storm/bragi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improvement of #154

Browse Source
This commit is contained in:
Azlux 2020-05-18 16:59:01 +02:00
parent 390c0034f6
commit 23a7022bdf
3 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
configuration.default.ini
View File

@ -96,9 +96,9 @@ listening_addr = 127.0.0.1
listening_port = 8181 listening_port = 8181
web_logfile = web_logfile =
auth_method = password auth_method = 'none'
user = botamusique user =
password = mumble password =
access_address = http://127.0.0.1:8181 access_address = http://127.0.0.1:8181

5
configuration.example.ini
View File

@ -121,14 +121,15 @@ port = 64738
#listening_addr = 127.0.0.1 #listening_addr = 127.0.0.1
#listening_port = 8181 #listening_port = 8181
#is_web_proxified = True #is_web_proxified = True
# This is the public URL
#access_address = http://127.0.0.1:8181 #access_address = http://127.0.0.1:8181
# 'web_logfile': write access logs of the web server into this file. # 'web_logfile': write access logs of the web server into this file.
#web_logfile = #web_logfile =
# 'auth_method': Method used to authenticate users accessing the web interface. # 'auth_method': Method used to authenticate users accessing the web interface.
# Options are 'password', 'token', 'none' # Options are 'none', 'password' or 'token' (use unique token, see requests_webinterface_access command)
#auth_method = password #auth_method = token
# 'user', 'password': If auth_method set to 'password', you need to set the username and # 'user', 'password': If auth_method set to 'password', you need to set the username and
# password. # password.

15
interface.py
View File

@ -105,15 +105,11 @@ def requires_auth(f):
if var.config.getboolean("webinterface", "require_auth") and ( if var.config.getboolean("webinterface", "require_auth") and (
not auth or not check_auth(auth.username, auth.password)): not auth or not check_auth(auth.username, auth.password)):
if auth: if auth:
log.warning(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.") log.info(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.")
return authenticate() return authenticate()
if auth_method == 'token': if auth_method == 'token':
if 'token' in session and 'token' not in request.args: if 'user' in session and 'token' not in request.args:
token = session['token'] user = session['user']
token_user = var.db.get("web_token", token, fallback=None)
if token_user is not None:
user = token_user
log.debug(f"web: token validated for the user: {token_user}, from ip {request.remote_addr}.")
return f(*args, **kwargs) return f(*args, **kwargs)
elif 'token' in request.args: elif 'token' in request.args:
token = request.args.get('token') token = request.args.get('token')
@ -126,11 +122,12 @@ def requires_auth(f):
user_dict['IP'] = request.remote_addr user_dict['IP'] = request.remote_addr
var.db.set("user", user, json.dumps(user_dict)) var.db.set("user", user, json.dumps(user_dict))
log.info(f"web: new user access, token validated for the user: {token_user}, from ip {request.remote_addr}.") log.debug(f"web: new user access, token validated for the user: {token_user}, from ip {request.remote_addr}.")
session['token'] = token session['token'] = token
session['user'] = token_user
return f(*args, **kwargs) return f(*args, **kwargs)
log.info(f"web: bad token from ip {request.remote_addr}.") log.debug(f"web: bad token from ip {request.remote_addr}.")
abort(403) abort(403)
return f(*args, **kwargs) return f(*args, **kwargs)