diff --git a/gallery/__init__.py b/gallery/__init__.py
index bd76ae7..58e5150 100644
--- a/gallery/__init__.py
+++ b/gallery/__init__.py
@@ -27,6 +27,7 @@ from gallery import db
USER_DIR = platformdirs.user_config_dir('onlylegs')
+
db_session = sessionmaker(bind=db.engine)
db_session = db_session()
login_manager = LoginManager()
@@ -67,10 +68,16 @@ def create_app(test_config=None):
login_manager.init_app(app)
login_manager.login_view = 'gallery.index'
+ login_manager.session_protection = 'strong'
@login_manager.user_loader
def load_user(user_id):
- return db_session.query(db.Users).filter_by(id=user_id).first()
+ return db_session.query(db.Users).filter_by(alt_id=user_id).first()
+
+ @login_manager.unauthorized_handler
+ def unauthorized():
+ return render_template('error.html', error=401,
+ msg='You are not authorized to view this page!!!!'), 401
# Load JS assets
# TODO: disable caching for sass files as it makes it hard to work on when it is enabled
@@ -83,9 +90,7 @@ def create_app(test_config=None):
def error_page(err): # noqa
if not isinstance(err, HTTPException):
abort(500)
- return render_template('error.html',
- error=err.code,
- msg=err.description), err.code
+ return render_template('error.html', error=err.code, msg=err.description), err.code
# Load login, registration and logout manager
from gallery import auth
diff --git a/gallery/auth.py b/gallery/auth.py
index b51c885..bc2d117 100644
--- a/gallery/auth.py
+++ b/gallery/auth.py
@@ -3,10 +3,11 @@ OnlyLegs - Authentication
User registration, login and logout and locking access to pages behind a login
"""
import re
+from uuid import uuid4
import logging
from datetime import datetime as dt
-from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify
+from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify, session
from werkzeug.security import check_password_hash, generate_password_hash
from flask_login import login_user, logout_user, login_required
@@ -87,7 +88,7 @@ def register():
if error:
return jsonify(error)
- register_user = db.Users(username=username, email=email,
+ register_user = db.Users(alt_id=str(uuid4()), username=username, email=email,
password=generate_password_hash(password, method='sha256'),
created_at=dt.utcnow())
db_session.add(register_user)
diff --git a/gallery/db.py b/gallery/db.py
index df1f389..f3ff844 100644
--- a/gallery/db.py
+++ b/gallery/db.py
@@ -27,7 +27,9 @@ class Users (base, UserMixin): # pylint: disable=too-few-public-methods, C0103
"""
__tablename__ = 'users'
+ # Gallery used information
id = Column(Integer, primary_key=True)
+ alt_id = Column(String, unique=True, nullable=False)
username = Column(String, unique=True, nullable=False)
email = Column(String, unique=True, nullable=False)
password = Column(String, nullable=False)
@@ -35,9 +37,11 @@ class Users (base, UserMixin): # pylint: disable=too-few-public-methods, C0103
posts = relationship('Posts', backref='users')
groups = relationship('Groups', backref='users')
- session = relationship('Sessions', backref='users')
log = relationship('Logs', backref='users')
+ def get_id(self):
+ return str(self.alt_id)
+
class Posts (base): # pylint: disable=too-few-public-methods, C0103
"""
@@ -91,22 +95,6 @@ class GroupJunction (base): # pylint: disable=too-few-public-methods, C0103
post_id = Column(Integer, ForeignKey('posts.id'))
-class Sessions (base): # pylint: disable=too-few-public-methods, C0103
- """
- Session table
- Joins with user
- """
- __tablename__ = 'sessions'
-
- id = Column(Integer, primary_key=True)
- user_id = Column(Integer, ForeignKey('users.id'))
- session_uuid = Column(String, nullable=False)
- ip_address = Column(String, nullable=False)
- user_agent = Column(String, nullable=False)
- active = Column(Boolean, nullable=False)
- created_at = Column(DateTime, nullable=False)
-
-
class Logs (base): # pylint: disable=too-few-public-methods, C0103
"""
Log table
diff --git a/gallery/static/js/pre/main.js b/gallery/static/js/pre/main.js
index d73bcb5..c5ba3cf 100644
--- a/gallery/static/js/pre/main.js
+++ b/gallery/static/js/pre/main.js
@@ -65,7 +65,7 @@ window.onload = function () {
'Using Phosphoricons and ' +
'Manrope
' +
'Made by Fluffy and others with ❤️
' +
- 'V23.04.02');
+ 'V23.04.03');
}
}
};
diff --git a/gallery/templates/layout.html b/gallery/templates/layout.html
index f047879..4dc94e0 100644
--- a/gallery/templates/layout.html
+++ b/gallery/templates/layout.html
@@ -26,17 +26,23 @@
media="(prefers-color-scheme: dark)"/>
{% assets "js_pre" %}
-
+
{% endassets %}
{% assets "js_post" %}
-
+
{% endassets %}
{% assets "styles" %}
-
+
{% endassets %}
+
+
{% block head %}{% endblock %}
diff --git a/gallery/templates/settings/account.html b/gallery/templates/settings/account.html
index c6f0dc4..aad5c2e 100644
--- a/gallery/templates/settings/account.html
+++ b/gallery/templates/settings/account.html
@@ -4,4 +4,10 @@
{% block settings_content %}
Account
Logout
+ Is session fresh?
+ {% if fresh %}
+ Yes
+ {% else %}
+ No
+ {% endif %}
{% endblock %}
\ No newline at end of file
diff --git a/gallery/views/settings.py b/gallery/views/settings.py
index 94926e9..6475132 100644
--- a/gallery/views/settings.py
+++ b/gallery/views/settings.py
@@ -2,7 +2,7 @@
OnlyLegs - Settings page
"""
from flask import Blueprint, render_template
-from flask_login import login_required
+from flask_login import login_required, current_user
blueprint = Blueprint('settings', __name__, url_prefix='/settings')
diff --git a/pyproject.toml b/pyproject.toml
index 3b4bd29..a7eb497 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "onlylegs"
-version = "23.04.02"
+version = "23.04.03"
description = "Gallery built for fast and simple image management"
authors = ["Fluffy-Bean "]
license = "MIT"
diff --git a/run.py b/run.py
index 2261f0f..2f5ac66 100644
--- a/run.py
+++ b/run.py
@@ -14,7 +14,7 @@ print("""
#+# #+# #+# #+#+# #+# #+# #+# #+# #+# #+# #+# #+#
######## ### #### ########## ### ########## ######### ######### ########
- Created by Fluffy Bean - Version 23.04.02
+ Created by Fluffy Bean - Version 23.04.03
""")