diginaut/staticshield
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplified the configuration items

Browse Source
This commit is contained in:
Michiel Scholten
2025-03-19 11:51:35 +01:00
parent 0c536445a1
commit fcf50ac7ab
1 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
staticshield.py
View File

@@ -30,6 +30,9 @@ app.config['SESSION_PERMANENT'] = False
app.config['SESSION_TYPE'] = 'filesystem'
Session(app)
# Verify the required configuration
# SERVE_DIR: Base dir of the files we want to serve; Flask will take care not to escape this dir
# MOTHERSHIP: Mothership server and login-url, which will redirect here with a sessionstart/SEKRIT
config_vars = ['SERVE_DIR', 'MOTHERSHIP']
for config_var in config_vars:
if config_var not in app.config:
@@ -38,12 +41,6 @@ for config_var in config_vars:
else:
app.logger.info('Config env %s with value "%s"', config_var, app.config[config_var])
# Base dir of the files we want to serve; Flask will take care not to escape this dir
SERVE_DIR = app.config['SERVE_DIR']
# Mothership server and login-url, which will redirect here with a sessionstart/SEKRIT
MOTHERSHIP = app.config['MOTHERSHIP']
@app.route('/<path:path>', methods=['GET', 'POST'])
def all_routes(path):
@@ -70,7 +67,7 @@ def all_routes(path):
# Mothership will invalidate this secret token upon handling this request to prevent replay
try:
app.logger.info('verifying token "%s"', secret)
with urllib.request.urlopen(f'{MOTHERSHIP}/verify/{secret}') as response:
with urllib.request.urlopen(f'{app.config["MOTHERSHIP"]}/verify/{secret}') as response:
challenge_response = response.read()
print(challenge_response)
try:
@@ -102,13 +99,13 @@ def all_routes(path):
callback_url = f'{request.host_url}sessionstart/'
# No session yet, redirect to mothership
app.logger.info('Redirecting to mothership with %s', original_url)
return redirect(f'{MOTHERSHIP}/login?redirect={original_url}&callback={callback_url}')
return redirect(f'{app.config["MOTHERSHIP"]}/login?redirect={original_url}&callback={callback_url}')
file_path = os.path.join(SERVE_DIR, path)
file_path = os.path.join(app.config['SERVE_DIR'], path)
if os.path.isfile(file_path):
app.logger.info('Serving file %s', str(file_path))
# This takes a base directory and a path, and ensures that the path is contained in the directory, which makes it safe to accept user-provided paths.
return send_from_directory(SERVE_DIR, path)
return send_from_directory(app.config['SERVE_DIR'], path)
else:
app.logger.error('File not found: %s', str(file_path))
return 'Sorry, 404'