diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-10-31 09:18:25 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-10-31 09:18:25 +0100 |
| commit | 4a244dd5d7ccf353061cafa0d0a97f7f04f59083 (patch) | |
| tree | 4a77d7f25458c654c9332948f29e9056accb781a | |
| parent | Replace wed server with flask. (diff) | |
| download | mu4web-4a244dd5d7ccf353061cafa0d0a97f7f04f59083.tar.gz mu4web-4a244dd5d7ccf353061cafa0d0a97f7f04f59083.tar.xz | |
Replace manual cookies with flask session.
| -rw-r--r-- | main.py | 43 |
1 files changed, 14 insertions, 29 deletions
@@ -16,6 +16,7 @@ from html_render import HTML, render_document from flask import ( Flask, + session, request, redirect, url_for, @@ -246,48 +247,40 @@ def index_page(username): )) -valid_session_cookies: dict[str, str] = {} - passwords: Passwords = password.Passwords(cast(os.PathLike, 'passwords.json')) -def is_logged_in(): - c = request.cookies.get('session') - if c and valid_session_cookies.get(c): - return valid_session_cookies[c] - return False - - app = Flask(__name__) +app.secret_key = 'THIS IS A RANDOM STRING' @app.route('/') def index(): - login = is_logged_in() - if not login: + username = session.get('username') + if not username: return redirect(url_for('login_page_', returnto=request.path)) if id := request.args.get('id'): print("id =", id) response = response_for(''.join(id).replace(' ', '+'), - login) + username) else: - response = index_page(login) + response = index_page(username) return response @app.route('/search') def search_page_(): - login = is_logged_in() - if not login: + username = session.get('username') + if not username: return redirect(url_for('login_page_', returnto=request.path)) return search_page(request.args.get('q'), request.args.get('by'), - login) + username) @app.route('/login', methods=['GET']) def login_page_(): - if not is_logged_in(): + if 'username' not in session: body = login_page(request.args.get('returnto')) return render_document(page_base(title='Login', body=body)) else: @@ -297,8 +290,7 @@ def login_page_(): @app.route('/login', methods=['POST']) def login_form(): - global valid_session_cookies - logged_in = is_logged_in() + logged_in = session.get('username') resp = redirect(request.args.get('returnto', url_for('index'))) if logged_in: @@ -308,9 +300,7 @@ def login_form(): username = request.form['username'] password = request.form['password'] if passwords.validate(username, password): - unique = str(uuid4()) - valid_session_cookies[unique] = username - resp.set_cookie('session', unique) + session['username'] = username else: flash('Invalid username or password') return resp @@ -318,16 +308,11 @@ def login_form(): @app.route('/logout', methods=['POST']) def logout_form(): - global valid_session_cookies - logged_in = is_logged_in() - if not logged_in: + if not session.get('username'): flash('Not logged in') return redirect(url_for('index')) - c = request.cookies.get('session') - if valid_session_cookies.get(c): - del valid_session_cookies[c] + session.pop('username', None) resp = redirect(url_for('index')) - resp.set_cookie('session', '') return resp |