Initial work on auth-tokens

2023-08-19 00:43:12 +02:00 · 2023-08-19 00:43:12 +02:00 · faa6d0cf07
commit faa6d0cf07
parent e51bcee41d
3 changed files with 54 additions and 0 deletions
--- a/jon/init.py
+++ b/jon/init.py
@ -1,9 +1,11 @@
 import inspect
 import json
+import sys

 from flask import Flask, render_template

 from . import (
+    auth,
    db,
    entry,
    inventory,
@ -21,6 +23,10 @@ def create_app():

    db.init_app(app)

+    @app.before_request
+    def before_req_fun():
+        return auth.before_request()
+
    @app.context_processor
    def utility_processor():
        return dict(inspect.getmembers(template_utils, inspect.isfunction))
@ -28,8 +34,11 @@ def create_app():
    app.register_blueprint(location.bp)
    app.register_blueprint(inventory.bp)
    app.register_blueprint(entry.bp)
+    app.register_blueprint(auth.auth)
    @app.route("/")
    def index():
        return render_template("index.html")

+    print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr)
+
    return app
--- a/jon/auth.py
+++ b/jon/auth.py
@ -0,0 +1,44 @@
+from flask import Blueprint, request, redirect, make_response
+from . import db
+import random
+import string
+
+auth = Blueprint('auth', __name__)
+
+ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64))
+
+ERROR_TEXT =  """
+              For security-reasons we must make sure you are the person who executed jon :D <br />
+              <form action="" method="get">
+                  <input type="password" name="token" placeholder="Token" />
+                  <input type="hidden" hidden name="next" value="{next}" />
+                  <input type="submit" value="login" />
+              </form>
+              <hr />
+
+              """
+
+
+def before_request():
+    token = request.cookies.get('token')
+    if token == ACCESS_TOKEN:
+        pass
+    else:
+        token = request.args.get('token')
+        next: str = request.args.get('next') or "/"
+        if token is None:
+            # TODO: make template
+            return ERROR_TEXT.format(next=next) + "No token provided!"
+        if token != ACCESS_TOKEN:
+            return ERROR_TEXT.format(next=next) + "Invalid token!"
+        else:
+            resp = make_response(redirect(next))
+            resp.set_cookie('token', token)
+            return resp
+
+
+@auth.route('/logout')
+def logout():
+    resp = make_response(redirect("/"))
+    resp.set_cookie('token', "")
+    return resp
--- a/jon/templates/base.html
+++ b/jon/templates/base.html
@ -88,6 +88,7 @@
            {% endif %}
            </a>
          </li>
+          <li {{ "class=current-page" if request.path.startswith("/logout") else "" }}><a href="/logout">Logout</a></li>
        </ul>
      </nav>