progress

2020-03-10 12:33:57 -07:00
parent 3ae7b05b9b
commit 691d54ee3e
10 changed files with 361 additions and 44 deletions
--- a/tvid/server.py
+++ b/tvid/server.py
@@ -15,6 +15,7 @@ from sqlalchemy.ext.declarative import declarative_base
 from bottle.ext import sqlalchemy
 from pprint import pprint
 from sqlalchemy import create_engine
+import urllib.parse
 import os
 import random
 import string
@@ -25,7 +26,7 @@ PORT = os.environ.get('PORT', 8080)
 DEBUG = os.environ.get('DEBUG', False)
 SQLITE_FILENAME = os.environ.get('SQLITE_FILENAME','/data/db.sqlite')
 DATABASE_URL = os.environ.get('DATABASE_URL','sqlite:///' + SQLITE_FILENAME)
-ADMINPSK = os.environ.get('ADMINPSK','hunter2')
+ADMIN_PSK = os.environ.get('ADMIN_PSK','hunter2')

 # sorry for global
 SQLBASE = declarative_base()
@@ -109,22 +110,57 @@ def serve():
    # FIXME make this use sessions instead of just storing PSK in a cookie
    # https://bottlepy.org/docs/dev/recipes.html
    @app.get('/admin')
-    def adminpage():
-        c = request.get_cookie("adminpw")
+    def adminpage(db):
+        c = request.get_cookie("psk")
+        if not c:
+            redirect('/login')
+            return
+        if c != ADMIN_PSK:
+            redirect('/logout')
+            return
+        tvs = db.query(TV).order_by(TV.lastSeen)
+        return template('adminpanel', tvs=tvs, version=VERSION)

-        # FIXME check their 'adminpw' cookie here, redirect to /loign
-        return "Hello World!"
-
-    # here we ask for a password and cookie them and bounce them back to /admin
-    @app.get('/login')
-    def checklogin():
+    @app.post('/admin')
+    def savesettings():
+        c = request.get_cookie("psk")
+        if not c:
+            redirect('/login')
+            return
+        if c != ADMIN_PSK:
+            redirect('/logout')
+            return
        raise NotImplementedError()
-        #response.set_cookie("adminpw", whatever)
-        redirect('/login')

-    @app.get('/logut')
+    # here we ask for a password:
+    @app.get('/login')
+    def loginform():
+        msg = request.GET.msg
+        return template('loginform', version=VERSION, msg=msg)
+
+    @app.post('/checklogin')
+    def checklogin():
+        attemptedPass = request.forms.get('password')
+        if not attemptedPass:
+            redirect(
+                '/login?msg=' +
+                urllib.parse.quote_plus(u"Incorrect password.")
+            )
+            return
+        if attemptedPass != ADMIN_PSK:
+            redirect(
+                '/login?msg=' +
+                urllib.parse.quote_plus(u"Incorrect password.")
+            )
+            return
+        # password is right, cookie them:
+        response.set_cookie("psk", attemptedPass)
+        redirect('/admin')
+        return
+
+    @app.get('/logout')
    def logout():
-        response.set_cookie("adminpw", "")
+        response.set_cookie("psk", "")
        redirect('/login')

    app.run(host='0.0.0.0', port=PORT, debug=DEBUG)