diff --git a/pogom/app.py b/pogom/app.py
index 9d470d7c..57c1032c 100644
--- a/pogom/app.py
+++ b/pogom/app.py
@@ -42,12 +42,22 @@ def __init__(self, scan_config, *args, **kwargs):
self.route('/locale', methods=['GET'])(self.locale)
def is_authenticated(self):
+ if self.is_admin():
+ return True
+ if config.get('SITE_PASSWORD', None) and not request.cookies.get("siteauth") == config['SITE_AUTH_KEY']:
+ return False
+ return True
+
+ def is_admin(self):
if config.get('CONFIG_PASSWORD', None) and not request.cookies.get("auth") == config['AUTH_KEY']:
return False
else:
return True
def fullmap(self):
+ if not self.is_authenticated():
+ return redirect(url_for('login'))
+
# if 'search_thread' not in [t.name for t in threading.enumerate()]:
if (not config.get('GOOGLEMAPS_KEY', None) or
not config.get('ACCOUNTS', None)):
@@ -56,10 +66,10 @@ def fullmap(self):
return render_template('map.html',
scan_locations=json.dumps(self.scan_config.SCAN_LOCATIONS.values()),
gmaps_key=config['GOOGLEMAPS_KEY'],
- is_authenticated=self.is_authenticated())
+ is_admin=self.is_admin())
def login(self):
- if self.is_authenticated():
+ if self.is_admin():
return redirect(url_for('get_config_site'))
if request.method == "GET":
@@ -68,12 +78,19 @@ def login(self):
resp = make_response(redirect(url_for('get_config_site')))
resp.set_cookie('auth', config['AUTH_KEY'])
return resp
+ if request.form.get('password', None) == config.get('SITE_PASSWORD', None):
+ resp = make_response(redirect(url_for('fullmap')))
+ resp.set_cookie('siteauth', config['SITE_AUTH_KEY'])
+ return resp;
+ return render_template('login.html')
def heatmap_data(self):
+ if not self.is_authenticated():
+ return redirect(url_for('login'))
return jsonify( Pokemon.get_heat_stats() )
def get_config_site(self):
- if not self.is_authenticated():
+ if not self.is_admin():
return redirect(url_for('login'))
return render_template(
@@ -85,7 +102,7 @@ def get_config_site(self):
password=config.get('CONFIG_PASSWORD', None))
def post_config_site(self):
- if not self.is_authenticated():
+ if not self.is_admin():
return redirect(url_for('login'))
config['LOCALE'] = request.form.get('locale', 'en')
@@ -97,6 +114,12 @@ def post_config_site(self):
config['CONFIG_PASSWORD'] = pw
config['AUTH_KEY'] = ''.join(random.choice(string.lowercase) for _ in range(32))
+ site_pw = request.form.get('sitePassword', None)
+ site_pw_changed = (site_pw != config.get('SITE_PASSWORD', None))
+ if site_pw_changed:
+ config['SITE_PASSWORD'] = site_pw
+ config['SITE_AUTH_KEY'] = ''.join(random.choice(string.lowercase) for _ in range(32))
+
accounts_str = request.form.get('accounts', None)
usernames_before = set([])
@@ -124,15 +147,18 @@ def post_config_site(self):
locales_available=config.get('LOCALES_AVAILABLE', []),
gmaps_key=config.get('GOOGLEMAPS_KEY', None),
accounts=config.get('ACCOUNTS', []),
- password=config.get('CONFIG_PASSWORD', None),
+ config_password=config.get('CONFIG_PASSWORD', None),
+ site_password=config.get('SITE_PASSWORD', None),
alert=True))
if pw_changed:
resp.set_cookie('auth', config['AUTH_KEY'])
+ if site_pw_changed:
+ resp.set_cookie('siteauth', config['SITE_AUTH_KEY'])
return resp
def save_config(self):
- if not self.is_authenticated():
+ if not self.is_admin():
return redirect(url_for('login'))
if (config['CONFIG_PATH'] is not None and
@@ -145,11 +171,14 @@ def save_config(self):
data = {'GOOGLEMAPS_KEY': config['GOOGLEMAPS_KEY'],
'LOCALE': config['LOCALE'],
'CONFIG_PASSWORD': config['CONFIG_PASSWORD'],
+ 'SITE_PASSWORD': config['SITE_PASSWORD'],
'SCAN_LOCATIONS': self.scan_config.SCAN_LOCATIONS.values(),
'ACCOUNTS': config['ACCOUNTS']}
f.write(json.dumps(data))
def map_data(self):
+ if not self.is_authenticated():
+ return redirect(url_for('login'))
d = {}
if not ScanMetrics.LAST_SUCCESSFUL_REQUEST:
@@ -181,11 +210,13 @@ def map_data(self):
return jsonify(d)
def cover(self):
+ if not self.is_authenticated():
+ return redirect(url_for('login'))
return jsonify({'cover': self.scan_config.COVER,
'scan_locations': self.scan_config.SCAN_LOCATIONS.values()})
def add_location(self):
- if not self.is_authenticated():
+ if not self.is_admin():
return redirect(url_for('login'))
lat = request.values.get('lat', type=float)
@@ -201,7 +232,7 @@ def add_location(self):
return ('', 204)
def delete_location(self):
- if not self.is_authenticated():
+ if not self.is_admin():
return redirect(url_for('login'))
lat = request.values.get('lat', type=float)
@@ -216,6 +247,8 @@ def delete_location(self):
return ('', 204)
def stats(self):
+ if not self.is_authenticated():
+ return redirect(url_for('login'))
stats = Pokemon.get_stats()
count = sum(p['count'] for p in stats)
return render_template('stats.html', pokemons=Pokemon.get_stats(), total=count)
diff --git a/runserver.py b/runserver.py
index 2ea580b6..3c11b440 100644
--- a/runserver.py
+++ b/runserver.py
@@ -34,12 +34,16 @@ def read_config(scan_config):
config['LOCALE'] = c.get('LOCALE', 'en')
config['GOOGLEMAPS_KEY'] = c.get('GOOGLEMAPS_KEY', None)
config['CONFIG_PASSWORD'] = c.get('CONFIG_PASSWORD', None)
+ config['SITE_PASSWORD'] = c.get('SITE_PASSWORD', None)
config['ACCOUNTS'] = c.get('ACCOUNTS', [])
scan_config.update_scan_locations(c.get('SCAN_LOCATIONS', {}))
if config.get('CONFIG_PASSWORD', None):
config['AUTH_KEY'] = ''.join(random.choice(string.lowercase) for _ in range(32))
+ if config.get('SITE_PASSWORD', None):
+ config['SITE_AUTH_KEY'] = ''.join(random.choice(string.lowercase) for _ in range(32))
+
if __name__ == '__main__':
args = get_args()
diff --git a/templates/config.html b/templates/config.html
index ba2aba33..9d2f683a 100644
--- a/templates/config.html
+++ b/templates/config.html
@@ -44,9 +44,14 @@ PoGoMap Config
{% if alert %}
-
+
Protect this config with a password.
+
+
+
+ Protect this website with a password.
+
Back to Map
@@ -54,4 +59,4 @@ PoGoMap Config
{% if alert %}
-