WPD: revert partially and add WPD temp stuff (leak host for WPD)

2022-10-18 06:23:59 -05:00 · 2022-10-18 06:23:59 -05:00 · 45e40fe61c
parent d32341e7b9
commit 45e40fe61c
1 changed files with 13 additions and 4 deletions
--- a/files/main.py
+++ b/files/main.py
@ -83,10 +83,12 @@ def before_request():

 	with open('/site_settings.json', 'r', encoding='utf_8') as f:
 		app.config['SETTINGS'] = json.load(f)
-
-	if request.host != app.config["SERVER_NAME"]:
-		return redirect(app.config["SERVER_NAME"] + request.full_path)
-
+	### WPD TEMP ####
+	if request.host != app.config["SERVER_NAME"] and app.config["SERVER_NAME"] != "watchpeopledie.co":
+		return {"error": "Unauthorized host provided"}, 403
+	#### END WPD TEMP ####
+	# uncomment below after done with WPD migration
+	# if request.host != app.config["SERVER_NAME"]: return {"error": "Unauthorized host provided."}, 403
 	if request.headers.get("CF-Worker"): return {"error": "Cloudflare workers are not allowed to access this website."}, 403

 	if not app.config['SETTINGS']['Bots'] and request.headers.get("Authorization"): abort(403)
@ -95,6 +97,13 @@ def before_request():
 	g.webview = '; wv) ' in ua
 	g.inferior_browser = 'iphone' in ua or 'ipad' in ua or 'ipod' in ua or 'mac os' in ua or ' firefox/' in ua

+	#### WPD TEMP #### temporary WPD migration logic: redirect to /
+	if request.host == 'watchpeopledie.co' and app.config["SERVER_NAME"] == "watchpeopledie.co":
+		request.path = request.path.rstrip('/')
+		if not request.path: request.path = '/'
+		if request.path != '/':
+			return redirect('/')
+	#### END WPD TEMP ####
 	request.path = request.path.rstrip('/')
 	if not request.path: request.path = '/'
 	request.full_path = request.full_path.rstrip('?').rstrip('/')