Start toying with logins.

Use SECRET_KEY from environment.
Remove (I believe) unnecessary config information.
This commit is contained in:
Sage Vaillancourt 2022-09-23 13:59:43 -04:00
parent a9c256e74f
commit 6c56b17dfc
2 changed files with 16 additions and 7 deletions

View File

@ -13,14 +13,14 @@ def create_app(test_config=None):
app = Flask(__name__, instance_relative_config=True) app = Flask(__name__, instance_relative_config=True)
app.config.from_mapping( app.config.from_mapping(
SECRET_KEY='dev', SECRET_KEY=os.environ['UNDERCOVER_SECRET_KEY'],
DATABASE=os.path.join(app.instance_path, 'undercover.sqlite'), # DATABASE=os.path.join(app.instance_path, 'undercover.sqlite'),
) )
if test_config is None: # if test_config is None:
app.config.from_pyfile('config.py', silent=True) # app.config.from_pyfile('config.py', silent=True)
else: # else:
app.config.from_mapping(test_config) # app.config.from_mapping(test_config)
os.makedirs(app.instance_path, exist_ok=True) os.makedirs(app.instance_path, exist_ok=True)

View File

@ -5,7 +5,7 @@ import subprocess
import threading import threading
import urllib.parse import urllib.parse
from flask import (Blueprint, render_template, request, make_response) from flask import (Blueprint, render_template, request, make_response, session, redirect)
from wtforms import Form, StringField, TextAreaField, validators from wtforms import Form, StringField, TextAreaField, validators
import undercover.db as db import undercover.db as db
@ -63,6 +63,15 @@ class CLForm(Form):
) )
@writing_blueprint.route('/login', methods=['POST'])
def login_post():
username = request.form['username']
if db.login(username, request.form['password']):
session['username'] = username
return redirect('/')
return make_response("", 401)
@writing_blueprint.route('/', methods=['GET']) @writing_blueprint.route('/', methods=['GET'])
def index_get(): def index_get():
global index_cache global index_cache