From d41485d04a1f47c8e67e2ba763831fe2fb7b3869 Mon Sep 17 00:00:00 2001 From: odysseusmax Date: Thu, 10 Jun 2021 08:58:25 +0530 Subject: [PATCH 1/2] fix typo in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 018ad3f..e9b510c 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ pip3 install -U -r requirements.txt | `BLOCK_DOWNLOADS` (optional) | Enable downloads or not. If any value is provided, downloads will be disabled. | `RESULTS_PER_PAGE` (optional) | Number of results to be returned per page defaults to 20. | `TGINDEX_USERNAME` (optional) | Username for authentication, defaults to `''`. -| `PASSWORD` (optional) | Username for authentication, defaults to `''`. +| `PASSWORD` (optional) | Password for authentication, defaults to `''`. | `SHORT_URL_LEN` (optional) | Url length for aliases | `SESSION_COOKIE_LIFETIME` (optional) | Number of minutes, for which authenticated session is valid for, after which user has to login again. defaults to 60. | `SECRET_KEY` (optional) | Long string for signing the session cookies, required if authentication is enabled. From e658eb9b2aa415480b7b3c26176cc376b3ae2d10 Mon Sep 17 00:00:00 2001 From: odysseusmax Date: Thu, 10 Jun 2021 09:24:15 +0530 Subject: [PATCH 2/2] add redirection memory --- app/templates/login.html | 1 + app/views/login_view.py | 14 ++++++++------ app/views/middlewhere.py | 3 +++ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/app/templates/login.html b/app/templates/login.html index 21e606a..685d576 100644 --- a/app/templates/login.html +++ b/app/templates/login.html @@ -16,6 +16,7 @@ {% endif %}
+
diff --git a/app/views/login_view.py b/app/views/login_view.py index dbd9983..1229259 100644 --- a/app/views/login_view.py +++ b/app/views/login_view.py @@ -13,25 +13,27 @@ class LoginView: async def login_post(self, req): post_data = await req.post() + redirect_to = post_data.get("redirect_to") or "/" location = req.app.router["login_page"].url_for() + if redirect_to != "/": + location = location.update_query({"redirect_to": redirect_to}) + if "username" not in post_data: - loc = location.with_query({"error": "Username missing"}) + loc = location.update_query({"error": "Username missing"}) raise web.HTTPFound(location=loc) if "password" not in post_data: - loc = location.with_query({"error": "Password missing"}) + loc = location.update_query({"error": "Password missing"}) raise web.HTTPFound(location=loc) authenticated = (post_data["username"] == req.app["username"]) and ( post_data["password"] == req.app["password"] ) if not authenticated: - loc = location.with_query({"error": "Wrong Username or Passowrd"}) + loc = location.update_query({"error": "Wrong Username or Passowrd"}) raise web.HTTPFound(location=loc) - resp = web.Response( - status=302, headers={"Location": str(req.app.router["home"].url_for())} - ) + resp = web.Response(status=302, headers={"Location": redirect_to}) now = time.time() resp.set_cookie( name="_tgindex_session", diff --git a/app/views/middlewhere.py b/app/views/middlewhere.py index 4e4d524..57a4dc0 100644 --- a/app/views/middlewhere.py +++ b/app/views/middlewhere.py @@ -18,6 +18,9 @@ def middleware_factory(): ]: cookies = request.cookies url = request.app.router["login_page"].url_for() + if str(request.rel_url) != "/": + url = url.with_query(redirect_to=str(request.rel_url)) + if any(x not in cookies for x in ("_tgindex_session", "_tgindex_secret")): raise HTTPFound(url)