From 23432327e92dc52b43165662a73b2b5122fbf8e4 Mon Sep 17 00:00:00 2001 From: Michiel Scholten Date: Wed, 19 Mar 2025 12:13:02 +0100 Subject: [PATCH] Handle explicit 'no' from the other side --- README.md | 3 ++- staticshield.py | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 69c969c..91fac27 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ Create a file (e.g., called `run.sh`) with the following: export FLASK_SERVE_DIR="/home/YOURUSER/workspace/somesite/build/html" export FLASK_MOTHERSHIP="http://localhost:8888/api/staticshield" export FLASK_SESSION_COOKIE_NAME="staticshield" +export FLASK_PERMANENT_SESSION_LIFETIME=7200 flask --app staticshield run ``` @@ -25,7 +26,7 @@ ruff check --fix --select I . ## Deploying -Create a virtualenv with flask, gunicorn: +Create a virtualenv with Flask and gunicorn to run it: ```bash # Example, create wherever you like diff --git a/staticshield.py b/staticshield.py index f01ab60..ddb63a2 100644 --- a/staticshield.py +++ b/staticshield.py @@ -56,6 +56,8 @@ def all_routes(path): # The path we should have gotten back is of the format: # /sessionstart/SEKRIT_TOKEN/ + # or, if the request is denied by the mothership: + # /sessionstart/denied secret_and_redirect = path.split('sessionstart/')[1] secret_redirect_split = secret_and_redirect.split('/') secret = secret_redirect_split[0] @@ -63,6 +65,10 @@ def all_routes(path): if len(secret_redirect_split) > 1: redirect_path = '/'.join(secret_redirect_split[1:]) + if secret == 'denied': + # Mother says no + return 'Unable to set up session', 403 + # Ask the mothership if the secret is known to them, to prevent someone from just making up a URL # Mothership will invalidate this secret token upon handling this request to prevent replay try: