Mercurial > templog
changeset 242:2caee09f41c4
merge from server
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 20 May 2015 00:03:53 +0800 |
| parents | 86e638d564b0 (current diff) c90190a380c6 (diff) |
| children | c9b20d3d393a |
| files | |
| diffstat | 2 files changed, 15 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/web/templog.py Tue May 19 23:58:51 2015 +0800 +++ b/web/templog.py Wed May 20 00:03:53 2015 +0800 @@ -11,6 +11,7 @@ import os import traceback import fcntl +import hashlib import bottle from bottle import route, request, response @@ -23,12 +24,23 @@ DATE_FORMAT = '%Y%m%d-%H.%M' ZOOM_SCALE = 2.0 +class TemplogBottle(bottle.Bottle): + def run(*args, **argm): + argm['server'] = 'gevent' + super(TemplogBottle, self).run(*args, **argm) + print "ran custom bottle" + +#bottle.default_app.push(TemplogBottle()) + +secure.setup_csrf() + @route('/update', method='post') def update(): js_enc = request.forms.data mac = request.forms.hmac - if hmac.new(config.HMAC_KEY, js_enc).hexdigest() != mac: + h = hmac.new(config.HMAC_KEY, js_enc.strip(), hashlib.sha256).hexdigest() + if h != mac: raise bottle.HTTPError(code = 403, output = "Bad key") js = zlib.decompress(binascii.a2b_base64(js_enc)) @@ -75,11 +87,6 @@ csrf_blob = secure.get_csrf_blob(), allowed = allowed) -@route('/set_current.json') -def set_fresh(): - response.set_header('Content-Type', 'application/javascript') - return log.get_current() - @route('/') def top(): @@ -138,8 +145,6 @@ response.set_header('Cache-Control', "public, max-age=1296000") return bottle.static_file(filename, root='static') -secure.setup_csrf() - def main(): #bottle.debug(True) #bottle.run(reloader=True)