diff options
| author |  RaNaN <Mast3rRaNaN@hotmail.de>
| 2013-03-03 14:26:57 +0100 |
|---|---|---|
| committer | RaNaN <Mast3rRaNaN@hotmail.de>
| 2013-03-03 14:26:57 +0100 |
| commit | 23d5fb161cd25d236068e8da0fa3d5923545493a (patch) | |
| tree | 34bb4fd36e94bcb10fea7f751a24e90802bc5931 /module/web/api_app.py | |
| parent | animated filtering, removed background from fileView (diff) | |
| download | pyload-23d5fb161cd25d236068e8da0fa3d5923545493a.tar.xz | |
http auth for the api
Diffstat (limited to 'module/web/api_app.py')
| -rw-r--r-- | module/web/api_app.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/module/web/api_app.py b/module/web/api_app.py index c0a7df528..75a817c46 100644 --- a/module/web/api_app.py +++ b/module/web/api_app.py @@ -5,7 +5,7 @@ from urllib import unquote from itertools import chain from traceback import format_exc, print_exc -from bottle import route, request, response, HTTPError +from bottle import route, request, response, HTTPError, parse_auth from utils import set_session, get_user_api from webinterface import PYLOAD @@ -27,9 +27,14 @@ def call_api(func, args=""): add_header(response) s = request.environ.get('beaker.session') + auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.POST['session'], "'\"")) + elif auth: + user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) + # if auth is correct create a pseudo session + if user: s = {'uid': user.uid} api = get_user_api(s) if not api: @@ -78,7 +83,7 @@ def login(): username = request.forms.get("username") password = request.forms.get("password") - user = PYLOAD.checkAuth(username, password) + user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return dumps(False) |