parent
f52d98333e
commit
de094d4bed
4 changed files with 13 additions and 6 deletions
11
README.md
11
README.md
|
|
@ -10,7 +10,14 @@ Use `gunicorn -w 2 'flaskr:create_app()'` to run app. Increase the number of wor
|
|||
## Initializing database
|
||||
The first time you install the app in each environment, you need to initialize database using `flask --app flaskr init-db`. This only needs to be run once per environment, and **will delete existing database if run again**.
|
||||
|
||||
## Secret key
|
||||
## Config file
|
||||
|
||||
The config file is located at `<python_environment>/var/flaskr-instance/config.py`
|
||||
|
||||
### Secret Key
|
||||
Every website with login needs a secret key to hash passwords with.
|
||||
`<python_environment>/var/flaskr-instance/config.py` must contain a line `SECRET_KEY = '<secret_key>`, which must be randomly generated.
|
||||
The config file must contain a line `SECRET_KEY = '<secret_key>`, which must be randomly generated.
|
||||
Suggested way of generating the key is `python -c 'import secrets; print(secrets.token_hex())'`, which returns a hexadecimal string with length 64. You may choose to randomly generate a key using a different method, but ensure that it is resistant to brute-force attacks.
|
||||
|
||||
### Registration
|
||||
Since this blog is meant to be updated by a limited number of people, registration is forbidden (403) by default. In addition, registration (/auth/register) and login (/auth/login) URLs are not hyperlinked anywhere. Registration can be opened by including `REGISTER = True`, or closed by including `REGISTER = False`, in the config file.
|
||||
|
|
@ -8,6 +8,7 @@ def create_app(test_config=None):
|
|||
app.config.from_mapping(
|
||||
SECRET_KEY='dev',
|
||||
DATABASE=os.path.join(app.instance_path, 'flaskr.sqlite'),
|
||||
REGISTER=False
|
||||
)
|
||||
|
||||
app.wsgi_app = ProxyFix(
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
import functools
|
||||
|
||||
from flask import (
|
||||
Blueprint, flash, g, redirect, render_template, request, session, url_for
|
||||
Blueprint, flash, g, redirect, render_template, request, session, url_for, current_app, abort
|
||||
)
|
||||
from werkzeug.security import check_password_hash, generate_password_hash
|
||||
|
||||
|
|
@ -11,6 +11,8 @@ bp = Blueprint('auth', __name__, url_prefix='/auth')
|
|||
|
||||
@bp.route('/register', methods=('GET', 'POST'))
|
||||
def register():
|
||||
if not current_app.config['REGISTER']:
|
||||
abort(403)
|
||||
if request.method == 'POST':
|
||||
username = request.form['username']
|
||||
password = request.form['password']
|
||||
|
|
|
|||
|
|
@ -8,9 +8,6 @@
|
|||
{% if g.user %}
|
||||
<li><span>{{ g.user['username'] }}</span>
|
||||
<li><a href="{{ url_for('auth.logout') }}">Log Out</a>
|
||||
{% else %}
|
||||
<li><a href="{{ url_for('auth.register') }}">Register</a>
|
||||
<li><a href="{{ url_for('auth.login') }}">Log In</a>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue