# HG changeset patch # User Matt Johnston # Date 1432051433 -28800 # Node ID 2caee09f41c4008f6df66c73eec0987050ed432e # Parent 86e638d564b0e34c47ffaac1d2ee622d2efcf8d9# Parent c90190a380c6790a348c0bf0d09a786e561b22af merge from server diff -r 86e638d564b0 -r 2caee09f41c4 web/templog.py --- a/web/templog.py Tue May 19 23:58:51 2015 +0800 +++ b/web/templog.py Wed May 20 00:03:53 2015 +0800 @@ -11,6 +11,7 @@ import os import traceback import fcntl +import hashlib import bottle from bottle import route, request, response @@ -23,12 +24,23 @@ DATE_FORMAT = '%Y%m%d-%H.%M' ZOOM_SCALE = 2.0 +class TemplogBottle(bottle.Bottle): + def run(*args, **argm): + argm['server'] = 'gevent' + super(TemplogBottle, self).run(*args, **argm) + print "ran custom bottle" + +#bottle.default_app.push(TemplogBottle()) + +secure.setup_csrf() + @route('/update', method='post') def update(): js_enc = request.forms.data mac = request.forms.hmac - if hmac.new(config.HMAC_KEY, js_enc).hexdigest() != mac: + h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest() + if h != mac: raise bottle.HTTPError(code = 403, output = "Bad key") js = zlib.decompress(binascii.a2b_base64(js_enc)) @@ -75,11 +87,6 @@ csrf_blob = secure.get_csrf_blob(), allowed = allowed) -@route('/set_current.json') -def set_fresh(): - response.set_header('Content-Type', 'application/javascript') - return log.get_current() - @route('/') def top(): @@ -138,8 +145,6 @@ response.set_header('Cache-Control', "public, max-age=1296000") return bottle.static_file(filename, root='static') -secure.setup_csrf() - def main(): #bottle.debug(True) #bottle.run(reloader=True) diff -r 86e638d564b0 -r 2caee09f41c4 web/templog.wsgi --- a/web/templog.wsgi Tue May 19 23:58:51 2015 +0800 +++ b/web/templog.wsgi Wed May 20 00:03:53 2015 +0800 @@ -1,3 +1,5 @@ +#from gevent import monkey; monkey.patch_all() + import os import sys # Change working directory so relative paths (and template lookup) work again