From 5e3146aa6af5e6313419bd27b05d662ba2617982 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Thu, 10 Jul 2025 23:57:27 +0200 Subject: [PATCH] decydowanie o zyciu cookie --- app.py | 56 ++++++++------------------------------------------------ 1 file changed, 8 insertions(+), 48 deletions(-) diff --git a/app.py b/app.py index 5d8c653..bb82bc1 100644 --- a/app.py +++ b/app.py @@ -34,6 +34,7 @@ DEFAULT_ADMIN_PASSWORD = app.config.get('DEFAULT_ADMIN_PASSWORD', 'admin123') UPLOAD_FOLDER = app.config.get('UPLOAD_FOLDER', 'uploads') ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif', 'webp'} AUTHORIZED_COOKIE_VALUE = app.config.get('AUTHORIZED_COOKIE_VALUE', '80d31cdfe63539c9') +AUTH_COOKIE_MAX_AGE = app.config.get('AUTH_COOKIE_MAX_AGE', 86400) os.makedirs(UPLOAD_FOLDER, exist_ok=True) @@ -250,14 +251,10 @@ def inject_time(): def inject_has_authorized_cookie(): return {'has_authorized_cookie': 'authorized' in request.cookies} -""" @app.before_request +@app.before_request def require_system_password(): if request.endpoint is None: return - - if request.endpoint in ['forbidden', 'not_found', 'internal_error', 'system_auth']: - return - if 'authorized' not in request.cookies \ and request.endpoint != 'system_auth' \ and not request.endpoint.startswith('login') \ @@ -281,39 +278,7 @@ def require_system_password(): from urllib.parse import urlparse, urlunparse parsed = urlparse(request.url) fixed_url = urlunparse(parsed._replace(netloc=request.host)) - return redirect(url_for('system_auth', next=fixed_url)) """ - -@app.before_request -def require_system_password(): - if request.endpoint is None: - return - - if request.endpoint in ['forbidden', 'not_found', 'internal_error', 'system_auth']: - return - - if 'authorized' not in request.cookies \ - and request.endpoint != 'system_auth' \ - and not request.endpoint.startswith('login') \ - and request.endpoint != 'favicon': - - if request.endpoint == 'static_bp.serve_js': - requested_file = request.view_args.get("filename", "") - if requested_file == "toasts.js": - return - if requested_file.endswith(".js"): - abort(403) # dla JS lepiej pokazać błąd, nie auth - else: - return - - if request.endpoint.startswith('static_bp.'): - return - - # Dla głównej strony i innych stron HTML – przekierowanie na auth - if request.path == '/': - return redirect(url_for('system_auth')) - else: - return redirect(url_for('system_auth', next=request.url)) - + return redirect(url_for('system_auth', next=fixed_url)) @app.template_filter('filemtime') def file_mtime_filter(path): @@ -353,15 +318,6 @@ def forbidden(e): message="Nie masz uprawnień do wyświetlenia tej strony." ), 403 -@app.errorhandler(500) -def internal_error(e): - return render_template( - 'errors.html', - code=500, - title="Błąd serwera", - message="Wystąpił nieoczekiwany błąd. Spróbuj ponownie później." - ), 500 - @app.route('/favicon.ico') def favicon_ico(): return redirect(url_for('static', filename='favicon.svg')) @@ -406,6 +362,9 @@ def main_page(): return render_template("main.html", user_lists=user_lists, public_lists=public_lists, archived_lists=archived_lists) +from flask import request, redirect, url_for, flash, render_template, make_response +# ... inne importy ... + @app.route('/system-auth', methods=['GET', 'POST']) def system_auth(): if current_user.is_authenticated or request.cookies.get('authorized') == AUTHORIZED_COOKIE_VALUE: @@ -423,7 +382,8 @@ def system_auth(): if request.form['password'] == SYSTEM_PASSWORD: reset_failed_attempts(ip) resp = redirect(next_page) - resp.set_cookie('authorized', AUTHORIZED_COOKIE_VALUE) + max_age = app.config.get('AUTH_COOKIE_MAX_AGE', 86400) + resp.set_cookie('authorized', AUTHORIZED_COOKIE_VALUE, max_age=max_age) return resp else: register_failed_attempt(ip)