diff --git a/debug.sh b/debug.sh index 8d23dbc..fa05660 100755 --- a/debug.sh +++ b/debug.sh @@ -1,4 +1,7 @@ #!/bin/bash + +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd) + source venv/bin/activate -flask --app src/app --debug run +CONFIG_PATH=$SCRIPT_DIR/debug_config.py flask --app src/app --debug run diff --git a/debug_config.py b/debug_config.py new file mode 100644 index 0000000..cb70fcc --- /dev/null +++ b/debug_config.py @@ -0,0 +1 @@ +ADMIN_PASSWORD = 'abcdefgh' diff --git a/src/app.py b/src/app.py index edcd24b..aba1385 100644 --- a/src/app.py +++ b/src/app.py @@ -4,16 +4,21 @@ import string from flask import Flask import data.document -import app_globals def create_app(): app = Flask(__name__) - src_path = os.path.dirname(os.path.realpath(__file__)) - data.document.set_document_root(os.path.realpath(src_path+'/../data/doc')) - app_globals.data_root_dir = os.path.realpath(src_path+'/../data') + app.config.from_object('app_config') + app.config.from_envvar('CONFIG_PATH') - secret_key_path = app_globals.data_root_dir + '/flask-secret-key' + if len(app.config['ADMIN_PASSWORD']) < 8: + raise Exception("Missing or insecure admin password, please update your configuration file") + + if not app.config['DEBUG'] and app.config['ADMIN_PASSWORD'] == "abcdefgh": + raise Exception("Insecure admin password") + + # generate a new secret_key if needed, and store it in a file + secret_key_path = app.config['DATA_ROOT_DIR'] + '/flask-secret-key' if not os.path.isfile(secret_key_path): new_secret_key = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(20)) with open(secret_key_path, 'wb') as f: diff --git a/src/app_config.py b/src/app_config.py new file mode 100644 index 0000000..c283e0b --- /dev/null +++ b/src/app_config.py @@ -0,0 +1,8 @@ +import os + +src_path = os.path.dirname(os.path.realpath(__file__)) + +DATA_ROOT_DIR = os.path.realpath(src_path+'/../data') +DOCUMENT_ROOT_DIR = os.path.realpath(DATA_ROOT_DIR+'/doc') + +ADMIN_PASSWORD = '' # You must override this in config.py or the application won't start diff --git a/src/app_globals.py b/src/app_globals.py deleted file mode 100644 index 3351ceb..0000000 --- a/src/app_globals.py +++ /dev/null @@ -1 +0,0 @@ -admin_password = None diff --git a/src/data/document.py b/src/data/document.py index 16ee9c8..b844ea9 100644 --- a/src/data/document.py +++ b/src/data/document.py @@ -1,13 +1,11 @@ import os import uuid -from types import SimpleNamespace +from flask import current_app from web_utils.run import run import shutil from unicodedata import normalize import string -document_root = None - def os_path_separators(): seps = ['/','\\'] for sep in os.path.sep, os.path.altsep: @@ -120,11 +118,6 @@ class Document: result.append(doc) return result -def set_document_root(dir): - global document_root - document_root = dir - def get_document_root(): - global document_root - return document_root + return current_app.config['DOCUMENT_ROOT_DIR'] diff --git a/src/web/admin/admin.py b/src/web/admin/admin.py index 3ce2a1e..9919162 100644 --- a/src/web/admin/admin.py +++ b/src/web/admin/admin.py @@ -1,25 +1,12 @@ import os import random import string -from flask import Blueprint, render_template, session, redirect, url_for, request +from flask import current_app, Blueprint, render_template, session, redirect, url_for, request from data.document import Document -import app_globals bp = Blueprint('admin', __name__, url_prefix='/admin') -def get_admin_password(): - password_path = app_globals.data_root_dir + '/admin-password' - if not os.path.isfile(password_path): - new_password = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(12)) - with open(password_path, 'wb') as f: - f.write(new_password.encode()) - with open(password_path, 'rb') as f: - result = f.read().decode().replace('\n', '').replace('\r', '') - if len(result) < 12: - raise Exception("Internal error: insecure password") - return result - @bp.before_app_request def authenticate(): print(request.path) @@ -36,7 +23,7 @@ def index(): @bp.route('/login', methods=['GET', 'POST']) def login(): - correct_password = get_admin_password() + correct_password = current_app.config['ADMIN_PASSWORD'] if request.method == 'POST': password = request.form.get('password') if password == correct_password: