Embed token in markup, fix authorization

anonstream/static/style.css

@@ -159,8 +159,8 @@ a {
   font-variant: all-small-caps;
   text-decoration: none;
   color: inherit;
-  background-color: #753ba8;
-  border: 2px outset #8a2be2;
+  background-color: #3674bf;
+  border: 2px outset #3584e4;
 }
 
 footer {
@@ -183,7 +183,7 @@ footer {
 #info:target ~ #toggle > [href="#info"],
 #chat:target ~ #toggle > [href="#chat"],
 #both:target > #toggle > [href="#both"] {
-  background-color: #9943e9;
+  background-color: #3065a6;
   border-style: inset;
 }
 

anonstream/templates/home.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8">
   <link rel="stylesheet" href="/static/style.css" type="text/css">
 </head>
-<body id="both">
+<body id="both" data-token="{{ token }}">
   <video id="stream" src="/stream.mp4" controls></video>
   <article id="info">
     <noscript><iframe id="info_js" data-js="false"></iframe></noscript>

anonstream/wrappers.py

@@ -1,6 +1,6 @@
 from functools import wraps
 
-from quart import current_app
+from quart import current_app, request, abort, make_response
 from werkzeug.security import check_password_hash
 
 from anonstream.utils.token import generate_token
@@ -11,16 +11,23 @@ def check_auth(context):
         auth is not None
         and auth.type == "basic"
         and auth.username == current_app.config["AUTH_USERNAME"]
-        and check_password_hash(auth.password, current_app.config["AUTH_PWHASH"])
+        and check_password_hash(current_app.config["AUTH_PWHASH"], auth.password)
     )
 
 def auth_required(f):
     @wraps(f)
     async def wrapper(*args, **kwargs):
         if check_auth(request):
-            return await func(*args, **kwargs)
-        else:
-            abort(401)
+            return await f(*args, **kwargs)
+        hint = 'The broadcaster should log in with the credentials printed ' \
+               'in their terminal.'
+        body = (
+            f'<p>{hint}</p>'
+            if request.authorization is None else
+             '<p>Wrong username or password. Refresh the page to try again.</p>'
+            f'<p>{hint}</p>'
+        )
+        return body, 401, {'WWW-Authenticate': 'Basic'}
 
     return wrapper