Commit d950eb4c authored by Adam Moore's avatar Adam Moore

Fixed auth error on index pages/uploads

parent 49774174
Options +Indexes +ExecCGI
AddHandler cgi-script .py
Header set Access-Control-Allow-Origin "*"
#AuthType Basic
#AuthName "XPUB"
#AuthUserFile /var/www/htpasswd/.htpasswd
#<Limit POST PUT DELETE>
# Require valid-user
#</Limit>
\ No newline at end of file
......@@ -45,7 +45,7 @@ INSTALL
Adding password for user fooey
$
4. Create an .htaccess file in the Alph document root containing the following:
4. Create an .htaccess file in the Alph document root containing the following (and update the paths as necessary):
RewriteEngine on
RewriteRule ~(.*)$ /alph/alph.py/xpub/$1 [L]
......
......@@ -90,7 +90,7 @@ def get():
urlpath = urlpath + "index.html"
docpath = docpath + "index.html"
else:
return dirListing()
return dirListing(user)
# If a .meta file exists for the requested file, read it. If it
# doesn't, generate it.
......@@ -214,7 +214,10 @@ def post():
global debugtext
if "REMOTE_USER" in os.environ:
user = os.environ["REMOTE_USER"]
elif "REDIRECT_REMOTE_USER" in os.environ:
user = os.environ["REDIRECT_REMOTE_USER"]
else:
textResponse("Can't POST as unauthenticated user.")
# This shouldn't even come up, as Apache should be configured to require
# auth for all POST requests .
user = "public"
......@@ -224,7 +227,8 @@ def post():
# directory, but that's it. See if that's what we're doing
if os.path.isdir(docpath):
if "describe" not in form:
return textResponse("You cannot POST media to a directory.")
# Just show the directory listing.
return dirListing(user)
# Now post the metadata...
# *** IMPLEMENT THIS ***
return
......@@ -720,16 +724,24 @@ def transcludeBinary(meta,rawspans):
print("Content-type: application/octet-stream\n\n")
return
def dirListing():
def dirListing(user):
dirname = os.path.dirname(docpath)
files = glob.glob(dirname + "/*")
files.sort()
template = open('templates/listing.html',mode='r',encoding='utf-8').read()
if "REDIRECT_REMOTE_USER" in os.environ.keys():
user = os.environ["REDIRECT_REMOTE_USER"]
if user == "public":
template = open('templates/listing-pub.html',mode='r',encoding='utf-8').read()
else:
template = open('templates/listing.html',mode='r',encoding='utf-8').read()
template = template.replace('<!-- URLPATH -->',urlpath)
template = template.replace('<!-- URLROOT -->',urlroot)
codestring = ""
codestring = " "
if len(files) > 0:
for ix in files:
if not ix.endswith(".meta") and not ix.endswith("~"):
......
......@@ -11,7 +11,9 @@
</head>
<body>
<div id="toolbox" style="text-align: right;">
<input type="button" value="TOOLS" onclick="window.location='<!-- URLROOT --><!-- URLPATH -->?auth';"></input>
<form action="<!-- URLROOT --><!-- URLPATH -->" method="POST">
<input type="submit" value="TOOLS"></input>
</form>
</div>
<address><!-- URLROOT --><!-- URLPATH --></address>
<table><!-- TABLEBODY --></table>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment