From: Bernardo Innocenti <bernie@trinity.develer.com>
Date: Mon, 10 Sep 2007 02:44:36 +0000 (+0200)
Subject: Implement URL switch mechanism for authentication.
X-Git-Tag: v2.0~8
X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=2d4c364b47b01894842b7ae21535ea00cf420722;p=geekigeeki.git
Implement URL switch mechanism for authentication.
---
diff --git a/geekigeeki.py b/geekigeeki.py
index 1909644..ec64ca9 100755
--- a/geekigeeki.py
+++ b/geekigeeki.py
@@ -36,9 +36,12 @@ title_done = False
# CGI stuff ---------------------------------------------------------
-def get_scriptname():
+def script_name():
return environ.get('SCRIPT_NAME', '')
+def privileged_path():
+ return privileged_url or script_name()
+
def remote_user():
return environ.get('REMOTE_USER', 'AnonymousCoward')
@@ -67,7 +70,7 @@ def send_guru(msg, msg_type):
if msg_type == 'error':
print ' Guru Meditation #DEADBEEF.ABADC0DE'
print '</pre>'
- # FIXME: This simple JS code is harder to pass than ACID 3.0
+ # FIXME: This simple JS snippet is harder to pass than ACID 3.0
print """
<script language="JavaScript" type="text/javascript">
var guru = document.getElementById('guru');
@@ -90,7 +93,7 @@ def send_guru(msg, msg_type):
}
</script>"""
-def send_title(name, text="Limbo", msg=None, msg_type = 'error'):
+def send_title(name, text="Limbo", msg=None, msg_type='error'):
global title_done
if title_done: return
@@ -103,14 +106,14 @@ def send_title(name, text="Limbo", msg=None, msg_type = 'error'):
print "<head><title>%s: %s</title>" % (site_name, text)
print ' <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />'
if not name:
- print ' <meta name="robots" content="noindex,nofollow">'
+ print ' <meta name="robots" content="noindex,nofollow" />'
if css_url:
print ' <link rel="stylesheet" type="text/css" href="%s" />' % css_url
print '</head>'
# Body
- if name and allow_edit:
- print '<body ondblclick="location.href=\'?edit=' + name + '\'">'
+ if name and privileged_url is not None:
+ print '<body ondblclick="location.href=\'' + privileged_path() + '?edit=' + name + '\'">'
else:
print '<body>'
@@ -118,7 +121,7 @@ def send_title(name, text="Limbo", msg=None, msg_type = 'error'):
# Navbar
print '<div class="navigator">'
- print ' <b>' + site_name + ': '
+ print ' <b>' + site_name + ': ',
if name:
print link_tag('?fullsearch=' + name, text) + '</b> '
else:
@@ -130,8 +133,8 @@ def send_title(name, text="Limbo", msg=None, msg_type = 'error'):
if name:
print ' | <a href="/wikigit/wiki.git?a=history;f=' + name + '" class="navlink">Page History</a>'
print ' | ' + link_tag('?raw=' + name, 'Raw Text', 'navlink')
- if allow_edit:
- print ' | ' + link_tag('?edit=' + name, 'Edit Page', 'navlink')
+ if privileged_url is not None:
+ print ' | ' + link_tag('?edit=' + name, 'Edit Page', 'navlink', authentication=True)
else:
print ' | <i>Immutable Page</i>'
@@ -140,21 +143,24 @@ def send_title(name, text="Limbo", msg=None, msg_type = 'error'):
print ' | <i>logged in as <b>' + cgi.escape(user) + '</b></i>'
print '</div>'
- title_done = True
+ title_done = True
-def link_tag(params, text=None, ss_class=None):
+def link_tag(params, text=None, ss_class=None, authentication=False):
if text is None:
text = params # default
classattr = ''
- # Prevent crawlers from following links to generated pages
- # and links added by potential spammers
- if ss_class == 'external' or ss_class == 'navlink':
- classattr += 'rel="nofollow" '
if ss_class:
classattr += 'class="%s" ' % ss_class
- return '<a %shref="%s/%s">%s</a>' % (classattr, get_scriptname(),
- params, text)
+ # Prevent crawlers from following links to generated pages
+ # and links added by potential spammers
+ if ss_class == 'external' or ss_class == 'navlink':
+ classattr += 'rel="nofollow" '
+ if authentication:
+ path = privileged_path()
+ else:
+ path = script_name()
+ return '<a %shref="%s/%s">%s</a>' % (classattr, path, params, text)
# Search ---------------------------------------------------
@@ -212,7 +218,7 @@ def do_raw(pagename):
Page(pagename).send_raw()
def do_savepage(pagename):
- if not allow_edit:
+ if privileged_url is None:
raise 'editing disallowed for ' + pagename
global form
@@ -243,6 +249,10 @@ def page_list():
def send_footer(name, mod_string=None):
+ if debug_cgi:
+ cgi.print_arguments()
+ cgi.print_form(cgi.FieldStorage())
+ cgi.print_environ()
print '<div class="footer">'
if mod_string:
print "last modified %s" % mod_string
@@ -262,7 +272,7 @@ def _macro_search(type):
default = form["value"].value
else:
default = ''
- return """<form method="get"><input name="%s" size="30" value="%s"><input type="submit" value="Go"></form>""" % (type, default)
+ return """<form method="get"><input name="%s" size="30" value="%s"><input type="submit" value="Go" /></form>""" % (type, default)
def _macro_WordIndex():
s = make_index_key()
@@ -358,7 +368,7 @@ class PageFormatter:
return Page(word).link_to()
def _img_repl(self, word):
- return '<img border="0" src="%s/%s" />' % (get_scriptname(), word)
+ return '<img border="0" src="%s/%s" />' % (script_name(), word)
def _url_repl(self, word):
if img_re.match(word):
@@ -600,7 +610,7 @@ class Page:
+ ' for ' + cgi.escape(remote_user())
+ ' from ' + cgi.escape(get_hostname(remote_host()))
+ '</b></p>')
- print '<div class="editor"><form method="post" action="%s/%s">' % (get_scriptname(), self.page_name)
+ print '<div class="editor"><form method="post" action="%s/%s">' % (script_name(), self.page_name)
print '<input type="hidden" name="savepage" value="%s">' % (self.page_name)
print """<textarea wrap="virtual" id="editor" name="savetext" rows="17" cols="80">%s</textarea>""" % (preview or self.get_raw_body())
print """
@@ -616,6 +626,7 @@ class Page:
print "<div class='preview'>"
PageFormatter(preview).print_html()
print "</div>"
+ send_footer(self.page_name)
def send_raw(self):
emit_header("text/plain")
@@ -661,20 +672,25 @@ def send_verbatim(filename, mime_type='application/octet-stream'):
emit_header(mime_type)
sys.stdout.write(data)
-# ---------------------------------------------------------------
+# Main ---------------------------------------------------------------
try:
# Configuration values
+ site_name = 'Codewiz'
+
+ # set to None for read-only sites
+ # leave empty ('') to allow anonymous edits
+ # otherwise, set to a URL that requires authentication
+ privileged_url = 'https://www.codewiz.org/~bernie/wiki'
+
data_dir = '/home/bernie/public_html/wiki'
text_dir = path.join(data_dir, 'text')
- allow_edit = True # Is it possible to edit pages?
- site_name = 'codewiz.org'
- changed_time_fmt = '[%I:%M %p] '
- date_fmt = '%a %d %b %Y'
+ css_url = '../wikidata/geekigeeki.css' # optional stylesheet link
+ post_edit_hook = './post_edit_hook.sh'
datetime_fmt = '%a %d %b %Y %I:%M %p'
+ allow_edit = True # Is it possible to edit pages?
show_hosts = True # show hostnames?
- css_url = '../wikidata/geekigeeki.css' # optional stylesheet link
nonexist_qm = False # show '?' for nonexistent?
- post_edit_hook = './post_edit_hook.sh'
+ debug_cgi = False # Set to True for CGI var dump
form = cgi.FieldStorage()
@@ -699,6 +715,7 @@ try:
if word_re.match(query):
Page(query).send_page()
elif img_re.match(query):
+ #FIXME: use correct mime type
send_verbatim(query, 'image/jpeg')
else:
send_verbatim(query)