def default():
if request.method == 'POST':
# login / register
token = API.auth(request.form["username"], request.form["password"])
if token:
# success then proceed to homepage with token
resp = make_response(redirect("/"))
resp.set_cookie("token", token)
return resp
else:
# failed : (
return render_template('login.html',
error_msg="Wrong credential")
pass
else:
token = request.cookies.get("token")
def go_login():
return render_template('login.html')
if token and len(token) > 5:
# logged in
is_fv, err_message = API.is_flag_viewer(token)
if not is_fv:
if err_message == "Wrong Token":
# hacker
resp = make_response(redirect("/"))
resp.set_cookie("token", "")
return resp
# not a flag viewer
return render_template('home.html', no_flag=True)
# flag viewer
return render_template('home.html', no_flag=False, flag=os.getenv("FLAG"))
# not logged in
return go_login()
def default():
# check whether users are logged in
token = request.cookies.get("token")
if token and len(token) > 5:
# get user notes and in the mean time check correctness of the token
is_login, note_ids = API.get_user_detail_by_token(token)
if not is_login:
# redirect to login page and clear cookies
resp = make_response(redirect("/"))
resp.set_cookie("token", "")
return resp
return render_template('home.html', note_ids=note_ids, l=len(note_ids), token=token)
# if it is post req, then it is our precious user trying to login or register
if request.method == 'POST':
token = API.auth(request.form["username"], request.form["password"])
if token:
# success
resp = make_response(redirect("/"))
resp.set_cookie("token", token)
return resp
else:
return render_template('login.html',
error_msg="Wrong credential")
pass
else:
# it is a get request and no correct token provided
return render_template("login.html")
