More work on auth
This commit is contained in:
Shirkanesi
parent
273248b95e
commit
1323efd82d
@ -1,8 +1,9 @@
|
||||
import inspect
|
||||
import json
|
||||
import sys
|
||||
|
||||
from flask import Flask, render_template
|
||||
from flask_login import LoginManager
|
||||
from flask_login import LoginManager, login_required
|
||||
|
||||
from . import (
|
||||
auth,
|
||||
@ -41,9 +42,10 @@ def create_app():
|
||||
app.register_blueprint(entry.bp)
|
||||
app.register_blueprint(auth.auth)
|
||||
@app.route("/")
|
||||
@login_required
|
||||
def index():
|
||||
return render_template("index.html")
|
||||
|
||||
print("Jon started. Token: %s" % auth.ACCESS_TOKEN)
|
||||
print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr)
|
||||
|
||||
return app
|
||||
|
||||
22
jon/auth.py
22
jon/auth.py
@ -8,6 +8,17 @@ auth = Blueprint('auth', __name__)
|
||||
|
||||
ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64))
|
||||
|
||||
ERROR_TEXT = """
|
||||
For security-reasons we must make sure you are the person who executed jon :D <br />
|
||||
<form action="" method="get">
|
||||
<input type="password" name="token" placeholder="Token" />
|
||||
<input type="hidden" hidden name="next" value="{next}" />
|
||||
<input type="submit" value="login" />
|
||||
</form>
|
||||
<hr />
|
||||
|
||||
"""
|
||||
|
||||
class User(UserMixin):
|
||||
id: int = 0
|
||||
|
||||
@ -17,19 +28,12 @@ def login():
|
||||
next: str = request.args.get('next') or "/"
|
||||
if token is None:
|
||||
# TODO: make template
|
||||
return """
|
||||
No token provided!
|
||||
<form action="" method="get">
|
||||
<input type="password" name="token" placeholder="Token" />
|
||||
<input type="hidden" hidden name="next" value="{next}" />
|
||||
<input type="submit" value="login" />
|
||||
</form>
|
||||
""".format(next=next)
|
||||
return ERROR_TEXT.format(next=next) + "No token provided!"
|
||||
if token == ACCESS_TOKEN:
|
||||
login_user(User(), remember=True)
|
||||
return redirect(next)
|
||||
else:
|
||||
return "Invalid token!"
|
||||
return ERROR_TEXT.format(next=next) + "Invalid token!"
|
||||
|
||||
@auth.route('/logout')
|
||||
def logout():
|
||||
|
||||
@ -3,6 +3,7 @@ import zoneinfo
|
||||
|
||||
|
||||
from flask import Blueprint, redirect, render_template, request, session
|
||||
from flask_login import login_required
|
||||
|
||||
from . import db
|
||||
|
||||
@ -11,11 +12,13 @@ bp = Blueprint("entry", __name__, url_prefix="/entry")
|
||||
|
||||
|
||||
@bp.get("/")
|
||||
@login_required
|
||||
def index():
|
||||
return render_template("entry/index.html")
|
||||
|
||||
|
||||
@bp.route("/edit-item-data", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def edit_item_data():
|
||||
if "entry" not in session:
|
||||
session["entry"] = dict()
|
||||
@ -45,6 +48,7 @@ def edit_item_data():
|
||||
|
||||
|
||||
@bp.route("/select-snack-entry", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def edit_snack_data():
|
||||
if "entry" not in session:
|
||||
return redirect("/entry/edit-item-data")
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
from flask import Blueprint, render_template, request, session
|
||||
from flask_login import login_required
|
||||
|
||||
from . import db
|
||||
|
||||
@ -7,6 +8,7 @@ bp = Blueprint("location", __name__, url_prefix="/location")
|
||||
|
||||
|
||||
@bp.route("/", methods=["GET", "POST"])
|
||||
@login_required
|
||||
def index():
|
||||
if request.method == "POST":
|
||||
location_id = request.form.get("location_id", "")
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user