Merge branch 'master' of https://github.com/rayanfer32/tg-index

2021-06-10 21:36:40 +05:30 · 2021-06-10 21:36:40 +05:30 · 7dd3723114
parent 18702721c6 e658eb9b2a
commit 7dd3723114
4 changed files with 13 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -48,7 +48,7 @@ pip3 install -U -r requirements.txt
 | `BLOCK_DOWNLOADS` (optional) | Enable downloads or not. If any value is provided, downloads will be disabled.
 | `RESULTS_PER_PAGE` (optional) | Number of results to be returned per page defaults to 20.
 | `TGINDEX_USERNAME` (optional) | Username for authentication, defaults to `''`.
-| `PASSWORD` (optional) | Username for authentication, defaults to `''`.
+| `PASSWORD` (optional) | Password for authentication, defaults to `''`.
 | `SHORT_URL_LEN` (optional) | Url length for aliases
 | `SESSION_COOKIE_LIFETIME` (optional) | Number of minutes, for which authenticated session is valid for, after which user has to login again. defaults to 60.
 | `SECRET_KEY` (optional) | Long string for signing the session cookies, required if authentication is enabled.
--- a/app/templates/login.html
+++ b/app/templates/login.html
@ -16,6 +16,7 @@
        {% endif %}
        <form class="mt-8 space-y-6" action="/login" method="POST">
            <input type="hidden" name="remember" value="true">
+            <input type="hidden" name="redirect_to" value="{{redirect_to}}">
            <div class="rounded-md shadow-sm -space-y-px">
                <div>
                    <label for="email-address" class="sr-only">Username</label>
--- a/app/views/login_view.py
+++ b/app/views/login_view.py
@ -13,25 +13,27 @@ class LoginView:

    async def login_post(self, req):
        post_data = await req.post()
+        redirect_to = post_data.get("redirect_to") or "/"
        location = req.app.router["login_page"].url_for()
+        if redirect_to != "/":
+            location = location.update_query({"redirect_to": redirect_to})
+
        if "username" not in post_data:
-            loc = location.with_query({"error": "Username missing"})
+            loc = location.update_query({"error": "Username missing"})
            raise web.HTTPFound(location=loc)

        if "password" not in post_data:
-            loc = location.with_query({"error": "Password missing"})
+            loc = location.update_query({"error": "Password missing"})
            raise web.HTTPFound(location=loc)

        authenticated = (post_data["username"] == req.app["username"]) and (
            post_data["password"] == req.app["password"]
        )
        if not authenticated:
-            loc = location.with_query({"error": "Wrong Username or Passowrd"})
+            loc = location.update_query({"error": "Wrong Username or Passowrd"})
            raise web.HTTPFound(location=loc)

-        resp = web.Response(
-            status=302, headers={"Location": str(req.app.router["home"].url_for())}
-        )
+        resp = web.Response(status=302, headers={"Location": redirect_to})
        now = time.time()
        resp.set_cookie(
            name="_tgindex_session",
--- a/app/views/middlewhere.py
+++ b/app/views/middlewhere.py
@ -18,6 +18,9 @@ def middleware_factory():
        ]:
            cookies = request.cookies
            url = request.app.router["login_page"].url_for()
+            if str(request.rel_url) != "/":
+                url = url.with_query(redirect_to=str(request.rel_url))
+
            if any(x not in cookies for x in ("_tgindex_session", "_tgindex_secret")):
                raise HTTPFound(url)