diff options
| author | Holden Rohrer <hr@hrhr.dev> | 2023-05-12 21:48:25 -0400 |
|---|---|---|
| committer | Holden Rohrer <hr@hrhr.dev> | 2023-05-12 21:48:25 -0400 |
| commit | 8133a14fefd9de4c3c8217751f0b545981aee1d3 (patch) | |
| tree | b2f482cdc3bd80bcce35ffab4cfb6780b21370f0 | |
| parent | ca534003b3f07d2045dc1cbb6cddf60223fd3385 (diff) | |
major bugfixes
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | src/login.py | 42 | ||||
| -rw-r--r-- | weblogin.ini | 6 |
4 files changed, 29 insertions, 24 deletions
@@ -2,3 +2,4 @@ weblogin.tar.gz *.rpm dist weblogin.spec +*/__pycache__ @@ -1,7 +1,7 @@ NAME = weblogin SRC = src/login.html src/login.py LICENSE README VER = 1.0 -REL = 0 +REL = 3 dist: $(NAME).tar.gz $(NAME).spec mkdir -pv ~/rpmbuild/SOURCES @@ -19,5 +19,5 @@ $(NAME).tar.gz: $(SRC) tar -czf $(NAME).tar.gz $(NAME)-$(VER) rm -rf $(NAME)-$(VER) -$(NAME).spec: $(NAME).spec.in +$(NAME).spec: $(NAME).spec.in Makefile sed -e 's/VERSION/$(VER)/' -e 's/RELEASE/$(REL)/' $< > $@ diff --git a/src/login.py b/src/login.py index 2bfe825..2546d49 100644 --- a/src/login.py +++ b/src/login.py @@ -1,8 +1,7 @@ #!/usr/bin/python3 from passlib.apache import HtpasswdFile from flask import Flask, request, make_response, jsonify, redirect -import python_jwt as jwt -from jwcrypto.jwk import JWK +import jwt import datetime from json import dumps import argparse @@ -30,10 +29,12 @@ def authorize(): resp = redirect('/') if remember: exp = None + payload = {} else: - exp = datetime.timedelta(minutes=exptime) - token = jwt.generate_jwt({}, privkey, "EdDSA", exp) - resp.set_cookie('auth', token, max_age=exp) + exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=exptime) + payload = {'exp': exp} + token = jwt.encode(payload, privkey, "EdDSA") + resp.set_cookie('auth', token, expires=exp) return resp # this stuff too else: @@ -46,22 +47,21 @@ def logout(): resp.delete_cookie('auth') return resp -if __name__ == '__main__': - # argparse arguments - parser = argparse.ArgumentParser( - prog='login.py', - description='A web server that handles htpasswd-file JWT auth logic') - parser.add_argument('htpasswd') - parser.add_argument('privkey') - parser.add_argument('-e', '--expireminutes', default=30, type=int) +# argparse arguments +parser = argparse.ArgumentParser( + prog='login.py', + description='A web server that handles htpasswd-file JWT auth logic') +parser.add_argument('htpasswd') +parser.add_argument('privkey') +parser.add_argument('-e', '--expireminutes', default=30, type=int) - args = parser.parse_args() - htpasswd_filename = args.htpasswd - privkey_filename = args.privkey - exptime = args.expireminutes +args = parser.parse_args() +htpasswd_filename = args.htpasswd +privkey_filename = args.privkey +exptime = args.expireminutes - htpasswd = HtpasswdFile(htpasswd_filename) - with open(privkey_filename, 'rb') as privkey_file: - privkey = JWK() - privkey.import_from_pem(privkey_file.read()) +htpasswd = HtpasswdFile(htpasswd_filename) +with open(privkey_filename, 'rb') as privkey_file: + privkey = privkey_file.read() +if __name__ == '__main__': app.run(debug=True) diff --git a/weblogin.ini b/weblogin.ini index c368321..60f8e13 100644 --- a/weblogin.ini +++ b/weblogin.ini @@ -1,8 +1,12 @@ [uwsgi] +plugins = python3 master = true socket = /run/uwsgi/%n.sock wsgi-file = /usr/lib/weblogin/login.py -pyargv=/etc/webloginpasswd /var/lib/weblogin/key.pem +module = login:app +pyargv = /etc/wikipass /var/lib/weblogin/key.pem procname-master = uwsgi weblogin uid = weblogin gid = weblogin +chmod-socket = 660 +chown-socket = nginx:uwsgi |