gru/lista_zakupowa_live
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

poprawki w autoryzacji

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-07-11 11:21:17 +02:00
parent 18c34d8093
commit add29fbb30
1 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
app.py
View File

@@ -258,40 +258,45 @@ def inject_is_blocked():
@app.before_request
def require_system_password():
endpoint = request.endpoint
# Wyjątki: lib js/css zawsze przepuszczamy
if endpoint in ('static_bp.serve_js_lib', 'static_bp.serve_css_lib'):
return
ip = request.access_route[0]
if is_ip_blocked(ip):
abort(403)
if request.endpoint is None:
if endpoint is None:
return
if request.endpoint == 'system_auth':
if endpoint == 'system_auth':
return
if 'authorized' not in request.cookies \
and not request.endpoint.startswith('login') \
and request.endpoint != 'favicon':
if 'authorized' not in request.cookies and not endpoint.startswith('login') and endpoint != 'favicon':
if request.endpoint == 'static_bp.serve_js':
# Dla serve_js przepuszczamy tylko toasts.js
if endpoint == 'static_bp.serve_js':
requested_file = request.view_args.get("filename", "")
if requested_file == "toasts.js":
return
return
if requested_file.endswith(".js"):
return redirect(url_for('system_auth', next=request.url))
else:
return
return
if request.endpoint.startswith('static_bp.'):
# Blokujemy pozostałe static_bp
if endpoint.startswith('static_bp.'):
return
if request.path == '/':
return redirect(url_for('system_auth'))
else:
from urllib.parse import urlparse, urlunparse
parsed = urlparse(request.url)
fixed_url = urlunparse(parsed._replace(netloc=request.host))
return redirect(url_for('system_auth', next=fixed_url))
from urllib.parse import urlparse, urlunparse
parsed = urlparse(request.url)
fixed_url = urlunparse(parsed._replace(netloc=request.host))
return redirect(url_for('system_auth', next=fixed_url))
@app.template_filter('filemtime')
def file_mtime_filter(path):