Use password file instead of plaintext in config
This commit is contained in:
parent
622be944cd
commit
84b57d693d
|
@ -17,7 +17,6 @@ gunicorn = "^20.0.4"
|
||||||
[tool.poetry.scripts]
|
[tool.poetry.scripts]
|
||||||
redstring-check = "redstring.parser:main"
|
redstring-check = "redstring.parser:main"
|
||||||
redstring-server = "redstring.server:cli"
|
redstring-server = "redstring.server:cli"
|
||||||
redstring-backend = "redstring.server:wsgi"
|
|
||||||
|
|
||||||
[build-system]
|
[build-system]
|
||||||
requires = ["poetry>=0.12"]
|
requires = ["poetry>=0.12"]
|
||||||
|
|
|
@ -54,6 +54,19 @@ login_manager = LoginManager()
|
||||||
login_manager.login_view = 'login'
|
login_manager.login_view = 'login'
|
||||||
login_manager.init_app(app)
|
login_manager.init_app(app)
|
||||||
|
|
||||||
|
|
||||||
|
def check_password(app, password):
|
||||||
|
"""
|
||||||
|
Checks if a password is correct
|
||||||
|
"""
|
||||||
|
password_file = app.config['password_file']
|
||||||
|
with open(password_file) as f:
|
||||||
|
real_password = f.read().strip()
|
||||||
|
correct = password == real_password
|
||||||
|
del real_password
|
||||||
|
return correct
|
||||||
|
|
||||||
|
|
||||||
@login_manager.user_loader
|
@login_manager.user_loader
|
||||||
def load_user(user_id):
|
def load_user(user_id):
|
||||||
return Admin() if user_id == 'admin' else None
|
return Admin() if user_id == 'admin' else None
|
||||||
|
@ -83,8 +96,7 @@ def document(document_id):
|
||||||
@app.route('/login/', methods=['GET', 'POST'])
|
@app.route('/login/', methods=['GET', 'POST'])
|
||||||
def login():
|
def login():
|
||||||
form = LoginForm()
|
form = LoginForm()
|
||||||
if form.validate_on_submit():
|
if form.validate_on_submit() and check_password(current_app, form.password.data):
|
||||||
if form.password.data == app.config['login']:
|
|
||||||
login_user(Admin())
|
login_user(Admin())
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('index'))
|
||||||
return render_template('login.jinja', form=form)
|
return render_template('login.jinja', form=form)
|
||||||
|
@ -189,9 +201,11 @@ def edit(document_id):
|
||||||
return render_template('edit.jinja', document=doc, index=False)
|
return render_template('edit.jinja', document=doc, index=False)
|
||||||
|
|
||||||
|
|
||||||
def read_config(path):
|
def read_config(app, path):
|
||||||
with open(path) as f:
|
with open(path) as f:
|
||||||
config = json.load(f)
|
config = json.load(f)
|
||||||
|
app.config['root'] = config['root']
|
||||||
|
app.config['password_file'] = config['password_file']
|
||||||
return config
|
return config
|
||||||
|
|
||||||
|
|
||||||
|
@ -202,15 +216,11 @@ def cli():
|
||||||
parser.add_argument("--port", type=int, default=5000)
|
parser.add_argument("--port", type=int, default=5000)
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
config_path = args.config or os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
|
config_path = args.config or os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
|
||||||
config = read_config(config_path)
|
config = read_config(app, config_path)
|
||||||
app.config['root'] = config['root']
|
|
||||||
app.config['login'] = config['login']
|
|
||||||
app.run(debug=args.debug, port=args.port)
|
app.run(debug=args.debug, port=args.port)
|
||||||
|
|
||||||
|
|
||||||
def wsgi():
|
def wsgi():
|
||||||
config_path = os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
|
config_path = os.environ.get(CONFIG_ENVVAR) or '/etc/redstring.conf'
|
||||||
config = read_config(config_path)
|
config = read_config(app, config_path)
|
||||||
app.config['root'] = config['root']
|
|
||||||
app.config['login'] = config['login']
|
|
||||||
return app
|
return app
|
||||||
|
|
Loading…
Reference in New Issue