lelo/bethaus-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

allow admin access without valid link

Browse Source
This commit is contained in:
lelo 2025-09-07 19:20:42 +00:00
parent 038f014f9c
commit 8ee07b57eb
6 changed files with 17 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
analytics.py
View File

@ -2,12 +2,9 @@ import sqlite3
from flask import render_template, request, session from flask import render_template, request, session
from datetime import datetime, timedelta, timezone from datetime import datetime, timedelta, timezone
import geoip2.database import geoip2.database
from auth import require_secret
from collections import defaultdict from collections import defaultdict
import pandas as pd import pandas as pd
from typing import Optional, List, Tuple from typing import Optional, List, Tuple
import json
import os
import auth import auth
import helperfunctions as hf import helperfunctions as hf
@ -314,8 +311,6 @@ def songs_dashboard():
) )
@require_secret
def connections(): def connections():
title_short = app_config.get('TITLE_SHORT', 'Default Title') title_short = app_config.get('TITLE_SHORT', 'Default Title')
title_long = app_config.get('TITLE_LONG' , 'Default Title') title_long = app_config.get('TITLE_LONG' , 'Default Title')
@ -324,7 +319,7 @@ def connections():
title_short=title_short, title_short=title_short,
title_long=title_long) title_long=title_long)
@require_secret
def dashboard(): def dashboard():
if 'filetype' not in session: if 'filetype' not in session:
session['filetype'] = 'audio' session['filetype'] = 'audio'
@ -603,7 +598,6 @@ def dashboard():
) )
@require_secret
def file_access(): def file_access():
if 'timeframe' not in session: if 'timeframe' not in session:
session['timeframe'] = 'last24hours' session['timeframe'] = 'last24hours'

12
app.py
View File

@ -43,16 +43,16 @@ if os.environ.get('FLASK_ENV') == 'production':
app.config['SESSION_COOKIE_SAMESITE'] = 'None' app.config['SESSION_COOKIE_SAMESITE'] = 'None'
app.config['SESSION_COOKIE_SECURE'] = True app.config['SESSION_COOKIE_SECURE'] = True
app.add_url_rule('/dashboard', view_func=a.dashboard) app.add_url_rule('/dashboard', view_func=auth.require_admin(a.dashboard))
app.add_url_rule('/file_access', view_func=a.file_access) app.add_url_rule('/file_access', view_func=auth.require_admin(a.file_access))
app.add_url_rule('/connections', view_func=a.connections) app.add_url_rule('/connections', view_func=auth.require_admin(a.connections))
app.add_url_rule('/mylinks', view_func=auth.mylinks) app.add_url_rule('/mylinks', view_func=auth.require_secret(auth.mylinks))
app.add_url_rule('/songs_dashboard', view_func=auth.require_admin(a.songs_dashboard))
app.add_url_rule('/remove_secret', view_func=auth.remove_secret, methods=['POST']) app.add_url_rule('/remove_secret', view_func=auth.remove_secret, methods=['POST'])
app.add_url_rule('/remove_token', view_func=auth.remove_token, methods=['POST']) app.add_url_rule('/remove_token', view_func=auth.remove_token, methods=['POST'])
app.add_url_rule('/searchcommand', view_func=search.searchcommand, methods=['POST']) app.add_url_rule('/searchcommand', view_func=search.searchcommand, methods=['POST'])
app.add_url_rule('/songs_dashboard', view_func=a.songs_dashboard)
app.add_url_rule('/admin/folder_secret_config_editor', view_func=auth.require_admin(fsce.folder_secret_config_editor), methods=['GET', 'POST']) app.add_url_rule('/admin/folder_secret_config_editor', view_func=auth.require_admin(fsce.folder_secret_config_editor), methods=['GET', 'POST'])
app.add_url_rule('/admin/folder_secret_config_editor/data', view_func=auth.require_admin(auth.load_folder_config)) app.add_url_rule('/admin/folder_secret_config_editor/data', view_func=auth.require_admin(auth.load_folder_config))
app.add_url_rule('/admin/folder_secret_config_editor/action', view_func=auth.require_admin(fsce.folder_secret_config_action), methods=['POST']) app.add_url_rule('/admin/folder_secret_config_editor/action', view_func=auth.require_admin(fsce.folder_secret_config_action), methods=['POST'])

3
auth.py
View File

@ -181,7 +181,6 @@ def require_secret(f):
def require_admin(f): def require_admin(f):
@wraps(f) @wraps(f)
@require_secret
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
if is_admin(): if is_admin():
return f(*args, **kwargs) return f(*args, **kwargs)
@ -197,7 +196,7 @@ def save_folder_config(data):
json.dump(folder_config, file, indent=4) json.dump(folder_config, file, indent=4)
return folder_config return folder_config
@require_secret
def mylinks(): def mylinks():
scheme = request.scheme # current scheme (http or https) scheme = request.scheme # current scheme (http or https)
valid_secrets = session.get('valid_secrets', []) valid_secrets = session.get('valid_secrets', [])

6
folder_secret_config_editor.py
View File

@ -1,8 +1,5 @@
from flask import Flask, request, jsonify, render_template from flask import Flask, request, jsonify, render_template
import json
import os
from datetime import datetime from datetime import datetime
import secrets
import string import string
import auth import auth
@ -12,7 +9,6 @@ app_config = auth.return_app_config()
ALPHABET = string.ascii_letters + string.digits ALPHABET = string.ascii_letters + string.digits
@auth.require_admin
def folder_secret_config_editor(): def folder_secret_config_editor():
title_short = app_config.get('TITLE_SHORT', 'Default Title') title_short = app_config.get('TITLE_SHORT', 'Default Title')
title_long = app_config.get('TITLE_LONG' , 'Default Title') title_long = app_config.get('TITLE_LONG' , 'Default Title')
@ -22,7 +18,7 @@ def folder_secret_config_editor():
title_short=title_short, title_short=title_short,
title_long=title_long) title_long=title_long)
@auth.require_admin
def folder_secret_config_action(): def folder_secret_config_action():
p = request.get_json() p = request.get_json()
data = auth.return_folder_config() data = auth.return_folder_config()

8
templates/base.html
View File

@ -7,14 +7,6 @@
<title>{% block title %}Meine Links{% endblock %}</title> <title>{% block title %}Meine Links{% endblock %}</title>
<!-- Android Theme Color --> <!-- Android Theme Color -->
<meta name="theme-color" content="#000"> <meta name="theme-color" content="#000">

31
templates/permission.html
View File

@ -1,27 +1,12 @@
<!doctype html> {# templates/file_access.html #}
<html> {% extends 'base.html' %}
<head>
<meta charset="utf-8">
<meta property="og:title" content="{{ title_long }}" /> {# page title #}
<meta property="og:description" content="... uns aber, die wir gerettet werden, ist es eine Gotteskraft." /> {% block title %}Dateizugriffe{% endblock %}
<meta property="og:image" content="/icon/logo-300x300.png" />
<title>{{ title_long }}</title> {# page content #}
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> {% block content %}
<link rel="stylesheet" href="{{ url_for('static', filename='theme.css') }}">
<link rel="stylesheet" href="{{ url_for('static', filename='app.css') }}">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet">
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
</head>
<body>
<header class="site-header">
<img src="/custom_logo/logoW.png" alt="Logo" class="logo">
<h1>{{ title_long }}</h1>
</header>
<div class="container"> <div class="container">
<div class="alert alert-warning">Du hast keine Links die noch gültig sind.<br>Bitte den Freigabelink erneut anklicken.</div> <div class="alert alert-warning">Du hast keine gültige Freigaben.<br>Bitte Ordner mit einem Freigabelink freischalten.</div>
</div> </div>
</body> {% endblock %}
</html>