From 84b57d693d29b0651363a971089b287bf8f8a697 Mon Sep 17 00:00:00 2001
From: Tim Van Baak <tim.vanbaak@gmail.com>
Date: Thu, 18 Feb 2021 16:29:11 -0800
Subject: [PATCH] Use password file instead of plaintext in config

---
 pyproject.toml      |  1 -
 redstring/server.py | 32 +++++++++++++++++++++-----------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 3471c57..3505359 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -17,7 +17,6 @@ gunicorn = "^20.0.4"
 [tool.poetry.scripts]
 redstring-check = "redstring.parser:main"
 redstring-server = "redstring.server:cli"
-redstring-backend = "redstring.server:wsgi"
 
 [build-system]
 requires = ["poetry>=0.12"]
diff --git a/redstring/server.py b/redstring/server.py
index c3152c3..a62baf4 100644
--- a/redstring/server.py
+++ b/redstring/server.py
@@ -54,6 +54,19 @@ login_manager = LoginManager()
 login_manager.login_view = 'login'
 login_manager.init_app(app)
 
+
+def check_password(app, password):
+    """
+    Checks if a password is correct
+    """
+    password_file = app.config['password_file']
+    with open(password_file) as f:
+        real_password = f.read().strip()
+    correct = password == real_password
+    del real_password
+    return correct
+
+
 @login_manager.user_loader
 def load_user(user_id):
     return Admin() if user_id == 'admin' else None
@@ -83,10 +96,9 @@ def document(document_id):
 @app.route('/login/', methods=['GET', 'POST'])
 def login():
     form = LoginForm()
-    if form.validate_on_submit():
-        if form.password.data == app.config['login']:
-            login_user(Admin())
-            return redirect(url_for('index'))
+    if form.validate_on_submit() and check_password(current_app, form.password.data):
+        login_user(Admin())
+        return redirect(url_for('index'))
     return render_template('login.jinja', form=form)
 
 
@@ -189,9 +201,11 @@ def edit(document_id):
         return render_template('edit.jinja', document=doc, index=False)
 
 
-def read_config(path):
+def read_config(app, path):
     with open(path) as f:
         config = json.load(f)
+    app.config['root'] = config['root']
+    app.config['password_file'] = config['password_file']
     return config
 
 
@@ -202,15 +216,11 @@ def cli():
     parser.add_argument("--port", type=int, default=5000)
     args = parser.parse_args()
     config_path = args.config or os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
-    config = read_config(config_path)
-    app.config['root'] = config['root']
-    app.config['login'] = config['login']
+    config = read_config(app, config_path)
     app.run(debug=args.debug, port=args.port)
 
 
 def wsgi():
     config_path = os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
-    config = read_config(config_path)
-    app.config['root'] = config['root']
-    app.config['login'] = config['login']
+    config = read_config(app, config_path)
     return app