From fcf50ac7abe26c697e126c2cf9d8e66664c8c789 Mon Sep 17 00:00:00 2001
From: Michiel Scholten <michiel@diginaut.net>
Date: Wed, 19 Mar 2025 11:51:35 +0100
Subject: [PATCH] Simplified the configuration items

---
 staticshield.py | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/staticshield.py b/staticshield.py
index 8693eec..7015092 100644
--- a/staticshield.py
+++ b/staticshield.py
@@ -30,6 +30,9 @@ app.config['SESSION_PERMANENT'] = False
 app.config['SESSION_TYPE'] = 'filesystem'
 Session(app)
 
+# Verify the required configuration
+# SERVE_DIR: Base dir of the files we want to serve; Flask will take care not to escape this dir
+# MOTHERSHIP: Mothership server and login-url, which will redirect here with a sessionstart/SEKRIT
 config_vars = ['SERVE_DIR', 'MOTHERSHIP']
 for config_var in config_vars:
     if config_var not in app.config:
@@ -38,12 +41,6 @@ for config_var in config_vars:
     else:
         app.logger.info('Config env %s with value "%s"', config_var, app.config[config_var])
 
-# Base dir of the files we want to serve; Flask will take care not to escape this dir
-SERVE_DIR = app.config['SERVE_DIR']
-
-# Mothership server and login-url, which will redirect here with a sessionstart/SEKRIT
-MOTHERSHIP = app.config['MOTHERSHIP']
-
 
 @app.route('/<path:path>', methods=['GET', 'POST'])
 def all_routes(path):
@@ -70,7 +67,7 @@ def all_routes(path):
         # Mothership will invalidate this secret token upon handling this request to prevent replay
         try:
             app.logger.info('verifying token "%s"', secret)
-            with urllib.request.urlopen(f'{MOTHERSHIP}/verify/{secret}') as response:
+            with urllib.request.urlopen(f'{app.config["MOTHERSHIP"]}/verify/{secret}') as response:
                 challenge_response = response.read()
                 print(challenge_response)
                 try:
@@ -102,13 +99,13 @@ def all_routes(path):
         callback_url = f'{request.host_url}sessionstart/'
         # No session yet, redirect to mothership
         app.logger.info('Redirecting to mothership with %s', original_url)
-        return redirect(f'{MOTHERSHIP}/login?redirect={original_url}&callback={callback_url}')
+        return redirect(f'{app.config["MOTHERSHIP"]}/login?redirect={original_url}&callback={callback_url}')
 
-    file_path = os.path.join(SERVE_DIR, path)
+    file_path = os.path.join(app.config['SERVE_DIR'], path)
     if os.path.isfile(file_path):
         app.logger.info('Serving file %s', str(file_path))
         # This takes a base directory and a path, and ensures that the path is contained in the directory, which makes it safe to accept user-provided paths.
-        return send_from_directory(SERVE_DIR, path)
+        return send_from_directory(app.config['SERVE_DIR'], path)
     else:
         app.logger.error('File not found: %s', str(file_path))
         return 'Sorry, 404'