jegomez/attendance-flask-mini-app
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changes for use in a proper domain

Browse Source
This commit is contained in:
Jorge Enrique Gómez Gómez 2022-07-28 19:38:44 +00:00
parent d5ca31078b
commit 912f84597d
3 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,6 +1,11 @@
# Sqlite database # Sqlite database
database.db database.db
# Vim temporary files and swap
*~
*.swp
*.swo
# Byte-compiled / optimized / DLL files # Byte-compiled / optimized / DLL files
__pycache__/ __pycache__/
*.py[cod] *.py[cod]

18
main.py
View File

@ -11,7 +11,7 @@ from flask_qrcode import QRcode
# refresh the qr code and update the list of users # refresh the qr code and update the list of users
# https://flask-socketio.readthedocs.io # https://flask-socketio.readthedocs.io
app = Flask(__name__, static_folder='html') app = Flask(__name__)
FlaskUUID(app) FlaskUUID(app)
QRcode(app) QRcode(app)
@ -34,27 +34,29 @@ def show_qr_and_list():
@app.route('/<uuid:id>') @app.route('/<uuid:id>')
def catch_uuids(id): def catch_uuids(id):
ua = request.headers.get('User-Agent') ua = request.headers.get('Remote-User')
# TODO: use the Remote-User header that Authelia should set after authentication # TODO: Check directly with Authelia using https://auth.agofer.net/api/verify
# (check if "Authorization" in request.headers, or request.authorization)
time = datetime.now().strftime("%A %Y-%m-%d %H:%M:%S") time = datetime.now().strftime("%A %Y-%m-%d %H:%M:%S")
error = None error = None
data = []
conn = get_db_connection() conn = get_db_connection()
existing = conn.execute( existing = conn.execute(
'SELECT * FROM hits WHERE uuid = ?', (str(id),)).fetchone() 'SELECT * FROM hits WHERE uuid = ?', (str(id),)).fetchone()
# TODO: verify that the uuid was generated by us (otherwise any uuid, # TODO: verify that the uuid was generated by us (otherwise any uuid,
# like one generated by the user, would be accepted) # like one generated by the user, would be accepted)
if existing: if not ua:
error = 'NO_USERNAME'
elif existing:
error = 'ALREADY_USED' error = 'ALREADY_USED'
else: else:
conn.execute("INSERT INTO hits (uuid, user) VALUES (?, ?)", (str(id), ua))
conn.commit()
data = conn.execute( data = conn.execute(
'SELECT * FROM hits WHERE user = ? ORDER BY id DESC LIMIT 10', (ua,) 'SELECT * FROM hits WHERE user = ? ORDER BY id DESC LIMIT 10', (ua,)
).fetchall() ).fetchall()
conn.execute("INSERT INTO hits (uuid, user) VALUES (?, ?)", (str(id), ua))
conn.commit()
conn.close() conn.close()
return render_template('thanks.html', user=ua, time=time, error=error, hits=data) return render_template('thanks.html', user=ua, time=time, error=error, hits=data)
if __name__ == '__main__': if __name__ == '__main__':
app.run() app.run(host='0.0.0.0')

5
templates/thanks.html
View File

@ -4,7 +4,10 @@
<title>Example</title> <title>Example</title>
</head> </head>
<body> <body>
{% if error %} {% if error == 'NO_USERNAME' %}
<h1>Error</h1>
<p>No username received. <a href='https://auth.agofer.net/'>Login here</a>.</p>
{% elif error == 'ALREADY_USED' %}
<h1>Error</h1> <h1>Error</h1>
<p>Code has been used already.</p> <p>Code has been used already.</p>
{% else %} {% else %}