Compare commits
No commits in common. "c5edd6bc68c012628d61294cd806e8726c1f8aaf" and "fb9b6ba258190f4b517c179de051d58945dc5be2" have entirely different histories.
c5edd6bc68
...
fb9b6ba258
3 changed files with 5 additions and 55 deletions
|
@ -71,7 +71,7 @@ def add_user(db, *, username, password, email, parent, status):
|
|||
# Generate a user ID
|
||||
while True:
|
||||
# SQLite uses 64 bit signed ints, so generate at max 2⁶³-1
|
||||
userid = csprng.randrange(2 << 63)
|
||||
userid = csprng.randrange(2**63)
|
||||
|
||||
# Check that the user ID is unique
|
||||
cursor.execute('SELECT id FROM users WHERE id = ?;', (userid,))
|
||||
|
|
19
server.py
19
server.py
|
@ -5,7 +5,6 @@ import urllib.parse
|
|||
import config
|
||||
import database
|
||||
import generate_html
|
||||
import session
|
||||
|
||||
class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
||||
server_version = 'Buranun/0.0'
|
||||
|
@ -27,7 +26,7 @@ class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
|||
self.send_header('Content-Type', 'text/plain; charset=utf-8')
|
||||
self.send_header('Content-Length', length)
|
||||
|
||||
# TODO: Make the max-age more sensical
|
||||
# TODO: Make this more sensical
|
||||
sent_cookies = http.cookies.SimpleCookie()
|
||||
sent_cookies['buranun_session'] = buranun_session
|
||||
sent_cookies['buranun_session']['path'] = config.url_prefix if config.url_prefix != '' else '/'
|
||||
|
@ -81,7 +80,7 @@ class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
|||
password_correct = database.check_password(db, userid, password)
|
||||
|
||||
if password_correct:
|
||||
self.__redirect(buranun_session = session.new_session(userid))
|
||||
self.__redirect(buranun_session = 'dihutenosa')
|
||||
else:
|
||||
# TODO: Have it forward the user back to the page where they were at
|
||||
html = generate_html.login(self.path, retrying = True)
|
||||
|
@ -104,18 +103,8 @@ class HTTPRequestHandler(http.server.BaseHTTPRequestHandler):
|
|||
print('malformed cookies')
|
||||
|
||||
if 'buranun_session' in received_cookies:
|
||||
sessionid = int(received_cookies['buranun_session'].value)
|
||||
print(sessionid)
|
||||
userid = session.get_userid(sessionid)
|
||||
|
||||
if userid is not None:
|
||||
logged_in = True
|
||||
|
||||
with database.connect() as db:
|
||||
print(userid, database.get_user_info(db, userid))
|
||||
|
||||
else:
|
||||
print('unknown session ID')
|
||||
print(received_cookies['buranun_session'].value)
|
||||
logged_in = True
|
||||
|
||||
else:
|
||||
print('No buranun_session')
|
||||
|
|
39
session.py
39
session.py
|
@ -1,39 +0,0 @@
|
|||
import random
|
||||
import threading
|
||||
|
||||
csprng = random.SystemRandom()
|
||||
|
||||
sessions_lock = threading.Lock()
|
||||
max_sessions = 1024
|
||||
sessions = {}
|
||||
|
||||
def new_session(userid):
|
||||
"""Creates a new session and returns its ID"""
|
||||
with sessions_lock:
|
||||
while True:
|
||||
sessionid = csprng.randrange(2 << 256)
|
||||
|
||||
# Check that the ID is unique
|
||||
if sessionid not in sessions:
|
||||
break
|
||||
|
||||
# Do we have too many sessions?
|
||||
# TODO: Implement the limit per-user
|
||||
if len(sessions) >= max_sessions:
|
||||
# Yes, drop a random one
|
||||
# TODO: Have some LRU thing here
|
||||
delete_id = random.choice(list(sessions.keys()))
|
||||
del sessions[delete_id]
|
||||
|
||||
sessions[sessionid] = userid
|
||||
|
||||
return sessionid
|
||||
|
||||
def get_userid(sessionid):
|
||||
"""Returns the user associated with session ID
|
||||
Returns None if no user was found"""
|
||||
with sessions_lock:
|
||||
if sessionid in sessions:
|
||||
return sessions[sessionid]
|
||||
|
||||
return None
|
Loading…
Reference in a new issue