Start toying with logins.

Use SECRET_KEY from environment. Remove (I believe) unnecessary config information.
2022-09-23 13:59:43 -04:00 · 2022-09-23 13:59:43 -04:00 · 6c56b17dfc
parent a9c256e74f
commit 6c56b17dfc
2 changed files with 16 additions and 7 deletions
--- a/undercover/init.py
+++ b/undercover/init.py
@ -13,14 +13,14 @@ def create_app(test_config=None):

    app = Flask(__name__, instance_relative_config=True)
    app.config.from_mapping(
-        SECRET_KEY='dev',
-        DATABASE=os.path.join(app.instance_path, 'undercover.sqlite'),
+        SECRET_KEY=os.environ['UNDERCOVER_SECRET_KEY'],
+        # DATABASE=os.path.join(app.instance_path, 'undercover.sqlite'),
    )

-    if test_config is None:
-        app.config.from_pyfile('config.py', silent=True)
-    else:
-        app.config.from_mapping(test_config)
+    # if test_config is None:
+    #     app.config.from_pyfile('config.py', silent=True)
+    # else:
+    #     app.config.from_mapping(test_config)

    os.makedirs(app.instance_path, exist_ok=True)

--- a/undercover/routes.py
+++ b/undercover/routes.py
@ -5,7 +5,7 @@ import subprocess
 import threading
 import urllib.parse

-from flask import (Blueprint, render_template, request, make_response)
+from flask import (Blueprint, render_template, request, make_response, session, redirect)
 from wtforms import Form, StringField, TextAreaField, validators

 import undercover.db as db
@ -63,6 +63,15 @@ class CLForm(Form):
    )


+@writing_blueprint.route('/login', methods=['POST'])
+def login_post():
+    username = request.form['username']
+    if db.login(username, request.form['password']):
+        session['username'] = username
+        return redirect('/')
+    return make_response("", 401)
+
+
@writing_blueprint.route('/', methods=['GET'])
 def index_get():
    global index_cache