diff options
-rwxr-xr-x | server.py | 16 |
1 files changed, 10 insertions, 6 deletions
@@ -5,20 +5,26 @@ import tornado.web import random import string import os +from cryptography.fernet import Fernet root_dir = os.path.dirname(os.path.realpath(__file__)) with open(root_dir + '/german-5.dic', encoding='utf-8') as f: dictionary = [ word.lower() for word in f.read().split('\n') ] +fernet = Fernet(Fernet.generate_key()) + class BaseHandler(tornado.web.RequestHandler): def get_current_riddle(self): - return self.get_secure_cookie('riddle') + riddle = self.get_argument('riddle', self.get_cookie('riddle')) + if riddle: + return fernet.decrypt(riddle.encode('utf-8')) + return False class CreateHandler(BaseHandler): def get(self): self.set_header('Access-Control-Allow-Origin','*') - cookie_value = self.create_signed_value('riddle', random.SystemRandom().choice(dictionary).lower()) - self.set_cookie('riddle', cookie_value); + cookie_value = fernet.encrypt(random.SystemRandom().choice(dictionary).lower().encode('utf-8')) + self.set_cookie('riddle', cookie_value) for redirection in self.get_arguments('next'): self.redirect(redirection) return @@ -74,9 +80,7 @@ def make_app(): (r'/', ReadmeHandler), (r'/create', CreateHandler), (r'/try/(.+)', TrialHandler), - ], - cookie_secret = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(64)) - ) + ]) if __name__ == "__main__": app = make_app() |