Fixed CSRF-related issues and profilepictures by starting caddy for development server too. Also improved boostrap script. #15 #16

2023-02-11 18:04:52 +01:00 · 2023-02-11 18:04:52 +01:00 · 01aa31a8a1
commit 01aa31a8a1
parent 5572fec9c1
8 changed files with 99 additions and 41 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,12 +2,15 @@
 /data/logs/*
 /data/tls/*
 /data/static/*
+/data/profilepictures/*
 !/data/logs/
 !/data/logs/.gitkeep
 !/data/tls/
 !/data/tls/.gitkeep
 !/data/static/
 !/data/static/.gitkeep
+!/data/profilepictures/
+!/data/profilepictures/default.svg
 !/data/Caddyfile
 !/data/*.example.*

--- a/app/templates/registration/login.html
+++ b/app/templates/registration/login.html
@ -69,7 +69,7 @@
        <ul class="userlist">
            {% for user_ in user_list %}
                <li class="userlistbutton button" data-username="{{ user_.username }}">
-                    <img src="/profilepictures?name={{ user_.profile_picture_filename|urlencode }}">
+                    <img src="/profilepictures/{{ user_.profile_picture_filename|urlencode }}">
                    <div>
                        {% if user_.first_name %}

--- a/app/templates/userpanel.html
+++ b/app/templates/userpanel.html
@ -3,7 +3,7 @@

 <div class="userpanel">
    <div class="userinfo">
-        <img src="/profilepictures?name={{ user.profile_picture_filename|urlencode }}">
+        <img src="/profilepictures/{{ user.profile_picture_filename|urlencode }}">
        <span>
            {% if user.first_name != "" %}
                {% translate "User" %}: {{ user.first_name }} {{ user.last_name }} ({{ user.username }})
--- a/data/Caddyfile
+++ b/data/Caddyfile
@ -7,7 +7,7 @@
 	https_port {$HTTPS_PORT}
 }

-0.0.0.0 {
+{$CADDY_HOST} {
 	# the tls certificates
 	tls {$DATADIR}/tls/server.pem {$DATADIR}/tls/server-key.pem
 	route {
--- a/data/config.example.yml
+++ b/data/config.example.yml
@ -27,7 +27,8 @@ db:
  host: "127.0.0.1"
  port: 5432
 caddy:
-  # Ports that the web server listens on
+  # Webserver settings
+  host: "localhost"
  http_port: 80
  https_port: 443
 logs:
--- a/data/profilepictures/default.svg
+++ b/data/profilepictures/default.svg
@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="16"
+   height="16"
+   viewBox="0 0 16 16"
+   version="1.1"
+   id="svg5"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs2" />
+  <g
+     id="layer1">
+    <circle
+       style="fill:#808080;fill-opacity:1;stroke:#fffcfe;stroke-opacity:1"
+       id="path848"
+       cx="8"
+       cy="4.5"
+       r="2.5" />
+    <path
+       style="fill:#7f7f7f;fill-opacity:1;stroke:#fffcff;stroke-opacity:1"
+       id="path3433"
+       d="m -3,-13.499699 a 5,5 0 0 1 -2.5,4.3301274 5,5 0 0 1 -5,0 5,5 0 0 1 -2.5,-4.3301274 h 5 z"
+       transform="scale(-1)" />
+  </g>
+</svg>
--- a/project/settings.py
+++ b/project/settings.py
@ -125,6 +125,11 @@ AUTH_USER_MODEL = "app.User"
 SESSION_COOKIE_AGE = int(config["app"]["session_cookie_age"])
 CSRF_COOKIE_SECURE = True
 SESSION_COOKIE_SECURE = True
+CSRF_TRUSTED_ORIGINS = [
+    f"https://{config['caddy']['host']}",
+    f"http://{config['caddy']['host']}",
+    f"https://{config['caddy']['host']}:{config['caddy']['https_port']}",
+    f"http://{config['caddy']['host']}:{config['caddy']['https_port']}"]

 # Internationalization
 # https://docs.djangoproject.com/en/4.1/topics/i18n/
--- a/scripts/bootstrap.py
+++ b/scripts/bootstrap.py
@ -9,6 +9,7 @@ from pathlib import Path
 from signal import SIGINT
 from subprocess import Popen
 from sys import path as sys_path
+from sys import stdout, stderr
 from time import sleep

 from yaml import safe_load
@ -45,6 +46,13 @@ class MonitoredSubprocess:
        if self._tries < self.max_tries:
            self._tries += 1
            print(f"Starting {self.name}...")
+            if self.logfile is None:
+                self.s = Popen(
+                    self.commandline,
+                    stdout=stdout.buffer,
+                    stderr=stderr.buffer,
+                    env=self.environment)
+            else:
                with self.logfile.open("ab") as l:
                    self.s = Popen(
                        self.commandline,
@ -71,6 +79,30 @@ def cleanup_procs(processes):
        p.stop()


+def start_and_monitor(monitored_subprocesses: list):
+    # start processes
+        for p in monitored_subprocesses:
+            p.try_start()
+        register_exithandler(cleanup_procs, monitored_subprocesses)
+        # monitor processes
+        try:
+            while True:
+                sleep(1)
+                for p in monitored_subprocesses:
+                    returncode = p.s.poll()
+                    if returncode is None:
+                        continue
+                    else:
+                        print(f"{p.name} stopped with exit code {returncode}.")
+                        if p.try_start() is False:
+                            # stop everything if the process
+                            # has exceeded max. tries
+                            exit()
+        except KeyboardInterrupt:
+            print("Received KeyboardInterrupt, exiting...")
+            exit()
+
+
 if __name__ == "__main__":
    argp = ArgumentParser()
    argp.add_argument("--devel", help="Start development server", action="store_true")
@ -84,22 +116,31 @@ if __name__ == "__main__":
        ["./venv/bin/python3", "./manage.py", "collectstatic", "--noinput"], env=os.environ).wait()
    Popen(
        ["./venv/bin/python3", "./manage.py", "migrate", "--noinput"], env=os.environ).wait()
-    # Start
-    if args.devel:
-        p = None
-        try:
-            p = Popen(["./venv/bin/python3", "./manage.py", "runserver"], env=os.environ).wait()
-        except KeyboardInterrupt:
-            if p is not None:
-                p.send_signal(SIGINT)
-    else:
    # Caddy configuration via env
    environment_caddy = os.environ
    environment_caddy["DATADIR"] = str(data_directory.absolute())
+    environment_caddy["CADDY_HOST"] = str(config["caddy"]["host"])
    environment_caddy["HTTP_PORT"] = str(config["caddy"]["http_port"])
    environment_caddy["HTTPS_PORT"] = str(config["caddy"]["https_port"])
    environment_caddy["APPLICATION_PORT"] = str(config["app"]["application_port"])
    environment_caddy["ACCESS_LOG"] = config["logs"]["http_access"]
+    # Start
+    if args.devel:
+        procs = [
+            MonitoredSubprocess(
+                "Caddy Webserver",
+                ["caddy", "run", "--config", str(caddyfile)],
+                None,
+                environment=environment_caddy
+            ),
+            MonitoredSubprocess(
+                "Django Development Server",
+                ["./venv/bin/python3", "./manage.py", "runserver", str(config["app"]["application_port"])],
+                None
+            ),
+        ]
+        start_and_monitor(procs)
+    else:
        # Application configuration via env
        environment_app = os.environ
        environment_app["APP_PROD"] = "1"
@ -128,24 +169,4 @@ if __name__ == "__main__":
                environment=environment_app
            ),
        ]
-        # start processes
-        for p in procs:
-            p.try_start()
-        register_exithandler(cleanup_procs, procs)
-        # monitor processes
-        try:
-            while True:
-                sleep(1)
-                for p in procs:
-                    returncode = p.s.poll()
-                    if returncode is None:
-                        continue
-                    else:
-                        print(f"{p.name} stopped with exit code {returncode}.")
-                        if p.try_start() is False:
-                            # stop everything if the process
-                            # has exceeded max. tries
-                            exit()
-        except KeyboardInterrupt:
-            print("Received KeyboardInterrupt, exiting...")
-            exit()
+        start_and_monitor(procs)