Add footer

Revert to using ".."
Implement basic authentication
2024-02-14 14:01:25 +01:00 · 2024-02-14 13:35:34 +01:00 · 2024-02-14 13:30:57 +01:00
6 changed files with 103 additions and 5 deletions
--- a/config.toml.example
+++ b/config.toml.example
@ -1,6 +1,9 @@
 name = "Folder share"
 base_path = "/path/to/folder"
 favicon = "/.favicon.png"
+#password = "publicpass"
+admin_password = "verysecurepass"
+#footer = "Something something, made with love or whatever"

 [qbittorrent]
 base_url = "http://127.0.0.1:8080"
--- a/src/init.py
+++ b/src/init.py
@ -2,10 +2,11 @@

 import os

-from flask import Flask, render_template, send_file, request
+from flask import Flask, Response, render_template, send_file, request

 from . import file
 from . import config
+from . import auth

 app = Flask(
    __name__,
@ -21,6 +22,7 @@ app.jinja_env.globals.update(

@app.route('/', defaults={'path': ''})
@app.route('/<path:path>')
+@auth.requires_auth
 def index(path):
    internal_path = os.path.join(config.get('base_path'), path)
    path = '/' + path
@ -53,6 +55,7 @@ def index(path):
                path=path,
                dirs=dirs,
                files=files,
+                footer=config.get("footer"),
            ),
            200,
        )
@ -62,6 +65,7 @@ def index(path):


@app.route('/search')
+@auth.requires_auth
 def search():
    q = request.args.get('q', '')

@ -71,6 +75,7 @@ def search():
                "error.html",
                code=400,
                msg='No search string provided.',
+                footer=config.get('footer'),
            ),
            400,
        )
@ -85,3 +90,27 @@ def search():
        ),
        200,
    )
+
+
+@app.route('/auth', methods=['POST'])
+def auth_handle():
+    expected_pass = config.get('password')
+
+    if expected_pass is None:
+        return "You shouldn't be here.", 405
+
+    if request.form.get("pass", None) != expected_pass:
+        return render_template(
+            'auth.html',
+            path=request.form.get("location", "/"),
+            error_msg="Incorrect password",
+        ), 403
+
+    return Response(
+        "Redirecting...",
+        303,
+        {
+            'Location': request.form.get("location", "/"),
+            'Set-Cookie': 'film_session=To be changed',
+        }
+    )
--- a/src/auth.py
+++ b/src/auth.py
@ -0,0 +1,31 @@
+from functools import wraps
+
+from flask import request, render_template
+from . import config
+
+# FIXME: EVERYTHING is under the auth now, even files (makes sense)
+#        but that means that even the favicon requires authentication.
+
+
+def auth_page(*args, **kwargs):
+    # TODO: Is there a better way of doing this?
+    path = f"{request.path}?{request.query_string.decode('utf-8')}"
+
+    return render_template("auth.html", path=path), 403
+
+
+def requires_auth(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        if config.get('password') in [False, None, ""]:
+            return f(*args, **kwargs)
+
+        if request.cookies.get('film_session', None) != 'To be changed':
+            # Not authenticated
+            return auth_page()
+
+        # User properly authenticated
+        print(request.cookies['film_session'])
+        return f(*args, **kwargs)
+
+    return decorated
--- a/static/style/main.css
+++ b/static/style/main.css
@ -1,7 +1,12 @@
+html {
+    min-height: 100%;
+}
+
 body {
-  background-color: #191919;
-	color: white;
-	font-family: monospace;
+    background-color: #191919;
+    color: white;
+    font-family: monospace;
+    margin-bottom: 100px;
 }

 a {
@ -18,6 +23,17 @@ input {
    background-color: white;
 }

+footer {
+    background-color: black;
+    position: fixed;
+    left: 0;
+    bottom: 0;
+    width: calc(100vw - 20px);
+    padding: 10px;
+    text-align: center;
+    overflow: hidden;
+}
+
 .base_path {
    color: grey;
 }
--- a/templates/auth.html
+++ b/templates/auth.html
@ -0,0 +1,13 @@
+{% extends 'base.html' %}
+
+{% block title %}Secret required{% endblock %}
+
+{% block body %}
+<h1>Secret required</h1>
+<form method="POST" action="/auth">
+    <input type="hidden" name="location" value="{{ path }}">
+    <input type="text" name="pass" />
+    <input type="submit" />
+</form>
+<p style="color:red;">{{ error_msg|default('') }}</p>
+{% endblock %}
--- a/templates/directory.html
+++ b/templates/directory.html
@ -11,7 +11,7 @@
    <br />

    {% if path != "/" %}
-    <a href=".">&lt;--</a>
+    <a href="../">&lt;--</a>
    <br /><br />
    {% endif %}

@ -29,4 +29,10 @@
    <a href="{{ path_join(path, file) }}">{{ file }}</a><br />
    {% endfor %}

+    {% if footer not in [None, False, ""] %}
+    <footer>
+        {{ footer }}
+    </footer>
+    {% endif %}
+
 {% endblock %}
Author	SHA1	Message	Date
Dendy	46ca66acb9	Add footer	2024-02-14 14:01:25 +01:00
Dendy	7bc2858cd6	Revert to using ".."	2024-02-14 13:35:34 +01:00
Dendy	cf694a0d61	Implement basic authentication Initial working implementation, would require more polishing, but at least it works for now.	2024-02-14 13:30:57 +01:00