} {self.receiver_id} {self.author_id}>"

flaschengeist/plugins/balance/routes.py

@@ -1,12 +1,14 @@
 from datetime import datetime, timezone
+from logging import log
 from werkzeug.exceptions import Forbidden, BadRequest
-from flask import request, jsonify
+from flask import Blueprint, request, jsonify
 
 from flaschengeist.utils import HTTP
 from flaschengeist.models.session import Session
 from flaschengeist.utils.datetime import from_iso_format
 from flaschengeist.utils.decorators import login_required
 from flaschengeist.controller import userController
+from flaschengeist.app import logger
 from . import BalancePlugin, balance_controller, permissions
 
 
@@ -18,7 +20,10 @@ def str2bool(string: str):
     raise ValueError
 
 
-@BalancePlugin.blueprint.route("/users/<userid>/balance/shortcuts", methods=["GET", "PUT"])
+blueprint = Blueprint("balance", __package__)
+
+
+@blueprint.route("/users/<userid>/balance/shortcuts", methods=["GET", "PUT"])
 @login_required()
 def get_shortcuts(userid, current_session: Session):
     """Get balance shortcuts of an user
@@ -50,7 +55,7 @@ def get_shortcuts(userid, current_session: Session):
         return HTTP.no_content()
 
 
-@BalancePlugin.blueprint.route("/users/<userid>/balance/limit", methods=["GET"])
+@blueprint.route("/users/<userid>/balance/limit", methods=["GET"])
 @login_required()
 def get_limit(userid, current_session: Session):
     """Get limit of an user
@@ -73,7 +78,7 @@ def get_limit(userid, current_session: Session):
     return {"limit": balance_controller.get_limit(user)}
 
 
-@BalancePlugin.blueprint.route("/users/<userid>/balance/limit", methods=["PUT"])
+@blueprint.route("/users/<userid>/balance/limit", methods=["PUT"])
 @login_required(permissions.SET_LIMIT)
 def set_limit(userid, current_session: Session):
     """Set the limit of an user
@@ -99,7 +104,7 @@ def set_limit(userid, current_session: Session):
     return HTTP.no_content()
 
 
-@BalancePlugin.blueprint.route("/users/balance/limit", methods=["GET", "PUT"])
+@blueprint.route("/users/balance/limit", methods=["GET", "PUT"])
 @login_required(permission=permissions.SET_LIMIT)
 def limits(current_session: Session):
     """Get, Modify limit of all users
@@ -124,14 +129,14 @@ def limits(current_session: Session):
     return HTTP.no_content()
 
 
-@BalancePlugin.blueprint.route("/users/<userid>/balance", methods=["GET"])
+@blueprint.route("/users/<userid>/balance", methods=["GET"])
 @login_required(permission=permissions.SHOW)
 def get_balance(userid, current_session: Session):
     """Get balance of user, optionally filtered
 
     Route: ``/users/<userid>/balance`` | Method: ``GET``
 
-    GET-parameters: ```{from?: string, to?: string}```
+    GET-parameters: ``{from?: string, to?: string}``
 
     Args:
         userid: Userid of user to get balance from
@@ -159,10 +164,11 @@ def get_balance(userid, current_session: Session):
         end = datetime.now(tz=timezone.utc)
 
     balance = balance_controller.get_balance(user, start, end)
+    logger.debug(f"Balance of {user.userid} from {start} to {end}: {balance}")
     return {"credit": balance[0], "debit": balance[1], "balance": balance[2]}
 
 
-@BalancePlugin.blueprint.route("/users/<userid>/balance/transactions", methods=["GET"])
+@blueprint.route("/users/<userid>/balance/transactions", methods=["GET"])
 @login_required(permission=permissions.SHOW)
 def get_transactions(userid, current_session: Session):
     """Get transactions of user, optionally filtered
@@ -170,7 +176,7 @@ def get_transactions(userid, current_session: Session):
 
     Route: ``/users/<userid>/balance/transactions`` | Method: ``GET``
 
-    GET-parameters: ```{from?: string, to?: string, limit?: int, offset?: int}```
+    GET-parameters: ``{from?: string, to?: string, limit?: int, offset?: int}``
 
     Args:
         userid: Userid of user to get transactions from
@@ -220,10 +226,11 @@ def get_transactions(userid, current_session: Session):
         show_cancelled=show_cancelled,
         descending=descending,
     )
+    logger.debug(f"transactions: {transactions}")
     return {"transactions": transactions, "count": count}
 
 
-@BalancePlugin.blueprint.route("/users/<userid>/balance", methods=["PUT"])
+@blueprint.route("/users/<userid>/balance", methods=["PUT"])
 @login_required()
 def change_balance(userid, current_session: Session):
     """Change balance of an user
@@ -272,7 +279,7 @@ def change_balance(userid, current_session: Session):
     raise Forbidden
 
 
-@BalancePlugin.blueprint.route("/balance/<int:transaction_id>", methods=["DELETE"])
+@blueprint.route("/balance/<int:transaction_id>", methods=["DELETE"])
 @login_required()
 def reverse_transaction(transaction_id, current_session: Session):
     """Reverse a transaction
@@ -297,7 +304,7 @@ def reverse_transaction(transaction_id, current_session: Session):
     raise Forbidden
 
 
-@BalancePlugin.blueprint.route("/balance", methods=["GET"])
+@blueprint.route("/balance", methods=["GET"])
 @login_required(permission=permissions.SHOW_OTHER)
 def get_balances(current_session: Session):
     """Get all balances
@@ -314,7 +321,15 @@ def get_balances(current_session: Session):
     offset = request.args.get("offset", type=int)
     descending = request.args.get("descending", False, type=bool)
     sortBy = request.args.get("sortBy", type=str)
-    balances, count = balance_controller.get_balances(limit=limit, offset=offset, descending=descending, sortBy=sortBy)
+    _filter = request.args.get("filter", None, type=str)
+    logger.debug(f"request.args: {request.args}")
+    balances, count = balance_controller.get_balances(
+        limit=limit,
+        offset=offset,
+        descending=descending,
+        sortBy=sortBy,
+        _filter=_filter,
+    )
     return jsonify(
         {
             "balances": [{"userid": u, "credit": v[0], "debit": v[1]} for u, v in balances.items()],

flaschengeist/plugins/message_mail.py

@@ -1,31 +1,37 @@
 import smtplib
 from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
+from werkzeug.exceptions import InternalServerError
 
 from flaschengeist import logger
-from flaschengeist.models.user import User
+from flaschengeist.models import User
+from flaschengeist.plugins import Plugin
 from flaschengeist.utils.hook import HookAfter
 from flaschengeist.controller import userController
 from flaschengeist.controller.messageController import Message
-
-from . import Plugin
+from flaschengeist.config import config
 
 
 class MailMessagePlugin(Plugin):
-    def __init__(self, config):
-        super().__init__()
-        self.server = config["SERVER"]
-        self.port = config["PORT"]
-        self.user = config["USER"]
-        self.password = config["PASSWORD"]
-        self.crypt = config["CRYPT"]
-        self.mail = config["MAIL"]
+    def load(self):
+        self.config = config.get("mail", None)
+        if self.config is None:
+            logger.error("mail was not configured in flaschengeist.toml")
+            raise InternalServerError
+        self.server = self.config["SERVER"]
+        self.port = self.config["PORT"]
+        self.user = self.config["USER"]
+        self.password = self.config["PASSWORD"]
+        self.crypt = self.config["CRYPT"]
+        self.mail = self.config["MAIL"]
 
         @HookAfter("send_message")
-        def dummy_send(msg):
+        def dummy_send(msg, *args, **kwargs):
+            logger.info(f"(dummy_send) Sending message to {msg.receiver}")
             self.send_mail(msg)
 
     def send_mail(self, msg: Message):
+        logger.debug(f"Sending mail to {msg.receiver} with subject {msg.subject}")
         if isinstance(msg.receiver, User):
             if not msg.receiver.mail:
                 logger.warning("Could not send Mail, mail missing: {}".format(msg.receiver))
@@ -39,9 +45,8 @@ class MailMessagePlugin(Plugin):
         mail["To"] = ", ".join(recipients)
         mail["Subject"] = msg.subject
         mail.attach(MIMEText(msg.message))
-        if not hasattr(self, "smtp"):
-            self.__connect()
-        self.smtp.sendmail(self.mail, recipients, mail.as_string())
+        with self.__connect() as smtp:
+            smtp.sendmail(self.mail, recipients, mail.as_string())
 
     def __connect(self):
         if self.crypt == "SSL":
@@ -52,3 +57,4 @@ class MailMessagePlugin(Plugin):
         else:
             raise ValueError("Invalid CRYPT given")
         self.smtp.login(self.user, self.password)
+        return self.smtp

flaschengeist/plugins/pricelist/__init__.py

@@ -1,14 +1,12 @@
 """Pricelist plugin"""
-
-from flask import Blueprint, jsonify, request, current_app
-from werkzeug.local import LocalProxy
+from flask import Blueprint, jsonify, request
 from werkzeug.exceptions import BadRequest, Forbidden, NotFound, Unauthorized
 
 from flaschengeist import logger
 from flaschengeist.controller import userController
 from flaschengeist.controller.imageController import send_image, send_thumbnail
 from flaschengeist.plugins import Plugin
-from flaschengeist.utils.decorators import login_required, extract_session, headers
+from flaschengeist.utils.decorators import login_required, extract_session
 from flaschengeist.utils.HTTP import no_content
 
 from . import models
@@ -16,16 +14,15 @@ from . import pricelist_controller, permissions
 
 
 class PriceListPlugin(Plugin):
-    name = "pricelist"
-    permissions = permissions.permissions
-    blueprint = Blueprint(name, __name__, url_prefix="/pricelist")
-    plugin = LocalProxy(lambda: current_app.config["FG_PLUGINS"][PriceListPlugin.name])
     models = models
+    blueprint = Blueprint("pricelist", __name__, url_prefix="/pricelist")
 
-    def __init__(self, cfg):
-        super().__init__(cfg)
+    def install(self):
+        self.install_permissions(permissions.permissions)
+
+    def load(self):
         config = {"discount": 0}
-        config.update(cfg)
+        config.update(config)
 
 
 @PriceListPlugin.blueprint.route("/drink-types", methods=["GET"])

flaschengeist/plugins/pricelist/migrations/58ab9b6a8839_pricelist_initial.py

@@ -0,0 +1,141 @@
+"""pricelist: initial
+
+Revision ID: 58ab9b6a8839
+Revises: 
+Create Date: 2022-02-23 14:45:30.563647
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import flaschengeist
+
+
+# revision identifiers, used by Alembic.
+revision = "58ab9b6a8839"
+down_revision = None
+branch_labels = ("pricelist",)
+depends_on = "flaschengeist"
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "drink_extra_ingredient",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("name", sa.String(length=30), nullable=False),
+        sa.Column("price", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_extra_ingredient")),
+        sa.UniqueConstraint("name", name=op.f("uq_drink_extra_ingredient_name")),
+    )
+    op.create_table(
+        "drink_tag",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("name", sa.String(length=30), nullable=False),
+        sa.Column("color", sa.String(length=7), nullable=False),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_tag")),
+        sa.UniqueConstraint("name", name=op.f("uq_drink_tag_name")),
+    )
+    op.create_table(
+        "drink_type",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("name", sa.String(length=30), nullable=False),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_type")),
+        sa.UniqueConstraint("name", name=op.f("uq_drink_type_name")),
+    )
+    op.create_table(
+        "drink",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("article_id", sa.String(length=64), nullable=True),
+        sa.Column("package_size", sa.Integer(), nullable=True),
+        sa.Column("name", sa.String(length=60), nullable=False),
+        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
+        sa.Column("cost_per_volume", sa.Numeric(precision=5, scale=3, asdecimal=False), nullable=True),
+        sa.Column("cost_per_package", sa.Numeric(precision=5, scale=3, asdecimal=False), nullable=True),
+        sa.Column("receipt", sa.PickleType(), nullable=True),
+        sa.Column("type_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("image_id", flaschengeist.models.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["image_id"], ["image.id"], name=op.f("fk_drink_image_id_image")),
+        sa.ForeignKeyConstraint(["type_id"], ["drink_type.id"], name=op.f("fk_drink_type_id_drink_type")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink")),
+    )
+    op.create_table(
+        "drink_ingredient",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=False),
+        sa.Column("ingredient_id", flaschengeist.models.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["ingredient_id"], ["drink.id"], name=op.f("fk_drink_ingredient_ingredient_id_drink")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_ingredient")),
+    )
+    op.create_table(
+        "drink_price_volume",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
+        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_price_volume_drink_id_drink")),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_price_volume")),
+    )
+    op.create_table(
+        "drink_x_tag",
+        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("tag_id", flaschengeist.models.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_x_tag_drink_id_drink")),
+        sa.ForeignKeyConstraint(["tag_id"], ["drink_tag.id"], name=op.f("fk_drink_x_tag_tag_id_drink_tag")),
+    )
+    op.create_table(
+        "drink_x_type",
+        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("type_id", flaschengeist.models.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_x_type_drink_id_drink")),
+        sa.ForeignKeyConstraint(["type_id"], ["drink_type.id"], name=op.f("fk_drink_x_type_type_id_drink_type")),
+    )
+    op.create_table(
+        "drink_ingredient_association",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("volume_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("_drink_ingredient_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("_extra_ingredient_id", flaschengeist.models.Serial(), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["_drink_ingredient_id"],
+            ["drink_ingredient.id"],
+            name=op.f("fk_drink_ingredient_association__drink_ingredient_id_drink_ingredient"),
+        ),
+        sa.ForeignKeyConstraint(
+            ["_extra_ingredient_id"],
+            ["drink_extra_ingredient.id"],
+            name=op.f("fk_drink_ingredient_association__extra_ingredient_id_drink_extra_ingredient"),
+        ),
+        sa.ForeignKeyConstraint(
+            ["volume_id"],
+            ["drink_price_volume.id"],
+            name=op.f("fk_drink_ingredient_association_volume_id_drink_price_volume"),
+        ),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_ingredient_association")),
+    )
+    op.create_table(
+        "drink_price",
+        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
+        sa.Column("price", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
+        sa.Column("volume_id", flaschengeist.models.Serial(), nullable=True),
+        sa.Column("public", sa.Boolean(), nullable=True),
+        sa.Column("description", sa.String(length=30), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["volume_id"], ["drink_price_volume.id"], name=op.f("fk_drink_price_volume_id_drink_price_volume")
+        ),
+        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_price")),
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table("drink_price")
+    op.drop_table("drink_ingredient_association")
+    op.drop_table("drink_x_type")
+    op.drop_table("drink_x_tag")
+    op.drop_table("drink_price_volume")
+    op.drop_table("drink_ingredient")
+    op.drop_table("drink")
+    op.drop_table("drink_type")
+    op.drop_table("drink_tag")
+    op.drop_table("drink_extra_ingredient")
+    # ### end Alembic commands ###

flaschengeist/plugins/pricelist/models.py

@@ -1,11 +1,12 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
-
-from flaschengeist.database import db
-from flaschengeist.models import ModelSerializeMixin, Serial
-from flaschengeist.models.image import Image
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 
 from typing import Optional
 
+from flaschengeist.database import db
+from flaschengeist.database.types import ModelSerializeMixin, Serial
+from flaschengeist.models import Image
+
+
 drink_tag_association = db.Table(
     "drink_x_tag",
     db.Column("drink_id", Serial, db.ForeignKey("drink.id")),

flaschengeist/plugins/roles/__init__.py

@@ -5,20 +5,20 @@ Provides routes used to configure roles and permissions of users / roles.
 
 from werkzeug.exceptions import BadRequest
 from flask import Blueprint, request, jsonify
-from http.client import NO_CONTENT
 
 from flaschengeist.plugins import Plugin
-from flaschengeist.utils.decorators import login_required
 from flaschengeist.controller import roleController
 from flaschengeist.utils.HTTP import created, no_content
+from flaschengeist.utils.decorators import login_required
 
 from . import permissions
 
 
 class RolesPlugin(Plugin):
-    name = "roles"
-    blueprint = Blueprint(name, __name__)
-    permissions = permissions.permissions
+    blueprint = Blueprint("roles", __name__)
+
+    def install(self):
+        self.install_permissions(permissions.permissions)
 
 
 @RolesPlugin.blueprint.route("/roles", methods=["GET"])

flaschengeist/plugins/scheduler.py

@@ -1,12 +1,11 @@
-import pkg_resources
-from datetime import datetime, timedelta
 from flask import Blueprint
+from datetime import datetime, timedelta
 
 from flaschengeist import logger
+from flaschengeist.config import config
+from flaschengeist.plugins import Plugin
 from flaschengeist.utils.HTTP import no_content
 
-from . import Plugin
-
 
 class __Task:
     def __init__(self, function, **kwags):
@@ -40,16 +39,9 @@ def scheduled(id: str, replace=False, **kwargs):
 
 
 class SchedulerPlugin(Plugin):
-    id = "dev.flaschengeist.scheduler"
-    name = "scheduler"
-    blueprint = Blueprint(name, __name__)
-
-    def __init__(self, config=None):
-        """Constructor called by create_app
-        Args:
-            config: Dict configuration containing the plugin section
-        """
+    blueprint = Blueprint("scheduler", __name__)
 
+    def load(self):
         def __view_func():
             self.run_tasks()
             return no_content()
@@ -60,15 +52,18 @@ class SchedulerPlugin(Plugin):
             except:
                 logger.error("Error while executing scheduled tasks!", exc_info=True)
 
-        self.version = pkg_resources.get_distribution(self.__module__.split(".")[0]).version
-        cron = None if config is None else config.get("cron", "passive_web").lower()
+        cron = config.get("scheduler", {}).get("cron", "passive_web").lower()
 
-        if cron is None or cron == "passive_web":
+        if cron == "passive_web":
             self.blueprint.teardown_app_request(__passiv_func)
         elif cron == "active_web":
             self.blueprint.add_url_rule("/cron", view_func=__view_func)
 
     def run_tasks(self):
+        from ..database import db
+
+        self = db.session.merge(self)
+
         changed = False
         now = datetime.now()
         status = self.get_setting("status", default=dict())

flaschengeist/plugins/users/__init__.py

@@ -2,15 +2,16 @@
 
 Provides routes used to manage users
 """
-from http.client import NO_CONTENT, CREATED
-from flask import Blueprint, request, jsonify, make_response
-from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound
+from http.client import CREATED
+from flask import Blueprint, request, jsonify, make_response, after_this_request, Response
+from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed
+from datetime import datetime
 
 from . import permissions
 from flaschengeist import logger
 from flaschengeist.config import config
 from flaschengeist.plugins import Plugin
-from flaschengeist.models.user import User
+from flaschengeist.models import User
 from flaschengeist.utils.decorators import login_required, extract_session, headers
 from flaschengeist.controller import userController
 from flaschengeist.utils.HTTP import created, no_content
@@ -18,9 +19,10 @@ from flaschengeist.utils.datetime import from_iso_format
 
 
 class UsersPlugin(Plugin):
-    name = "users"
-    blueprint = Blueprint(name, __name__)
-    permissions = permissions.permissions
+    blueprint = Blueprint("users", __name__)
+
+    def install(self):
+        self.install_permissions(permissions.permissions)
 
 
 @UsersPlugin.blueprint.route("/users", methods=["POST"])
@@ -117,10 +119,13 @@ def frontend(userid, current_session):
 
 
 @UsersPlugin.blueprint.route("/users/<userid>/avatar", methods=["GET"])
-@headers({"Cache-Control": "public, max-age=604800"})
+@headers({"Cache-Control": "public, must-revalidate, max-age=10"})
 def get_avatar(userid):
+    etag = None
+    if "If-None-Match" in request.headers:
+        etag = request.headers["If-None-Match"]
     user = userController.get_user(userid)
-    return userController.load_avatar(user)
+    return userController.load_avatar(user, etag)
 
 
 @UsersPlugin.blueprint.route("/users/<userid>/avatar", methods=["POST"])
@@ -217,7 +222,9 @@ def edit_user(userid, current_session):
             userController.set_roles(user, roles)
 
     userController.modify_user(user, password, new_password)
-    userController.update_user(user)
+    userController.update_user(
+        user,
+    )
     return no_content()
 
 

flaschengeist/plugins/users/cli.py

@@ -1,6 +1,10 @@
 import click
+import sqlalchemy.exc
 from flask.cli import with_appcontext
-from werkzeug.exceptions import BadRequest, Conflict, NotFound
+from werkzeug.exceptions import NotFound
+
+from flaschengeist import logger
+from flaschengeist.database import db
 from flaschengeist.controller import roleController, userController
 
 
@@ -28,23 +32,60 @@ def user(ctx, param, value):
 
 
 @click.command()
-@click.option("--add-role", help="Add new role", type=str)
-@click.option("--set-admin", help="Make a role an admin role, adding all permissions", type=str)
-@click.option("--add-user", help="Add new user interactivly", callback=user, is_flag=True, expose_value=False)
+@click.option("--create", help="Add new role", is_flag=True)
+@click.option("--delete", help="Delete role", is_flag=True)
+@click.option("--set-admin", is_flag=True, help="Make a role an admin role, adding all permissions", type=str)
+@click.argument("role", nargs=-1, required=True, type=str)
+def role(create, delete, set_admin, role):
+    """Manage roles"""
+    ctx = click.get_current_context()
+
+    if (create and delete) or (set_admin and delete):
+        ctx.fail("Do not mix --delete with --create or --set-admin")
+
+    for role_name in role:
+        if create:
+            r = roleController.create_role(role_name)
+        else:
+            r = roleController.get(role_name)
+        if delete:
+            roleController.delete(r)
+        if set_admin:
+            r.permissions = roleController.get_permissions()
+            db.session.commit()
+
+
+@click.command()
+@click.option("--add-role", help="Add a role to an user", type=str)
+@click.option("--create", help="Create new user interactivly", callback=user, is_flag=True, expose_value=False)
+@click.option("--delete", help="Delete a user", is_flag=True)
+@click.argument("user", nargs=-1, type=str)
 @with_appcontext
-def users(add_role, set_admin):
+def user(add_role, delete, user):
+    """Manage users"""
     from flaschengeist.database import db
 
     ctx = click.get_current_context()
 
     try:
-        if add_role:
-            roleController.create_role(add_role)
-        if set_admin:
-            role = roleController.get(set_admin)
-            role.permissions = roleController.get_permissions()
-            db.session.commit()
         if USER_KEY in ctx.meta:
             userController.register(ctx.meta[USER_KEY], ctx.meta[USER_KEY]["password"])
-    except (BadRequest, NotFound) as e:
-        ctx.fail(e.description)
+        else:
+            if not isinstance(user, list) or not isinstance(user, tuple):
+                user = [user]
+            for uid in user:
+                logger.debug(f"Userid: {uid}")
+                user = userController.get_user(uid)
+                logger.debug(f"User: {user}")
+                if delete:
+                    logger.debug(f"Deleting user {user}")
+                    userController.delete_user(user)
+                elif add_role:
+                    logger.debug(f"Adding role {add_role} to user {user}")
+                    role = roleController.get(add_role)
+                    logger.debug(f"Role: {role}")
+                    user.roles_.append(role)
+                    userController.modify_user(user, None)
+                    db.session.commit()
+    except NotFound:
+        ctx.fail(f"User not found {uid}")

flaschengeist/utils/decorators.py

@@ -14,7 +14,7 @@ def extract_session(permission=None):
         logger.debug("Missing Authorization header or ill-formed")
         raise Unauthorized
 
-    session = sessionController.validate_token(token, request.user_agent, permission)
+    session = sessionController.validate_token(token, request.headers, permission)
     return session
 
 

flaschengeist/utils/foreign_keys.py

@@ -1,51 +0,0 @@
-# Borrowed from https://github.com/kvesteri/sqlalchemy-utils
-# Modifications see: https://github.com/kvesteri/sqlalchemy-utils/issues/561
-# LICENSED under the BSD license, see upstream https://github.com/kvesteri/sqlalchemy-utils/blob/master/LICENSE
-
-import sqlalchemy as sa
-from sqlalchemy.orm import object_session
-
-
-def get_foreign_key_values(fk, obj):
-    mapper = sa.inspect(obj.__class__)
-    return dict(
-        (
-            fk.constraint.columns.values()[index],
-            getattr(obj, element.column.key)
-            if hasattr(obj, element.column.key)
-            else getattr(obj, mapper.get_property_by_column(element.column).key),
-        )
-        for index, element in enumerate(fk.constraint.elements)
-    )
-
-
-def get_referencing_foreign_keys(mixed):
-    tables = [mixed]
-    referencing_foreign_keys = set()
-
-    for table in mixed.metadata.tables.values():
-        if table not in tables:
-            for constraint in table.constraints:
-                if isinstance(constraint, sa.sql.schema.ForeignKeyConstraint):
-                    for fk in constraint.elements:
-                        if any(fk.references(t) for t in tables):
-                            referencing_foreign_keys.add(fk)
-    return referencing_foreign_keys
-
-
-def merge_references(from_, to, foreign_keys=None):
-    """
-    Merge the references of an entity into another entity.
-    """
-    if from_.__tablename__ != to.__tablename__:
-        raise TypeError("The tables of given arguments do not match.")
-
-    session = object_session(from_)
-    foreign_keys = get_referencing_foreign_keys(from_.__table__)
-
-    for fk in foreign_keys:
-        old_values = get_foreign_key_values(fk, from_)
-        new_values = get_foreign_key_values(fk, to)
-        session.query(from_.__mapper__).filter(*[k == old_values[k] for k in old_values]).update(
-            new_values, synchronize_session=False
-        )

flaschengeist/utils/hook.py

@@ -7,6 +7,7 @@ _hooks_after = {}
 
 def Hook(function=None, id=None):
     """Hook decorator
+
     Use to decorate functions as hooks, so plugins can hook up their custom functions.
     """
     # `id` passed as `arg` not `kwarg`
@@ -38,8 +39,10 @@ def Hook(function=None, id=None):
 
 def HookBefore(id: str):
     """Decorator for functions to be called before a Hook-Function is called
+
     The hooked up function must accept the same arguments as the function hooked onto,
     as the functions are called with the same arguments.
+
     Hint: This enables you to modify the arguments!
     """
     if not id or not isinstance(id, str):
@@ -54,9 +57,18 @@ def HookBefore(id: str):
 
 def HookAfter(id: str):
     """Decorator for functions to be called after a Hook-Function is called
+
     As with the HookBefore, the hooked up function must accept the same
     arguments as the function hooked onto, but also receives a
     `hook_result` kwarg containing the result of the function.
+
+    Example:
+        ```py
+        @HookAfter("some.id")
+        def my_func(hook_result):
+            # This function is executed after the function registered with "some.id"
+            print(hook_result)  # This is the result of the function
+        ```
     """
 
     if not id or not isinstance(id, str):

pyproject.toml

@@ -1,3 +1,6 @@
 [build-system]
 requires = ["setuptools", "wheel"]
 build-backend = "setuptools.build_meta"
+
+[tool.black]
+line-length = 120

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 license = MIT
-version = 2.0.0.dev0
+version = 2.0.0
 name = flaschengeist
 author = Tim Gröger
 author_email = flaschengeist@wu5.de
@@ -19,33 +19,42 @@ classifiers =
 
 [options]
 include_package_data = True
-python_requires = >=3.7
+python_requires = >=3.10
 packages = find:
 install_requires =
-    Flask >= 2.0
-    Pillow>=8.4.0
+    #Flask>=2.2.2, <2.3
+    Flask>=2.2.2, <2.9
+    Pillow>=9.2
     flask_cors
-    flask_sqlalchemy>=2.5
-    sqlalchemy>=1.4.26
+    flask_migrate>=3.1.0
+    flask_sqlalchemy>=2.5.1
+    sqlalchemy_utils>=0.38.3
+    # Importlib requirement can be dropped when python requirement is >= 3.10
+    importlib_metadata>=4.3
+    #sqlalchemy>=1.4.40, <2.0
+    sqlalchemy >= 2.0
     toml
-    werkzeug
-    PyMySQL;platform_system=='Windows'
-    mysqlclient;platform_system!='Windows'
+    werkzeug>=2.2.2
+    ua-parser>=0.16.1
 
 [options.extras_require]
 argon = argon2-cffi
 ldap = flask_ldapconn; ldap3
-test = pytest; coverage
+tests = pytest; pytest-depends; coverage
+mysql =
+    PyMySQL;platform_system=='Windows'
+    mysqlclient;platform_system!='Windows'
 
 [options.package_data]
-* = *.toml
+* = *.toml, script.py.mako, *.ini, */migrations/*, migrations/versions/*
 
 [options.entry_points]
 console_scripts =
-    flaschengeist = flaschengeist.cli:cli
+    flaschengeist = flaschengeist.cli:main
 flask.commands =
     ldap = flaschengeist.plugins.auth_ldap.cli:ldap
-    users = flaschengeist.plugins.users.cli:users
+    user = flaschengeist.plugins.users.cli:user
+    role = flaschengeist.plugins.users.cli:role
 flaschengeist.plugins =
     # Authentication providers
     auth_plain = flaschengeist.plugins.auth_plain:AuthPlain

tests/conftest.py

@@ -3,8 +3,7 @@ import tempfile
 import pytest
 
 from flaschengeist import database
-from flaschengeist.app import create_app, install_all
-
+from flaschengeist.app import create_app
 
 # read in SQL for populating test data
 with open(os.path.join(os.path.dirname(__file__), "data.sql"), "r") as f:
@@ -25,12 +24,14 @@ def app():
     app = create_app(
         {
             "TESTING": True,
-            "DATABASE": {"file_path": f"/{db_path}"},
+            "DATABASE": {"engine": "sqlite", "database": f"/{db_path}"},
             "LOGGING": {"level": "DEBUG"},
         }
     )
     with app.app_context():
-        install_all()
+        database.db.create_all()
+        database.db.session.commit()
+
         engine = database.db.engine
         with engine.connect() as connection:
             for statement in _data_sql:

tests/data.sql

@@ -1,4 +1,8 @@
-INSERT INTO user ('userid', 'firstname', 'lastname', 'mail', 'id') VALUES ('user', 'Max', 'Mustermann', 'abc@def.gh', 1);
+INSERT INTO "user" ('userid', 'firstname', 'lastname', 'mail', 'deleted', 'id') VALUES ('user', 'Max', 'Mustermann', 'abc@def.gh', 0, 1);
+INSERT INTO "user" ('userid', 'firstname', 'lastname', 'mail', 'deleted', 'id') VALUES ('deleted_user', 'John', 'Doe', 'doe@example.com', 1, 2);
 -- Password = 1234
 INSERT INTO user_attribute VALUES(1,1,'password',X'800495c4000000000000008cc0373731346161336536623932613830366664353038656631323932623134393936393561386463353536623037363761323037623238346264623833313265323333373066376233663462643332666332653766303537333564366335393133366463366234356539633865613835643661643435343931376636626663343163653333643635646530386634396231323061316236386162613164373663663333306564306463303737303733336136353363393538396536343266393865942e');
 INSERT INTO session ('expires', 'token', 'lifetime', 'id', 'user_id') VALUES ('2999-01-01 00:00:00', 'f4ecbe14be3527ca998143a49200e294', 600, 1, 1);
+-- ROLES
+INSERT INTO role ('name', 'id') VALUES ('role_1', 1);
+INSERT INTO permission ('name', 'id') VALUES ('permission_1', 1);

tests/test_auth.py

@@ -15,9 +15,9 @@ def test_login(client):
     # Login successful
     assert result.status_code == 201
     # User set correctly
-    assert json["user"]["userid"] == USERID
+    assert json["userid"] == USERID
     # Token works
-    assert client.get("/auth", headers={"Authorization": f"Bearer {json['session']['token']}"}).status_code == 200
+    assert client.get("/auth", headers={"Authorization": f"Bearer {json['token']}"}).status_code == 200
 
 
 def test_login_decorator(client):

tests/test_events.py

@@ -1,17 +0,0 @@
-import pytest
-from werkzeug.exceptions import BadRequest
-
-import flaschengeist.plugins.events.event_controller as event_controller
-from flaschengeist.plugins.events.models import EventType
-
-VALID_TOKEN = "f4ecbe14be3527ca998143a49200e294"
-EVENT_TYPE_NAME = "Test Type"
-
-
-def test_create_event_type(app):
-    with app.app_context():
-        type = event_controller.create_event_type(EVENT_TYPE_NAME)
-        assert isinstance(type, EventType)
-
-        with pytest.raises(BadRequest):
-            event_controller.create_event_type(EVENT_TYPE_NAME)

tests/test_users.py

@@ -0,0 +1,52 @@
+import pytest
+from werkzeug.exceptions import BadRequest, NotFound
+from flaschengeist.controller import roleController, userController
+from flaschengeist.models.user import User
+
+VALID_TOKEN = "f4ecbe14be3527ca998143a49200e294"
+
+
+def test_get_user(app):
+    with app.app_context():
+        user = userController.get_user("user")
+        assert user is not None and isinstance(user, User)
+        assert user.userid == "user"
+
+        user = userController.get_user("deleted_user", deleted=True)
+        assert user is not None and isinstance(user, User)
+        assert user.userid == "deleted_user"
+
+        with pytest.raises(NotFound):
+            user = userController.get_user("__does_not_exist__")
+        with pytest.raises(NotFound):
+            user = userController.get_user("__does_not_exist__", deleted=True)
+        with pytest.raises(NotFound):
+            user = userController.get_user("deleted_user")
+
+
+def test_set_roles(app):
+    with app.app_context():
+        user = userController.get_user("user")
+        userController.set_roles(user, [])
+        assert user.roles_ == []
+
+        userController.set_roles(user, ["role_1"])
+        assert len(user.roles_) == 1 and user.roles_[0].id == 1
+
+        # Test unknown role + no create flag -> raise no changes
+        with pytest.raises(BadRequest):
+            userController.set_roles(user, ["__custom__"])
+        assert len(user.roles_) == 1
+
+        userController.set_roles(user, ["__custom__"], create=True)
+        assert len(user.roles_) == 1 and user.roles_[0].name == "__custom__"
+        assert roleController.get("__custom__").id == user.roles_[0].id
+
+        userController.set_roles(user, ["__custom__"], create=True)
+        assert len(user.roles_) == 1
+
+        userController.set_roles(user, ["__custom__", "role_1"])
+        assert len(user.roles_) == 2
+
+        userController.set_roles(user, [])
+        assert len(user.roles_) == 0