Compare commits
No commits in common. "c5edd6bc68c012628d61294cd806e8726c1f8aaf" and "fb9b6ba258190f4b517c179de051d58945dc5be2" have entirely different histories.
c5edd6bc68
...
fb9b6ba258
3 changed files with 5 additions and 55 deletions
|
@ -71,7 +71,7 @@ def add_user(db, *, username, password, email, parent, status):
|
||||||
# Generate a user ID
|
# Generate a user ID
|
||||||
while True:
|
while True:
|
||||||
# SQLite uses 64 bit signed ints, so generate at max 2⁶³-1
|
# SQLite uses 64 bit signed ints, so generate at max 2⁶³-1
|
||||||
userid = csprng.randrange(2 << 63)
|
userid = csprng.randrange(2**63)
|
||||||
|
|
||||||
# Check that the user ID is unique
|
# Check that the user ID is unique
|
||||||
cursor.execute('SELECT id FROM users WHERE id = ?;', (userid,))
|
cursor.execute('SELECT id FROM users WHERE id = ?;', (userid,))
|
||||||
|
|
19
server.py
19
server.py
|
@ -5,7 +5,6 @@ import urllib.parse
|
||||||
import config
|
import config
|
||||||
import database
|
import database
|
||||||
import generate_html
|
import generate_html
|
||||||
import session
|
|
||||||
|
|
||||||
class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||||
server_version = 'Buranun/0.0'
|
server_version = 'Buranun/0.0'
|
||||||
|
@ -27,7 +26,7 @@ class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||||
self.send_header('Content-Type', 'text/plain; charset=utf-8')
|
self.send_header('Content-Type', 'text/plain; charset=utf-8')
|
||||||
self.send_header('Content-Length', length)
|
self.send_header('Content-Length', length)
|
||||||
|
|
||||||
# TODO: Make the max-age more sensical
|
# TODO: Make this more sensical
|
||||||
sent_cookies = http.cookies.SimpleCookie()
|
sent_cookies = http.cookies.SimpleCookie()
|
||||||
sent_cookies['buranun_session'] = buranun_session
|
sent_cookies['buranun_session'] = buranun_session
|
||||||
sent_cookies['buranun_session']['path'] = config.url_prefix if config.url_prefix != '' else '/'
|
sent_cookies['buranun_session']['path'] = config.url_prefix if config.url_prefix != '' else '/'
|
||||||
|
@ -81,7 +80,7 @@ class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||||
password_correct = database.check_password(db, userid, password)
|
password_correct = database.check_password(db, userid, password)
|
||||||
|
|
||||||
if password_correct:
|
if password_correct:
|
||||||
self.__redirect(buranun_session = session.new_session(userid))
|
self.__redirect(buranun_session = 'dihutenosa')
|
||||||
else:
|
else:
|
||||||
# TODO: Have it forward the user back to the page where they were at
|
# TODO: Have it forward the user back to the page where they were at
|
||||||
html = generate_html.login(self.path, retrying = True)
|
html = generate_html.login(self.path, retrying = True)
|
||||||
|
@ -104,18 +103,8 @@ class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||||
print('malformed cookies')
|
print('malformed cookies')
|
||||||
|
|
||||||
if 'buranun_session' in received_cookies:
|
if 'buranun_session' in received_cookies:
|
||||||
sessionid = int(received_cookies['buranun_session'].value)
|
print(received_cookies['buranun_session'].value)
|
||||||
print(sessionid)
|
logged_in = True
|
||||||
userid = session.get_userid(sessionid)
|
|
||||||
|
|
||||||
if userid is not None:
|
|
||||||
logged_in = True
|
|
||||||
|
|
||||||
with database.connect() as db:
|
|
||||||
print(userid, database.get_user_info(db, userid))
|
|
||||||
|
|
||||||
else:
|
|
||||||
print('unknown session ID')
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
print('No buranun_session')
|
print('No buranun_session')
|
||||||
|
|
39
session.py
39
session.py
|
@ -1,39 +0,0 @@
|
||||||
import random
|
|
||||||
import threading
|
|
||||||
|
|
||||||
csprng = random.SystemRandom()
|
|
||||||
|
|
||||||
sessions_lock = threading.Lock()
|
|
||||||
max_sessions = 1024
|
|
||||||
sessions = {}
|
|
||||||
|
|
||||||
def new_session(userid):
|
|
||||||
"""Creates a new session and returns its ID"""
|
|
||||||
with sessions_lock:
|
|
||||||
while True:
|
|
||||||
sessionid = csprng.randrange(2 << 256)
|
|
||||||
|
|
||||||
# Check that the ID is unique
|
|
||||||
if sessionid not in sessions:
|
|
||||||
break
|
|
||||||
|
|
||||||
# Do we have too many sessions?
|
|
||||||
# TODO: Implement the limit per-user
|
|
||||||
if len(sessions) >= max_sessions:
|
|
||||||
# Yes, drop a random one
|
|
||||||
# TODO: Have some LRU thing here
|
|
||||||
delete_id = random.choice(list(sessions.keys()))
|
|
||||||
del sessions[delete_id]
|
|
||||||
|
|
||||||
sessions[sessionid] = userid
|
|
||||||
|
|
||||||
return sessionid
|
|
||||||
|
|
||||||
def get_userid(sessionid):
|
|
||||||
"""Returns the user associated with session ID
|
|
||||||
Returns None if no user was found"""
|
|
||||||
with sessions_lock:
|
|
||||||
if sessionid in sessions:
|
|
||||||
return sessions[sessionid]
|
|
||||||
|
|
||||||
return None
|
|
Loading…
Reference in a new issue