From e4ab9b6a054163245b1451ae74314764de0109d0 Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Thu, 20 Jun 2019 10:11:23 +0200
Subject: [PATCH] fix: [server endpoint] unknow users: avoid endpoint
 enumeration

---
 var/www/Flask_server.py          |  7 ++++++
 var/www/templates/error/404.html | 40 ++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 var/www/templates/error/404.html

diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py
index 09f9ff41..a47264ee 100755
--- a/var/www/Flask_server.py
+++ b/var/www/Flask_server.py
@@ -224,6 +224,13 @@ def role():
 def searchbox():
     return render_template("searchbox.html")
 
+# ========== ERROR HANDLER ============
+
+@app.errorhandler(404)
+@login_required
+def page_not_found(e):
+    # note that we set the 404 status explicitly
+    return render_template('error/404.html'), 404
 
 # ========== INITIAL taxonomies ============
 # add default ail taxonomies
diff --git a/var/www/templates/error/404.html b/var/www/templates/error/404.html
new file mode 100644
index 00000000..9b25da48
--- /dev/null
+++ b/var/www/templates/error/404.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <title>403 - AIL</title>
+  <link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
+
+  <!-- Core CSS -->
+	<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
+</head>
+
+<body>
+
+{% include 'nav_bar.html' %}
+
+<div>
+  <br>
+  <br>
+  <h1 class="text-center">404 Not Found</h1>
+</div>
+<br>
+<br>
+<br>
+<br>
+<div class="d-flex justify-content-center">
+<pre>
+        ,d8       ,a8888a,              ,d8
+      ,d888     ,8P"'  `"Y8,          ,d888
+    ,d8" 88    ,8P        Y8,       ,d8" 88
+  ,d8"   88    88          88     ,d8"   88
+,d8"     88    88          88   ,d8"     88
+8888888888888  `8b        d8'   8888888888888
+         88     `8ba,  ,ad8'             88
+         88       "Y8888P"               88
+</pre>
+</div>
+
+<body>
+
+</html>