From d959492b2b6882c2b5997f76cafeb1bf4ff36ad6 Mon Sep 17 00:00:00 2001 From: The Dod Date: Tue, 1 Apr 2014 19:33:13 +0700 Subject: [PATCH] Basic auth (existing instannces: read commit text) First, chill: After you pull this, your current installation is supposed to work fine *as is* (please let me know if it doesn't). Nevertheless, it is recommended to enable basic auth by adding these 2 lines to the `[swizzler]` section of `cherrypy.config` (also documented at `cherrypy.config.example`) browser_user: 'someuser' browser_password: 'somepassword' User and password don't need to be too long and funky (or have anything to do with the user:pasword at rpc_url). It's just a line of defense against [for example] trojans who may not have significant file system rights, but can still TCP-connect to localhost ;) Existng apps should also `chmod 600 cherrypy.config` (running `/.install.sh` again will do this as well), because it would now contain a plaintext password (and we don't want trojans yada yada). Swizzle safely. --- README.md | 4 +++- cherrypy.config.example | 6 ++++++ install.sh | 1 + swizzler.py | 8 ++++++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5f423ec..8d010d6 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,9 @@ but these are defined as git submodules, so `install.sh` takes care of them. * Install dependencies mentioned above * Run `./install.sh` to create `cherrypy.config` and `appdir.py` -* Edit `cherrypy.config` (at least edit the user:password@ at the rpc url) +* Edit `cherrypy.config` (at least edit the user`:`pwd`@` at `rpc_url`, + but it's also recommended to uncomment and edit the `browser_user` and `browser_password` + lines to enable basic authentication *before* someone develops a swizzler-specific trojan ;) ) ### To run * `python swizzler.py` diff --git a/cherrypy.config.example b/cherrypy.config.example index 2edb6d6..1f87176 100644 --- a/cherrypy.config.example +++ b/cherrypy.config.example @@ -8,6 +8,12 @@ num_messages: 23 # number of messages per page num_trending_tags: 42 # let's party hash_salt: 'RANDOM' +### Optional (but highly recommended): +### Uncomment and edit these lines to protect Swizzler with basic browser auth +### and block [e.g.] trojans from reading your DMs etc. +#browser_user: 'myeasytorememberuser' +#browser_password: 'myeasytorememberpassword' + [/] tools.staticdir.root: "/PATH/HERE/static" diff --git a/install.sh b/install.sh index 47b9702..3e2005c 100755 --- a/install.sh +++ b/install.sh @@ -11,6 +11,7 @@ else < cherrypy.config.example > cherrypy.config echo "created cherrypy.config. Now edit it to taste ;)" fi +chmod 600 cherrypy.config # chmod even if it exists :) if [ ! -f appdir.py ] ; then echo "# Stupid but effective trick to know where we are:">appdir.py echo "APPDIR = '$(pwd)'">>appdir.py diff --git a/swizzler.py b/swizzler.py index 2b2a1c4..11ce721 100644 --- a/swizzler.py +++ b/swizzler.py @@ -138,5 +138,13 @@ if __name__ == '__main__': cherrypy.config.update('{0}/cherrypy.config'.format(APPDIR)) app = SwizzlerApp() cherrypy.tree.mount(app,'/',config='{0}/cherrypy.config'.format(APPDIR)) + conf = cherrypy.tree.apps[''].config + u,p = conf['swizzler'].get('browser_user'),conf['swizzler'].get('browser_password') + print u,p + if u and p: + conf['/'].update({ 'tools.basic_auth.on': True, + 'tools.basic_auth.realm': 'Swizzler VIP lounge', + 'tools.basic_auth.users': {u:p}, + 'tools.basic_auth.encrypt': lambda x: x}) cherrypy.engine.start() cherrypy.engine.block()