From 1323efd82d0e87e0c46af8f2c59009cce815e266 Mon Sep 17 00:00:00 2001
From: Shirkanesi <shirkanesi@shirkanesi.com>
Date: Sat, 19 Aug 2023 00:59:37 +0200
Subject: [PATCH] More work on auth

---
 jon/__init__.py |  6 ++++--
 jon/auth.py     | 22 +++++++++++++---------
 jon/entry.py    |  4 ++++
 jon/location.py |  2 ++
 4 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/jon/__init__.py b/jon/__init__.py
index d3ef827..55d1e7f 100644
--- a/jon/__init__.py
+++ b/jon/__init__.py
@@ -1,8 +1,9 @@
 import inspect
 import json
+import sys
 
 from flask import Flask, render_template
-from flask_login import LoginManager
+from flask_login import LoginManager, login_required
 
 from . import (
     auth,
@@ -41,9 +42,10 @@ def create_app():
     app.register_blueprint(entry.bp)
     app.register_blueprint(auth.auth)
     @app.route("/")
+    @login_required
     def index():
         return render_template("index.html")
 
-    print("Jon started. Token: %s" % auth.ACCESS_TOKEN)
+    print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr)
 
     return app
diff --git a/jon/auth.py b/jon/auth.py
index b5eeb75..b895615 100644
--- a/jon/auth.py
+++ b/jon/auth.py
@@ -8,6 +8,17 @@ auth = Blueprint('auth', __name__)
 
 ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64))
 
+ERROR_TEXT =  """
+              For security-reasons we must make sure you are the person who executed jon :D <br />
+              <form action="" method="get">
+                  <input type="password" name="token" placeholder="Token" />
+                  <input type="hidden" hidden name="next" value="{next}" />
+                  <input type="submit" value="login" />
+              </form>
+              <hr />
+
+              """
+
 class User(UserMixin):
     id: int = 0
 
@@ -17,19 +28,12 @@ def login():
     next: str = request.args.get('next') or "/"
     if token is None:
         # TODO: make template
-        return """
-                No token provided!
-                <form action="" method="get">
-                    <input type="password" name="token" placeholder="Token" />
-                    <input type="hidden" hidden name="next" value="{next}" />
-                    <input type="submit" value="login" />
-                </form>
-                """.format(next=next)
+        return ERROR_TEXT.format(next=next) + "No token provided!"
     if token == ACCESS_TOKEN:
         login_user(User(), remember=True)
         return redirect(next)
     else:
-        return "Invalid token!"
+        return ERROR_TEXT.format(next=next) + "Invalid token!"
 
 @auth.route('/logout')
 def logout():
diff --git a/jon/entry.py b/jon/entry.py
index d97c423..800dd60 100644
--- a/jon/entry.py
+++ b/jon/entry.py
@@ -3,6 +3,7 @@ import zoneinfo
 
 
 from flask import Blueprint, redirect, render_template, request, session
+from flask_login import login_required
 
 from . import db
 
@@ -11,11 +12,13 @@ bp = Blueprint("entry", __name__, url_prefix="/entry")
 
 
 @bp.get("/")
+@login_required
 def index():
     return render_template("entry/index.html")
 
 
 @bp.route("/edit-item-data", methods=["GET", "POST"])
+@login_required
 def edit_item_data():
     if "entry" not in session:
         session["entry"] = dict()
@@ -45,6 +48,7 @@ def edit_item_data():
 
 
 @bp.route("/select-snack-entry", methods=["GET", "POST"])
+@login_required
 def edit_snack_data():
     if "entry" not in session:
         return redirect("/entry/edit-item-data")
diff --git a/jon/location.py b/jon/location.py
index daf84bd..c7df17d 100644
--- a/jon/location.py
+++ b/jon/location.py
@@ -1,4 +1,5 @@
 from flask import Blueprint, render_template, request, session
+from flask_login import login_required
 
 from . import db
 
@@ -7,6 +8,7 @@ bp = Blueprint("location", __name__, url_prefix="/location")
 
 
 @bp.route("/", methods=["GET", "POST"])
+@login_required
 def index():
     if request.method == "POST":
         location_id = request.form.get("location_id", "")