From 70d2b0e0968baff3173a77e40827b683fc3bd284 Mon Sep 17 00:00:00 2001
From: jonasled <jonas@jonasled.de>
Date: Thu, 27 Feb 2020 19:58:48 +0100
Subject: [PATCH] add option to protect link shorting with password

---
 home.py             |  4 ++--
 main.py             | 13 +++++++++++--
 newurl.py           | 11 ++++++-----
 templates/home.html |  3 +++
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/home.py b/home.py
index f801c05..7933f7e 100644
--- a/home.py
+++ b/home.py
@@ -1,12 +1,12 @@
 from flask import render_template, abort
-def home(request, builddate, version, domain_prepared, recaptchaPublicKey, showDomainSelect, cookieNotice, domain_to_index, s, loginEnabled):
+def home(request, builddate, version, domain_prepared, recaptchaPublicKey, showDomainSelect, cookieNotice, domain_to_index, s, loginEnabled, passwordProtected):
     try:
         loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" >your links</a>, <a href="/user/logout" >logout</a>)'
     except:
         loginbar = '<a href="#" onClick="showLogin()" >login</a>'
 
     try:
-        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginbar=loginbar, cookieNotice=cookieNotice ,domain_prefilled=domain_to_index[request.headers["host"]], loginEnabled=loginEnabled) #return the default site to create a new shorten link
+        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginbar=loginbar, cookieNotice=cookieNotice ,domain_prefilled=domain_to_index[request.headers["host"]], loginEnabled=loginEnabled, passwordProtected=passwordProtected) #return the default site to create a new shorten link
     except:
         abort(500)
 
diff --git a/main.py b/main.py
index 1cea7c3..21ab29f 100644
--- a/main.py
+++ b/main.py
@@ -82,6 +82,15 @@ try:
 except:
     loginEnabled = False
 
+try:
+    if(environ["passwordToShort"] != ""):
+        passwordProtected = True
+        password = environ["passwordToShort"]
+    else:
+        passwordProtected = False
+except:
+    passwordProtected = False
+
 if(loginEnabled):
     try: #Try to get the oauth keys, if it fails, abort and print a message to console
         GITHUB_CLIENT_ID = environ['GITHUB_CLIENT_ID']
@@ -132,11 +141,11 @@ app = Flask(__name__)
 
 @app.route('/', methods=['GET'])
 def home_get():
-    return home(request, builddate, version, domain_prepared, recaptchaPublicKey, showDomainSelect, cookieNotice, domain_to_index, s, loginEnabled)
+    return home(request, builddate, version, domain_prepared, recaptchaPublicKey, showDomainSelect, cookieNotice, domain_to_index, s, loginEnabled, passwordProtected)
 
 @app.route('/', methods=['POST']) #This function is used to create a new url
 def home_post():
-    return newurl(request, skipCaptcha, recaptchaPrivateKey, recaptchaPublicKey, builddate, version, domain_prepared, domain_to_index, showDomainSelect, cookieNotice, s, url_scheme, loginEnabled)
+    return newurl(request, skipCaptcha, recaptchaPrivateKey, recaptchaPublicKey, builddate, version, domain_prepared, domain_to_index, showDomainSelect, cookieNotice, s, url_scheme, loginEnabled, passwordProtected, password)
 
 @app.route('/favicon.ico') #Redirect to the static url of the favicon
 def favicon():
diff --git a/newurl.py b/newurl.py
index 7a399e5..17f97e1 100644
--- a/newurl.py
+++ b/newurl.py
@@ -3,7 +3,7 @@ from flask import render_template
 from sqlite3 import connect
 from makeqr import makeQR
 
-def newurl(request, skipCaptcha, recaptchaPrivateKey, recaptchaPublicKey, builddate, version, domain_prepared, domain_to_index, showDomainSelect, cookieNotice, s, url_scheme, loginEnabled):
+def newurl(request, skipCaptcha, recaptchaPrivateKey, recaptchaPublicKey, builddate, version, domain_prepared, domain_to_index, showDomainSelect, cookieNotice, s, url_scheme, loginEnabled, passwordProtected, password):
     try:
         userID = s.loads(request.cookies.get('userID'))
         loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" >your links</a>, <a href="/user/logout" >logout</a>)'
@@ -11,12 +11,13 @@ def newurl(request, skipCaptcha, recaptchaPrivateKey, recaptchaPublicKey, buildd
         userID = "null"
         loginbar = '<a href="/user/login" >login</a>'
     if not grecaptcha_verify(request, skipCaptcha, recaptchaPrivateKey):
-        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="There was an error validating, that you are a human, please try again.", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice) #return the user the prefilled form with an error message, because no url to short was provided
-    
+        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="There was an error validating, that you are a human, please try again.", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice, passwordProtected=passwordProtected) #return the user the prefilled form with an error message, because recaptcha failed
+    if passwordProtected and (request.form.get("password") != password):
+        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="Wrong password, please try again.", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice, passwordProtected=passwordProtected) #return the user the prefilled form with an error message, because the password was wrong
     if (request.form.get('url').replace(" ", "") == ""):
-        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="Please enter a url to short, before submitting this form", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice) #return the user the prefilled form with an error message, because no url to short was provided
+        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="Please enter a url to short, before submitting this form", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice, passwordProtected=passwordProtected) #return the user the prefilled form with an error message, because no url to short was provided
     if (request.form.get('short').replace(" ", "") == ""):
-        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="Please enter a short name, before submitting this form", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice) #return the user the prefilled form with an error message, because no short link was provided
+        return render_template('home.html', builddate=builddate, version=version, domain=domain_prepared, snackbar="Please enter a short name, before submitting this form", long_url_prefilled=request.form.get('url'), short_url_prefilled=request.form.get('short').lower(), domain_prefilled=domain_to_index[request.form.get('domain')], recaptchaPublicKey=recaptchaPublicKey, showDomainSelect=showDomainSelect, loginEnabled=loginEnabled, loginbar=loginbar, cookieNotice=cookieNotice, passwordProtected=passwordProtected) #return the user the prefilled form with an error message, because no short link was provided
     shorturl = (request.form.get('domain') + "/" + request.form.get('short').replace(" ", "_").replace("/", "").replace("?","")).lower()
 
     url = request.form.get('url')
diff --git a/templates/home.html b/templates/home.html
index fa49ca7..61b030b 100644
--- a/templates/home.html
+++ b/templates/home.html
@@ -36,6 +36,9 @@
                   <input type="hidden" name="domain" id="domain" value={{domain}}>
                   {% endif %}
                   <input id="short" name="short" type="text" placeholder="short name" value="{{short_url_prefilled}}"/>
+                  {% if passwordProtected %}
+                  <input id="password" name="password" type="password" placeholder="Password"/>
+                  {% endif %}
 
                   {% if recaptchaPublicKey %}
                   <button class="g-recaptcha" data-sitekey="{{recaptchaPublicKey}}" data-callback='onSubmit'>short</button>
-- 
GitLab