More work on auth

jon/__init__.py

@@ -1,8 +1,9 @@
 import inspect
 import json
+import sys
 
 from flask import Flask, render_template
-from flask_login import LoginManager
+from flask_login import LoginManager, login_required
 
 from . import (
     auth,
@@ -41,9 +42,10 @@ def create_app():
     app.register_blueprint(entry.bp)
     app.register_blueprint(auth.auth)
     @app.route("/")
+    @login_required
     def index():
         return render_template("index.html")
 
-    print("Jon started. Token: %s" % auth.ACCESS_TOKEN)
+    print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr)
 
     return app

jon/auth.py

@@ -8,6 +8,17 @@ auth = Blueprint('auth', __name__)
 
 ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64))
 
+ERROR_TEXT =  """
+              For security-reasons we must make sure you are the person who executed jon :D <br />
+              <form action="" method="get">
+                  <input type="password" name="token" placeholder="Token" />
+                  <input type="hidden" hidden name="next" value="{next}" />
+                  <input type="submit" value="login" />
+              </form>
+              <hr />
+
+              """
+
 class User(UserMixin):
     id: int = 0
 
@@ -17,19 +28,12 @@ def login():
     next: str = request.args.get('next') or "/"
     if token is None:
         # TODO: make template
-        return """
+        return ERROR_TEXT.format(next=next) + "No token provided!"
-                No token provided!
-                <form action="" method="get">
-                    <input type="password" name="token" placeholder="Token" />
-                    <input type="hidden" hidden name="next" value="{next}" />
-                    <input type="submit" value="login" />
-                </form>
-                """.format(next=next)
     if token == ACCESS_TOKEN:
         login_user(User(), remember=True)
         return redirect(next)
     else:
-        return "Invalid token!"
+        return ERROR_TEXT.format(next=next) + "Invalid token!"
 
 @auth.route('/logout')
 def logout():

jon/entry.py

@@ -3,6 +3,7 @@ import zoneinfo
 
 
 from flask import Blueprint, redirect, render_template, request, session
+from flask_login import login_required
 
 from . import db
 
@@ -11,11 +12,13 @@ bp = Blueprint("entry", __name__, url_prefix="/entry")
 
 
 @bp.get("/")
+@login_required
 def index():
     return render_template("entry/index.html")
 
 
 @bp.route("/edit-item-data", methods=["GET", "POST"])
+@login_required
 def edit_item_data():
     if "entry" not in session:
         session["entry"] = dict()
@@ -45,6 +48,7 @@ def edit_item_data():
 
 
 @bp.route("/select-snack-entry", methods=["GET", "POST"])
+@login_required
 def edit_snack_data():
     if "entry" not in session:
         return redirect("/entry/edit-item-data")

jon/location.py

@@ -1,4 +1,5 @@
 from flask import Blueprint, render_template, request, session
+from flask_login import login_required
 
 from . import db
 
@@ -7,6 +8,7 @@ bp = Blueprint("location", __name__, url_prefix="/location")
 
 
 @bp.route("/", methods=["GET", "POST"])
+@login_required
 def index():
     if request.method == "POST":
         location_id = request.form.get("location_id", "")