diff --git a/app.py b/app.py index 5091bb8..5b44917 100644 --- a/app.py +++ b/app.py @@ -258,40 +258,45 @@ def inject_is_blocked(): @app.before_request def require_system_password(): + endpoint = request.endpoint + + # Wyjątki: lib js/css zawsze przepuszczamy + if endpoint in ('static_bp.serve_js_lib', 'static_bp.serve_css_lib'): + return ip = request.access_route[0] if is_ip_blocked(ip): abort(403) - - if request.endpoint is None: + + if endpoint is None: return - if request.endpoint == 'system_auth': + if endpoint == 'system_auth': return - if 'authorized' not in request.cookies \ - and not request.endpoint.startswith('login') \ - and request.endpoint != 'favicon': + if 'authorized' not in request.cookies and not endpoint.startswith('login') and endpoint != 'favicon': - if request.endpoint == 'static_bp.serve_js': + # Dla serve_js przepuszczamy tylko toasts.js + if endpoint == 'static_bp.serve_js': requested_file = request.view_args.get("filename", "") if requested_file == "toasts.js": - return + return if requested_file.endswith(".js"): return redirect(url_for('system_auth', next=request.url)) - else: - return + return - if request.endpoint.startswith('static_bp.'): + # Blokujemy pozostałe static_bp + if endpoint.startswith('static_bp.'): return if request.path == '/': return redirect(url_for('system_auth')) - else: - from urllib.parse import urlparse, urlunparse - parsed = urlparse(request.url) - fixed_url = urlunparse(parsed._replace(netloc=request.host)) - return redirect(url_for('system_auth', next=fixed_url)) + + from urllib.parse import urlparse, urlunparse + parsed = urlparse(request.url) + fixed_url = urlunparse(parsed._replace(netloc=request.host)) + return redirect(url_for('system_auth', next=fixed_url)) + @app.template_filter('filemtime') def file_mtime_filter(path):