cmdbox 0.5.3.1__py3-none-any.whl → 0.6.0__py3-none-any.whl

cmdbox/app/features/web/cmdbox_web_agent.py

@@ -0,0 +1,250 @@
+from cmdbox.app import common, feature
+from cmdbox.app.auth import signin
+from cmdbox.app.commons import convert
+from cmdbox.app.web import Web
+from fastapi import FastAPI, Depends, HTTPException, Request, Response, WebSocket
+from fastapi.responses import HTMLResponse, StreamingResponse
+from starlette.websockets import WebSocketDisconnect
+from pathlib import Path
+from starlette.applications import Starlette
+from starlette.datastructures import UploadFile
+from starlette.routing import Mount
+from typing import Dict, Any, Tuple, List, Union
+import locale
+import logging
+import json
+import time
+import traceback
+
+class Agent(feature.WebFeature):
+    def route(self, web:Web, app:FastAPI) -> None:
+        """
+        webモードのルーティングを設定します
+
+        Args:
+            web (Web): Webオブジェクト
+            app (FastAPI): FastAPIオブジェクト
+        """
+        if web.agent_html is not None:
+            if not web.agent_html.is_file():
+                raise FileNotFoundError(f'agent_html is not found. ({web.agent_html})')
+            with open(web.agent_html, 'r', encoding='utf-8') as f:
+                web.agent_html_data = f.read()
+
+        @app.get('/agent', response_class=HTMLResponse)
+        @app.post('/agent', response_class=HTMLResponse)
+        async def agent(req:Request, res:Response):
+            signin = web.signin.check_signin(req, res)
+            if signin is not None:
+                return signin
+            res.headers['Access-Control-Allow-Origin'] = '*'
+            web.options.audit_exec(req, res, web)
+            return web.agent_html_data
+
+        @app.post('/agent/session/list')
+        async def agent_session_list(req:Request, res:Response):
+            signin = web.signin.check_signin(req, res)
+            if signin is not None:
+                return signin
+            if web.agent_runner is None:
+                web.logger.error(f"agent_runner is null. Start web mode with `--agent use`.")
+                raise HTTPException(status_code=500, detail='agent_runner is null. Start web mode with `--agent use`.')
+            res.headers['Access-Control-Allow-Origin'] = '*'
+            web.options.audit_exec(req, res, web)
+            # ユーザー名を取得する
+            user_id = common.random_string(16)
+            if 'signin' in req.session:
+                user_id = req.session['signin']['name']
+            form = await req.form()
+            session_id = form.get('session_id', None)
+            sessions = await web.list_agent_sessions(web.agent_runner.session_service, user_id, session_id=session_id)
+            data = [dict(id=s.id, app_name=s.app_name, user_id=s.user_id, last_update_time=s.last_update_time,
+                         events=[dict(author=ev.author,text=ev.content.parts[0].text) for ev in s.events if ev.content and ev.content.parts]) for s in sessions]
+            data.reverse()  # 最新のセッションを先頭にする
+            return dict(success=data)
+
+        @app.post('/agent/session/delete')
+        async def agent_session_delete(req:Request, res:Response):
+            signin = web.signin.check_signin(req, res)
+            if signin is not None:
+                return signin
+            if web.agent_runner is None:
+                web.logger.error(f"agent_runner is null. Start web mode with `--agent use`.")
+                raise HTTPException(status_code=500, detail='agent_runner is null. Start web mode with `--agent use`.')
+            res.headers['Access-Control-Allow-Origin'] = '*'
+            web.options.audit_exec(req, res, web)
+            # ユーザー名を取得する
+            user_id = common.random_string(16)
+            if 'signin' in req.session:
+                user_id = req.session['signin']['name']
+            form = await req.form()
+            session_id = form.get('session_id', None)
+            await web.delete_agent_session(web.agent_runner.session_service, user_id, session_id=session_id)
+            return dict(success=True)
+
+        @app.websocket('/agent/chat/ws')
+        @app.websocket('/agent/chat/ws/{session_id}')
+        async def ws_chat(session_id:str=None, websocket:WebSocket=None, res:Response=None, scope=Depends(signin.create_request_scope)):
+            if not websocket:
+                raise HTTPException(status_code=400, detail='Expected WebSocket request.')
+            signin = web.signin.check_signin(websocket, res)
+            if signin is not None:
+                return signin
+            if web.agent_runner is None:
+                web.logger.error(f"agent_runner is null. Start web mode with `--agent use`.")
+                raise HTTPException(status_code=500, detail='agent_runner is null. Start web mode with `--agent use`.')
+
+            # これを行わねば非同期処理にならない。。
+            await websocket.accept()
+            # チャット処理
+            async for res in _chat(websocket.session, session_id, websocket, websocket.receive_text):
+                await websocket.send_text(res)
+            return dict(success="connected")
+
+        @app.api_route('/agent/chat/stream', methods=['GET', 'POST'])
+        @app.api_route('/agent/chat/stream/{session_id}', methods=['GET', 'POST'])
+        async def sse_chat(session_id:str=None, req:Request=None, res:Response=None):
+            signin = web.signin.check_signin(req, res)
+            if signin is not None:
+                return signin
+            def _marge_opt(opt, param):
+                for k in opt.keys():
+                    if k in param: opt[k] = param[k]
+                return opt
+            content_type = req.headers.get('content-type')
+            opt = None
+            if content_type is None:
+                opt = req.query_params._dict
+            elif content_type.startswith('multipart/form-data'):
+                form = await req.form()
+                opt = dict()
+                for key, fv in form.multi_items():
+                    if not isinstance(fv, UploadFile): continue
+                    opt[key] = fv.file
+            elif content_type.startswith('application/json'):
+                opt = await req.json()
+            elif content_type.startswith('application/octet-stream'):
+                opt = json.loads(await req.body())
+            if opt is None:
+                raise HTTPException(status_code=400, detail='Expected JSON or form data.')
+            if opt['query'] is None or opt['query'] == '':
+                raise HTTPException(status_code=400, detail='Expected query.')
+            if web.agent_runner is None:
+                web.logger.error(f"agent_runner is null. Start web mode with `--agent use`.")
+                raise HTTPException(status_code=500, detail='agent_runner is null. Start web mode with `--agent use`.')
+            async def receive_text():
+                # 受信したデータを返す
+                if 'query' in opt:
+                    query = opt['query']
+                    del opt['query']
+                    return query
+                raise self.SSEDisconnect('SSE disconnect')
+            # チャット処理
+            return StreamingResponse(
+                _chat(req.session, session_id, req, receive_text=receive_text)
+            )
+
+        async def _chat(session:Dict[str, Any], session_id:str, sock, receive_text=None):
+            if web.logger.level == logging.DEBUG:
+                web.logger.debug(f"agent_chat: connected")
+            # ユーザー名を取得する
+            user_id = common.random_string(16)
+            groups = []
+            if 'signin' in session:
+                user_id = session['signin']['name']
+                groups = session['signin']['groups']
+            # 言語認識
+            language, _ = locale.getlocale()
+            is_japan = language.find('Japan') >= 0 or language.find('ja_JP') >= 0
+            # セッションを作成する
+            agent_session = await web.create_agent_session(web.agent_runner.session_service, user_id, session_id=session_id)
+            startmsg = "こんにちは！何かお手伝いできることはありますか？" if is_japan else "Hello! Is there anything I can help you with?"
+            yield json.dumps(dict(message=startmsg), default=common.default_json_enc)
+            from google.genai import types
+            while True:
+                outputs = None
+                try:
+                    query = await receive_text()
+                    if query is None or query == '' or query == 'ping':
+                        time.sleep(0.5)
+                        continue
+                    """
+                    if is_japan:
+                        query += f"<important>なお現在のユーザーは'{user_id}'でgroupsは'{groups}'ですので引数に必要な時は指定してください。" + \
+                            f"またsignin_fileの引数が必要な時は'{web.signin.signin_file}'を指定してください。</important>"
+                            #f"またコマンド実行に必要なパラメータを確認し、以下の引数が必要な場合はこの値を使用してください。\n" + \
+                            #f"  host = {web.redis_host if web.redis_host else self.default_host}\n" + \
+                            #f", port = {web.redis_port if web.redis_port else self.default_port}\n" + \
+                            #f", password = {web.redis_password if web.redis_password else self.default_pass}\n" + \
+                            #f", svname = {web.svname if web.svname else self.default_svname}\n"
+                    else:
+                        query += f"<important>The current user is '{user_id}' and the groups is '{groups}', so please specify it when necessary." + \
+                            f"Also, if the signin_file argument is required for command execution, please specify '{web.signin.signin_file}'.</important>"
+                            #f"Also check the parameters required to execute the command and use these values if the following arguments are required.\n" + \
+                            #f"  host = {web.redis_host if web.redis_host else self.default_host}\n" + \
+                            #f", port = {web.redis_port if web.redis_port else self.default_port}\n" + \
+                            #f", password = {web.redis_password if web.redis_password else self.default_pass}\n" + \
+                            #f", svname = {web.svname if web.svname else self.default_svname}\n"
+                    """
+                    web.options.audit_exec(sock, web, body=dict(agent_session=agent_session.id, user_id=user_id, groups=groups, query=query))
+                    content = types.Content(role='user', parts=[types.Part(text=query)])
+
+                    async for event in web.agent_runner.run_async(user_id=user_id, session_id=agent_session.id, new_message=content):
+                        #web.agent_runner.session_service.append_event(agent_session, event)
+                        outputs = dict()
+                        if event.turn_complete:
+                            outputs['turn_complete'] = True
+                            yield json.dumps(outputs, default=common.default_json_enc)
+                        if event.interrupted:
+                            outputs['interrupted'] = True
+                            yield json.dumps(outputs, default=common.default_json_enc)
+                        #if event.is_final_response():
+                        msg = None
+                        if event.content and event.content.parts:
+                            msg = "\n".join([p.text for p in event.content.parts if p and p.text])
+                        elif event.actions and event.actions.escalate:
+                            msg = f"Agent escalated: {event.error_message or 'No specific message.'}"
+                        if msg:
+                            outputs['message'] = msg
+                            web.options.audit_exec(sock, web, body=dict(agent_session=agent_session.id, result=msg))
+                            yield json.dumps(outputs, default=common.default_json_enc)
+                            if event.is_final_response():
+                                break
+                except WebSocketDisconnect:
+                    web.logger.warning('chat: websocket disconnected.')
+                    break
+                except self.SSEDisconnect as e:
+                    break
+                except Exception as e:
+                    web.logger.warning(f'chat error.', exc_info=True)
+                    yield json.dumps(dict(message=f'<pre>{traceback.format_exc()}</pre>'), default=common.default_json_enc)
+                    break
+            
+    def toolmenu(self, web:Web) -> Dict[str, Any]:
+        """
+        ツールメニューの情報を返します
+
+        Args:
+            web (Web): Webオブジェクト
+        
+        Returns:
+            Dict[str, Any]: ツールメニュー情報
+        
+        Sample:
+            {
+                'filer': {
+                    'html': 'Filer',
+                    'href': 'filer',
+                    'target': '_blank',
+                    'css_class': 'dropdown-item'
+                    'onclick': 'alert("filer")'
+                }
+            }
+        """
+        return dict(agent=dict(html='Agent', href='agent', target='_blank', css_class='dropdown-item'))
+
+    class SSEDisconnect(Exception):
+        """
+        SSEの切断を示す例外クラス
+        """
+        pass

cmdbox/app/features/web/cmdbox_web_do_signin.py

@@ -1,18 +1,19 @@
+import urllib.parse
 from cmdbox.app import common
-from cmdbox.app.auth.signin import Signin
+from cmdbox.app.auth import signin, signin_saml, azure_signin, azure_signin_saml, github_signin, google_signin
 from cmdbox.app.commons import convert
 from cmdbox.app.features.web import cmdbox_web_signin
 from cmdbox.app.web import Web
 from fastapi import FastAPI, Request, Response, HTTPException
 from fastapi.responses import HTMLResponse, RedirectResponse
+from typing import Any, Dict
 import copy
 import datetime
 import importlib
 import inspect
 import json
 import logging
-import requests
-import urllib.parse
+import urllib
 
 
 class DoSignin(cmdbox_web_signin.Signin):
@@ -60,7 +61,7 @@ class DoSignin(cmdbox_web_signin.Signin):
                 if name == '' or passwd == '':
                     web.options.audit_exec(req, res, web, body=dict(msg='signin failed.'), audit_type='auth')
                     return RedirectResponse(url=f'/signin/{next}?error=1')
-                user = [u for u in signin_data['users'] if u['name'] == name and u['hash'] != 'oauth2']
+                user = [u for u in signin_data['users'] if u['name'] == name and u['hash'] != 'oauth2' and u['hash'] != 'saml']
                 if len(user) <= 0:
                     web.options.audit_exec(req, res, web, body=dict(msg='signin failed.'), audit_type='auth')
                     return RedirectResponse(url=f'/signin/{next}?error=1')
@@ -108,7 +109,7 @@ class DoSignin(cmdbox_web_signin.Signin):
             last_update = web.user_data(None, uid, name, 'password', 'last_update')
             notify_passchange = True if last_update is None else False
             # パスワード認証の場合はパスワード有効期限チェック
-            if user['hash']!='oauth2' and 'password' in signin_data and not notify_passchange:
+            if user['hash']!='oauth2' and user['hash']!='saml' and 'password' in signin_data and not notify_passchange:
                 last_update = datetime.datetime.strptime(last_update, '%Y-%m-%dT%H:%M:%S')
                 # パスワード有効期限
                 expiration = signin_data['password']['expiration']
@@ -152,7 +153,7 @@ class DoSignin(cmdbox_web_signin.Signin):
                 members = inspect.getmembers(mod, inspect.isclass)
                 signin_data = web.signin.get_data()
                 for name, cls in members:
-                    if cls is Signin or issubclass(cls, Signin):
+                    if cls is signin.Signin or issubclass(cls, signin.Signin):
                         sobj = cls(web.logger, web.signin_file, signin_data, appcls, ver)
                         return sobj
                 return None
@@ -161,9 +162,10 @@ class DoSignin(cmdbox_web_signin.Signin):
                 raise e
 
         signin_data = web.signin.get_data()
-        self.google_signin = Signin(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
-        self.github_signin = Signin(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
-        self.azure_signin = Signin(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
+        self.google_signin = google_signin.GoogleSignin(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
+        self.github_signin = github_signin.GithubSignin(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
+        self.azure_signin = azure_signin.AzureSignin(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
+        self.azure_saml_signin = azure_signin_saml.AzyreSigninSAML(web.logger, web.signin_file, signin_data, self.appcls, self.ver)
         if signin_data is not None:
             # signinオブジェクトの指定があった場合読込む
             if 'signin_module' in signin_data['oauth2']['providers']['google']:
@@ -175,6 +177,9 @@ class DoSignin(cmdbox_web_signin.Signin):
             if 'signin_module' in signin_data['oauth2']['providers']['azure']:
                 sobj = _load_signin(web, signin_data['oauth2']['providers']['azure']['signin_module'], self.appcls, self.ver)
                 self.azure_signin = sobj if sobj is not None else self.azure_signin
+            if 'signin_module' in signin_data['saml']['providers']['azure']:
+                sobj = _load_signin(web, signin_data['saml']['providers']['azure']['signin_module'], self.appcls, self.ver)
+                self.azure_saml_signin = sobj if sobj is not None else self.azure_saml_signin
 
         def _set_session(req:Request, user:dict, email:str, hashed_password:str, access_token:str, group_names:list, gids:list):
             """
@@ -209,20 +214,10 @@ class DoSignin(cmdbox_web_signin.Signin):
         @app.get('/oauth2/google/callback')
         async def oauth2_google_callback(req:Request, res:Response):
             conf = web.signin.get_data()['oauth2']['providers']['google']
-            headers = {'Content-Type': 'application/x-www-form-urlencoded'}
             next = req.query_params['state']
-            data = {'code': req.query_params['code'],
-                    'client_id': conf['client_id'],
-                    'client_secret': conf['client_secret'],
-                    'redirect_uri': conf['redirect_uri'],
-                    'grant_type': 'authorization_code'}
-            query = '&'.join([f'{k}={urllib.parse.quote(v)}' for k, v in data.items()])
             try:
                 # アクセストークン取得
-                token_resp = requests.post(url='https://oauth2.googleapis.com/token', headers=headers, data=query)
-                token_resp.raise_for_status()
-                token_json = token_resp.json()
-                access_token = token_json['access_token']
+                access_token = self.google_signin.request_access_token(conf, req, res)
                 return await oauth2_google_session(access_token, next, req, res)
             except Exception as e:
                 web.logger.warning(f'Failed to get token. {e}', exc_info=True)
@@ -230,45 +225,15 @@ class DoSignin(cmdbox_web_signin.Signin):
 
         @app.get('/oauth2/google/session/{access_token}/{next}')
         async def oauth2_google_session(access_token:str, next:str, req:Request, res:Response):
-            try:
-                # ユーザー情報取得(email)
-                user_info_resp = requests.get(
-                    url='https://www.googleapis.com/oauth2/v1/userinfo',
-                    headers={'Authorization': f'Bearer {access_token}'}
-                )
-                user_info_resp.raise_for_status()
-                user_info_json = user_info_resp.json()
-                email = user_info_json['email']
-                # サインイン判定
-                jadge, user = self.google_signin.jadge(access_token, email)
-                if not jadge:
-                    return RedirectResponse(url=f'/signin/{next}?error=appdeny')
-                # グループ取得
-                group_names, gids = self.google_signin.get_groups(access_token, user)
-                # セッションに保存
-                _set_session(req, user, email, None, access_token, group_names, gids)
-                return RedirectResponse(url=f'../../{next}', headers=dict(signin="success")) # nginxのリバプロ対応のための相対パス
-            except Exception as e:
-                web.logger.warning(f'Failed to get token. {e}', exc_info=True)
-                raise HTTPException(status_code=500, detail=f'Failed to get token. {e}')
+            return await oauth2_login_session(self.google_signin, access_token, next, req, res)
 
         @app.get('/oauth2/github/callback')
         async def oauth2_github_callback(req:Request, res:Response):
             conf = web.signin.get_data()['oauth2']['providers']['github']
-            headers = {'Content-Type': 'application/x-www-form-urlencoded',
-                       'Accept': 'application/json'}
             next = req.query_params['state']
-            data = {'code': req.query_params['code'],
-                    'client_id': conf['client_id'],
-                    'client_secret': conf['client_secret'],
-                    'redirect_uri': conf['redirect_uri']}
-            query = '&'.join([f'{k}={urllib.parse.quote(v)}' for k, v in data.items()])
             try:
                 # アクセストークン取得
-                token_resp = requests.post(url='https://github.com/login/oauth/access_token', headers=headers, data=query)
-                token_resp.raise_for_status()
-                token_json = token_resp.json()
-                access_token = token_json['access_token']
+                access_token = self.github_signin.request_access_token(conf, req, res)
                 return await oauth2_github_session(access_token, next, req, res)
             except Exception as e:
                 web.logger.warning(f'Failed to get token. {e}', exc_info=True)
@@ -276,53 +241,15 @@ class DoSignin(cmdbox_web_signin.Signin):
 
         @app.get('/oauth2/github/session/{access_token}/{next}')
         async def oauth2_github_session(access_token:str, next:str, req:Request, res:Response):
-            try:
-                # ユーザー情報取得(email)
-                user_info_resp = requests.get(
-                    url='https://api.github.com/user/emails',
-                    headers={'Authorization': f'Bearer {access_token}'}
-                )
-                user_info_resp.raise_for_status()
-                user_info_json = user_info_resp.json()
-                if type(user_info_json) == list:
-                    email = 'notfound'
-                    for u in user_info_json:
-                        if u['primary']:
-                            email = u['email']
-                            break
-                # サインイン判定
-                jadge, user = self.github_signin.jadge(access_token, email)
-                if not jadge:
-                    return RedirectResponse(url=f'/signin/{next}?error=appdeny')
-                # グループ取得
-                group_names, gids = self.github_signin.get_groups(access_token, user)
-                # セッションに保存
-                _set_session(req, user, email, None, access_token, group_names, gids)
-                return RedirectResponse(url=f'../../{next}', headers=dict(signin="success")) # nginxのリバプロ対応のための相対パス
-            except Exception as e:
-                web.logger.warning(f'Failed to get token. {e}', exc_info=True)
-                raise HTTPException(status_code=500, detail=f'Failed to get token. {e}')
+            return await oauth2_login_session(self.github_signin, access_token, next, req, res)
 
         @app.get('/oauth2/azure/callback')
         async def oauth2_azure_callback(req:Request, res:Response):
             conf = web.signin.get_data()['oauth2']['providers']['azure']
-            headers = {'Content-Type': 'application/x-www-form-urlencoded',
-                       'Accept': 'application/json'}
             next = req.query_params['state']
-            data = {'tenant': conf['tenant_id'],
-                    'code': req.query_params['code'],
-                    'scope': " ".join(conf['scope']),
-                    'client_id': conf['client_id'],
-                    #'client_secret': conf['client_secret'],
-                    'redirect_uri': conf['redirect_uri'],
-                    'grant_type': 'authorization_code'}
-            query = '&'.join([f'{k}={urllib.parse.quote(v)}' for k, v in data.items()])
             try:
                 # アクセストークン取得
-                token_resp = requests.post(url=f'https://login.microsoftonline.com/{conf["tenant_id"]}/oauth2/v2.0/token', headers=headers, data=query)
-                token_resp.raise_for_status()
-                token_json = token_resp.json()
-                access_token = token_json['access_token']
+                access_token = self.azure_signin.request_access_token(conf, req, res)
                 return await oauth2_azure_session(access_token, next, req, res)
             except Exception as e:
                 web.logger.warning(f'Failed to get token. {e}', exc_info=True)
@@ -330,26 +257,75 @@ class DoSignin(cmdbox_web_signin.Signin):
 
         @app.get('/oauth2/azure/session/{access_token}/{next}')
         async def oauth2_azure_session(access_token:str, next:str, req:Request, res:Response):
+            return await oauth2_login_session(self.azure_signin, access_token, next, req, res)
+
+        async def oauth2_login_session(signin:signin.Signin, access_token:str, next:str, req:Request, res:Response):
             try:
                 # ユーザー情報取得(email)
-                user_info_resp = requests.get(
-                    url='https://graph.microsoft.com/v1.0/me',
-                    #url='https://graph.microsoft.com/v1.0/me/transitiveMemberOf?$Top=999',
-                    headers={'Authorization': f'Bearer {access_token}'}
-                )
-                user_info_resp.raise_for_status()
-                user_info_json = user_info_resp.json()
-                if isinstance(user_info_json, dict):
-                    email = user_info_json.get('mail', 'notfound')
+                email = signin.get_email(access_token)
                 # サインイン判定
-                jadge, user = self.azure_signin.jadge(access_token, email)
+                jadge, user = signin.jadge(email)
                 if not jadge:
                     return RedirectResponse(url=f'/signin/{next}?error=appdeny')
                 # グループ取得
-                group_names, gids = self.azure_signin.get_groups(access_token, user)
+                group_names, gids = signin.get_groups(access_token, user)
                 # セッションに保存
                 _set_session(req, user, email, None, access_token, group_names, gids)
                 return RedirectResponse(url=f'../../{next}', headers=dict(signin="success")) # nginxのリバプロ対応のための相対パス
             except Exception as e:
                 web.logger.warning(f'Failed to get token. {e}', exc_info=True)
                 raise HTTPException(status_code=500, detail=f'Failed to get token. {e}')
+
+        @app.post('/saml/azure/callback')
+        async def saml_azure_callback(req:Request, res:Response):
+            form = await req.form()
+            return await saml_login_callback('azure', self.azure_saml_signin, form, None, req, res)
+
+        @app.get('/saml/azure/session/{saml_token}/{next}')
+        async def saml_azure_session(saml_token:str, next:str, req:Request, res:Response):
+            form = json.loads(convert.b64str2str(saml_token))
+            return await saml_login_callback('azure', self.azure_saml_signin, form, next, req, res)
+
+        async def saml_login_callback(prov, saml_signin:signin_saml.SigninSAML, form:Dict[str, Any], next:str, req:Request, res:Response):
+            """
+            SAML認証のコールバック処理を行います
+            Args:
+                prov (str): SAMLプロバイダ名
+                saml_signin (signin_saml.SigninSAML): SAMLサインインオブジェクト
+                form (Dict[str, Any]): フォームデータ
+                req (Request): Requestオブジェクト
+                res (Response): Responseオブジェクト
+            """
+            relay = form.get('RelayState')
+            query = urllib.parse.urlparse(relay).query if relay is not None else None
+            if next is None:
+                next = urllib.parse.parse_qs(query).get('next', None) if query is not None else None
+                next = next[0] if next is not None and len(next) > 0 else None
+            auth = await saml_signin.make_saml(prov, next, form, req, res)
+            auth.process_response() # Process IdP response
+            errors = auth.get_errors() # This method receives an array with the errors
+            if len(errors) == 0:
+                if not auth.is_authenticated(): # This check if the response was ok and the user data retrieved or not (user authenticated)
+                    return RedirectResponse(url=f'/signin/{next}?error=saml_not_auth')
+                else:
+                    # ユーザー情報取得
+                    email = saml_signin.get_email(auth)
+                    # サインイン判定
+                    jadge, user = saml_signin.jadge(email)
+                    if not jadge:
+                        return RedirectResponse(url=f'/signin/{next}?error=appdeny')
+                    # グループ取得
+                    group_names, gids = saml_signin.get_groups(None, user)
+                    # セッションに保存
+                    _set_session(req, user, email, None, None, group_names, gids)
+                    # SAML場合、ブラウザ制限によりリダイレクトでセッションクッキーが消えるので、HTMLで移動する
+                    html = """
+                    <html><head><meta http-equiv="refresh" content="0;url=../../{next}"></head>
+                    <body style="background-color:#212529;color:#fff;">loading..</body>
+                    <script type="text/javascript">window.location.href="../../{next}";</script></html>
+                    """.format(next=next)
+                    return HTMLResponse(content=html, headers=dict(signin="success"))
+            else:
+                msg = f"Error when processing SAML Response: {', '.join(errors)} {auth.get_last_error_reason()}"
+                web.logger.warning(msg)
+                raise HTTPException(status_code=500, detail=msg)

cmdbox/app/features/web/cmdbox_web_exec_cmd.py

@@ -4,6 +4,7 @@ from cmdbox.app.features.cli import cmdbox_audit_search, cmdbox_audit_write
 from cmdbox.app.features.web import cmdbox_web_load_cmd
 from cmdbox.app.web import Web
 from fastapi import FastAPI, Request, Response, HTTPException
+from fastapi.responses import PlainTextResponse
 from starlette.datastructures import UploadFile
 from typing import Dict, Any, List
 import html
@@ -178,8 +179,10 @@ class ExecCmd(cmdbox_web_load_cmd.LoadCmd):
                 sys.stdout = captured_output = io.StringIO()
             ret_main = {}
             logsize = 1024
+            console = common.create_console(file=old_stdout)
+
             try:
-                old_stdout.write(loghandler.colorize_msg(f'EXEC:     {opt_list}\n'[:logsize]))
+                console.log(f'EXEC:     {opt_list}\n'[:logsize])
                 status, ret_main, obj = cmdbox_app.main(args_list=[common.chopdq(o) for o in opt_list], file_dict=file_dict, webcall=True)
                 if isinstance(obj, server.Server):
                     cmdbox_app.sv = obj
@@ -206,11 +209,11 @@ class ExecCmd(cmdbox_web_load_cmd.LoadCmd):
                             output = [dict(warn=f'The captured stdout was discarded because its size was larger than {capture_maxsize} bytes.')]
                 else:
                     output = [dict(warn='capture_stdout is off.')]
-                old_stdout.write(loghandler.colorize_msg(f'EXEC:     {output}'[:logsize])+'\n')
+                console.log(f'EXEC:     {output}'[:logsize])
             except Exception as e:
                 web.logger.disabled = False # ログ出力を有効にする
                 msg = f'exec_cmd error. {traceback.format_exc()}'
-                old_stdout.write(loghandler.colorize_msg(f'EXEC:     {msg}'[:logsize])+'\n')
+                console.log(f'EXEC:     {msg}'[:logsize])
                 web.logger.warning(msg)
                 output = [dict(warn=f'<pre>{html.escape(traceback.format_exc())}</pre>')]
             sys.stdout = old_stdout
@@ -234,6 +237,8 @@ class ExecCmd(cmdbox_web_load_cmd.LoadCmd):
                     except:
                         ret = ret_main
                 if nothread:
+                    if isinstance(ret, str):
+                        return PlainTextResponse(ret, media_type='text/plain')
                     return ret
                 self.callback_return_cmd_exec_func(web, title, ret)
             except:

cmdbox/app/features/web/cmdbox_web_signin.py

@@ -1,9 +1,10 @@
-import urllib.parse
 from cmdbox.app import feature
+from cmdbox.app.auth import signin
 from cmdbox.app.web import Web
 from fastapi import FastAPI, Request, Response, HTTPException
 from fastapi.responses import HTMLResponse, RedirectResponse
 import urllib
+import urllib.parse
 
 
 class Signin(feature.WebFeature):
@@ -22,10 +23,9 @@ class Signin(feature.WebFeature):
             with open(web.signin_html, 'r', encoding='utf-8') as f:
                 web.signin_html_data = f.read()
 
-        @app.get('/signin/{next}', response_class=HTMLResponse)
-        @app.post('/signin/{next}', response_class=HTMLResponse)
+        @app.api_route('/signin/{next}', methods=['GET', 'POST'], response_class=HTMLResponse)
         async def _signin(next:str, req:Request, res:Response):
-            web.signin.enable_cors(req, res)
+            signin.Signin._enable_cors(req, res)
             res.headers['Access-Control-Allow-Origin'] = '*'
             return web.signin_html_data
 
@@ -83,3 +83,25 @@ class Signin(feature.WebFeature):
             return dict(google=signin_data['oauth2']['providers']['google']['enabled'],
                         github=signin_data['oauth2']['providers']['github']['enabled'],
                         azure=signin_data['oauth2']['providers']['azure']['enabled'],)
+
+        @app.get('/saml/{prov}/{next}')
+        async def saml_login(prov:str, next:str, req:Request, res:Response):
+            """
+            SAML認証のログイン処理を行います
+
+            Args:
+                prov (str): SAMLプロバイダ名
+                next (str): リダイレクト先のURL
+                req (Request): Requestオブジェクト
+                res (Response): Responseオブジェクト
+            """
+            form = await req.form()
+            auth = await web.signin_saml.make_saml(prov, next, form, req, res)
+            return RedirectResponse(url=auth.login())
+
+        @app.get('/saml/enabled')
+        async def saml_enabled(req:Request, res:Response):
+            if web.signin_html_data is None:
+                return dict(azure=False)
+            signin_data = web.signin_saml.get_data()
+            return dict(azure=signin_data['saml']['providers']['azure']['enabled'],)

cmdbox/app/features/web/cmdbox_web_users.py

@@ -88,6 +88,7 @@ class Users(feature.WebFeature):
             except Exception as e:
                 return dict(error=str(e))
 
+        @app.post('/gui/apikey/add')
         @app.post('/users/apikey/add')
         async def users_apikey_add(req:Request, res:Response):
             signin = web.signin.check_signin(req, res)
@@ -103,6 +104,7 @@ class Users(feature.WebFeature):
             except Exception as e:
                 return dict(error=str(e))
 
+        @app.post('/gui/apikey/del')
         @app.post('/users/apikey/del')
         async def users_apikey_del(req:Request, res:Response):
             signin = web.signin.check_signin(req, res)