From 56cc06d9052ddbd1da5a61dd6a6def3be7153f21 Mon Sep 17 00:00:00 2001
From: Krateng <git.noreply@krateng.ch>
Date: Wed, 29 Jul 2020 15:52:01 +0200
Subject: [PATCH] Implemented proper authentication for backend

---
 maloja/__pkginfo__.py        |  2 +-
 maloja/data_files/auth/dummy |  0
 maloja/globalconf.py         |  6 ++++++
 maloja/server.py             | 14 ++++++++++++++
 4 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 maloja/data_files/auth/dummy

diff --git a/maloja/__pkginfo__.py b/maloja/__pkginfo__.py
index a3fa867..317c320 100644
--- a/maloja/__pkginfo__.py
+++ b/maloja/__pkginfo__.py
@@ -15,7 +15,7 @@ links = {
 requires = [
 	"bottle>=0.12.16",
 	"waitress>=1.3",
-	"doreah>=1.6.7",
+	"doreah>=1.6.8",
 	"nimrodel>=0.6.3",
 	"setproctitle>=1.1.10",
 	"wand>=0.5.4",
diff --git a/maloja/data_files/auth/dummy b/maloja/data_files/auth/dummy
new file mode 100644
index 0000000..e69de29
diff --git a/maloja/globalconf.py b/maloja/globalconf.py
index 5ed516f..bba0938 100644
--- a/maloja/globalconf.py
+++ b/maloja/globalconf.py
@@ -49,6 +49,12 @@ config(
 	},
 	regular={
 		"autostart": False
+	},
+	auth={
+		"multiuser":False,
+		"cookieprefix":"maloja",
+		"stylesheets":["/style.css"],
+		"dbfile":datadir("auth/auth.ddb")
 	}
 )
 
diff --git a/maloja/server.py b/maloja/server.py
index 51eb690..bc322f4 100755
--- a/maloja/server.py
+++ b/maloja/server.py
@@ -25,6 +25,7 @@ from doreah import settings
 from doreah.logging import log
 from doreah.timing import Clock
 from doreah.pyhp import file as pyhpfile
+from doreah.auth import get_login_page, authapi, authenticated
 # technical
 #from importlib.machinery import SourceFileLoader
 import importlib
@@ -55,6 +56,7 @@ STATICFOLDER = pkg_resources.resource_filename(__name__,"static")
 DATAFOLDER = DATA_DIR
 
 webserver = Bottle()
+authapi.mount(server=webserver)
 
 pthjoin = os.path.join
 
@@ -158,6 +160,10 @@ def get_css():
 	return css
 
 
+@webserver.route("/login")
+def login():
+	return get_login_page()
+
 @webserver.route("/<name>.<ext>")
 def static(name,ext):
 	assert ext in ["txt","ico","jpeg","jpg","png","less","js"]
@@ -216,7 +222,15 @@ jinjaenv = Environment(
 jinjaenv.globals.update(JINJA_CONTEXT)
 
 
+@webserver.route("/<name:re:(issues|manual|setup|admin)>")
+@authenticated
+def static_html_private(name):
+	return static_html(name)
+
 @webserver.route("/<name>")
+def static_html_public(name):
+	return static_html(name)
+
 def static_html(name):
 	linkheaders = ["</style.css>; rel=preload; as=style"]
 	keys = remove_identical(FormsDict.decode(request.query))