Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 diginaut
|
82668938af | ||
|
diginaut
|
fcf50ac7ab |
@@ -51,9 +51,12 @@ After=network.target
|
||||
[Service]
|
||||
User=divault
|
||||
WorkingDirectory=/srv/staticshield
|
||||
Environment=FLASK_SERVE_DIR="/srv/a_static_website/html"
|
||||
#StandardOutput=file:/srv/logs/staticshield.log
|
||||
Environment=FLASK_SERVE_DIR="/srv/some_static_website/html"
|
||||
Environment=FLASK_MOTHERSHIP="https://api.example.com/api/staticshield"
|
||||
Environment=FLASK_SESSION_COOKIE_NAME="staticshield"
|
||||
# Max session length of 2h
|
||||
Environment=FLASK_PERMANENT_SESSION_LIFETIME=7200
|
||||
ExecStart=/application/venvs/staticshield/bin/gunicorn -b localhost:8000 -w 4 staticshield:app
|
||||
#ExecStart=/application/venvs/staticshield/bin/gunicorn -b unix:staticshield.sock -m 007 -w 4 staticshield:app
|
||||
Restart=always
|
||||
|
||||
+8
-11
@@ -26,10 +26,13 @@ dictConfig({
|
||||
|
||||
app = Flask(__name__)
|
||||
app.config.from_prefixed_env()
|
||||
app.config['SESSION_PERMANENT'] = False
|
||||
app.config['SESSION_PERMANENT'] = True
|
||||
app.config['SESSION_TYPE'] = 'filesystem'
|
||||
Session(app)
|
||||
|
||||
# Verify the required configuration
|
||||
# SERVE_DIR: Base dir of the files we want to serve; Flask will take care not to escape this dir
|
||||
# MOTHERSHIP: Mothership server and login-url, which will redirect here with a sessionstart/SEKRIT
|
||||
config_vars = ['SERVE_DIR', 'MOTHERSHIP']
|
||||
for config_var in config_vars:
|
||||
if config_var not in app.config:
|
||||
@@ -38,12 +41,6 @@ for config_var in config_vars:
|
||||
else:
|
||||
app.logger.info('Config env %s with value "%s"', config_var, app.config[config_var])
|
||||
|
||||
# Base dir of the files we want to serve; Flask will take care not to escape this dir
|
||||
SERVE_DIR = app.config['SERVE_DIR']
|
||||
|
||||
# Mothership server and login-url, which will redirect here with a sessionstart/SEKRIT
|
||||
MOTHERSHIP = app.config['MOTHERSHIP']
|
||||
|
||||
|
||||
@app.route('/<path:path>', methods=['GET', 'POST'])
|
||||
def all_routes(path):
|
||||
@@ -70,7 +67,7 @@ def all_routes(path):
|
||||
# Mothership will invalidate this secret token upon handling this request to prevent replay
|
||||
try:
|
||||
app.logger.info('verifying token "%s"', secret)
|
||||
with urllib.request.urlopen(f'{MOTHERSHIP}/verify/{secret}') as response:
|
||||
with urllib.request.urlopen(f'{app.config["MOTHERSHIP"]}/verify/{secret}') as response:
|
||||
challenge_response = response.read()
|
||||
print(challenge_response)
|
||||
try:
|
||||
@@ -102,13 +99,13 @@ def all_routes(path):
|
||||
callback_url = f'{request.host_url}sessionstart/'
|
||||
# No session yet, redirect to mothership
|
||||
app.logger.info('Redirecting to mothership with %s', original_url)
|
||||
return redirect(f'{MOTHERSHIP}/login?redirect={original_url}&callback={callback_url}')
|
||||
return redirect(f'{app.config["MOTHERSHIP"]}/login?redirect={original_url}&callback={callback_url}')
|
||||
|
||||
file_path = os.path.join(SERVE_DIR, path)
|
||||
file_path = os.path.join(app.config['SERVE_DIR'], path)
|
||||
if os.path.isfile(file_path):
|
||||
app.logger.info('Serving file %s', str(file_path))
|
||||
# This takes a base directory and a path, and ensures that the path is contained in the directory, which makes it safe to accept user-provided paths.
|
||||
return send_from_directory(SERVE_DIR, path)
|
||||
return send_from_directory(app.config['SERVE_DIR'], path)
|
||||
else:
|
||||
app.logger.error('File not found: %s', str(file_path))
|
||||
return 'Sorry, 404'
|
||||
|
||||
Reference in New Issue
Block a user