add auth support

pytorrent/__init__.py

@@ -3,17 +3,42 @@ from __future__ import annotations
 from pathlib import Path
 from flask import Flask, request, url_for
 from flask_socketio import SocketIO
-from .config import SECRET_KEY
+from werkzeug.middleware.proxy_fix import ProxyFix
+from .config import (
+    SECRET_KEY,
+    SESSION_COOKIE_SECURE,
+    PROXY_FIX_ENABLE,
+    PROXY_FIX_X_FOR,
+    PROXY_FIX_X_PROTO,
+    PROXY_FIX_X_HOST,
+    PROXY_FIX_X_PORT,
+    PROXY_FIX_X_PREFIX,
+    SOCKETIO_CORS_ALLOWED_ORIGINS,
+)
 from .db import init_db
 from .utils import file_md5
 
-socketio = SocketIO(cors_allowed_origins="*", ping_timeout=30, async_mode="threading")
+socketio = SocketIO(cors_allowed_origins=SOCKETIO_CORS_ALLOWED_ORIGINS, ping_timeout=30, async_mode="threading")
 _static_md5_cache: dict[tuple, str] = {}
 
 
 def create_app() -> Flask:
     app = Flask(__name__)
+    if PROXY_FIX_ENABLE:
+        app.wsgi_app = ProxyFix(
+            app.wsgi_app,
+            x_for=PROXY_FIX_X_FOR,
+            x_proto=PROXY_FIX_X_PROTO,
+            x_host=PROXY_FIX_X_HOST,
+            x_port=PROXY_FIX_X_PORT,
+            x_prefix=PROXY_FIX_X_PREFIX,
+        )
     app.secret_key = SECRET_KEY
+    app.config.update(
+        SESSION_COOKIE_HTTPONLY=True,
+        SESSION_COOKIE_SAMESITE="Lax",
+        SESSION_COOKIE_SECURE=SESSION_COOKIE_SECURE,
+    )
 
     @app.context_processor
     def static_helpers():
@@ -49,6 +74,8 @@ def create_app() -> Flask:
     app.register_blueprint(main_bp)
     app.register_blueprint(api_bp)
     init_db()
+    from .services.auth import install_guards
+    install_guards(app)
 
     socketio.init_app(app)
     from .services.workers import set_socketio