ouczbs/anki-sync-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added basic authentication support

Browse Source
This commit is contained in:
jdoe0 2013-08-02 00:07:49 +07:00
parent 7dcde6ac7a
commit 654240abca
1 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
AnkiServer/apps/sync_app.py
View File

@ -3,6 +3,9 @@ from webob.dec import wsgify
from webob.exc import * from webob.exc import *
from webob import Response from webob import Response
import sqlite3
import hashlib
import AnkiServer import AnkiServer
import anki import anki
@ -74,7 +77,7 @@ class SyncUserSession(object):
def get_collection_path(self): def get_collection_path(self):
return os.path.realpath(os.path.join(self.path, 'collection.anki2')) return os.path.realpath(os.path.join(self.path, 'collection.anki2'))
def get_thread(self): def get_thread(self):
return self.collection_manager.get_collection(self.get_collection_path()) return self.collection_manager.get_collection(self.get_collection_path())
@ -116,8 +119,24 @@ class SyncApp(object):
Override this to change how users are authenticated. Override this to change how users are authenticated.
""" """
# TODO: This should have the exact opposite default ;-) conn = sqlite3.connect("auth.db")
return True cursor = conn.cursor()
param = (username,)
cursor.execute("SELECT hash FROM auth WHERE user=?", param)
db_ret = cursor.fetchone()
if db_ret != None:
db_hash = str(db_ret[0])
salt = db_hash[-16:]
hashobj = hashlib.sha256()
hashobj.update(username+password+salt)
return (db_ret != None and hashobj.hexdigest()+salt == db_hash)
def username2dirname(self, username): def username2dirname(self, username):
""" """
@ -127,7 +146,7 @@ class SyncApp(object):
""" """
return username return username
def generateHostKey(self, username): def generateHostKey(self, username):
"""Generates a new host key to be used by the given username to identify their session. """Generates a new host key to be used by the given username to identify their session.
This values is random.""" This values is random."""
@ -209,7 +228,7 @@ class SyncApp(object):
# Bad JSON # Bad JSON
raise HTTPBadRequest() raise HTTPBadRequest()
print 'data:', data print 'data:', data
if url == 'hostKey': if url == 'hostKey':
try: try:
u = data['u'] u = data['u']
@ -268,7 +287,7 @@ class SyncApp(object):
if url == 'finish': if url == 'finish':
self.delete_session(hkey) self.delete_session(hkey)
return Response( return Response(
status='200 OK', status='200 OK',
content_type='application/json', content_type='application/json',