Embed token in markup, fix authorization
このコミットが含まれているのは:
コミット
edba60e3e1
|
@ -159,8 +159,8 @@ a {
|
|||
font-variant: all-small-caps;
|
||||
text-decoration: none;
|
||||
color: inherit;
|
||||
background-color: #753ba8;
|
||||
border: 2px outset #8a2be2;
|
||||
background-color: #3674bf;
|
||||
border: 2px outset #3584e4;
|
||||
}
|
||||
|
||||
footer {
|
||||
|
@ -183,7 +183,7 @@ footer {
|
|||
#info:target ~ #toggle > [href="#info"],
|
||||
#chat:target ~ #toggle > [href="#chat"],
|
||||
#both:target > #toggle > [href="#both"] {
|
||||
background-color: #9943e9;
|
||||
background-color: #3065a6;
|
||||
border-style: inset;
|
||||
}
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8">
|
||||
<link rel="stylesheet" href="/static/style.css" type="text/css">
|
||||
</head>
|
||||
<body id="both">
|
||||
<body id="both" data-token="{{ token }}">
|
||||
<video id="stream" src="/stream.mp4" controls></video>
|
||||
<article id="info">
|
||||
<noscript><iframe id="info_js" data-js="false"></iframe></noscript>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from functools import wraps
|
||||
|
||||
from quart import current_app
|
||||
from quart import current_app, request, abort, make_response
|
||||
from werkzeug.security import check_password_hash
|
||||
|
||||
from anonstream.utils.token import generate_token
|
||||
|
@ -11,16 +11,23 @@ def check_auth(context):
|
|||
auth is not None
|
||||
and auth.type == "basic"
|
||||
and auth.username == current_app.config["AUTH_USERNAME"]
|
||||
and check_password_hash(auth.password, current_app.config["AUTH_PWHASH"])
|
||||
and check_password_hash(current_app.config["AUTH_PWHASH"], auth.password)
|
||||
)
|
||||
|
||||
def auth_required(f):
|
||||
@wraps(f)
|
||||
async def wrapper(*args, **kwargs):
|
||||
if check_auth(request):
|
||||
return await func(*args, **kwargs)
|
||||
else:
|
||||
abort(401)
|
||||
return await f(*args, **kwargs)
|
||||
hint = 'The broadcaster should log in with the credentials printed ' \
|
||||
'in their terminal.'
|
||||
body = (
|
||||
f'<p>{hint}</p>'
|
||||
if request.authorization is None else
|
||||
'<p>Wrong username or password. Refresh the page to try again.</p>'
|
||||
f'<p>{hint}</p>'
|
||||
)
|
||||
return body, 401, {'WWW-Authenticate': 'Basic'}
|
||||
|
||||
return wrapper
|
||||
|
||||
|
|
読み込み中…
新しいイシューから参照