Add CsrfProtect
This commit is contained in:
parent
11f0fe14d3
commit
186a9003b2
|
@ -23,6 +23,7 @@ apt-get install -y nodejs nodejs-legacy npm
|
|||
apt-get install -y etcd
|
||||
apt-get install -y glusterfs-client attr
|
||||
apt-get install -y nginx
|
||||
pip3 install Flask-WTF
|
||||
|
||||
#add ip forward
|
||||
echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
</div>
|
||||
<div class="box-body">
|
||||
<form id="form" class="form-horizontal" action="/workspace/{{masterips[0].split("@")[0]}}/add/" method="POST">
|
||||
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group"><label class="col-sm-2 control-label">Workspace Name</label>
|
||||
<div class="col-sm-10"><input type="text" class="form-control" name="clusterName" id="clusterName"></div>
|
||||
</div>
|
||||
|
@ -94,7 +94,7 @@
|
|||
<td>{{image['name']}}</td>
|
||||
<td>public</td>
|
||||
<td>{{p_user}}</td>
|
||||
<td>{{image['size_format']}}</td>
|
||||
<td>{{image['size_format']}}</td>
|
||||
<td><a href="/image/{{masterips[0].split("@")[0]}}/description/{{image['name']}}_{{p_user}}_public/" target="_blank">{{image['description']}}</a></td>
|
||||
<td><div class="i-checks"><label><input type="radio" name="image" value="{{image['name']}}_{{p_user}}_public" onchange="setMinDiskSize({{image['size_in_mb']}})"></label></div></td>
|
||||
</tr>
|
||||
|
|
|
@ -117,6 +117,7 @@
|
|||
<ul class="dropdown-menu">
|
||||
<!-- The user image in the menu -->
|
||||
<form action="/bug/report/" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<textarea id="bugmessage" name="bugmessage" style="width:250px; height:200px"></textarea>
|
||||
<li class="user-footer" style="background-color:#e6e6e6">
|
||||
<div class="pull-right">
|
||||
|
@ -290,6 +291,9 @@
|
|||
</script>
|
||||
|
||||
<script type="text/javascript">
|
||||
$.ajaxSetup({
|
||||
headers: {'X-CSRFToken':'{{ csrf_token() }}'},
|
||||
});
|
||||
var ajaxCfg = {
|
||||
type : "post",
|
||||
url : '/notification/query_self/',
|
||||
|
|
|
@ -48,6 +48,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/beans/apply/" method="POST" id="beansapplyForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Number</label><small class="font-bold"> How many beans do you need?</small>
|
||||
<input type="number" class="form-control" placeholder="100-5000" name="number" id="number" min="100" max="5000" required />
|
||||
|
|
|
@ -55,6 +55,7 @@
|
|||
</div>
|
||||
<div class="box-body table-responsive">
|
||||
<form action="/cloud/{{master.split("@")[0]}}/setting/modify/" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<textarea id="setting" name="setting" class="form-control" rows="20">{{ info['result'] }}</textarea>
|
||||
<button type="submit" class="btn btn-primary">Save</button>
|
||||
</form>
|
||||
|
|
|
@ -74,6 +74,7 @@
|
|||
<div class="modal-body">
|
||||
<div class="form-group">
|
||||
<form action="/workspace/{{master.split("@")[0]}}/scaleout/{{ clustername }}/" method="POST" >
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<table class="table table-striped table-bordered table-hover table-image">
|
||||
<thead>
|
||||
<tr>
|
||||
|
@ -199,6 +200,7 @@
|
|||
<div class="modal-body">
|
||||
<div class="form-group">
|
||||
<form action="/workspace/{{master.split("@")[0]}}/save/{{ clustername }}/{{ container['containername'] }}/" method="POST" id="saveImage">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<label>Image Name</label>
|
||||
<input type="text" placeholder="Enter Image Name" class="form-control" name="ImageName" id="ImageName"/>
|
||||
<br/>
|
||||
|
@ -249,6 +251,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/port_mapping/add/{{master.split("@")[0]}}/" method="POST" id="AddportsmappingForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Cluster Name</label>
|
||||
<input type = "text" value="{{ clustername }}" class="form-control" name="clustername" readonly="readonly">
|
||||
|
@ -376,6 +379,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/image/{{master.split("@")[0]}}/copy/{{image['name']}}/" method="POST" id="CopyImageForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<table class="table table-striped table-bordered table-hover table-image">
|
||||
<thead>
|
||||
<tr>
|
||||
|
|
|
@ -37,6 +37,7 @@
|
|||
|
||||
<div class="box-body">
|
||||
<form id="notificationForm" class="form-horizontal" action="/notification/create/" method="post">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label class="col-sm-2 control-label">Title</label>
|
||||
<div class="col-sm-10">
|
||||
|
|
|
@ -76,6 +76,7 @@
|
|||
<div class="modal-body">
|
||||
<div class="form-group">
|
||||
<form action="/cluster/save/{{ clustername }}/{{ container['containername'] }}/" method="GET" id="saveImage">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<label>Image Name</label>
|
||||
<input type="text" placeholder="Enter image name" class="form-control" name="ImageName" id="ImageName"/>
|
||||
<div class="modal-footer">
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
<p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p>
|
||||
|
||||
<form action="" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group has-feedback">
|
||||
<input type="text" class="form-control" placeholder="Username" name="username">
|
||||
<span class="glyphicon glyphicon-user form-control-feedback"></span>
|
||||
|
|
|
@ -111,6 +111,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form id="modifyNotificationForm_{{ notify['id'] }}" action="/notification/modify/" method="post">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Title</label>
|
||||
<input type="text" class="form-control" name="title" value="{{ notify['title'] }}">
|
||||
|
@ -184,6 +185,7 @@
|
|||
<div class="modal-body">
|
||||
<strong class="text-center">Are you sure to do this?</strong>
|
||||
<form id="deleteNotificationForm_{{ notify['id'] }}" style="display: none" action="/notification/delete/" method="post">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<input type="text" class="form-control" name="notify_id" style="display: none" value="{{ notify['id'] }}">
|
||||
</form>
|
||||
</div>
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
<div class="login-box-body">
|
||||
<p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p>
|
||||
<form class="m-t" role="form" action="" id="activateForm" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<input type="text" class="form-control" placeholder="username" required="" name="username">
|
||||
</div>
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
{% block content %}
|
||||
<div class="box-body text-center p-md">
|
||||
<form action="/workspace/{{masterip}}/save/{{ clustername }}/{{ containername }}/force/" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<label>Image:</label>
|
||||
<input type="text" name="ImageName" id="ImageName" readonly="true" value="{{ image }}"/>
|
||||
<label> exists, are you sure to overwrite it?</label>
|
||||
|
|
|
@ -51,6 +51,7 @@
|
|||
<div class="modal-body">
|
||||
|
||||
<form action="/group/add/" method="POST" id="addGroupForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Name</label>
|
||||
<input type="text" placeholder="Enter Name" class="form-control" name="groupname"/>
|
||||
|
@ -87,6 +88,7 @@
|
|||
<div class="modal-body">
|
||||
|
||||
<form action="/quota/add/" method="POST" id="addQuotaForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Name</label>
|
||||
<input type="text" placeholder="Enter Name" class="form-control" name="quotaname"/>
|
||||
|
@ -121,6 +123,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/quota/chdefault/" method="POST" id="chDefaultForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Default Group</label>
|
||||
<select class="form-control" name="defaultgroup" value={{ defaultgroup }} />
|
||||
|
@ -176,6 +179,7 @@
|
|||
<small class="font-bold">Modify a group in Docklet</small>
|
||||
</div>
|
||||
<form action="/group/modify/{{group['name']}}/" method="POST" >
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="modal-body">
|
||||
<div class="form-group">
|
||||
<label>Name</label>
|
||||
|
@ -276,6 +280,7 @@
|
|||
</div>
|
||||
<div class="box-body">
|
||||
<form id="chlxcsetting" class="form-horizontal" action="/quota/chlxcsetting/" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label class="control-label col-sm-2">CPU</label>
|
||||
<div class="col-sm-8"><input type="number" class="form-control" name="lxcCpu" id="lxcCpu" value={{lxcsetting['cpu']}} />CORE</div>
|
||||
|
@ -305,6 +310,7 @@
|
|||
</div>
|
||||
<div class="box-body">
|
||||
<form role="form" action="/settings/update/" method="POST" >
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="box-body">
|
||||
<div class="form-group">
|
||||
<label for="ADMIN_EMAIL_ADDRESS">Admin Email Address</label>
|
||||
|
@ -415,6 +421,7 @@
|
|||
<h4>Sure to set <strong> {{ parm["parm"] }} </strong>to <strong>{{ history }} </strong>?</h4>
|
||||
</div>
|
||||
<form action="/system/modify/" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div style="display:none">
|
||||
<input type="text" placeholder="" class="" name="field" value={{field}} />
|
||||
</div>
|
||||
|
@ -473,6 +480,7 @@
|
|||
<small class="font-bold">Modify a parameter in Docklet</small>
|
||||
</div>
|
||||
<form action="/system/modify/" method="POST" >
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div style="display:none">
|
||||
<input type="text" placeholder="" class="" name="field" value={{field}} />
|
||||
</div>
|
||||
|
@ -515,6 +523,7 @@
|
|||
<h4>Sure to set <strong> {{ parm["parm"] }} </strong> to <strong> {{ parm["default"] }} </strong> ?</h4>
|
||||
</div>
|
||||
<form action="/system/modify/" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div style="display:none">
|
||||
<input type="text" placeholder="" class="" name="field" value={{field}} />
|
||||
</div>
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
<div class="login-box-body">
|
||||
<p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p>
|
||||
<form class="m-t" role="form" action="" id="activateForm" method="POST">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<input type="email" class="form-control" placeholder="E-mail" required="" name="email" value="{{ info['e_mail'] }}">
|
||||
</div>
|
||||
|
|
|
@ -91,6 +91,7 @@
|
|||
<div class="modal-body">
|
||||
|
||||
<form action="/user/info/" method="POST" id="ChpasswordForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>Old password</label>
|
||||
<input type = "password" placeholder="Enter old password" class="form-control" name="o_password" id="o_password">
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/user/add/" method="POST" id="addUserForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>User Name</label>
|
||||
<input type = "text" placeholder="Enter Username" class="form-control" name="username">
|
||||
|
@ -100,6 +101,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/user/modify/" method="POST" id="modifyUserForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>User Name</label>
|
||||
<input type = "text" placeholder="Enter Username" class="form-control" name="username" id="mUsername" readonly="readonly">
|
||||
|
@ -182,6 +184,7 @@
|
|||
</div>
|
||||
<div class="modal-body">
|
||||
<form action="/user/change/" method="POST" id="chpasswordForm">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
|
||||
<div class="form-group">
|
||||
<label>User Name</label>
|
||||
<input type = "text" placeholder="Enter Username" class="form-control" name="username" id="mpUsername" readonly="readonly">
|
||||
|
|
|
@ -21,6 +21,7 @@ initlogging("docklet-web")
|
|||
from webViews.log import logger
|
||||
|
||||
from flask import Flask, request, session, render_template, redirect, send_from_directory, make_response, url_for, abort
|
||||
from flask_wtf.csrf import CsrfProtect
|
||||
from webViews.dashboard import dashboardView
|
||||
from webViews.user.userlist import userlistView, useraddView, usermodifyView, userdataView, userqueryView
|
||||
from webViews.notification.notification import CreateNotificationView, NotificationView, QuerySelfNotificationsView, \
|
||||
|
@ -61,7 +62,7 @@ if (external_login == 'True'):
|
|||
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
CsrfProtect(app)
|
||||
|
||||
|
||||
@app.route("/", methods=['GET'])
|
||||
|
|
Loading…
Reference in New Issue