Better unauthorized error page

2025-05-29 17:21:12 +02:00 · 2025-05-29 17:21:12 +02:00 · 99d40ad66e
commit 99d40ad66e
parent dca9b58e4f
3 changed files with 32 additions and 6 deletions
--- a/hmdooris/BottleHelpers.py
+++ b/hmdooris/BottleHelpers.py
@ -3,7 +3,7 @@ from typing import Callable, List

 from BottleOIDC import BottleOIDC
 from BottleOIDC.bottle_utils import UnauthorizedError
-from bottle import request
+from bottle import request, abort


 class BottleHelpers:
@ -29,8 +29,7 @@ class BottleHelpers:
                def _wrapper(*args, **kwargs):
                    if self.auth.my_username is not None:
                        return f(*args, **kwargs)
-
-                    return UnauthorizedError('Not Authorized')
+                    abort(401, 'Not Authorized')

                _wrapper.__name__ = f.__name__
                return _wrapper
@ -47,7 +46,7 @@ class BottleHelpers:
                for allowed in self.allowed:
                    if addr.overlaps(allowed):
                        return f(*args, **kwargs)
-                return UnauthorizedError('Not Authorized')
+                abort(401, 'Not Authorized')

            _wrapper.__name__ = f.__name__
            return _wrapper
--- a/hmdooris/main.py
+++ b/hmdooris/main.py
@ -8,7 +8,7 @@ from typing import Callable
 from BottleOIDC import BottleOIDC
 from BottleOIDC.bottle_utils import UnauthorizedError
 from BottleSessions import BottleSessions
-from bottle import route, run, Bottle, static_file, TEMPLATE_PATH, jinja2_view, post, get, request
+from bottle import route, run, Bottle, static_file, TEMPLATE_PATH, jinja2_view, post, get, request, error
 from bottle_log import LoggingPlugin
 from bottle_websocket import websocket, GeventWebSocketServer
 from geventwebsocket.websocket import WebSocket
@ -55,8 +55,8 @@ def root():
    return {}

@app.get("/operate")
-@bottle_helpers.require_login
@bottle_helpers.require_sourceip
+@bottle_helpers.require_login
@jinja2_view("operate.html.j2")
 def root():
    return {}
@ -88,5 +88,19 @@ def get_api_lock(id):
 def post_api_lock(id):
    return ccujack.lock_unlock(id, request.json["locking"])

+@app.error(401)
+@jinja2_view("not_authorized.html.j2")
+def not_authorized(error):
+    code, msg = error.args
+    return {
+        'user': auth.my_username,
+        'ip': request.remote_addr,
+        'error': error,
+        'code': code,
+        'msg': msg,
+    }
+
+app.error_handler[401] = not_authorized
+
 if __name__ == '__main__':
    app.run(host=config.listen_host, port=config.listen_port, server=GeventWebSocketServer, debug=config.debug, quiet=not config.debug)
--- a/hmdooris/templates/not_authorized.html.j2
+++ b/hmdooris/templates/not_authorized.html.j2
@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>HM Dooris - {{ msg }}</title>
+    <link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
+    <link rel=stylesheet type="text/css" href="static/main.css">
+</head>
+<body>
+<h1>HM Dooris - {{ msg }}</h1>
+<p>You are not authorized to lock or unlock.</p>
+<p>user: {{ user }}, ip: {{ ip }}, error: {{ error }}, code: {{ code }}, msg: {{ msg }}</p>
+</body>
+</html>