Browse files

fix #2 by HTTP Authentication

  • Loading branch information...
1 parent d2d3845 commit c9556dcad8d353d7393b107db53ff46445c3836c @alswl committed Jul 5, 2014
Showing with 38 additions and 6 deletions.
  1. +7 −3 kuku/app.py
  2. +27 −0 kuku/handlers/decorators.py
  3. +3 −1 kuku/handlers/dir.py
  4. +1 −2 kuku/settings.py
View
10 kuku/app.py
@@ -1,10 +1,14 @@
# coding=utf-8
+import sys
+import os
+sys.path.insert(0, os.path.abspath(os.path.join(__file__, os.path.pardir, os.path.pardir)))
+
import tornado.ioloop
import tornado.web
-from handlers import dir
-import settings
+from kuku.handlers import dir
+from kuku import settings
re_safe_name_with_slash = ur'[ \w\u2e80-\u9fff\-_\.,/]'
@@ -26,7 +30,7 @@ def get(self):
(r'/(%s+)' % re_safe_name_with_slash, tornado.web.StaticFileHandler, {'path': settings.UPLOAD_PATH}),
]
-application = tornado.web.Application(route, template_path=settings.TEMPLATE_PATH)
+application = tornado.web.Application(route, template_path=settings.TEMPLATE_PATH, debug=settings.DEBUG)
if __name__ == "__main__":
View
27 kuku/handlers/decorators.py
@@ -0,0 +1,27 @@
+# coding=utf-8
+
+import base64
+
+from kuku import settings
+
+
+def require_basic_auth(func):
+
+ def wrap(handler, *args, **kwargs):
+ auth_header = handler.request.headers.get('Authorization')
+ if auth_header is None or not auth_header.startswith('Basic '):
+ handler.set_status(401)
+ handler.set_header('WWW-Authenticate', 'Basic realm=Restricted')
+ handler._transforms = []
+ handler.finish()
+ return
+ auth_decoded = base64.decodestring(auth_header[6:])
+ username, password = auth_decoded.split(':', 2)
+ if (username, password) not in settings.ACCOUNTS:
+ handler.set_status(403)
+ handler.write('403')
+ return
+ return func(handler, *args, **kwargs)
+
+ return wrap
+
View
4 kuku/handlers/dir.py
@@ -5,7 +5,8 @@
import tornado.ioloop
import tornado.web
-import settings
+from kuku import settings
+from kuku.handlers import decorators
def is_in_upload(path):
@@ -19,6 +20,7 @@ def is_security_path(path):
class DirHandler(tornado.web.RequestHandler):
+ @decorators.require_basic_auth
def get(self, path):
if not is_security_path(path):
raise tornado.web.HTTPError(404)
View
3 kuku/settings.py
@@ -4,8 +4,7 @@
DEBUG = True
-ADMIN = 'alswl'
-PASSWORD = '123456'
+ACCOUNTS = [('alswl', '123456'), ('admin', 'admin888')]
ROOT_PATH = os.path.abspath(os.path.dirname(__file__))
TEMPLATE_PATH = os.path.abspath(os.path.join(ROOT_PATH, 'templates'))

0 comments on commit c9556dc

Please sign in to comment.