aboutsummaryrefslogtreecommitdiffstats
path: root/fg21sim/webui/handlers
diff options
context:
space:
mode:
Diffstat (limited to 'fg21sim/webui/handlers')
-rw-r--r--fg21sim/webui/handlers/__init__.py5
-rw-r--r--fg21sim/webui/handlers/base.py30
-rw-r--r--fg21sim/webui/handlers/login.py40
3 files changed, 75 insertions, 0 deletions
diff --git a/fg21sim/webui/handlers/__init__.py b/fg21sim/webui/handlers/__init__.py
new file mode 100644
index 0000000..f97ef07
--- /dev/null
+++ b/fg21sim/webui/handlers/__init__.py
@@ -0,0 +1,5 @@
+# Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+# MIT license
+
+from .index import IndexHandler
+from .login import LoginHandler
diff --git a/fg21sim/webui/handlers/base.py b/fg21sim/webui/handlers/base.py
new file mode 100644
index 0000000..5a6e3a9
--- /dev/null
+++ b/fg21sim/webui/handlers/base.py
@@ -0,0 +1,30 @@
+# Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+# MIT license
+
+"""
+Base handler for other handlers
+"""
+
+
+import tornado.web
+from tornado.options import options
+
+
+class BaseRequestHandler(tornado.web.RequestHandler):
+ def get_current_user(self):
+ """
+ Override the ``get_current_user()`` method to implement user
+ authentication.
+
+ Determine the current user based on the value of a cookie.
+
+ References
+ ----------
+ - Tornado: Authentication and security
+ http://www.tornadoweb.org/en/stable/guide/security.html
+ """
+ if (options.password is None) or (options.password == ""):
+ # Password not set, then all accesses are allowed
+ return True
+ else:
+ return self.get_secure_cookie("user")
diff --git a/fg21sim/webui/handlers/login.py b/fg21sim/webui/handlers/login.py
new file mode 100644
index 0000000..4529005
--- /dev/null
+++ b/fg21sim/webui/handlers/login.py
@@ -0,0 +1,40 @@
+# Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+# MIT license
+
+"""
+Login handler
+"""
+
+from tornado.options import options
+from tornado.escape import xhtml_escape
+
+from .base import BaseRequestHandler
+
+
+class LoginHandler(BaseRequestHandler):
+ """
+ Login page handler of the Web UI.
+
+ NOTE
+ ----
+ Only check the password to authenticate the access, therefore, the
+ default username "FG21SIM" is used.
+ """
+ def get(self):
+ if (options.password is None) or (options.password == ""):
+ # Password is not set, just allow
+ self.redirect(self.reverse_url("index"))
+ elif self.current_user:
+ # Already authenticated
+ self.redirect(self.reverse_url("index"))
+ else:
+ self.render("login.html", error="")
+
+ def post(self):
+ password = xhtml_escape(self.get_argument("password"))
+ if password == options.password:
+ self.set_secure_cookie("user", "FG21SIM")
+ self.redirect(self.reverse_url("index"))
+ else:
+ # Password incorrect
+ self.render("login.html", error="Incorrect password!")