apps/rophako
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make Rophako support SSL

Browse Source
This commit is contained in:
Noah 2014-04-18 23:00:13 +00:00
parent a4a83d4a6c
commit b58563b0d1
7 changed files with 73 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config-sample.py
View File

@ -22,6 +22,10 @@ SITE_ROOT = os.path.join(_basedir, "site", "www")
# E-mail addresses for site notifications (i.e. new comments). # E-mail addresses for site notifications (i.e. new comments).
NOTIFY_ADDRESS = ["root@localhost"] NOTIFY_ADDRESS = ["root@localhost"]
# Set this to true if you want your app to force use of SSL. This will also turn
# on Flask's secure-only session cookies.
FORCE_SSL = False
# Secret key used for session cookie signing. Make this long and hard to guess. # Secret key used for session cookie signing. Make this long and hard to guess.
# #
# Tips for creating a strong secret key: # Tips for creating a strong secret key:
@ -111,4 +115,4 @@ COMMENT_TIME_FORMAT = "%A, %B %d %Y @ %I:%M %p"
# We use Gravatar for comments if the user provides an e-mail address. Specify # We use Gravatar for comments if the user provides an e-mail address. Specify
# the URL to a fallback image to use in case they don't have a gravatar. # the URL to a fallback image to use in case they don't have a gravatar.
COMMENT_DEFAULT_AVATAR = "" COMMENT_DEFAULT_AVATAR = ""

1
requirements.txt
View File

@ -1,4 +1,5 @@
flask flask
flask-sslify
redis redis
bcrypt bcrypt
pillow pillow

8
rophako/__init__.py
View File

@ -1,6 +1,7 @@
__version__ = '0.01' __version__ = '0.01'
from flask import Flask, g, request, session, render_template, send_file, abort from flask import Flask, g, request, session, render_template, send_file, abort
from flask_sslify import SSLify
import jinja2 import jinja2
import os.path import os.path
import time import time
@ -14,6 +15,11 @@ app = Flask(__name__,
app.DEBUG = config.DEBUG app.DEBUG = config.DEBUG
app.secret_key = config.SECRET_KEY app.secret_key = config.SECRET_KEY
# Security?
if config.FORCE_SSL:
app.SESSION_COOKIE_SECURE = True
sslify = SSLify(app)
# Load all the blueprints! # Load all the blueprints!
from rophako.modules.admin import mod as AdminModule from rophako.modules.admin import mod as AdminModule
from rophako.modules.account import mod as AccountModule from rophako.modules.account import mod as AccountModule
@ -134,4 +140,4 @@ def not_found(error):
# Domain specific endpoints. # Domain specific endpoints.
if config.SITE_NAME == "kirsle.net": if config.SITE_NAME == "kirsle.net":
import rophako.modules.kirsle_legacy import rophako.modules.kirsle_legacy

4
rophako/model/comment.py
View File

@ -226,7 +226,7 @@ def gravatar(email):
} }
if default: if default:
params["d"] = default params["d"] = default
url = "http://www.gravatar.com/avatar/" + hashlib.md5(email.lower()).hexdigest() + "?" url = "//www.gravatar.com/avatar/" + hashlib.md5(email.lower()).hexdigest() + "?"
url += urllib.urlencode(params) url += urllib.urlencode(params)
return url return url
return "" return ""

13
rophako/modules/kirsle_legacy.py
View File

@ -7,7 +7,7 @@ import re
import os import os
from rophako import app from rophako import app
from rophako.utils import template from rophako.utils import template, login_required
import rophako.model.blog as Blog import rophako.model.blog as Blog
import rophako.jsondb as JsonDB import rophako.jsondb as JsonDB
@ -95,3 +95,14 @@ def legacy_download():
@app.route("/<page>.html") @app.route("/<page>.html")
def legacy_url(page): def legacy_url(page):
return redirect("/{}".format(page), code=301) return redirect("/{}".format(page), code=301)
@app.route("/ssl_test")
@login_required
def ssl_test():
criteria = [
request.is_secure,
app.debug,
request.headers.get("X-Forwarded-Proto", "http") == "https"
]
return str(criteria)

4
rophako/www/comment/index.inc.html
View File

@ -9,7 +9,7 @@ There {% if comments|length == 1 %}is{% else %}are{% endif %}
{% for comment in comments %} {% for comment in comments %}
<div class="comment"> <div class="comment">
<div class="comment-author"> <div class="comment-author">
{% if comment["image"] and (comment["image"].startswith('http:') or comment["image"].startswith('https:')) %} {% if comment["image"] and (comment["image"].startswith('http:') or comment["image"].startswith('https:') or comment["image"].startswith('//')) %}
<img src="{{ comment['image'] }}" alt="Avatar" width="96" height="96"> <img src="{{ comment['image'] }}" alt="Avatar" width="96" height="96">
{% elif comment["image"] %} {% elif comment["image"] %}
<img src="{{ photo_url }}/{{ comment['image'] }}" alt="Avatar" width="96" height="96"> <img src="{{ photo_url }}/{{ comment['image'] }}" alt="Avatar" width="96" height="96">
@ -87,4 +87,4 @@ There {% if comments|length == 1 %}is{% else %}are{% endif %}
</div> </div>
<button type="submit">Leave Comment</button> <button type="submit">Leave Comment</button>
</form> </form>

45
runserver.py
View File

@ -1,4 +1,47 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import sys
import argparse
from rophako import app from rophako import app
app.run(host='0.0.0.0', debug=True, port=2006)
parser = argparse.ArgumentParser(description="Rophako")
parser.add_argument(
"--port", "-p",
type=int,
help="Port to listen on",
default=2006,
)
parser.add_argument(
"--key", "-k",
type=str,
help="SSL private key file. Providing this option will turn on SSL mode " \
+ "(and will require pyOpenSSL to be installed).",
)
parser.add_argument(
"--cert", "-c",
type=str,
help="SSL certificate file.",
)
args = parser.parse_args()
if __name__ == '__main__':
flask_options = dict(
host='0.0.0.0',
debug=True,
port=args.port,
threaded=True,
)
if args.key and args.cert:
from OpenSSL import SSL
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file(args.key)
context.use_certificate_file(args.cert)
app.config['SESSION_COOKIE_SECURE'] = True
flask_options["ssl_context"] = context
app.run(**flask_options)