From 404cc7a9bf1583fa860b29375ba40a97fa668faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Thu, 10 Jul 2025 23:18:19 +0200 Subject: [PATCH] fix serwowanie toasts.js i error handlery --- app.py | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/app.py b/app.py index 206b7ea..5d8c653 100644 --- a/app.py +++ b/app.py @@ -250,7 +250,7 @@ def inject_time(): def inject_has_authorized_cookie(): return {'has_authorized_cookie': 'authorized' in request.cookies} -@app.before_request +""" @app.before_request def require_system_password(): if request.endpoint is None: return @@ -281,7 +281,39 @@ def require_system_password(): from urllib.parse import urlparse, urlunparse parsed = urlparse(request.url) fixed_url = urlunparse(parsed._replace(netloc=request.host)) - return redirect(url_for('system_auth', next=fixed_url)) + return redirect(url_for('system_auth', next=fixed_url)) """ + +@app.before_request +def require_system_password(): + if request.endpoint is None: + return + + if request.endpoint in ['forbidden', 'not_found', 'internal_error', 'system_auth']: + return + + if 'authorized' not in request.cookies \ + and request.endpoint != 'system_auth' \ + and not request.endpoint.startswith('login') \ + and request.endpoint != 'favicon': + + if request.endpoint == 'static_bp.serve_js': + requested_file = request.view_args.get("filename", "") + if requested_file == "toasts.js": + return + if requested_file.endswith(".js"): + abort(403) # dla JS lepiej pokazać błąd, nie auth + else: + return + + if request.endpoint.startswith('static_bp.'): + return + + # Dla głównej strony i innych stron HTML – przekierowanie na auth + if request.path == '/': + return redirect(url_for('system_auth')) + else: + return redirect(url_for('system_auth', next=request.url)) + @app.template_filter('filemtime') def file_mtime_filter(path):