rune/malias-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Activity

Changed app for proxy and https++

Browse Source
This commit is contained in:
Rune Olsen
2026-01-22 16:42:55 +01:00
parent e4fed12143
commit c3efa127d9
1 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app.py
View File

@@ -1,6 +1,7 @@
from flask import Flask, render_template, request, jsonify, redirect, url_for, session from flask import Flask, render_template, request, jsonify, redirect, url_for, session
from functools import wraps from functools import wraps
from werkzeug.middleware.proxy_fix import ProxyFix from werkzeug.middleware.proxy_fix import ProxyFix
from datetime import timedelta
import malias_wrapper as malias_w import malias_wrapper as malias_w
import os import os
import argparse import argparse
@@ -23,12 +24,22 @@ app.wsgi_app = ProxyFix(
malias_w.init_database() malias_w.init_database()
# Session configuration for reverse proxy # Session configuration for reverse proxy
# Allow session cookies to work properly behind HTTPS proxy # Critical: Session cookies must work through proxy (Authelia, Zoraxy, etc.)
app.config.update( app.config.update(
SESSION_COOKIE_SECURE=False, # Set to True if using HTTPS only # Session cookie settings
SESSION_COOKIE_HTTPONLY=True, # Prevent JavaScript access to session cookie SESSION_COOKIE_NAME='malias_session', # Custom name to avoid conflicts
SESSION_COOKIE_SAMESITE='Lax', # CSRF protection SESSION_COOKIE_SECURE=False, # Must be False - backend connection is HTTP
PREFERRED_URL_SCHEME='https' # Generate HTTPS URLs when behind proxy SESSION_COOKIE_HTTPONLY=True, # Security: prevent JavaScript access
SESSION_COOKIE_SAMESITE='Lax', # Allow same-site requests (needed for redirects)
SESSION_COOKIE_PATH='/', # Available for entire application
# Permanent session (survives browser restarts)
PERMANENT_SESSION_LIFETIME=86400, # 24 hours in seconds
SESSION_REFRESH_EACH_REQUEST=True, # Extend session on each request
# URL generation
PREFERRED_URL_SCHEME='https', # Generate HTTPS URLs when behind proxy
APPLICATION_ROOT='/', # Application root path
) )
def login_required(f): def login_required(f):
@@ -46,6 +57,7 @@ def login():
if request.method == 'POST': if request.method == 'POST':
password = request.json.get('password', '') password = request.json.get('password', '')
if malias_w.verify_password(password): if malias_w.verify_password(password):
session.permanent = True # Make session persistent
session['logged_in'] = True session['logged_in'] = True
return jsonify({'status': 'success', 'message': 'Login successful'}) return jsonify({'status': 'success', 'message': 'Login successful'})
else: else: