Basic auth (existing instannces: read commit text)

First, chill: After you pull this, your current installation is supposed to work fine *as is* (please let me know if it doesn't). Nevertheless, it is recommended to enable basic auth by adding these 2 lines to the `[swizzler]` section of `cherrypy.config` (also documented at `cherrypy.config.example`) browser_user: 'someuser' browser_password: 'somepassword' User and password don't need to be too long and funky (or have anything to do with the user:pasword at rpc_url). It's just a line of defense against [for example] trojans who may not have significant file system rights, but can still TCP-connect to localhost ;) Existng apps should also `chmod 600 cherrypy.config` (running `/.install.sh` again will do this as well), because it would now contain a plaintext password (and we don't want trojans yada yada). Swizzle safely.
10 years ago · d959492b2b
4 changed files with 18 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -40,7 +40,9 @@ but these are defined as git submodules, so `install.sh` takes care of them.
				@@ -40,7 +40,9 @@ but these are defined as git submodules, so `install.sh` takes care of them.

 * Install dependencies mentioned above
 * Run `./install.sh` to create `cherrypy.config` and `appdir.py`
-* Edit `cherrypy.config` (at least edit the user:password@ at the rpc url)
+* Edit `cherrypy.config` (at least edit the user`:`pwd`@` at `rpc_url`,
+  but it's also recommended to uncomment and edit the `browser_user` and `browser_password`
+  lines to enable basic authentication *before* someone develops a swizzler-specific trojan ;) )

 ### To run
 * `python swizzler.py`
--- a/cherrypy.config.example
+++ b/cherrypy.config.example
@ -8,6 +8,12 @@ num_messages: 23 # number of messages per page
				@@ -8,6 +8,12 @@ num_messages: 23 # number of messages per page
 num_trending_tags: 42 # let's party
 hash_salt: 'RANDOM'

+### Optional (but highly recommended):
+### Uncomment and edit these lines to protect Swizzler with basic browser auth
+### and block [e.g.] trojans from reading your DMs etc.
+#browser_user: 'myeasytorememberuser'
+#browser_password: 'myeasytorememberpassword'
+
 [/]
 tools.staticdir.root: "/PATH/HERE/static"

--- a/install.sh
+++ b/install.sh
@ -11,6 +11,7 @@ else
				@@ -11,6 +11,7 @@ else
        < cherrypy.config.example > cherrypy.config
    echo "created cherrypy.config. Now edit it to taste ;)"
 fi
+chmod 600 cherrypy.config # chmod even if it exists :)
 if [ ! -f appdir.py ] ; then
    echo "# Stupid but effective trick to know where we are:">appdir.py
    echo "APPDIR = '$(pwd)'">>appdir.py
--- a/swizzler.py
+++ b/swizzler.py
@ -138,5 +138,13 @@ if __name__ == '__main__':
				@@ -138,5 +138,13 @@ if __name__ == '__main__':
    cherrypy.config.update('{0}/cherrypy.config'.format(APPDIR))
    app = SwizzlerApp()
    cherrypy.tree.mount(app,'/',config='{0}/cherrypy.config'.format(APPDIR))
+    conf = cherrypy.tree.apps[''].config
+    u,p = conf['swizzler'].get('browser_user'),conf['swizzler'].get('browser_password')
+    print u,p
+    if u and p:
+        conf['/'].update({ 'tools.basic_auth.on': True,
+            'tools.basic_auth.realm': 'Swizzler VIP lounge',
+            'tools.basic_auth.users': {u:p}, 
+            'tools.basic_auth.encrypt': lambda x: x})
    cherrypy.engine.start()
    cherrypy.engine.block()