def default(): if request.method == 'POST': # login / register token = API.auth(request.form["username"], request.form["password"]) if token: # success then proceed to homepage with token resp = make_response(redirect("/")) resp.set_cookie("token", token) return resp else: # failed : ( return render_template('login.html', error_msg="Wrong credential") pass else: token = request.cookies.get("token") def go_login(): return render_template('login.html') if token and len(token) > 5: # logged in is_fv, err_message = API.is_flag_viewer(token) if not is_fv: if err_message == "Wrong Token": # hacker resp = make_response(redirect("/")) resp.set_cookie("token", "") return resp # not a flag viewer return render_template('home.html', no_flag=True) # flag viewer return render_template('home.html', no_flag=False, flag=os.getenv("FLAG")) # not logged in return go_login()
def default(): # check whether users are logged in token = request.cookies.get("token") if token and len(token) > 5: # get user notes and in the mean time check correctness of the token is_login, note_ids = API.get_user_detail_by_token(token) if not is_login: # redirect to login page and clear cookies resp = make_response(redirect("/")) resp.set_cookie("token", "") return resp return render_template('home.html', note_ids=note_ids, l=len(note_ids), token=token) # if it is post req, then it is our precious user trying to login or register if request.method == 'POST': token = API.auth(request.form["username"], request.form["password"]) if token: # success resp = make_response(redirect("/")) resp.set_cookie("token", token) return resp else: return render_template('login.html', error_msg="Wrong credential") pass else: # it is a get request and no correct token provided return render_template("login.html")