adrian/contact-mailer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Removed cors headers

Browse Source
This commit is contained in:
Adrian Amaglio 2020-12-26 13:17:46 +01:00
parent f43d5a93de
commit 5b98424bc6
1 changed files with 9 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
main.py
View File

@ -28,23 +28,6 @@ class StripPathMiddleware(object):
e['PATH_INFO'] = e['PATH_INFO'].rstrip('/') e['PATH_INFO'] = e['PATH_INFO'].rstrip('/')
return self.a(e, h) return self.a(e, h)
class EnableCors(object):
name = 'enable_cors'
api = 2
def apply(self, fn, context):
def _enable_cors(*args, **kwargs):
# set CORS headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
if bottle.request.method != 'OPTIONS':
# actual request; reply with the actual response
return fn(*args, **kwargs)
return _enable_cors
app = application = bottle.Bottle(catchall=False) app = application = bottle.Bottle(catchall=False)
##################################################### Configuration ############################################ ##################################################### Configuration ############################################
@ -239,7 +222,7 @@ def login(request):
Privileges : 0=admin 1=loggedIn 1000=guest Privileges : 0=admin 1=loggedIn 1000=guest
""" """
if 'admin_pass' in request.forms and request.forms['admin_pass'] == admin_password: if 'admin_pass' in request.forms and request.forms['admin_pass'] == admin_password:
return {'_privilege':0} return {'_privilege':0, '_id':'-1'}
if 'token' in request.forms: if 'token' in request.forms:
token = request.forms.getunicode('token') token = request.forms.getunicode('token')
try: try:
@ -248,9 +231,9 @@ def login(request):
return user return user
except IndexError as e: except IndexError as e:
pass pass
except pymongo.errors.ServerSelectionTimeoutError as e: #except pymongo.errors.ServerSelectionTimeoutError as e:
response.status = 500 # response.status = 500
return 'La base de donnée nest pas accessible' # return {'_error': True} # anonymous
return {'_privilege': 1000} # anonymous return {'_privilege': 1000} # anonymous
@ -284,6 +267,8 @@ def create_form ():
return resp('error', 'Le champs « adresse » est requis') return resp('error', 'Le champs « adresse » est requis')
user = login(request) user = login(request)
print('post form')
print(user)
if user['_privilege'] > 1: if user['_privilege'] > 1:
response.status = 400 response.status = 400
return resp('error', 'Privilèges insufisants') return resp('error', 'Privilèges insufisants')
@ -331,7 +316,7 @@ def list_forms ():
@app.delete('/form/<token>') @app.delete('/form/<token>')
def delete_form(token): def delete_form(token):
# If admin or form owner # TODO If admin or form owner
user = login(request) user = login(request)
if user['_privilege'] > 1: if user['_privilege'] > 1:
response.status = 400 response.status = 400
@ -420,10 +405,7 @@ def delete_user (username):
return resp('error', 'La base de donnée nest pas accessible') return resp('error', 'La base de donnée nest pas accessible')
##################################################### app startup ############################################ ##################################################### app startup ############################################
prod_app = StripPathMiddleware(app)
if __name__ == '__main__': if __name__ == '__main__':
app.install(EnableCors()) bottle.run(app=prod_app, host=listen_address, port=listen_port, debug=True)
bottle.run(app=StripPathMiddleware(app), host=listen_address, port=listen_port, debug=True)
else:
prod_app = StripPathMiddleware(app)