Skip to content

GitLab

Commit b3b22ab8 authored by Vladislav Rykov's avatar Vladislav Rykov
Browse files

access protection added

parent 4b2748f1
Show whitespace changes
Inline Side-by-side
server.py
View file @ b3b22ab8
...@@ -88,12 +88,16 @@ def logout(): ...@@ -88,12 +88,16 @@ def logout():
@server.route('/new-app') @server.route('/new-app')
def new_application(): def new_application():
if 'name' in session:
return render_template('new-app.html') return render_template('new-app.html')
else:
return redirect(url_for('index'))
@server.route('/app', methods=['GET', 'POST']) @server.route('/app', methods=['GET', 'POST'])
def app(): def app():
if 'name' in session:
ah = ad.ApplicationDao() ah = ad.ApplicationDao()
if request.method == 'GET': if request.method == 'GET':
dh = dd.DeviceDao() dh = dd.DeviceDao()
...@@ -105,7 +109,6 @@ def app(): ...@@ -105,7 +109,6 @@ def app():
try: try:
filelist = [f for f in os.listdir(DATA_DOWNLOAD_DIR) if f.startswith(session['appkey'])] filelist = [f for f in os.listdir(DATA_DOWNLOAD_DIR) if f.startswith(session['appkey'])]
print(filelist)
for f in filelist: for f in filelist:
os.remove(DATA_DOWNLOAD_DIR+'/'+f) os.remove(DATA_DOWNLOAD_DIR+'/'+f)
except OSError: except OSError:
...@@ -132,9 +135,12 @@ def app(): ...@@ -132,9 +135,12 @@ def app():
return render_template('new-app.html', feedback=res[1]) return render_template('new-app.html', feedback=res[1])
return redirect(url_for('index')) return redirect(url_for('index'))
else:
return redirect(url_for('index'))
@server.route('/delete-app') @server.route('/delete-app')
def delete_app(): def delete_app():
if 'name' in session:
dh = dd.DeviceDao() dh = dd.DeviceDao()
devs = dh.get_list(session['appkey']) devs = dh.get_list(session['appkey'])
...@@ -150,9 +156,13 @@ def delete_app(): ...@@ -150,9 +156,13 @@ def delete_app():
return redirect(url_for('app')) return redirect(url_for('app'))
else: else:
return redirect(url_for('index')) return redirect(url_for('index'))
else:
return redirect(url_for('index'))
@server.route('/add-dev') @server.route('/add-dev')
def new_dev(): def new_dev():
if 'name' in session:
dh = dd.DeviceDao() dh = dd.DeviceDao()
dev_list = dh.get_list(session['appkey']) dev_list = dh.get_list(session['appkey'])
...@@ -162,11 +172,14 @@ def new_dev(): ...@@ -162,11 +172,14 @@ def new_dev():
return render_template('add-dev.html', feedback=dev_list[1]) return render_template('add-dev.html', feedback=dev_list[1])
else: else:
return render_template('add-dev.html', free_ids=misc.prep_id_range(dev_list[1])) return render_template('add-dev.html', free_ids=misc.prep_id_range(dev_list[1]))
else:
return redirect(url_for('index'))
@server.route('/dev', methods=['GET', 'POST']) @server.route('/dev', methods=['GET', 'POST'])
def dev(): def dev():
if 'name' in session:
dh = dd.DeviceDao() dh = dd.DeviceDao()
if request.method == 'GET': if request.method == 'GET':
dev = dh.get(session['appkey'], request.args.get('id')) dev = dh.get(session['appkey'], request.args.get('id'))
...@@ -195,10 +208,13 @@ def dev(): ...@@ -195,10 +208,13 @@ def dev():
return render_template('add-dev.html', feedback=res[1]) return render_template('add-dev.html', feedback=res[1])
else: else:
return redirect(url_for('app', appkey=session['appkey'])) return redirect(url_for('app', appkey=session['appkey']))
else:
return redirect(url_for('index'))
@server.route('/dev-conf', methods=['GET', 'POST']) @server.route('/dev-conf', methods=['GET', 'POST'])
def dev_conf(): def dev_conf():
if 'name' in session and 'devid' in session:
if request.method == 'GET': if request.method == 'GET':
return render_template('dev-conf.html', devname=session['devname']) return render_template('dev-conf.html', devname=session['devname'])
else: else:
...@@ -224,19 +240,25 @@ def dev_conf(): ...@@ -224,19 +240,25 @@ def dev_conf():
#print(request.form['arg'].encode('utf-8')) #print(request.form['arg'].encode('utf-8'))
return redirect(url_for('dev', id=session['devid'])) return redirect(url_for('dev', id=session['devid']))
else:
return redirect(url_for('index'))
@server.route('/delete-dev') @server.route('/delete-dev')
def delete_dev(): def delete_dev():
if 'name' in session and 'devid' in session:
dh = dd.DeviceDao() dh = dd.DeviceDao()
data.delete_table(session['appkey'], session['devid']) data.delete_table(session['appkey'], session['devid'])
res = dh.delete(session['appkey'], session['devid']) res = dh.delete(session['appkey'], session['devid'])
return redirect(url_for('app', appkey=session['appkey'])) return redirect(url_for('app', appkey=session['appkey']))
else:
return redirect(utl_for('index'))
@server.route('/dev-data') @server.route('/dev-data')
def dev_data(): def dev_data():
if 'name' in session and 'devid' in session:
last = data.get_last_n(session['appkey'], session['devid'], 10) last = data.get_last_n(session['appkey'], session['devid'], 10)
count = data.get_count(session['appkey'], session['devid']) count = data.get_count(session['appkey'], session['devid'])
...@@ -250,9 +272,12 @@ def dev_data(): ...@@ -250,9 +272,12 @@ def dev_data():
return render_template('dev-data.html', data=last[1], total=count[1][0], lastctr=last_ctr, devname=session['devname']) return render_template('dev-data.html', data=last[1], total=count[1][0], lastctr=last_ctr, devname=session['devname'])
else: else:
return render_template('dev-data.html', devname=session['devname']) return render_template('dev-data.html', devname=session['devname'])
else:
return redirect(utl_for('index'))
@server.route('/data-csv') @server.route('/data-csv')
def data_csv(): def data_csv():
if 'name' in session and 'devid' in session:
dumpd = data.get_all(session['appkey'], session['devid']) dumpd = data.get_all(session['appkey'], session['devid'])
fn = session['appkey']+ '_' +str(session['devid'])+ '.csv' fn = session['appkey']+ '_' +str(session['devid'])+ '.csv'
...@@ -270,6 +295,8 @@ def data_csv(): ...@@ -270,6 +295,8 @@ def data_csv():
f.write('\n') f.write('\n')
return send_from_directory(DATA_DOWNLOAD_DIR, fn, as_attachment=True) return send_from_directory(DATA_DOWNLOAD_DIR, fn, as_attachment=True)
else:
return redirect(utl_for('index'))
if __name__ == '__main__': if __name__ == '__main__':
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment