9 de outubro de 2015

Web2py admin without https


A boring thing about Web2py is that it forces you to run the admin app over https, even in my Vagrant box. I have no choice about it. Until now!

With instructions below we'll install Web2py and make some small hacks to allow admin and appadmin running without https.

The big picture is: we'll simulate a local request and add the host computer to the allowed addresses.

Note: These instructions are designed to address my needs and to run in a Vagrant box. It is not recommended to run in a production environment at all.

#!/usr/bin/env bash

set -x

PROJECTNAME=xpto
HOME=/home/vagrant

cd ${HOME}/virtualenvs/${PROJECTNAME}/lib


# Web2py
rm -rf web2py
git clone https://github.com/web2py/web2py.git
cd web2py
git checkout master
git checkout -b v2.9.11 R-2.9.11  # Choose your version with `git tag`
ln -s /vagrant/src ${HOME}/virtualenvs/${PROJECTNAME}/lib/web2py/applications/${PROJECTNAME}

# Password file to enable admin without https
python -c "from gluon.main import save_password; save_password('a-Password', 8000)"


# vagrant owns the user-installed libs
chown -R vagrant:vagrant ${HOME}/virtualenvs/${PROJECTNAME}/lib


# Here's the first trick: a fake local request.
cd ${HOME}/virtualenvs/${PROJECTNAME}/lib/web2py/applications/admin/models
cat - 0.py > temp.py <<EOD
# Allow admin to work without https
request.is_local = True

EOD

mv 0.py 0.py.original
mv temp.py 0.py
Now you need to follow steps below:
  1. Edit your application's controllers/appadmin.py file.
  2. Find where the variable hosts is set inside a except block.
  3. Open a new line after that.
  4. Type this, outdented one level: hosts = (remote_addr, )
That's de last trick: your host computer is allowed to run without https.
Here's how you should see the above snippet:

try:
    hosts = (http_host, socket.gethostname(),
             socket.gethostbyname(http_host),
             '::1', '127.0.0.1', '::ffff:127.0.0.1')
except:
    hosts = (http_host, )

hosts = (remote_addr, )
And we're done.
Now you can go to your browser and use admin without https.

Eu sou Vinicius Assef, um programador do século passado que gosta de Python, pratica Lean Development e acredita em Deus. Você pode me contactar por email ou twitter.

Nenhum comentário:

Postar um comentário

Marcadores