Basic auth (existing instannces: read commit text)

First, chill:
After you pull this, your current installation is supposed to
work fine *as is* (please let me know if it doesn't).

Nevertheless, it is recommended to enable basic auth by adding
these 2 lines to the `[swizzler]` section of `cherrypy.config`
(also documented at `cherrypy.config.example`)

    browser_user: 'someuser'
    browser_password: 'somepassword'

User and password don't need to be too long and funky
(or have anything to do with the user:pasword at rpc_url).
It's just a line of defense against [for example] trojans
who may not have significant file system rights,
but can still TCP-connect to localhost ;)

Existng apps should also `chmod 600 cherrypy.config`
(running `/.install.sh` again will do this as well),
because it would now contain a plaintext password
(and we don't want trojans yada yada).

Swizzle safely.

README.md

@@ -40,7 +40,9 @@ but these are defined as git submodules, so `install.sh` takes care of them.
 
 * Install dependencies mentioned above
 * Run `./install.sh` to create `cherrypy.config` and `appdir.py`
-* Edit `cherrypy.config` (at least edit the user:password@ at the rpc url)
+* Edit `cherrypy.config` (at least edit the user`:`pwd`@` at `rpc_url`,
+  but it's also recommended to uncomment and edit the `browser_user` and `browser_password`
+  lines to enable basic authentication *before* someone develops a swizzler-specific trojan ;) )
 
 ### To run
 * `python swizzler.py`

cherrypy.config.example

@@ -8,6 +8,12 @@ num_messages: 23 # number of messages per page
 num_trending_tags: 42 # let's party
 hash_salt: 'RANDOM'
 
+### Optional (but highly recommended):
+### Uncomment and edit these lines to protect Swizzler with basic browser auth
+### and block [e.g.] trojans from reading your DMs etc.
+#browser_user: 'myeasytorememberuser'
+#browser_password: 'myeasytorememberpassword'
+
 [/]
 tools.staticdir.root: "/PATH/HERE/static"
 

install.sh

@@ -11,6 +11,7 @@ else
         < cherrypy.config.example > cherrypy.config
     echo "created cherrypy.config. Now edit it to taste ;)"
 fi
+chmod 600 cherrypy.config # chmod even if it exists :)
 if [ ! -f appdir.py ] ; then
     echo "# Stupid but effective trick to know where we are:">appdir.py
     echo "APPDIR = '$(pwd)'">>appdir.py

swizzler.py

@@ -138,5 +138,13 @@ if __name__ == '__main__':
     cherrypy.config.update('{0}/cherrypy.config'.format(APPDIR))
     app = SwizzlerApp()
     cherrypy.tree.mount(app,'/',config='{0}/cherrypy.config'.format(APPDIR))
+    conf = cherrypy.tree.apps[''].config
+    u,p = conf['swizzler'].get('browser_user'),conf['swizzler'].get('browser_password')
+    print u,p
+    if u and p:
+        conf['/'].update({ 'tools.basic_auth.on': True,
+            'tools.basic_auth.realm': 'Swizzler VIP lounge',
+            'tools.basic_auth.users': {u:p}, 
+            'tools.basic_auth.encrypt': lambda x: x})
     cherrypy.engine.start()
     cherrypy.engine.block()