diff --git a/.gitignore b/.gitignore
index f595e2c..be3c745 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
*.sw*
*.pyc
+*.cfg
.vim-session
*~
venv
diff --git a/blog.service b/blog.service
index d67ad3b..0f5bc4c 100644
--- a/blog.service
+++ b/blog.service
@@ -7,6 +7,7 @@ User=http
Group=http
WorkingDirectory=/srv/http/riotblog
ExecStart=/usr/bin/uwsgi --ini /srv/http/riotblog/blog.ini
+Environment="RIOTBLOG_SETTINGS=/srv/http/riotblog/riotblog_prod.cfg"
[Install]
WantedBy=multi.user.target
diff --git a/build/blog.service b/build/blog.service
index d67ad3b..0f5bc4c 100644
--- a/build/blog.service
+++ b/build/blog.service
@@ -7,6 +7,7 @@ User=http
Group=http
WorkingDirectory=/srv/http/riotblog
ExecStart=/usr/bin/uwsgi --ini /srv/http/riotblog/blog.ini
+Environment="RIOTBLOG_SETTINGS=/srv/http/riotblog/riotblog_prod.cfg"
[Install]
WantedBy=multi.user.target
diff --git a/build/requirements.txt b/build/requirements.txt
index 19881b4..ec5fd59 100644
--- a/build/requirements.txt
+++ b/build/requirements.txt
@@ -12,6 +12,7 @@ flask-appconfig==0.11.1
Flask-Bootstrap==3.3.7.1
Flask-Login==0.4.0
flask-marshmallow==0.7.0
+Flask-WTF==0.14.2
greenlet==0.4.12
idna==2.2
itsdangerous==0.24
@@ -39,4 +40,5 @@ virtualenv-clone==0.2.6
virtualenvwrapper==4.7.2
visitor==0.1.3
Werkzeug==0.11.15
+WTForms==2.1
youtube-dl==2017.1.28
diff --git a/build/templates/index.html b/build/templates/index.html
index 18130ad..eaf8bd2 100644
--- a/build/templates/index.html
+++ b/build/templates/index.html
@@ -10,7 +10,7 @@
-
+
diff --git a/build/website.py b/build/website.py
index 14d6178..0db6bbb 100755
--- a/build/website.py
+++ b/build/website.py
@@ -5,6 +5,7 @@ from flask import abort, Flask, render_template, flash, request, send_from_direc
from werkzeug.local import Local, LocalProxy, LocalManager
from flask_appconfig import AppConfig
from flask_login import LoginManager, login_required
+from flask_wtf.csrf import CSRFProtect
from urllib.parse import unquote
from urllib.parse import quote, unquote
@@ -92,6 +93,8 @@ def NeverWhere(configfile=None):
"""
return posts.savepost(**request.form)
+ # default, not found error
+
@app.route("/")
def page_not_found(path):
return "Oops, couldn't find that :/"
@@ -100,7 +103,13 @@ def NeverWhere(configfile=None):
app = NeverWhere()
+app.config.from_envvar('RIOTBLOG_SETTINGS')
+
login_manager.init_app(app)
+csrf = CSRFProtect()
+
+csrf.init_app(app)
+
if __name__ == "__main__":
NeverWhere("./appconfig").run(host="localhost", port=8001, debug=True)
diff --git a/fabfile.py b/fabfile.py
index edb2681..3cd99db 100644
--- a/fabfile.py
+++ b/fabfile.py
@@ -35,6 +35,7 @@ def buildLocalVenv():
def copyFiles():
local("cp ./{blog.ini,blog.service,requirements.txt} ./build/")
local("cp ./src/*py ./build/")
+ local("cp *.cfg ./build/")
local("cp ./src/styles/*.css ./build/styles/")
local("uglifycss ./build/styles/*css > ./build/styles/primop.me.min.css")
local("cp -r ./src/templates ./build/templates")
diff --git a/src/templates/index.html b/src/templates/index.html
index 18130ad..eaf8bd2 100644
--- a/src/templates/index.html
+++ b/src/templates/index.html
@@ -10,7 +10,7 @@
-
+
diff --git a/src/website.py b/src/website.py
index f3dc9e8..0db6bbb 100755
--- a/src/website.py
+++ b/src/website.py
@@ -5,6 +5,7 @@ from flask import abort, Flask, render_template, flash, request, send_from_direc
from werkzeug.local import Local, LocalProxy, LocalManager
from flask_appconfig import AppConfig
from flask_login import LoginManager, login_required
+from flask_wtf.csrf import CSRFProtect
from urllib.parse import unquote
from urllib.parse import quote, unquote
@@ -102,7 +103,13 @@ def NeverWhere(configfile=None):
app = NeverWhere()
+app.config.from_envvar('RIOTBLOG_SETTINGS')
+
login_manager.init_app(app)
+csrf = CSRFProtect()
+
+csrf.init_app(app)
+
if __name__ == "__main__":
NeverWhere("./appconfig").run(host="localhost", port=8001, debug=True)