From 8133a14fefd9de4c3c8217751f0b545981aee1d3 Mon Sep 17 00:00:00 2001
From: Holden Rohrer <hr@hrhr.dev>
Date: Fri, 12 May 2023 21:48:25 -0400
Subject: major bugfixes

---
 .gitignore   |  1 +
 Makefile     |  4 ++--
 src/login.py | 42 +++++++++++++++++++++---------------------
 weblogin.ini |  6 +++++-
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5964d2d..c1c165a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ weblogin.tar.gz
 *.rpm
 dist
 weblogin.spec
+*/__pycache__
diff --git a/Makefile b/Makefile
index 40d7d9f..bee37e2 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 NAME = weblogin
 SRC = src/login.html src/login.py LICENSE README
 VER = 1.0
-REL = 0
+REL = 3
 
 dist: $(NAME).tar.gz $(NAME).spec
 	mkdir -pv ~/rpmbuild/SOURCES
@@ -19,5 +19,5 @@ $(NAME).tar.gz: $(SRC)
 	tar -czf $(NAME).tar.gz $(NAME)-$(VER)
 	rm -rf $(NAME)-$(VER)
 
-$(NAME).spec: $(NAME).spec.in
+$(NAME).spec: $(NAME).spec.in Makefile
 	sed -e 's/VERSION/$(VER)/' -e 's/RELEASE/$(REL)/' $< > $@
diff --git a/src/login.py b/src/login.py
index 2bfe825..2546d49 100644
--- a/src/login.py
+++ b/src/login.py
@@ -1,8 +1,7 @@
 #!/usr/bin/python3
 from passlib.apache import HtpasswdFile
 from flask import Flask, request, make_response, jsonify, redirect
-import python_jwt as jwt
-from jwcrypto.jwk import JWK
+import jwt
 import datetime
 from json import dumps
 import argparse
@@ -30,10 +29,12 @@ def authorize():
         resp = redirect('/')
         if remember:
             exp = None
+            payload = {}
         else:
-            exp = datetime.timedelta(minutes=exptime)
-        token = jwt.generate_jwt({}, privkey, "EdDSA", exp)
-        resp.set_cookie('auth', token, max_age=exp)
+            exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=exptime)
+            payload = {'exp': exp}
+        token = jwt.encode(payload, privkey, "EdDSA")
+        resp.set_cookie('auth', token, expires=exp)
         return resp
         # this stuff too
     else:
@@ -46,22 +47,21 @@ def logout():
     resp.delete_cookie('auth')
     return resp
 
-if  __name__ == '__main__':
-    # argparse arguments
-    parser = argparse.ArgumentParser(
-            prog='login.py',
-            description='A web server that handles htpasswd-file JWT auth logic')
-    parser.add_argument('htpasswd')
-    parser.add_argument('privkey')
-    parser.add_argument('-e', '--expireminutes', default=30, type=int)
+# argparse arguments
+parser = argparse.ArgumentParser(
+        prog='login.py',
+        description='A web server that handles htpasswd-file JWT auth logic')
+parser.add_argument('htpasswd')
+parser.add_argument('privkey')
+parser.add_argument('-e', '--expireminutes', default=30, type=int)
 
-    args = parser.parse_args()
-    htpasswd_filename = args.htpasswd
-    privkey_filename = args.privkey
-    exptime = args.expireminutes
+args = parser.parse_args()
+htpasswd_filename = args.htpasswd
+privkey_filename = args.privkey
+exptime = args.expireminutes
 
-    htpasswd = HtpasswdFile(htpasswd_filename)
-    with open(privkey_filename, 'rb') as privkey_file:
-        privkey = JWK()
-        privkey.import_from_pem(privkey_file.read())
+htpasswd = HtpasswdFile(htpasswd_filename)
+with open(privkey_filename, 'rb') as privkey_file:
+    privkey = privkey_file.read()
+if __name__ == '__main__':
     app.run(debug=True)
diff --git a/weblogin.ini b/weblogin.ini
index c368321..60f8e13 100644
--- a/weblogin.ini
+++ b/weblogin.ini
@@ -1,8 +1,12 @@
 [uwsgi]
+plugins = python3
 master = true
 socket = /run/uwsgi/%n.sock
 wsgi-file = /usr/lib/weblogin/login.py
-pyargv=/etc/webloginpasswd /var/lib/weblogin/key.pem
+module = login:app
+pyargv = /etc/wikipass /var/lib/weblogin/key.pem
 procname-master = uwsgi weblogin
 uid = weblogin
 gid = weblogin
+chmod-socket = 660
+chown-socket = nginx:uwsgi
-- 
cgit