nathanwoodburn/hnshosting-wp
nathanwoodburn/hnshosting-wp
1
0
Fork 0
Code Issues Pull Requests Actions 28 Packages Projects Releases Wiki Activity

main: Login fixes
All checks were successful
Build Docker / Build Bot (push) Successful in 25s
Details
Build Docker / Build Master (push) Successful in 27s
Details

Browse Source
This commit is contained in:
Nathan Woodburn 2023-08-25 16:36:53 +10:00
parent 9e485265af
commit 8f962804a4
Signed by: nathanwoodburn
GPG Key ID: 203B000478AD0EF1
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
master/main.py
View File

@ -10,7 +10,7 @@ dotenv.load_dotenv()
app = Flask(__name__) app = Flask(__name__)
loggins = [] logins = []
# API add license key (requires API key in header) # API add license key (requires API key in header)
@app.route('/add-licence', methods=['POST']) @app.route('/add-licence', methods=['POST'])
@ -447,33 +447,35 @@ def home():
return html return html
# Admin page # Admin page
@app.route('/admin', methods=['GET', 'POST']) @app.route('/admin')
def admin(): def admin():
# Check if logged in # Check if logged in
login_key = request.cookies.get('login_key') login_key = request.cookies.get('login_key')
if login_key == None:
return "<h1>Admin</h1><br><form action='/login' method='POST'><input type='password' name='Master API'><input type='submit' value='Login'></form>"
if login_key not in logins:
return "<h1>Admin</h1><br><form action='/login' method='POST'><input type='password' name='Master API'><input type='submit' value='Login'></form>"
return "<h1>Admin</h1><br>Logged in"
@app.route('/login', methods=['POST'])
def admin():
if request.method == 'POST': if request.method == 'POST':
# Handle login # Handle login
print('Login attempt', flush=True)
password = request.form['password'] password = request.form['password']
if os.getenv(ADMIN_KEY) == password: if os.getenv('ADMIN_KEY') == password:
# Generate login key # Generate login key
login_key = os.urandom(32).hex() login_key = os.urandom(32).hex()
loggins.append(login_key) logins.append(login_key)
# Set cookie # Set cookie
resp = make_response(redirect('/admin')) resp = make_response(redirect('/admin'))
resp.set_cookie('login_key', login_key) resp.set_cookie('login_key', login_key)
return resp return resp
if login_key == None:
return "<h1>Admin</h1><br><form action='/admin' method='POST'><input type='password' name='Master API'><input type='submit' value='Login'></form>"
if login_key not in loggins:
return "<h1>Admin</h1><br><form action='/admin' method='POST'><input type='password' name='Master API'><input type='submit' value='Login'></form>"
return "<h1>Admin</h1><br>Logged in"