From 36747129985e4c78c0bd5d4e874a3732974812d9 Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Sun, 27 Sep 2020 05:38:31 -0700
Subject: [PATCH] fix cookie/session issues

---
 wowstash/app.py            |  1 +
 wowstash/config.example.py |  4 +-
 wowstash/factory.py        | 98 ++++++++++++++++----------------------
 3 files changed, 44 insertions(+), 59 deletions(-)

diff --git a/wowstash/app.py b/wowstash/app.py
index 30b7f3c..6238590 100644
--- a/wowstash/app.py
+++ b/wowstash/app.py
@@ -1,4 +1,5 @@
 from wowstash.factory import create_app
+from wowstash import config
 
 app = create_app()
 
diff --git a/wowstash/config.example.py b/wowstash/config.example.py
index d0ca249..99ccb23 100644
--- a/wowstash/config.example.py
+++ b/wowstash/config.example.py
@@ -18,11 +18,13 @@ SECRET_KEY = 'secret session key here' # encrypts the session token
 
 # Session
 PERMANENT_SESSION_LIFETIME = 1800 # 60 minute session expiry
-SESSION_TYPE = 'redis'
 SESSION_COOKIE_NAME = 'wowstash'
+SESSION_COOKIE_DOMAIN = '127.0.0.1'
 SESSION_COOKIE_SECURE = False
 SESSION_USE_SIGNER = True
 SESSION_PERMANENT = True
+
+# Redis
 REDIS_HOST = 'localhost'
 REDIS_PORT = 6379
 
diff --git a/wowstash/factory.py b/wowstash/factory.py
index 761c3bd..d070b0e 100644
--- a/wowstash/factory.py
+++ b/wowstash/factory.py
@@ -9,12 +9,10 @@ from datetime import datetime
 from wowstash import config
 
 
-app = None
-db = None
-bcrypt = None
+db = SQLAlchemy()
+bcrypt = Bcrypt()
 
 def _setup_db(app: Flask):
-    global db
     uri = 'postgresql+psycopg2://{user}:{pw}@{host}:{port}/{db}'.format(
         user=config.DB_USER,
         pw=config.DB_PASS,
@@ -28,70 +26,54 @@ def _setup_db(app: Flask):
     import wowstash.models
     db.create_all()
 
-def _setup_session(app: Flask):
-    app.config['SESSION_REDIS'] = Redis(
-        host=app.config['REDIS_HOST'],
-        port=app.config['REDIS_PORT']
-    )
-    Session(app)
-
-def _setup_bcrypt(app: Flask):
-    global bcrypt
-    bcrypt = Bcrypt(app)
-
 def create_app():
-    global app
-    global db
-    global bcrypt
-    global login_manager
     app = Flask(__name__)
     app.config.from_envvar('FLASK_SECRETS')
-    app.secret_key = app.config['SECRET_KEY']
 
     # Setup backends
     _setup_db(app)
-    _setup_session(app)
-    _setup_bcrypt(app)
-    CSRFProtect(app)
+    bcrypt = Bcrypt(app)
+    login_manager = LoginManager(app)
+
+    with app.app_context():
 
-    login_manager = LoginManager()
-    login_manager.init_app(app)
-    login_manager.login_view = 'auth.login'
-    login_manager.logout_view = 'auth.logout'
+        # Login manager
+        login_manager.login_view = 'auth.login'
+        login_manager.logout_view = 'auth.logout'
 
-    @login_manager.user_loader
-    def load_user(user_id):
-        from wowstash.models import User
-        user = User.query.get(user_id)
-        return user
+        @login_manager.user_loader
+        def load_user(user_id):
+            from wowstash.models import User
+            user = User.query.get(user_id)
+            return user
 
-    # template filters
-    @app.template_filter('datestamp')
-    def datestamp(s):
-        d = datetime.fromtimestamp(s)
-        return d.strftime('%Y-%m-%d %H:%M:%S')
+        # Template filters
+        @app.template_filter('datestamp')
+        def datestamp(s):
+            d = datetime.fromtimestamp(s)
+            return d.strftime('%Y-%m-%d %H:%M:%S')
 
-    @app.template_filter('from_atomic')
-    def from_atomic(a):
-        from wowstash.library.jsonrpc import from_atomic
-        atomic = from_atomic(a)
-        if atomic == 0:
-            return 0
-        else:
-            return float(atomic)
+        @app.template_filter('from_atomic')
+        def from_atomic(a):
+            from wowstash.library.jsonrpc import from_atomic
+            atomic = from_atomic(a)
+            if atomic == 0:
+                return 0
+            else:
+                return float(atomic)
 
-    @app.cli.command('clean_containers')
-    def clean_containers():
-        from wowstash.library.docker import docker
-        docker.cleanup()
+        # CLI
+        @app.cli.command('clean_containers')
+        def clean_containers():
+            from wowstash.library.docker import docker
+            docker.cleanup()
 
-    # Routes
-    from wowstash.blueprints.auth import auth_bp
-    from wowstash.blueprints.wallet import wallet_bp
-    from wowstash.blueprints.meta import meta_bp
-    app.register_blueprint(meta_bp)
-    app.register_blueprint(auth_bp)
-    app.register_blueprint(wallet_bp)
+        # Routes/blueprints
+        from wowstash.blueprints.auth import auth_bp
+        from wowstash.blueprints.wallet import wallet_bp
+        from wowstash.blueprints.meta import meta_bp
+        app.register_blueprint(meta_bp)
+        app.register_blueprint(auth_bp)
+        app.register_blueprint(wallet_bp)
 
-    app.app_context().push()
-    return app
+        return app