From 8f962804a43c814de7b30722a7aa5fc7bd3b0461 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Fri, 25 Aug 2023 16:36:53 +1000 Subject: [PATCH] main: Login fixes --- master/main.py | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/master/main.py b/master/main.py index 40697a1..733e91c 100644 --- a/master/main.py +++ b/master/main.py @@ -10,7 +10,7 @@ dotenv.load_dotenv() app = Flask(__name__) -loggins = [] +logins = [] # API add license key (requires API key in header) @app.route('/add-licence', methods=['POST']) @@ -447,33 +447,35 @@ def home(): return html # Admin page -@app.route('/admin', methods=['GET', 'POST']) +@app.route('/admin') def admin(): # Check if logged in login_key = request.cookies.get('login_key') + if login_key == None: + return "

Admin


" + if login_key not in logins: + return "

Admin


" + + return "

Admin


Logged in" + + +@app.route('/login', methods=['POST']) +def admin(): if request.method == 'POST': # Handle login + print('Login attempt', flush=True) password = request.form['password'] - if os.getenv(ADMIN_KEY) == password: + if os.getenv('ADMIN_KEY') == password: # Generate login key login_key = os.urandom(32).hex() - loggins.append(login_key) + logins.append(login_key) # Set cookie resp = make_response(redirect('/admin')) resp.set_cookie('login_key', login_key) return resp - if login_key == None: - return "

Admin


" - if login_key not in loggins: - return "

Admin


" - - return "

Admin


Logged in" - - -