basic login and csrf working

8 years ago · bba7d358e4
8 changed files with 75 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,3 +10,4 @@ node_modules
 deploy.sh
 tags
 build
 .sass_cache
--- a/src/admin.py
+++ b/src/admin.py
@ -0,0 +1,17 @@
 #! /usr/bin/python3
 class Admin:
    def __init__(self):
        return
    def is_authenticated(self):
        return True
    def is_active(self):
        return True
    def is_anonymous(self):
        return False
    def get_id(self):
        return "admin"
--- a/src/scripts/editor.js
+++ b/src/scripts/editor.js
@ -1,4 +1,4 @@
 import riot from 'riot';
 import './editor.tag';
-
+axios.defaults.withCredentials = true
 riot.mount("editor");
--- a/src/scripts/editor.tag
+++ b/src/scripts/editor.tag
@ -2,8 +2,8 @@
  <div class="centered container">
    <div class="columns">
      <div class="column col-6">
-        <input ref="title"></input>
+        <span>title</span><input ref="title">
-        <input ref="author"></input>
+        <span>author</span><input ref="author"></input>
        <textarea onfocus={clearplaceholder}
                  onblur={checkplaceholder}
                  oninput={echo}
@ -75,12 +75,14 @@ submit() {
  var post = self.querystring.stringify({
      "title" : this.refs.title.value,
      "author" : this.refs.author.value,
-      "content" : this.refs.textarea.value
+      "content" : this.refs.textarea.value,
      "csrf_token" : this.opts.csrf_token
  });
  var headers = {
    "headers" : {
-      "Content-Type" : "application/x-www-form-urlencoded"
+      "Content-Type" : "application/x-www-form-urlencoded",
      "X-CSRFToken" : this.opts.csrf_token
    }
  };
--- a/src/scripts/post.tag
+++ b/src/scripts/post.tag
@ -108,9 +108,9 @@ setPost(pid, transition) {
            return;
          }
          self.opts.state.pid = pid;
-          self.author = postcontent[0].doc.author[0];
+          self.author = postcontent[0].doc.author;
-          self.content = postcontent[0].doc.content[0];
+          self.content = postcontent[0].doc.content;
-          self.title = postcontent[0].doc.title[0];
+          self.title = postcontent[0].doc.title;
          self.transition = transition;
          self.swipe = !self.swipe;
          self.nomore = false;
--- a/src/templates/login.html
+++ b/src/templates/login.html
@ -0,0 +1,19 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <head>
  <link rel="stylesheet" href="/styles/primop.me.min.css">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
  <meta name="viewport" content="width=device-width, initial-scale=1">
 </head>
 <html>
  <body>
    <section class="text-center nav navbar centered page-top navbar-section">
      <h1 class="blog-title">logged in status: {{ success }}</h1>
    </section>
    <footer class="footer">
    </footer>
  <script src="https://unpkg.com/axios/dist/axios.min.js"></script>
  <script type="text/javascript" src="/scripts/riotblog.min.js"></script>
  </body>
 </html>
--- a/src/templates/write.html
+++ b/src/templates/write.html
@ -11,8 +11,7 @@
  <body>
    {% block content %}
-    <editor>
+    <editor csrf_token="{{ csrf_token() }}"></editor>
    </editor>
    {% endblock %}
--- a/src/website.py
+++ b/src/website.py
@ -4,13 +4,15 @@ from functools import partial
 from flask import abort, Flask, render_template, flash, request, send_from_directory, jsonify
 from werkzeug.local import Local, LocalProxy, LocalManager
 from flask_appconfig import AppConfig
-from flask_login import LoginManager, login_required
+from flask_login import LoginManager, login_required, login_user
 from flask_wtf.csrf import CSRFProtect
 from urllib.parse import unquote
 from urllib.parse import quote, unquote
 from json import dumps, loads
 from admin import Admin
 from werkzeug.contrib.cache import MemcachedCache
 cache = MemcachedCache(['127.0.0.1:11211'])
@ -45,6 +47,22 @@ def NeverWhere(configfile=None):
        #return send_from_directory("/srv/http/goal/favicon.ico",
                                   #'favicon.ico', mimetype='image/vnd.microsoft.icon')
    @login_manager.user_loader
    def load_user(user_id):
        return Admin
    @app.route("/blog/admin_login", methods=("GET", "POST"))
    def admin_login():
        password = request.args.get("password")
        success = False
        if password == app.config["ADMIN_PASSWORD"]:
            print("logged in successfully")
            success = True
            login_user(Admin())
        else:
            print("did not log in successfully")
        return render_template("login.html", success=success)
    @app.route("/blog/projects", methods=("GET",))
    def projects():
        return jsonify(cacheit("projects", getProjects))
@ -91,7 +109,14 @@ def NeverWhere(configfile=None):
        """
        Insert a post, requires auth
        """
-        return posts.savepost(**request.form)
+
        author = request.form.get("author", "no author")
        title = request.form.get("title", "no title")
        content = request.form.get("content", "no content")
        post = {"author" : author, "title" : title, "content" : content}
        return posts.savepost(**post)
    # default, not found error