diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py index a689089f..2e8c8375 100755 --- a/var/www/Flask_server.py +++ b/var/www/Flask_server.py @@ -216,6 +216,10 @@ def login(): print(next_page) return render_template("login.html", next_page=next_page) +@app.route('/role', methods=['POST', 'GET']) +def role(): + return 'ERROR role' + @app.route('/logout') @login_required def logout(): diff --git a/var/www/modules/Decorator.py b/var/www/modules/Decorator.py deleted file mode 100644 index c1ab7755..00000000 --- a/var/www/modules/Decorator.py +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env python3 -# -*-coding:UTF-8 -* - -from functools import wraps -from flask_login import LoginManager, current_user, login_user, logout_user, login_required - -from flask import request - -def login_required(role="ANY"): - @wraps(role) - def decorated_view(*args, **kwargs): - if not current_user.is_authenticated: - return current_app.login_manager.unauthorized() - elif (not current_user.is_in_role(role)) and (role != "ANY"): - return login_manager.unauthorized() - return func(*args, **kwargs) - return decorated_view diff --git a/var/www/modules/Role_Manager.py b/var/www/modules/Role_Manager.py new file mode 100644 index 00000000..19314003 --- /dev/null +++ b/var/www/modules/Role_Manager.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python3 +# -*-coding:UTF-8 -* + +from functools import wraps +from flask_login import LoginManager, current_user, login_user, logout_user, login_required + +from flask import request, current_app + +login_manager = LoginManager() +login_manager.login_view = 'role' + +def login_admin(func): + @wraps(func) + def decorated_view(*args, **kwargs): + if not current_user.is_authenticated: + return login_manager.unauthorized() + elif (not current_user.is_in_role('admin')): + return login_manager.unauthorized() + return func(*args, **kwargs) + return decorated_view + +def login_analyst(func): + @wraps(func) + def decorated_view(*args, **kwargs): + if not current_user.is_authenticated: + return login_manager.unauthorized() + elif (not current_user.is_in_role('analyst')): + return login_manager.unauthorized() + return func(*args, **kwargs) + return decorated_view diff --git a/var/www/modules/Tags/Flask_Tags.py b/var/www/modules/Tags/Flask_Tags.py index ec329b30..307f6ed3 100644 --- a/var/www/modules/Tags/Flask_Tags.py +++ b/var/www/modules/Tags/Flask_Tags.py @@ -5,7 +5,9 @@ Flask functions and routes for the trending modules page ''' import redis -from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for +from flask import Flask, render_template, jsonify, request, Blueprint, current_app, redirect, url_for + +from Role_Manager import login_admin, login_analyst from flask_login import login_required import json @@ -220,6 +222,7 @@ def update_tag_last_seen(tag, tag_first_seen, tag_last_seen): @Tags.route("/tags/", methods=['GET']) @login_required +@login_admin def Tags_page(): date_from = request.args.get('date_from') date_to = request.args.get('date_to') @@ -469,6 +472,7 @@ def remove_tag(): @Tags.route("/Tags/confirm_tag") @login_required +@login_analyst def confirm_tag(): #TODO verify input diff --git a/var/www/modules/hiddenServices/Flask_hiddenServices.py b/var/www/modules/hiddenServices/Flask_hiddenServices.py index 42b36006..c7bf2ea2 100644 --- a/var/www/modules/hiddenServices/Flask_hiddenServices.py +++ b/var/www/modules/hiddenServices/Flask_hiddenServices.py @@ -17,8 +17,6 @@ from flask_login import login_required from Date import Date from HiddenServices import HiddenServices -from Decorator import login_required - # ============ VARIABLES ============ import Flask_config @@ -236,7 +234,6 @@ def delete_auto_crawler(url): # ============= ROUTES ============== @hiddenServices.route("/crawlers/", methods=['GET']) -#@login_required(role="ADMIN") @login_required def dashboard(): crawler_metadata_onion = get_crawler_splash_status('onion')