From eeba9b52147b5b12c6f65123f826c84bfe878ef3 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 25 Jul 2019 17:03:58 +0100
Subject: [PATCH] Only show web interface after login
---
daemon.py | 91 ++++++++++++++++++++++++++++---------------------------
1 file changed, 46 insertions(+), 45 deletions(-)
diff --git a/daemon.py b/daemon.py
index 648184ad..2ac5224c 100644
--- a/daemon.py
+++ b/daemon.py
@@ -378,6 +378,16 @@ class PubServer(BaseHTTPRequestHandler):
else:
if self.server.debug:
print('GET Not authorized')
+
+ # if not authorized then show the login screen
+ if self.headers.get('Accept'):
+ if 'text/html' in self.headers['Accept'] and self.path!='/login':
+ if not authorized:
+ self.send_response(303)
+ self.send_header('Location', '/login')
+ self.end_headers()
+ self.server.POSTbusy=False
+ return
# get css
# Note that this comes before the busy flag to avoid conflicts
@@ -494,7 +504,7 @@ class PubServer(BaseHTTPRequestHandler):
if self._webfinger():
self.server.GETbusy=False
return
-
+
if self.path.startswith('/login'):
# request basic auth
self._login_headers('text/html')
@@ -514,37 +524,34 @@ class PubServer(BaseHTTPRequestHandler):
nickname=postSections[0]
statusNumber=postSections[1]
if len(statusNumber)>10 and statusNumber.isdigit():
- domainFull=self.server.domain
- if self.server.port!=80 and self.server.port!=443:
- domainFull=self.server.domain+':'+str(self.server.port)
- postFilename= \
- self.server.baseDir+'/accounts/'+nickname+'@'+self.server.domain+'/outbox/'+ \
- self.server.httpPrefix+':##'+domainFull+'#users#'+nickname+'#statuses#'+statusNumber+'.json'
- if os.path.isfile(postFilename):
- postJsonObject={}
- with open(postFilename, 'r') as fp:
- postJsonObject=commentjson.load(fp)
- # Only authorized viewers get to see likes on posts
- # Otherwize marketers could gain more social graph info
- if not authorized:
- if postJsonObject.get('likes'):
- postJsonObject['likes']={}
- if 'text/html' in self.headers['Accept']:
- self._set_headers('text/html')
- if authorized:
- self.send_header('Authorization')
- self.wfile.write(htmlIndividualPost(postJsonObject).encode('utf-8'))
- else:
- self._set_headers('application/json')
- if authorized:
- self.send_header('Authorization')
- self.wfile.write(json.dumps(postJsonObject).encode('utf-8'))
- self.server.GETbusy=False
- return
- else:
- self._404()
- self.server.GETbusy=False
- return
+ postFilename= \
+ self.server.baseDir+'/accounts/'+nickname+'@'+self.server.domain+'/outbox/'+ \
+ self.server.httpPrefix+':##'+self.server.domainFull+'#users#'+nickname+'#statuses#'+statusNumber+'.json'
+ if os.path.isfile(postFilename):
+ postJsonObject={}
+ with open(postFilename, 'r') as fp:
+ postJsonObject=commentjson.load(fp)
+ # Only authorized viewers get to see likes on posts
+ # Otherwize marketers could gain more social graph info
+ if not authorized:
+ if postJsonObject.get('likes'):
+ postJsonObject['likes']={}
+ if 'text/html' in self.headers['Accept']:
+ self._set_headers('text/html')
+ if authorized:
+ self.send_header('Authorization')
+ self.wfile.write(htmlIndividualPost(postJsonObject).encode('utf-8'))
+ else:
+ self._set_headers('application/json')
+ if authorized:
+ self.send_header('Authorization')
+ self.wfile.write(json.dumps(postJsonObject).encode('utf-8'))
+ self.server.GETbusy=False
+ return
+ else:
+ self._404()
+ self.server.GETbusy=False
+ return
# get replies to a post /users/nickname/statuses/number/replies
if self.path.endswith('/replies') or '/replies?page=' in self.path:
if '/statuses/' in self.path and '/users/' in self.path:
@@ -557,21 +564,18 @@ class PubServer(BaseHTTPRequestHandler):
statusNumber=postSections[2]
if len(statusNumber)>10 and statusNumber.isdigit():
#get the replies file
- domainFull=self.server.domain
- if self.server.port!=80 and self.server.port!=443:
- domainFull=self.server.domain+':'+str(self.server.port)
boxname='outbox'
postDir=self.server.baseDir+'/accounts/'+nickname+'@'+self.server.domain+'/'+boxname
postRepliesFilename= \
postDir+'/'+ \
- self.server.httpPrefix+':##'+domainFull+'#users#'+nickname+'#statuses#'+statusNumber+'.replies'
+ self.server.httpPrefix+':##'+self.server.domainFull+'#users#'+nickname+'#statuses#'+statusNumber+'.replies'
if not os.path.isfile(postRepliesFilename):
# There are no replies, so show empty collection
repliesJson = {
'@context': 'https://www.w3.org/ns/activitystreams',
- 'first': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'/replies?page=true',
- 'id': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'/replies',
- 'last': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'/replies?page=true',
+ 'first': self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'/replies?page=true',
+ 'id': self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'/replies',
+ 'last': self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'/replies?page=true',
'totalItems': 0,
'type': 'OrderedCollection'}
if 'text/html' in self.headers['Accept']:
@@ -586,10 +590,10 @@ class PubServer(BaseHTTPRequestHandler):
# replies exist. Itterate through the text file containing message ids
repliesJson = {
'@context': 'https://www.w3.org/ns/activitystreams',
- 'id': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'?page=true',
+ 'id': self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+nickname+'/statuses/'+statusNumber+'?page=true',
'orderedItems': [
],
- 'partOf': self.server.httpPrefix+'://'+domainFull+'/users/'+nickname+'/statuses/'+statusNumber,
+ 'partOf': self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+nickname+'/statuses/'+statusNumber,
'type': 'OrderedCollectionPage'}
# populate the items list with replies
@@ -725,12 +729,9 @@ class PubServer(BaseHTTPRequestHandler):
nickname=postSections[0]
statusNumber=postSections[2]
if len(statusNumber)>10 and statusNumber.isdigit():
- domainFull=self.server.domain
- if self.server.port!=80 and self.server.port!=443:
- domainFull=self.server.domain+':'+str(self.server.port)
postFilename= \
self.server.baseDir+'/accounts/'+nickname+'@'+self.server.domain+'/outbox/'+ \
- self.server.httpPrefix+':##'+domainFull+'#users#'+nickname+'#statuses#'+statusNumber+'.json'
+ self.server.httpPrefix+':##'+self.server.domainFull+'#users#'+nickname+'#statuses#'+statusNumber+'.json'
if os.path.isfile(postFilename):
postJsonObject={}
with open(postFilename, 'r') as fp: