Skip to content

Commit

Permalink
Patch: get secrets id using a query parameter (#36)
Browse files Browse the repository at this point in the history 
* chore: set and retreive passwords using a query parameter

* chore: disallow matomo from tracking query params
  • Loading branch information
@mbaraa
mbaraa authored Feb 13, 2024
1 parent dabc1d7 commit 3f050a7
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
14 changes: 7 additions & 7 deletions snappass/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,25 +188,25 @@ def handle_password():
base_url = request.url_root.replace("http://", "https://")
if URL_PREFIX:
base_url = base_url + URL_PREFIX.strip("/") + "/"
link = base_url + url_quote_plus(token)
link = f"{base_url}retrieve?password_key={url_quote_plus(token)}"
if request.accept_mimetypes.accept_json and not request.accept_mimetypes.accept_html:
return jsonify(link=link, ttl=ttl)
else:
return render_template('confirm.html', password_link=link)


@app.route('/<password_key>', methods=['GET'])
def preview_password(password_key):
password_key = url_unquote_plus(password_key)
@app.route('/retrieve', methods=['GET'])
def preview_password():
password_key = request.args.to_dict().get("password_key")
if not password_exists(password_key):
return render_template('expired.html'), 404

return render_template('preview.html')


@app.route('/<password_key>', methods=['POST'])
def show_password(password_key):
password_key = url_unquote_plus(password_key)
@app.route('/retrieve', methods=['POST'])
def show_password():
password_key = request.args.to_dict().get("password_key")
password = get_password(password_key)
if not password:
return render_template('expired.html'), 404
Expand Down
10 changes: 10 additions & 0 deletions snappass/templates/base.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,16 @@
_paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
_paq.push(["setTrackerUrl", u + "/matomo.php"]);
_paq.push(["setSiteId", "{{site_id}}"]);

// remove query parameters before sending the url to matomo
let page_url = location.href;
const query_pos = location.href.indexOf("?");
if (query_pos) {
page_url = location.href.substring(0, query_pos);
}
_paq.push(["setCustomUrl", page_url]);
_paq.push(["trackPageView"]);

let d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
Expand Down

0 comments on commit 3f050a7

Please sign in to comment.