Macintosh-HW
/
RASCSI
mirror of https://github.com/akuker/RASCSI.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make backend auth check a flask abort

This commit is contained in:
Daniel Markstedt 2023-11-01 00:18:51 +09:00
parent 4fae41c746
commit 4f953aeaee
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
python/web/src/web.py
View File

@ -27,6 +27,7 @@ from flask import (
make_response,
session,
jsonify,
abort,
)
from piscsi.piscsi_cmds import PiscsiCmds
@ -1447,6 +1448,16 @@ def log_http_request():
logging.debug(message)
@APP.before_request
def check_backend_auth():
if not piscsi_cmd.is_token_auth()["status"] and not APP.config["PISCSI_TOKEN"]:
abort(
403,
"PiSCSI is password protected. "
"Start the Web Interface with the --password parameter."
)
if __name__ == "__main__":
APP.secret_key = "piscsi_is_awesome_insecure_secret_key"
APP.config["SESSION_TYPE"] = "filesystem"
@ -1524,12 +1535,6 @@ if __name__ == "__main__":
file_cmd = FileCmds(piscsi=piscsi_cmd)
sys_cmd = SysCmds()
if not piscsi_cmd.is_token_auth()["status"] and not APP.config["PISCSI_TOKEN"]:
raise Exception(
"PiSCSI is password protected. "
"Start the Web Interface with the --password parameter."
)
if Path(f"{CFG_DIR}/{DEFAULT_CONFIG}").is_file():
file_cmd.read_config(DEFAULT_CONFIG)
if Path(f"{DRIVE_PROPERTIES_FILE}").is_file():