fix secret
This commit is contained in:
parent
da20329942
commit
9f1212fcab
48
app.py
48
app.py
@ -30,36 +30,40 @@ def require_secret(f):
|
|||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
allowed_secrets = app.config['ALLOWED_SECRETS']
|
allowed_secrets = app.config['ALLOWED_SECRETS']
|
||||||
current_secret = session.get('secret')
|
|
||||||
today = date.today()
|
today = date.today()
|
||||||
# be nice if somebody hit you without a secret (no error)
|
|
||||||
if current_secret is None:
|
|
||||||
return render_template('index.html')
|
|
||||||
|
|
||||||
|
|
||||||
def is_valid(secret_data):
|
def is_valid(secret_data):
|
||||||
expiry_date = secret_data.get('expiry')
|
expiry_date = secret_data.get('expiry')
|
||||||
return expiry_date and today <= expiry_date
|
return expiry_date and today <= expiry_date
|
||||||
|
|
||||||
# Check if the secret stored in session is still valid
|
# Check if a secret was provided via GET parameter
|
||||||
if current_secret:
|
get_secret = request.args.get('secret')
|
||||||
secret_data = allowed_secrets.get(current_secret)
|
if get_secret is not None:
|
||||||
if secret_data and is_valid(secret_data):
|
secret_data = allowed_secrets.get(get_secret)
|
||||||
# Update FILE_ROOT based on the secret's configuration
|
if secret_data:
|
||||||
app.config['FILE_ROOT'] = secret_data.get('file_root')
|
if is_valid(secret_data):
|
||||||
return f(*args, **kwargs)
|
# Valid secret provided in URL: update session and config
|
||||||
|
session['secret'] = get_secret
|
||||||
|
app.config['FILE_ROOT'] = secret_data.get('file_root')
|
||||||
|
return f(*args, **kwargs)
|
||||||
|
else:
|
||||||
|
# Secret provided via URL is expired or invalid
|
||||||
|
return render_template('error.html', message="Invalid or expired secret."), 403
|
||||||
|
|
||||||
# Check secret from GET parameter
|
# If no secret provided via GET, check the session
|
||||||
secret = request.args.get('secret')
|
session_secret = session.get('secret')
|
||||||
if secret:
|
if session_secret is not None:
|
||||||
secret_data = allowed_secrets.get(secret)
|
secret_data = allowed_secrets.get(session_secret)
|
||||||
if secret_data and is_valid(secret_data):
|
if secret_data:
|
||||||
session['secret'] = secret
|
if is_valid(secret_data):
|
||||||
app.config['FILE_ROOT'] = secret_data.get('file_root')
|
app.config['FILE_ROOT'] = secret_data.get('file_root')
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
|
else:
|
||||||
|
# Session secret exists but is expired
|
||||||
|
return render_template('error.html', message="Invalid or expired secret."), 403
|
||||||
|
|
||||||
# If the secret is invalid or expired, show an error
|
# No secret provided at all; show the public index page
|
||||||
return render_template('error.html', message="Invalid or expired secret."), 403
|
return render_template('index.html')
|
||||||
|
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user