From 8133a14fefd9de4c3c8217751f0b545981aee1d3 Mon Sep 17 00:00:00 2001
From: Holden Rohrer <hr@hrhr.dev>
Date: Fri, 12 May 2023 21:48:25 -0400
Subject: major bugfixes

---
 src/login.py | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

(limited to 'src')

diff --git a/src/login.py b/src/login.py
index 2bfe825..2546d49 100644
--- a/src/login.py
+++ b/src/login.py
@@ -1,8 +1,7 @@
 #!/usr/bin/python3
 from passlib.apache import HtpasswdFile
 from flask import Flask, request, make_response, jsonify, redirect
-import python_jwt as jwt
-from jwcrypto.jwk import JWK
+import jwt
 import datetime
 from json import dumps
 import argparse
@@ -30,10 +29,12 @@ def authorize():
         resp = redirect('/')
         if remember:
             exp = None
+            payload = {}
         else:
-            exp = datetime.timedelta(minutes=exptime)
-        token = jwt.generate_jwt({}, privkey, "EdDSA", exp)
-        resp.set_cookie('auth', token, max_age=exp)
+            exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=exptime)
+            payload = {'exp': exp}
+        token = jwt.encode(payload, privkey, "EdDSA")
+        resp.set_cookie('auth', token, expires=exp)
         return resp
         # this stuff too
     else:
@@ -46,22 +47,21 @@ def logout():
     resp.delete_cookie('auth')
     return resp
 
-if  __name__ == '__main__':
-    # argparse arguments
-    parser = argparse.ArgumentParser(
-            prog='login.py',
-            description='A web server that handles htpasswd-file JWT auth logic')
-    parser.add_argument('htpasswd')
-    parser.add_argument('privkey')
-    parser.add_argument('-e', '--expireminutes', default=30, type=int)
+# argparse arguments
+parser = argparse.ArgumentParser(
+        prog='login.py',
+        description='A web server that handles htpasswd-file JWT auth logic')
+parser.add_argument('htpasswd')
+parser.add_argument('privkey')
+parser.add_argument('-e', '--expireminutes', default=30, type=int)
 
-    args = parser.parse_args()
-    htpasswd_filename = args.htpasswd
-    privkey_filename = args.privkey
-    exptime = args.expireminutes
+args = parser.parse_args()
+htpasswd_filename = args.htpasswd
+privkey_filename = args.privkey
+exptime = args.expireminutes
 
-    htpasswd = HtpasswdFile(htpasswd_filename)
-    with open(privkey_filename, 'rb') as privkey_file:
-        privkey = JWK()
-        privkey.import_from_pem(privkey_file.read())
+htpasswd = HtpasswdFile(htpasswd_filename)
+with open(privkey_filename, 'rb') as privkey_file:
+    privkey = privkey_file.read()
+if __name__ == '__main__':
     app.run(debug=True)
-- 
cgit