mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2024-12-22 21:24:28 +00:00
Fix login flow
This commit is contained in:
parent
deea5be452
commit
dbabbfc55d
1 changed files with 24 additions and 2 deletions
26
app.py
26
app.py
|
@ -23,6 +23,7 @@ import timeago
|
||||||
from bson.objectid import ObjectId
|
from bson.objectid import ObjectId
|
||||||
from dateutil import parser
|
from dateutil import parser
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
|
from flask import make_response
|
||||||
from flask import Response
|
from flask import Response
|
||||||
from flask import abort
|
from flask import abort
|
||||||
from flask import jsonify as flask_jsonify
|
from flask import jsonify as flask_jsonify
|
||||||
|
@ -345,11 +346,30 @@ def is_img(filename):
|
||||||
return _is_img(filename)
|
return _is_img(filename)
|
||||||
|
|
||||||
|
|
||||||
|
def add_response_headers(headers={}):
|
||||||
|
"""This decorator adds the headers passed in to the response"""
|
||||||
|
def decorator(f):
|
||||||
|
@wraps(f)
|
||||||
|
def decorated_function(*args, **kwargs):
|
||||||
|
resp = make_response(f(*args, **kwargs))
|
||||||
|
h = resp.headers
|
||||||
|
for header, value in headers.items():
|
||||||
|
h[header] = value
|
||||||
|
return resp
|
||||||
|
return decorated_function
|
||||||
|
return decorator
|
||||||
|
|
||||||
|
|
||||||
|
def noindex(f):
|
||||||
|
"""This decorator passes X-Robots-Tag: noindex, nofollow"""
|
||||||
|
return add_response_headers({'X-Robots-Tag': 'noindex, nofollow'})(f)
|
||||||
|
|
||||||
|
|
||||||
def login_required(f):
|
def login_required(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated_function(*args, **kwargs):
|
def decorated_function(*args, **kwargs):
|
||||||
if not session.get("logged_in"):
|
if not session.get("logged_in"):
|
||||||
return redirect(url_for("login", next=request.url))
|
return redirect(url_for("admin_login", next=request.url))
|
||||||
return f(*args, **kwargs)
|
return f(*args, **kwargs)
|
||||||
|
|
||||||
return decorated_function
|
return decorated_function
|
||||||
|
@ -445,6 +465,7 @@ def robots_txt():
|
||||||
|
|
||||||
|
|
||||||
@app.route("/media/<media_id>")
|
@app.route("/media/<media_id>")
|
||||||
|
@noindex
|
||||||
def serve_media(media_id):
|
def serve_media(media_id):
|
||||||
f = MEDIA_CACHE.fs.get(ObjectId(media_id))
|
f = MEDIA_CACHE.fs.get(ObjectId(media_id))
|
||||||
resp = app.response_class(f, direct_passthrough=True, mimetype=f.content_type)
|
resp = app.response_class(f, direct_passthrough=True, mimetype=f.content_type)
|
||||||
|
@ -484,6 +505,7 @@ def admin_logout():
|
||||||
|
|
||||||
|
|
||||||
@app.route("/login", methods=["POST", "GET"])
|
@app.route("/login", methods=["POST", "GET"])
|
||||||
|
@noindex
|
||||||
def admin_login():
|
def admin_login():
|
||||||
if session.get("logged_in") is True:
|
if session.get("logged_in") is True:
|
||||||
return redirect(url_for("admin_notifications"))
|
return redirect(url_for("admin_notifications"))
|
||||||
|
@ -1840,7 +1862,7 @@ def indieauth_flow():
|
||||||
def indieauth_endpoint():
|
def indieauth_endpoint():
|
||||||
if request.method == "GET":
|
if request.method == "GET":
|
||||||
if not session.get("logged_in"):
|
if not session.get("logged_in"):
|
||||||
return redirect(url_for("login", next=request.url))
|
return redirect(url_for("admin_login", next=request.url))
|
||||||
|
|
||||||
me = request.args.get("me")
|
me = request.args.get("me")
|
||||||
# FIXME(tsileo): ensure me == ID
|
# FIXME(tsileo): ensure me == ID
|
||||||
|
|
Loading…
Reference in a new issue