aboutsummaryrefslogtreecommitdiffstats
path: root/fg21sim
diff options
context:
space:
mode:
Diffstat (limited to 'fg21sim')
-rw-r--r--fg21sim/webui/handlers/__init__.py5
-rw-r--r--fg21sim/webui/handlers/base.py30
-rw-r--r--fg21sim/webui/handlers/login.py40
-rw-r--r--fg21sim/webui/templates/login.html30
4 files changed, 105 insertions, 0 deletions
diff --git a/fg21sim/webui/handlers/__init__.py b/fg21sim/webui/handlers/__init__.py
new file mode 100644
index 0000000..f97ef07
--- /dev/null
+++ b/fg21sim/webui/handlers/__init__.py
@@ -0,0 +1,5 @@
+# Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+# MIT license
+
+from .index import IndexHandler
+from .login import LoginHandler
diff --git a/fg21sim/webui/handlers/base.py b/fg21sim/webui/handlers/base.py
new file mode 100644
index 0000000..5a6e3a9
--- /dev/null
+++ b/fg21sim/webui/handlers/base.py
@@ -0,0 +1,30 @@
+# Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+# MIT license
+
+"""
+Base handler for other handlers
+"""
+
+
+import tornado.web
+from tornado.options import options
+
+
+class BaseRequestHandler(tornado.web.RequestHandler):
+ def get_current_user(self):
+ """
+ Override the ``get_current_user()`` method to implement user
+ authentication.
+
+ Determine the current user based on the value of a cookie.
+
+ References
+ ----------
+ - Tornado: Authentication and security
+ http://www.tornadoweb.org/en/stable/guide/security.html
+ """
+ if (options.password is None) or (options.password == ""):
+ # Password not set, then all accesses are allowed
+ return True
+ else:
+ return self.get_secure_cookie("user")
diff --git a/fg21sim/webui/handlers/login.py b/fg21sim/webui/handlers/login.py
new file mode 100644
index 0000000..4529005
--- /dev/null
+++ b/fg21sim/webui/handlers/login.py
@@ -0,0 +1,40 @@
+# Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+# MIT license
+
+"""
+Login handler
+"""
+
+from tornado.options import options
+from tornado.escape import xhtml_escape
+
+from .base import BaseRequestHandler
+
+
+class LoginHandler(BaseRequestHandler):
+ """
+ Login page handler of the Web UI.
+
+ NOTE
+ ----
+ Only check the password to authenticate the access, therefore, the
+ default username "FG21SIM" is used.
+ """
+ def get(self):
+ if (options.password is None) or (options.password == ""):
+ # Password is not set, just allow
+ self.redirect(self.reverse_url("index"))
+ elif self.current_user:
+ # Already authenticated
+ self.redirect(self.reverse_url("index"))
+ else:
+ self.render("login.html", error="")
+
+ def post(self):
+ password = xhtml_escape(self.get_argument("password"))
+ if password == options.password:
+ self.set_secure_cookie("user", "FG21SIM")
+ self.redirect(self.reverse_url("index"))
+ else:
+ # Password incorrect
+ self.render("login.html", error="Incorrect password!")
diff --git a/fg21sim/webui/templates/login.html b/fg21sim/webui/templates/login.html
new file mode 100644
index 0000000..51d4cd1
--- /dev/null
+++ b/fg21sim/webui/templates/login.html
@@ -0,0 +1,30 @@
+{#
+ # Copyright (c) 2016 Weitian LI <liweitianux@live.com>
+ # MIT license
+ #
+ # Login page for the Web UI of "fg21sim"
+ #}
+
+{% extends "base.html" %}
+
+{% block subtitle %}Login |{% end %}
+
+{% block main %}
+<section id="login">
+ <h2><span class="fa fa-key" aria-hidden="true"></span> Login</h2>
+ <hr />
+
+ <form action="/login" method="post">
+ {% module xsrf_form_html() %}
+ <fieldset>
+ <label for="password">Password:
+ {% if (error != "") %}
+ <span class="label label-warning">{{ error }}</span>
+ {% end %}
+ </label>
+ <input class="form-control" type="password" id="password" name="password" required />
+ <button type="submit">Login</button>
+ </fieldset>
+ </form>
+</section>
+{% end %}