Add alt_id to database for cookie management

update version
This commit is contained in:
Michał 2023-04-03 22:28:12 +00:00
parent 4e50a66514
commit af497b7da7
9 changed files with 36 additions and 30 deletions

View file

@ -27,6 +27,7 @@ from gallery import db
USER_DIR = platformdirs.user_config_dir('onlylegs') USER_DIR = platformdirs.user_config_dir('onlylegs')
db_session = sessionmaker(bind=db.engine) db_session = sessionmaker(bind=db.engine)
db_session = db_session() db_session = db_session()
login_manager = LoginManager() login_manager = LoginManager()
@ -67,10 +68,16 @@ def create_app(test_config=None):
login_manager.init_app(app) login_manager.init_app(app)
login_manager.login_view = 'gallery.index' login_manager.login_view = 'gallery.index'
login_manager.session_protection = 'strong'
@login_manager.user_loader @login_manager.user_loader
def load_user(user_id): def load_user(user_id):
return db_session.query(db.Users).filter_by(id=user_id).first() return db_session.query(db.Users).filter_by(alt_id=user_id).first()
@login_manager.unauthorized_handler
def unauthorized():
return render_template('error.html', error=401,
msg='You are not authorized to view this page!!!!'), 401
# Load JS assets # Load JS assets
# TODO: disable caching for sass files as it makes it hard to work on when it is enabled # TODO: disable caching for sass files as it makes it hard to work on when it is enabled
@ -83,9 +90,7 @@ def create_app(test_config=None):
def error_page(err): # noqa def error_page(err): # noqa
if not isinstance(err, HTTPException): if not isinstance(err, HTTPException):
abort(500) abort(500)
return render_template('error.html', return render_template('error.html', error=err.code, msg=err.description), err.code
error=err.code,
msg=err.description), err.code
# Load login, registration and logout manager # Load login, registration and logout manager
from gallery import auth from gallery import auth

View file

@ -3,10 +3,11 @@ OnlyLegs - Authentication
User registration, login and logout and locking access to pages behind a login User registration, login and logout and locking access to pages behind a login
""" """
import re import re
from uuid import uuid4
import logging import logging
from datetime import datetime as dt from datetime import datetime as dt
from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify, session
from werkzeug.security import check_password_hash, generate_password_hash from werkzeug.security import check_password_hash, generate_password_hash
from flask_login import login_user, logout_user, login_required from flask_login import login_user, logout_user, login_required
@ -87,7 +88,7 @@ def register():
if error: if error:
return jsonify(error) return jsonify(error)
register_user = db.Users(username=username, email=email, register_user = db.Users(alt_id=str(uuid4()), username=username, email=email,
password=generate_password_hash(password, method='sha256'), password=generate_password_hash(password, method='sha256'),
created_at=dt.utcnow()) created_at=dt.utcnow())
db_session.add(register_user) db_session.add(register_user)

View file

@ -27,7 +27,9 @@ class Users (base, UserMixin): # pylint: disable=too-few-public-methods, C0103
""" """
__tablename__ = 'users' __tablename__ = 'users'
# Gallery used information
id = Column(Integer, primary_key=True) id = Column(Integer, primary_key=True)
alt_id = Column(String, unique=True, nullable=False)
username = Column(String, unique=True, nullable=False) username = Column(String, unique=True, nullable=False)
email = Column(String, unique=True, nullable=False) email = Column(String, unique=True, nullable=False)
password = Column(String, nullable=False) password = Column(String, nullable=False)
@ -35,9 +37,11 @@ class Users (base, UserMixin): # pylint: disable=too-few-public-methods, C0103
posts = relationship('Posts', backref='users') posts = relationship('Posts', backref='users')
groups = relationship('Groups', backref='users') groups = relationship('Groups', backref='users')
session = relationship('Sessions', backref='users')
log = relationship('Logs', backref='users') log = relationship('Logs', backref='users')
def get_id(self):
return str(self.alt_id)
class Posts (base): # pylint: disable=too-few-public-methods, C0103 class Posts (base): # pylint: disable=too-few-public-methods, C0103
""" """
@ -91,22 +95,6 @@ class GroupJunction (base): # pylint: disable=too-few-public-methods, C0103
post_id = Column(Integer, ForeignKey('posts.id')) post_id = Column(Integer, ForeignKey('posts.id'))
class Sessions (base): # pylint: disable=too-few-public-methods, C0103
"""
Session table
Joins with user
"""
__tablename__ = 'sessions'
id = Column(Integer, primary_key=True)
user_id = Column(Integer, ForeignKey('users.id'))
session_uuid = Column(String, nullable=False)
ip_address = Column(String, nullable=False)
user_agent = Column(String, nullable=False)
active = Column(Boolean, nullable=False)
created_at = Column(DateTime, nullable=False)
class Logs (base): # pylint: disable=too-few-public-methods, C0103 class Logs (base): # pylint: disable=too-few-public-methods, C0103
""" """
Log table Log table

View file

@ -65,7 +65,7 @@ window.onload = function () {
'Using <a href="https://phosphoricons.com/">Phosphoricons</a> and ' + 'Using <a href="https://phosphoricons.com/">Phosphoricons</a> and ' +
'<a href="https://www.gent.media/manrope">Manrope</a> <br>' + '<a href="https://www.gent.media/manrope">Manrope</a> <br>' +
'Made by Fluffy and others with ❤️ <br>' + 'Made by Fluffy and others with ❤️ <br>' +
'<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.02</a>'); '<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.03</a>');
} }
} }
}; };

View file

@ -26,17 +26,23 @@
media="(prefers-color-scheme: dark)"/> media="(prefers-color-scheme: dark)"/>
{% assets "js_pre" %} {% assets "js_pre" %}
<script type="text/javascript" src="{{ ASSET_URL }}"></script> <script type="text/javascript" src="{{ ASSET_URL }}"></script>
{% endassets %} {% endassets %}
{% assets "js_post" %} {% assets "js_post" %}
<script type="text/javascript" src="{{ ASSET_URL }}" defer></script> <script type="text/javascript" src="{{ ASSET_URL }}" defer></script>
{% endassets %} {% endassets %}
{% assets "styles" %} {% assets "styles" %}
<link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer> <link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer>
{% endassets %} {% endassets %}
<style>
#modifyGroup {
padding: 0.5rem;
}
</style>
{% block head %}{% endblock %} {% block head %}{% endblock %}
</head> </head>
<body> <body>

View file

@ -4,4 +4,10 @@
{% block settings_content %} {% block settings_content %}
<h2>Account</h2> <h2>Account</h2>
<a href="{{ url_for( 'auth.logout' ) }}">Logout</a> <a href="{{ url_for( 'auth.logout' ) }}">Logout</a>
<p>Is session fresh?</p>
{% if fresh %}
<p>Yes</p>
{% else %}
<p>No</p>
{% endif %}
{% endblock %} {% endblock %}

View file

@ -2,7 +2,7 @@
OnlyLegs - Settings page OnlyLegs - Settings page
""" """
from flask import Blueprint, render_template from flask import Blueprint, render_template
from flask_login import login_required from flask_login import login_required, current_user
blueprint = Blueprint('settings', __name__, url_prefix='/settings') blueprint = Blueprint('settings', __name__, url_prefix='/settings')

View file

@ -1,6 +1,6 @@
[tool.poetry] [tool.poetry]
name = "onlylegs" name = "onlylegs"
version = "23.04.02" version = "23.04.03"
description = "Gallery built for fast and simple image management" description = "Gallery built for fast and simple image management"
authors = ["Fluffy-Bean <michal-gdula@protonmail.com>"] authors = ["Fluffy-Bean <michal-gdula@protonmail.com>"]
license = "MIT" license = "MIT"

2
run.py
View file

@ -14,7 +14,7 @@ print("""
#+# #+# #+# #+#+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+#+# #+# #+# #+# #+# #+# #+# #+# #+#
######## ### #### ########## ### ########## ######### ######### ######## ######## ### #### ########## ### ########## ######### ######### ########
Created by Fluffy Bean - Version 23.04.02 Created by Fluffy Bean - Version 23.04.03
""") """)