basic auth test

3 years ago · 99f7cf9181
parent d5977fd9b9
commit 99f7cf9181
2 changed files with 44 additions and 2 deletions
--- a/class/core/config_api.py
+++ b/class/core/config_api.py
@ -208,7 +208,8 @@ class config_api:
        mw.writeFile(path, json.dumps(ba_conf))
        os.chmod(path, 384)
        mw.writeLog('面板设置', '设置BasicAuth状态为: %s' % is_open)
-        mw.writeFile('data/reload.pl', 'True')
+
+        mw.restartMw()
        return mw.returnJson(True, '设置成功!')

    def setApi(self):
--- a/route/init.py
+++ b/route/init.py
@ -6,6 +6,7 @@ import os
 import time
 import shutil
 import uuid
+import json
 import traceback

 # reload(sys)
@ -27,7 +28,6 @@ from flask_caching import Cache
 from flask_session import Session

 sys.path.append(os.getcwd() + "/class/core")
-# sys.path.append("/usr/local/lib/python3.6/site-packages")

 import db
 import mw
@ -64,6 +64,20 @@ app.config['SESSION_COOKIE_NAME'] = "MW_VER_1"
 app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=31)
 # Session(app)

+# 设置BasicAuth
+basic_auth_conf = 'data/basic_auth.json'
+app.config['BASIC_AUTH_OPEN'] = False
+if os.path.exists(basic_auth_conf):
+    try:
+        ba_conf = json.loads(mw.readFile(basic_auth_conf))
+        print(ba_conf)
+        app.config['BASIC_AUTH_USERNAME'] = ba_conf['basic_user']
+        app.config['BASIC_AUTH_PASSWORD'] = ba_conf['basic_pwd']
+        app.config['BASIC_AUTH_OPEN'] = ba_conf['open']
+        app.config['BASIC_AUTH_FORCE'] = True
+    except Exception as e:
+        print(e)
+
 # socketio
 from flask_socketio import SocketIO, emit, send
 socketio = SocketIO()
@ -119,6 +133,33 @@ def funConvert(fun):
        func += suf
    return func

+# Flask请求勾子
+
+
+def sendAuthenticated():
+    # 发送http认证信息
+    request_host = mw.getHostAddr()
+    result = Response(
+        '', 401, {'WWW-Authenticate': 'Basic realm="%s"' % request_host.strip()})
+    if not 'login' in session and not 'admin_auth' in session:
+        session.clear()
+    return result
+
+
+@app.before_request
+def requestCheck():
+    if app.config['BASIC_AUTH_OPEN']:
+        auth = request.authorization
+        if request.path in ['/download', '/hook', '/down']:
+            return
+
+        if not auth:
+            return sendAuthenticated()
+        salt = '_md_salt'
+        if mw.md5(auth.username.strip() + salt) != app.config['BASIC_AUTH_USERNAME'] \
+                or mw.md5(auth.password.strip() + salt) != app.config['BASIC_AUTH_PASSWORD']:
+            return sendAuthenticated()
+

 def isLogined():
    # print('isLogined', session)