Merge pull request #119 from ThomasRubini/admin_auth
This commit is contained in:
Thomas Rubini
GitHub
commit
8ce6fb267f
@ -9,3 +9,4 @@ DB_PORT=3306
|
|||||||
DB_USER=""
|
DB_USER=""
|
||||||
DB_PASSWORD=""
|
DB_PASSWORD=""
|
||||||
DB_DBNAME=""
|
DB_DBNAME=""
|
||||||
|
ADMIN_PASSWORD="s0meV3ryL0ngP@sswOrd"
|
||||||
@ -3,18 +3,26 @@ from sqlalchemy import select, or_
|
|||||||
|
|
||||||
from truthinquiry.ext.database.models import *
|
from truthinquiry.ext.database.models import *
|
||||||
from truthinquiry.ext.database.fsa import db
|
from truthinquiry.ext.database.fsa import db
|
||||||
|
from truthinquiry.utils import require_admin
|
||||||
|
|
||||||
|
|
||||||
routes_admin = flask.Blueprint("admin", __name__)
|
routes_admin = flask.Blueprint("admin", __name__)
|
||||||
|
|
||||||
DEFAULT_LANG = "FR"
|
DEFAULT_LANG = "FR"
|
||||||
|
|
||||||
@routes_admin.route("/")
|
@routes_admin.route("/")
|
||||||
|
@require_admin(ui=True)
|
||||||
def index():
|
def index():
|
||||||
npcs_objs = db.session.query(Npc).all()
|
npcs_objs = db.session.query(Npc).all()
|
||||||
npcs_dicts = [{"id": npc_obj.NPC_ID, "name": npc_obj.NAME_LOCALE.get_text(DEFAULT_LANG).TEXT} for npc_obj in npcs_objs]
|
npcs_dicts = [{"id": npc_obj.NPC_ID, "name": npc_obj.NAME_LOCALE.get_text(DEFAULT_LANG).TEXT} for npc_obj in npcs_objs]
|
||||||
return flask.render_template("admin/index.html", npcs=npcs_dicts)
|
return flask.render_template("admin/index.html", npcs=npcs_dicts)
|
||||||
|
|
||||||
|
@routes_admin.route("/auth")
|
||||||
|
def auth():
|
||||||
|
return flask.render_template("admin/auth.html")
|
||||||
|
|
||||||
@routes_admin.route("/npc/<npc_id>")
|
@routes_admin.route("/npc/<npc_id>")
|
||||||
|
@require_admin(ui=True)
|
||||||
def npc(npc_id):
|
def npc(npc_id):
|
||||||
if npc_id == "new":
|
if npc_id == "new":
|
||||||
return flask.render_template("admin/npc.html", npc={})
|
return flask.render_template("admin/npc.html", npc={})
|
||||||
@ -36,6 +44,7 @@ def npc(npc_id):
|
|||||||
return flask.render_template("admin/npc.html", npc=npc_dict)
|
return flask.render_template("admin/npc.html", npc=npc_dict)
|
||||||
|
|
||||||
@routes_admin.route("/questions")
|
@routes_admin.route("/questions")
|
||||||
|
@require_admin(ui=True)
|
||||||
def questions():
|
def questions():
|
||||||
lang = DEFAULT_LANG
|
lang = DEFAULT_LANG
|
||||||
|
|
||||||
@ -62,6 +71,7 @@ def questions():
|
|||||||
return flask.render_template("admin/questions.html", questions=data, langs=["FR", "EN"])
|
return flask.render_template("admin/questions.html", questions=data, langs=["FR", "EN"])
|
||||||
|
|
||||||
@routes_admin.route("/places")
|
@routes_admin.route("/places")
|
||||||
|
@require_admin(ui=True)
|
||||||
def places():
|
def places():
|
||||||
lang = DEFAULT_LANG
|
lang = DEFAULT_LANG
|
||||||
|
|
||||||
@ -70,6 +80,7 @@ def places():
|
|||||||
return flask.render_template("admin/places.html", places=places_dicts)
|
return flask.render_template("admin/places.html", places=places_dicts)
|
||||||
|
|
||||||
@routes_admin.route("/traits")
|
@routes_admin.route("/traits")
|
||||||
|
@require_admin(ui=True)
|
||||||
def traits():
|
def traits():
|
||||||
lang = DEFAULT_LANG
|
lang = DEFAULT_LANG
|
||||||
|
|
||||||
|
|||||||
@ -1,13 +1,26 @@
|
|||||||
|
import os
|
||||||
|
|
||||||
import flask
|
import flask
|
||||||
from sqlalchemy import select, delete, or_
|
from sqlalchemy import select, delete, or_
|
||||||
|
|
||||||
from truthinquiry.ext.database.models import *
|
from truthinquiry.ext.database.models import *
|
||||||
from truthinquiry.ext.database.fsa import db
|
from truthinquiry.ext.database.fsa import db
|
||||||
|
from truthinquiry.utils import require_admin
|
||||||
|
|
||||||
|
|
||||||
routes_api_admin = flask.Blueprint("api_admin", __name__)
|
routes_api_admin = flask.Blueprint("api_admin", __name__)
|
||||||
|
|
||||||
|
@routes_api_admin.route("/auth", methods=["GET", "POST"])
|
||||||
|
def auth():
|
||||||
|
password = flask.request.values.get("password")
|
||||||
|
if password == os.getenv("ADMIN_PASSWORD"):
|
||||||
|
flask.session["admin"] = True
|
||||||
|
return flask.redirect("/admin")
|
||||||
|
else:
|
||||||
|
return flask.redirect("/admin/auth?failed=1")
|
||||||
|
|
||||||
@routes_api_admin.route("/setQuestions", methods=["GET", "POST"])
|
@routes_api_admin.route("/setQuestions", methods=["GET", "POST"])
|
||||||
|
@require_admin(api=True)
|
||||||
def set_questions():
|
def set_questions():
|
||||||
if not flask.request.json:
|
if not flask.request.json:
|
||||||
return {"error": 1, "msg": "no json set"}
|
return {"error": 1, "msg": "no json set"}
|
||||||
@ -44,6 +57,7 @@ def set_questions():
|
|||||||
return {"error": 0}
|
return {"error": 0}
|
||||||
|
|
||||||
@routes_api_admin.route("/setTraits", methods=["GET", "POST"])
|
@routes_api_admin.route("/setTraits", methods=["GET", "POST"])
|
||||||
|
@require_admin(api=True)
|
||||||
def set_traits():
|
def set_traits():
|
||||||
input_lang = flask.request.json["lang"]
|
input_lang = flask.request.json["lang"]
|
||||||
input_traits = flask.request.json["traits"]
|
input_traits = flask.request.json["traits"]
|
||||||
@ -86,6 +100,7 @@ def set_traits():
|
|||||||
return {"error": 0}
|
return {"error": 0}
|
||||||
|
|
||||||
@routes_api_admin.route("/setPlaces", methods=["GET", "POST"])
|
@routes_api_admin.route("/setPlaces", methods=["GET", "POST"])
|
||||||
|
@require_admin(api=True)
|
||||||
def set_places():
|
def set_places():
|
||||||
input_lang = flask.request.json["lang"]
|
input_lang = flask.request.json["lang"]
|
||||||
input_places = flask.request.json["places"]
|
input_places = flask.request.json["places"]
|
||||||
@ -124,6 +139,7 @@ def set_places():
|
|||||||
return {"error": 0}
|
return {"error": 0}
|
||||||
|
|
||||||
@routes_api_admin.route("/setNpc", methods=["GET", "POST"])
|
@routes_api_admin.route("/setNpc", methods=["GET", "POST"])
|
||||||
|
@require_admin(api=True)
|
||||||
def set_npc():
|
def set_npc():
|
||||||
input_lang = flask.request.json["lang"]
|
input_lang = flask.request.json["lang"]
|
||||||
input_npc = flask.request.json["npc"]
|
input_npc = flask.request.json["npc"]
|
||||||
|
|||||||
5
truthinquiry/templates/admin/auth.html
Normal file
5
truthinquiry/templates/admin/auth.html
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
<form action="/api/v1/admin/auth" method="POST">
|
||||||
|
<p>Password :</p>
|
||||||
|
<input name="password">
|
||||||
|
<input type="submit" value="Submit">
|
||||||
|
</form>
|
||||||
20
truthinquiry/utils.py
Normal file
20
truthinquiry/utils.py
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
from functools import wraps
|
||||||
|
|
||||||
|
import flask
|
||||||
|
|
||||||
|
def require_admin(*args, **kwargs):
|
||||||
|
def decorator(route):
|
||||||
|
@wraps(route)
|
||||||
|
def decorated_function(*route_args, **route_kwargs):
|
||||||
|
|
||||||
|
if flask.session.get("admin"):
|
||||||
|
return route(*route_args, **route_kwargs)
|
||||||
|
elif kwargs.get("api"):
|
||||||
|
return {"error": 1, "msg": "Invalid authentication"}
|
||||||
|
elif kwargs.get("ui"):
|
||||||
|
return flask.redirect("/admin/auth")
|
||||||
|
else:
|
||||||
|
raise ValueError("Can't determine request type")
|
||||||
|
|
||||||
|
return decorated_function
|
||||||
|
return decorator
|
||||||
Loading…
Reference in New Issue
Block a user