simon987/Simple-Incremental-Search-Tool
1
0
Fork 0
mirror of https://github.com/simon987/Simple-Incremental-Search-Tool.git synced 2025-04-18 01:36:49 +00:00
Code Issues Projects Releases Wiki Activity

Unauthorised pages are blocked

Browse Source
This commit is contained in:
simon 2018-04-25 13:30:54 -04:00
parent c1a59b7e9b
commit f06cc9e4a4
4 changed files with 161 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crawler.py
View File

@ -12,7 +12,6 @@ from thumbnail import ThumbnailGenerator
from storage import Directory
import shutil
import config
from ctypes import c_char_p
class RunningTask:

72
run.py
View File

@ -57,7 +57,6 @@ def login():
session["username"] = username
session["admin"] = storage.users()[username].admin
print(session["admin"])
flash("Successfully logged in", "success")
else:
flash("Invalid username or password", "danger")
@ -68,12 +67,17 @@ def login():
@app.route("/user")
def user_page():
if "admin" in session and session["admin"]:
return render_template("user.html", users=storage.users())
else:
flash("You are not authorized to access this page")
return redirect("/")
@app.route("/user/add", methods=['POST'])
def user_add():
if "admin" in session and session["admin"]:
username = request.form["username"]
password = bcrypt.hashpw(request.form["password"].encode("utf-8"), bcrypt.gensalt(config.bcrypt_rounds))
is_admin = True if "is_admin" in request.form else False
@ -85,6 +89,9 @@ def user_add():
flash("<strong>Couldn't create user</strong> Make sure that the username is unique", "danger")
return redirect("/user")
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/suggest")
@ -220,12 +227,17 @@ def scroll_route():
@app.route("/directory")
def dir_list():
if "admin" in session and session["admin"]:
return render_template("directory.html", directories=storage.dirs())
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/directory/add")
def directory_add():
if "admin" in session and session["admin"]:
path = request.args.get("path")
name = request.args.get("name")
@ -240,22 +252,30 @@ def directory_add():
flash("<strong>Couldn't create directory</strong> Make sure that the path is unique", "danger")
return redirect("/directory")
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/directory/<int:dir_id>")
def directory_manage(dir_id):
if "admin" in session and session["admin"]:
directory = storage.dirs()[dir_id]
tn_size = get_dir_size("static/thumbnails/" + str(dir_id))
tn_size_formatted = humanfriendly.format_size(tn_size)
return render_template("directory_manage.html", directory=directory, tn_size=tn_size,
tn_size_formatted=tn_size_formatted)
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/directory/<int:dir_id>/update")
def directory_update(dir_id):
if "admin" in session and session["admin"]:
directory = storage.dirs()[dir_id]
name = request.args.get("name")
@ -279,11 +299,15 @@ def directory_update(dir_id):
flash("<strong>Couldn't update directory</strong> Make sure that the path is unique", "danger")
return redirect("/directory/" + str(dir_id))
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/directory/<int:dir_id>/update_opt")
def directory_update_opt(dir_id):
if "admin" in session and session["admin"]:
opt_id = request.args.get("id")
opt_key = request.args.get("key")
opt_value = request.args.get("value")
@ -291,11 +315,14 @@ def directory_update_opt(dir_id):
storage.update_option(Option(opt_key, opt_value, dir_id, opt_id))
return redirect("/directory/" + str(dir_id))
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/directory/<int:dir_id>/del")
def directory_del(dir_id):
if "admin" in session and session["admin"]:
search.delete_directory(dir_id)
if os.path.exists("static/thumbnails/" + str(dir_id)):
shutil.rmtree("static/thumbnails/" + str(dir_id))
@ -304,10 +331,15 @@ def directory_del(dir_id):
flash("<strong>Deleted directory</strong>", "success")
return redirect("/directory")
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/directory/<int:dir_id>/reset")
def directory_reset(dir_id):
if "admin" in session and session["admin"]:
directory = storage.dirs()[dir_id]
for opt in directory.options:
@ -325,48 +357,65 @@ def directory_reset(dir_id):
flash("<strong>Reset directory options to default settings</strong>", "success")
return redirect("directory/" + str(dir_id))
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/task")
def task():
if "admin" in session and session["admin"]:
return render_template("task.html", tasks=storage.tasks(), directories=storage.dirs(),
task_list=json.dumps(list(storage.tasks().keys())))
# return render_template("task.html", tasks=storage.tasks(), directories=storage.dirs())
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/task/current")
def get_current_task():
if "admin" in session and session["admin"]:
if tm and tm.current_task:
return tm.current_task.to_json()
else:
return ""
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/task/add")
def task_add():
type = request.args.get("type")
if "admin" in session and session["admin"]:
task_type = request.args.get("type")
directory = request.args.get("directory")
storage.save_task(Task(type, directory))
storage.save_task(Task(task_type, directory))
return redirect("/task")
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/task/<int:task_id>/del")
def task_del(task_id):
if "admin" in session and session["admin"]:
storage.del_task(task_id)
if tm.current_task is not None and task_id == tm.current_task.task.id:
tm.cancel_task()
return redirect("/task")
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/reset_es")
def reset_es():
if "admin" in session and session["admin"]:
flash("Elasticsearch index has been reset. Modifications made in <b>config.py</b> have been applied.", "success")
tm.indexer.init()
@ -374,11 +423,14 @@ def reset_es():
shutil.rmtree("static/thumbnails")
return redirect("/dashboard")
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
@app.route("/dashboard")
def dashboard():
if "admin" in session and session["admin"]:
tn_sizes = {}
tn_size_total = 0
for directory in storage.dirs():
@ -398,6 +450,10 @@ def dashboard():
elasticsearch_url=config.elasticsearch_url,
index_size=humanfriendly.format_size(search.get_index_size()))
else:
flash("You are not authorized to access this page", "warning")
return redirect("/")
if __name__ == "__main__":
app.run("0.0.0.0", 8080, threaded=True)

2
templates/dashboard.html
View File

@ -5,7 +5,7 @@
<div class="container">
<div class="card">
<div class="card-header">FSE Information</div>
<div class="card-header">Global Information</div>
<div class="card-body">
<table class="info-table table-hover table-striped">
<tbody>

2
templates/user.html
View File

@ -44,7 +44,7 @@
<tbody>
{% for user in users %}
<tr>
<td>{{ user }}</td>
<td style="width: 80%;">{{ user }}</td>
<td><i class="far {{ "fa-check-square" if users[user].admin else "fa-square" }}"></i></td>
<td><a href="/user/{{ user }}" class="btn btn-primary">Manage</a></td>
</tr>