ION_Archive/static-site-hosting
1
0
Fork 0
mirror of https://github.com/ION606/static-site-hosting.git synced 2026-05-14 22:16:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

attempted cookie fix

Browse Source
This commit is contained in:
ION606
2025-02-17 16:05:52 -05:00
parent bb18e893f9
commit 4c7853fb3f
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.py
+21 -7
View File
@@ -30,6 +30,8 @@ import re
from secrets import token_hex from secrets import token_hex
app = Flask(__name__) app = Flask(__name__)
app.config["SESSION_TYPE"] = "filesystem"
app.config["SESSION_FILE_DIR"] = "/app/instance/flask_session"
try: try:
with open("/app/instance/secret.key", "rb") as f: with open("/app/instance/secret.key", "rb") as f:
@@ -48,6 +50,14 @@ app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:////app/instance/db.sqlite"
app.config["UPLOAD_FOLDER"] = "sites" app.config["UPLOAD_FOLDER"] = "sites"
app.config["SERVER_NAME"] = "tinysite.cloud" app.config["SERVER_NAME"] = "tinysite.cloud"
app.config["SESSION_COOKIE_DOMAIN"] = ".tinysite.cloud" app.config["SESSION_COOKIE_DOMAIN"] = ".tinysite.cloud"
app.config["SESSION_COOKIE_NAME"] = "tinysite_session"
app.config["SESSION_COOKIE_HTTPONLY"] = True
app.config["SESSION_COOKIE_SECURE"] = True # If using HTTPS
app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
app.config["SQLALCHEMY_ENGINE_OPTIONS"] = {
"pool_pre_ping": True,
"pool_recycle": 300,
}
db = SQLAlchemy(app) db = SQLAlchemy(app)
@@ -139,8 +149,8 @@ def inject_subdomain():
def page_not_found(_): def page_not_found(_):
host = request.host host = request.host
server_name = app.config["SERVER_NAME"] server_name = app.config["SERVER_NAME"]
server_parts = server_name.split('.') server_parts = server_name.split(".")
host_parts = host.split('.') host_parts = host.split(".")
show_domain = False show_domain = False
# Case 1: Direct match of main domain # Case 1: Direct match of main domain
@@ -148,19 +158,22 @@ def page_not_found(_):
show_domain = True show_domain = True
else: else:
# Extract potential subdomain # Extract potential subdomain
if host_parts[-len(server_parts):] == server_parts: if host_parts[-len(server_parts) :] == server_parts:
subdomain = '.'.join(host_parts[:-len(server_parts)]) subdomain = ".".join(host_parts[: -len(server_parts)])
# Case 2: Subdomain doesn't exist and isn't reserved # Case 2: Subdomain doesn't exist and isn't reserved
if subdomain and subdomain not in RESERVED_SUBDOMAINS: if subdomain and subdomain not in RESERVED_SUBDOMAINS:
if not Site.query.filter_by(subdomain=subdomain).first(): if not Site.query.filter_by(subdomain=subdomain).first():
show_domain = True show_domain = True
return render_template( return (
render_template(
"404.html", "404.html",
domain=host if show_domain else None, domain=host if show_domain else None,
is_main_domain=(host == server_name) is_main_domain=(host == server_name),
), 404 ),
404,
)
# Auth setup # Auth setup
@@ -210,6 +223,7 @@ def login():
if user and user.check_password(password): if user and user.check_password(password):
login_user(user) login_user(user)
session.permanent = True # Add this line
return redirect(url_for("dashboard")) return redirect(url_for("dashboard"))
flash("Invalid email or password") flash("Invalid email or password")
return render_template("login.html") return render_template("login.html")