From fa377aa290be2ba4097ca42c9b857727761a8ca9 Mon Sep 17 00:00:00 2001 From: Yohan Boniface Date: Tue, 9 Apr 2019 18:45:15 +0200 Subject: [PATCH] Workaround static extension not marked as "unprotected" --- copanier/__init__.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/copanier/__init__.py b/copanier/__init__.py index a19d8f8..c8f9a57 100644 --- a/copanier/__init__.py +++ b/copanier/__init__.py @@ -79,7 +79,12 @@ traceback(app) @app.listen("request") async def auth_required(request, response): - if request.route and not request.route.payload.get("genuine"): + # Should be handler Roll side? + # In dev mode, we serve the static, but we don't have yet a way to mark static + # route as unprotected. + if request.path.startswith('/static/'): + return + if request.route.payload and not request.route.payload.get("unprotected"): token = request.cookies.get("token") email = None if token: @@ -117,13 +122,13 @@ async def on_startup(): Delivery.init_fs() -@app.route("/sésame", methods=["GET"], genuine=True) +@app.route("/sésame", methods=["GET"], unprotected=True) async def sesame(request, response): response.html("sesame.html") @app.route("/sésame", methods=["POST"]) -async def send_sesame(request, response, genuine=True): +async def send_sesame(request, response, unprotected=True): email = request.form.get("email") token = utils.create_token(email) emails.send( @@ -135,7 +140,7 @@ async def send_sesame(request, response, genuine=True): response.redirect = "/" -@app.route("/sésame/{token}", methods=["GET"], genuine=True) +@app.route("/sésame/{token}", methods=["GET"], unprotected=True) async def set_sesame(request, response, token): decoded = utils.read_token(token) if not decoded: