A Python content management system designed for kirsle.net featuring a blog, comments and photo albums. https://rophako.kirsle.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

51 lines
1.5 KiB

  1. # -*- coding: utf-8 -*-
  2. from flask import g, session, request, render_template
  3. from functools import wraps
  4. import uuid
  5. from rophako.log import logger
  6. def login_required(f):
  7. """Wrapper for pages that require a logged-in user."""
  8. @wraps(f)
  9. def decorated_function(*args, **kwargs):
  10. if not g.info["session"]["login"]:
  11. session["redirect_url"] = request.url
  12. flash("You must be logged in to do that!")
  13. return redirect(url_for("account.login"))
  14. return f(*args, **kwargs)
  15. return decorated_function
  16. def admin_required(f):
  17. """Wrapper for admin-only pages. Implies login_required."""
  18. @wraps(f)
  19. def decorated_function(*args, **kwargs):
  20. if not g.info["session"]["login"]:
  21. # Not even logged in?
  22. session["redirect_url"] = request.url
  23. flash("You must be logged in to do that!")
  24. return redirect(url_for("account.login"))
  25. if g.info["session"]["role"] != "admin":
  26. logger.warning("User tried to access an Admin page, but wasn't allowed!")
  27. return redirect(url_for("index"))
  28. return f(*args, **kwargs)
  29. return decorated_function
  30. def template(name, **kwargs):
  31. """Render a template to the browser."""
  32. html = render_template(name, **kwargs)
  33. return html
  34. def generate_csrf_token():
  35. """Generator for CSRF tokens."""
  36. if "_csrf" not in session:
  37. session["_csrf"] = str(uuid.uuid4())
  38. return session["_csrf"]