A corporate portal built with Python (Flask), Keycloak for authentication, and PostgreSQL for persistence. Supports role-based access, user management, logging, and is ready for containerized deployment.

• Keycloak-based authentication (OIDC)
• Role-based access control (admin/user via Keycloak groups)
• PostgreSQL persistence with SQLAlchemy
• Configurable session timeout
• Comprehensive logging system
  • User action logging
  • Access logging
  • Log rotation and cleanup
  • Log export functionality
• Security Features
  • Rate limiting
  • IP whitelist/blacklist
  • CIDR-based access control
  • Session management
• Admin Panel Features
  • User management (create, edit, delete)
  • Group management with attributes
  • Bulk user import via CSV
  • Application management
  • Announcement system
  • Log viewing and management
• User Features
  • Theme toggling (light/dark)
  • Customizable user profile
  • Language selection
  • Application launcher
• System Features
  • Health check endpoint with API key and IP restriction
  • Docker support
  • Multi-language support
• Customizable portal icon (favicon) via Settings page (supports PNG, JPG, SVG)

1. Clone the repository

2. Set up your environment variables (see Environment Variables section)

3. Create and activate a Python virtual environment

   python -m venv venv
   source venv/bin/activate  # or venv\Scripts\activate on Windows
   pip install -r requirements.txt

4. Run the application (development mode)

   python server.py

   The main entry point is server.py, which uses Waitress by default.

5. Or run with Docker

   docker build -t leonardo-portal .
   docker run --env-file .env -p 3000:3000 leonardo-portal

6. ⚠️ IMPORTANT: After First Login

   • After the first login, you MUST go to the Settings page, navigate to the "System" tab
   • Click the "Sync Now" button to synchronize Keycloak groups and memberships
   • This step is CRITICAL - without it:
     • Users won't be properly linked to their groups in the portal
     • Applications won't be displayed correctly
     • Existing users' permissions may not work as expected

   Note: If applications are not showing up for some users despite them being in the correct groups, clicking "Sync Now" in the System Settings will re-synchronize users and groups with Keycloak.

All configuration is managed via environment variables. You can set these in your environment or in a .env file at the project root.

• The session timeout is controlled by SESSION_LIFETIME (in minutes). Set this in your environment or .env file to control how long user sessions remain valid.

• The app uses PostgreSQL. Ensure your database is running and accessible with the credentials provided in your environment variables.

• You must configure a Keycloak client and groups as described in docs/keycloakconfig.md.

The application includes comprehensive test coverage:

# Run all tests
pytest

# Run with coverage report
pytest --cov=app tests/

# Run specific test categories
pytest tests/test_auth.py
pytest tests/test_admin.py

• Unit tests
• Integration tests
• Selenium-based UI tests
• API endpoint tests

The portal supports multiple languages:

• English (default)
• German
• Spanish
• French
• Italian
• Dutch
• Portuguese

To add a new language:

1. Create a new directory under app/translations/
2. Generate translation files using Flask-Babel
3. Update the language selection in user preferences

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Run tests
5. Submit a pull request

Please follow the existing code style and include appropriate tests.

MIT License

Copyright (c) 2025 Leonardo Portal

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files.

For production deployment, follow these additional steps:

1. Use Gunicorn instead of Waitress

   export SERVER_TYPE=gunicorn
   export GUNICORN_WORKERS=4  # Adjust based on your server capacity

2. Set up SSL/TLS

   • Configure your reverse proxy (nginx/Apache) with SSL
   • Update Keycloak configuration to use HTTPS
   • Set appropriate security headers

3. Database Configuration

   • Use a dedicated PostgreSQL instance
   • Set up proper database backups
   • Configure connection pooling (see .env.example for pool settings)
   • Set a query timeout at the PostgreSQL level (see installation guide for details)

4. Portal Icon (Favicon)

   • The favicon is dynamically set to the uploaded portal icon (PNG, JPG, or SVG) from the Settings page, System tab.
   • If no icon is uploaded, a default icon is used.

5. Security Considerations

   • Change all default passwords and keys
   • Set up proper firewall rules
   • Configure rate limiting appropriately
   • Use secure SMTP settings

• Regular backups are recommended
• Log cleanup runs automatically based on LOG_RETENTION_DAYS
• Database migrations are managed through SQL scripts in app/scripts/sql/