From 476a7ebd473f9f71f764d856a89778b006753af9 Mon Sep 17 00:00:00 2001 From: Paul Brinkmeier Date: Sun, 20 Aug 2023 11:37:17 +0200 Subject: [PATCH] Add a comment and code style stuff --- jon/__init__.py | 4 +++- jon/auth.py | 6 ++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/jon/__init__.py b/jon/__init__.py index 44ed8af..78b2a04 100644 --- a/jon/__init__.py +++ b/jon/__init__.py @@ -23,6 +23,8 @@ def create_app(): db.init_app(app) + # This function denies every request until `auth.ACCESS_TOKEN` + # is passed using `?token=` to authenticate the session. @app.before_request def before_req_fun(): return auth.before_request() @@ -40,6 +42,6 @@ def create_app(): def index(): return render_template("index.html") - print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr) + print(f"Jon started. Token: {auth.ACCESS_TOKEN}", file=sys.stderr) return app diff --git a/jon/auth.py b/jon/auth.py index be92f46..7bf3885 100644 --- a/jon/auth.py +++ b/jon/auth.py @@ -3,10 +3,10 @@ import string from flask import Blueprint, make_response, request, redirect, session -bp = Blueprint('auth', __name__, url_prefix="/auth") +bp = Blueprint("auth", __name__, url_prefix="/auth") -ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64)) +ACCESS_TOKEN = "".join(random.choice(string.ascii_lowercase) for i in range(64)) ERROR_TEXT = """ @@ -24,10 +24,12 @@ def before_request(): """ If the correct token query parameter is passed along with any request, we mark this session authenticated by setting `session["authenticated"]`. + Unless the session is authenticated, all requests results in a 403 FORBIDDEN. """ if "token" in request.args: if request.args["token"] == ACCESS_TOKEN: session["authenticated"] = () + # Reload the page without query parameters return redirect(request.path) if not "authenticated" in session: