diff --git a/jon/__init__.py b/jon/__init__.py
index d3ef827..55d1e7f 100644
--- a/jon/__init__.py
+++ b/jon/__init__.py
@@ -1,8 +1,9 @@
import inspect
import json
+import sys
from flask import Flask, render_template
-from flask_login import LoginManager
+from flask_login import LoginManager, login_required
from . import (
auth,
@@ -41,9 +42,10 @@ def create_app():
app.register_blueprint(entry.bp)
app.register_blueprint(auth.auth)
@app.route("/")
+ @login_required
def index():
return render_template("index.html")
- print("Jon started. Token: %s" % auth.ACCESS_TOKEN)
+ print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr)
return app
diff --git a/jon/auth.py b/jon/auth.py
index b5eeb75..b895615 100644
--- a/jon/auth.py
+++ b/jon/auth.py
@@ -8,6 +8,17 @@ auth = Blueprint('auth', __name__)
ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64))
+ERROR_TEXT = """
+ For security-reasons we must make sure you are the person who executed jon :D
+
+
+
+ """
+
class User(UserMixin):
id: int = 0
@@ -17,19 +28,12 @@ def login():
next: str = request.args.get('next') or "/"
if token is None:
# TODO: make template
- return """
- No token provided!
-
- """.format(next=next)
+ return ERROR_TEXT.format(next=next) + "No token provided!"
if token == ACCESS_TOKEN:
login_user(User(), remember=True)
return redirect(next)
else:
- return "Invalid token!"
+ return ERROR_TEXT.format(next=next) + "Invalid token!"
@auth.route('/logout')
def logout():
diff --git a/jon/entry.py b/jon/entry.py
index d97c423..800dd60 100644
--- a/jon/entry.py
+++ b/jon/entry.py
@@ -3,6 +3,7 @@ import zoneinfo
from flask import Blueprint, redirect, render_template, request, session
+from flask_login import login_required
from . import db
@@ -11,11 +12,13 @@ bp = Blueprint("entry", __name__, url_prefix="/entry")
@bp.get("/")
+@login_required
def index():
return render_template("entry/index.html")
@bp.route("/edit-item-data", methods=["GET", "POST"])
+@login_required
def edit_item_data():
if "entry" not in session:
session["entry"] = dict()
@@ -45,6 +48,7 @@ def edit_item_data():
@bp.route("/select-snack-entry", methods=["GET", "POST"])
+@login_required
def edit_snack_data():
if "entry" not in session:
return redirect("/entry/edit-item-data")
diff --git a/jon/location.py b/jon/location.py
index daf84bd..c7df17d 100644
--- a/jon/location.py
+++ b/jon/location.py
@@ -1,4 +1,5 @@
from flask import Blueprint, render_template, request, session
+from flask_login import login_required
from . import db
@@ -7,6 +8,7 @@ bp = Blueprint("location", __name__, url_prefix="/location")
@bp.route("/", methods=["GET", "POST"])
+@login_required
def index():
if request.method == "POST":
location_id = request.form.get("location_id", "")