Make Rophako support SSL
This commit is contained in:
parent
a4a83d4a6c
commit
b58563b0d1
|
@ -22,6 +22,10 @@ SITE_ROOT = os.path.join(_basedir, "site", "www")
|
||||||
# E-mail addresses for site notifications (i.e. new comments).
|
# E-mail addresses for site notifications (i.e. new comments).
|
||||||
NOTIFY_ADDRESS = ["root@localhost"]
|
NOTIFY_ADDRESS = ["root@localhost"]
|
||||||
|
|
||||||
|
# Set this to true if you want your app to force use of SSL. This will also turn
|
||||||
|
# on Flask's secure-only session cookies.
|
||||||
|
FORCE_SSL = False
|
||||||
|
|
||||||
# Secret key used for session cookie signing. Make this long and hard to guess.
|
# Secret key used for session cookie signing. Make this long and hard to guess.
|
||||||
#
|
#
|
||||||
# Tips for creating a strong secret key:
|
# Tips for creating a strong secret key:
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
flask
|
flask
|
||||||
|
flask-sslify
|
||||||
redis
|
redis
|
||||||
bcrypt
|
bcrypt
|
||||||
pillow
|
pillow
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
__version__ = '0.01'
|
__version__ = '0.01'
|
||||||
|
|
||||||
from flask import Flask, g, request, session, render_template, send_file, abort
|
from flask import Flask, g, request, session, render_template, send_file, abort
|
||||||
|
from flask_sslify import SSLify
|
||||||
import jinja2
|
import jinja2
|
||||||
import os.path
|
import os.path
|
||||||
import time
|
import time
|
||||||
|
@ -14,6 +15,11 @@ app = Flask(__name__,
|
||||||
app.DEBUG = config.DEBUG
|
app.DEBUG = config.DEBUG
|
||||||
app.secret_key = config.SECRET_KEY
|
app.secret_key = config.SECRET_KEY
|
||||||
|
|
||||||
|
# Security?
|
||||||
|
if config.FORCE_SSL:
|
||||||
|
app.SESSION_COOKIE_SECURE = True
|
||||||
|
sslify = SSLify(app)
|
||||||
|
|
||||||
# Load all the blueprints!
|
# Load all the blueprints!
|
||||||
from rophako.modules.admin import mod as AdminModule
|
from rophako.modules.admin import mod as AdminModule
|
||||||
from rophako.modules.account import mod as AccountModule
|
from rophako.modules.account import mod as AccountModule
|
||||||
|
|
|
@ -226,7 +226,7 @@ def gravatar(email):
|
||||||
}
|
}
|
||||||
if default:
|
if default:
|
||||||
params["d"] = default
|
params["d"] = default
|
||||||
url = "http://www.gravatar.com/avatar/" + hashlib.md5(email.lower()).hexdigest() + "?"
|
url = "//www.gravatar.com/avatar/" + hashlib.md5(email.lower()).hexdigest() + "?"
|
||||||
url += urllib.urlencode(params)
|
url += urllib.urlencode(params)
|
||||||
return url
|
return url
|
||||||
return ""
|
return ""
|
|
@ -7,7 +7,7 @@ import re
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from rophako import app
|
from rophako import app
|
||||||
from rophako.utils import template
|
from rophako.utils import template, login_required
|
||||||
import rophako.model.blog as Blog
|
import rophako.model.blog as Blog
|
||||||
import rophako.jsondb as JsonDB
|
import rophako.jsondb as JsonDB
|
||||||
|
|
||||||
|
@ -95,3 +95,14 @@ def legacy_download():
|
||||||
@app.route("/<page>.html")
|
@app.route("/<page>.html")
|
||||||
def legacy_url(page):
|
def legacy_url(page):
|
||||||
return redirect("/{}".format(page), code=301)
|
return redirect("/{}".format(page), code=301)
|
||||||
|
|
||||||
|
@app.route("/ssl_test")
|
||||||
|
@login_required
|
||||||
|
def ssl_test():
|
||||||
|
criteria = [
|
||||||
|
request.is_secure,
|
||||||
|
app.debug,
|
||||||
|
request.headers.get("X-Forwarded-Proto", "http") == "https"
|
||||||
|
]
|
||||||
|
|
||||||
|
return str(criteria)
|
||||||
|
|
|
@ -9,7 +9,7 @@ There {% if comments|length == 1 %}is{% else %}are{% endif %}
|
||||||
{% for comment in comments %}
|
{% for comment in comments %}
|
||||||
<div class="comment">
|
<div class="comment">
|
||||||
<div class="comment-author">
|
<div class="comment-author">
|
||||||
{% if comment["image"] and (comment["image"].startswith('http:') or comment["image"].startswith('https:')) %}
|
{% if comment["image"] and (comment["image"].startswith('http:') or comment["image"].startswith('https:') or comment["image"].startswith('//')) %}
|
||||||
<img src="{{ comment['image'] }}" alt="Avatar" width="96" height="96">
|
<img src="{{ comment['image'] }}" alt="Avatar" width="96" height="96">
|
||||||
{% elif comment["image"] %}
|
{% elif comment["image"] %}
|
||||||
<img src="{{ photo_url }}/{{ comment['image'] }}" alt="Avatar" width="96" height="96">
|
<img src="{{ photo_url }}/{{ comment['image'] }}" alt="Avatar" width="96" height="96">
|
||||||
|
|
45
runserver.py
45
runserver.py
|
@ -1,4 +1,47 @@
|
||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import argparse
|
||||||
|
|
||||||
from rophako import app
|
from rophako import app
|
||||||
app.run(host='0.0.0.0', debug=True, port=2006)
|
|
||||||
|
parser = argparse.ArgumentParser(description="Rophako")
|
||||||
|
parser.add_argument(
|
||||||
|
"--port", "-p",
|
||||||
|
type=int,
|
||||||
|
help="Port to listen on",
|
||||||
|
default=2006,
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--key", "-k",
|
||||||
|
type=str,
|
||||||
|
help="SSL private key file. Providing this option will turn on SSL mode " \
|
||||||
|
+ "(and will require pyOpenSSL to be installed).",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--cert", "-c",
|
||||||
|
type=str,
|
||||||
|
help="SSL certificate file.",
|
||||||
|
)
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
flask_options = dict(
|
||||||
|
host='0.0.0.0',
|
||||||
|
debug=True,
|
||||||
|
port=args.port,
|
||||||
|
threaded=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
if args.key and args.cert:
|
||||||
|
from OpenSSL import SSL
|
||||||
|
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||||
|
context.use_privatekey_file(args.key)
|
||||||
|
context.use_certificate_file(args.cert)
|
||||||
|
app.config['SESSION_COOKIE_SECURE'] = True
|
||||||
|
flask_options["ssl_context"] = context
|
||||||
|
|
||||||
|
app.run(**flask_options)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user