summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md3
-rw-r--r--app.py6
-rw-r--r--notes/certificates.md191
-rw-r--r--pki/root-ca.crt17
-rw-r--r--pki/root-ca.key28
-rw-r--r--pki/root-ca.srl1
-rw-r--r--pki/server.crt20
-rw-r--r--pki/server.csr15
-rw-r--r--pki/server.key28
-rw-r--r--requirements.txt10
-rw-r--r--views/base.html5
11 files changed, 317 insertions, 7 deletions
diff --git a/README.md b/README.md
index d133a1a..04533dd 100644
--- a/README.md
+++ b/README.md
@@ -14,5 +14,8 @@ containing styles specific to that view.
Global styles are thus contained in `static/styles/base.css`
since that template forms the base for all other views.
+`pki/` contains a certificate chain necessary for HTTPS support during development.
+See [`notes/certificates.md`](./notes/certificates.md) for more information.
+
`static/` is for files that never change.
All HTTP requests that begin with `/images/` or `/styles/` will be resolved relative to their corresponding subfolder in `static/`.
diff --git a/app.py b/app.py
index 5a1bae4..a0e7081 100644
--- a/app.py
+++ b/app.py
@@ -11,8 +11,7 @@ load_dotenv()
CLIENT_ID = os.environ.get("CLIENT_ID") # DOTENV ligger paa discorden, repoet er publkic saa det
CLIENT_SECRET = os.environ.get("CLIENT_ID") # DOTENV PAHAHAH
-REDIRECT_URI = "http://localhost:8080/callback"
-# REDIRECT_URI = "https://google.com"
+REDIRECT_URI = "https://localhost:8080/callback"
AUTH_BASE_URL = 'https://oauth.battle.net/authorize'
TOKEN_URL = "https://oauth.battle.net/token"
@@ -50,4 +49,5 @@ def server_static(type, filename):
return static_file(filename, root=f"./static/{type}/")
debug(True)
-run(app, host='localhost', port=8080, server="cherrypy", reloader=True, keyfile="./key.pem", certfile="./cert.pem", ssl_version="ssl.PROTOCOL_TLS") \ No newline at end of file
+run(app, host='localhost', port=8080, reloader=True,
+ server="gunicorn", keyfile="./pki/server.key", certfile="./pki/server.crt")
diff --git a/notes/certificates.md b/notes/certificates.md
new file mode 100644
index 0000000..c495534
--- /dev/null
+++ b/notes/certificates.md
@@ -0,0 +1,191 @@
+# Certificates
+
+It is necessary to generate self-signed certificates for development.
+If that didn't make sense, read on!
+
+## What are certificates and certificate authorities?
+
+[Public key certificates][certificate] are used in cryptography to prove the authenticity of a public key.
+More specifically,
+they are used in TLS/HTTPS communication to prevent [man in the middle attacks][mitm].
+When the browser wants to send an encrypted request to `blind-guild.org`,
+it receives the server's public key as part of the opening handshake.
+Here, certificates come into play!
+
+The certificate is basically a file that says
+"the public key of `blind-guild.org` is BLAHBLAHBLAH."
+It is signed by a certificate authority.
+That authority is in turn certified by another certificate authority,
+which is *also* certified by another CA...
+all the way up the CA chain!
+At the end of the chain, there are a few "root certificate authorities".
+They are managed usually managed by a component of the operating system.
+
+[certificate]: https://en.wikipedia.org/wiki/Public_key_certificate
+[ca]: https://en.wikipedia.org/wiki/Certificate_authority
+[mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
+
+## Why do we care about HTTPS
+
+Normally, we only care about HTTPS for production builds
+– we let the reverse proxy handle yucky stuff like that!
+We can do that because we don't care about (our own) security when developing
+and because `localhost` is considered a [secure context][sec-ctx],
+meaning we still have access to all the sweet features
+that are normally limited to pages served over HTTPS.
+
+Unfortunately for us,
+battle.net's API requires a HTTPS callback URI and does *not* make any exceptions for `localhost`.
+See [the documentation][ssl-req] for more details.
+**So we must generate SSL certificates anyways.**
+
+[sec-ctx]: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
+[ssl-req]: https://develop.battle.net/documentation/guides/using-oauth#:~:text=to%20begin%20working.-,Redirect%20URL,-Developers%20registering%20an
+
+## Creating self-signed certificates
+
+For development can get by with self-signed certificates.
+Normally,
+you have to pay a certificate authority for the privilege of
+them signing your certificate signing request.
+For development (and a school project),
+this is a bit too much work.
+Instead,
+we'll set up our own local certificate authority and use *that* to sign our development server's certificate.
+
+To generate the stuff in `pki/`,
+I largely followed the procedure layed out in [this SO answer][self-pki].
+I did, however, change days of validity from 365 to 328500 (900 years).
+That way,
+I can just check this stuff in to version control,
+and hopefully no-one else will have to bother with generating them.
+For reference,
+here is a transcript of my terminal session:
+
+```sh
+$ openssl req -x509 -nodes \
+ -newkey RSA:2048 \
+ -keyout root-ca.key \
+ -days 328500 \
+ -out root-ca.crt \
+ -subj '/CN=root_CA_for_firefox'
+Generating a 2048 bit RSA private key
+.....................................+++++
+....................................................................................................................................................................+++++
+writing new private key to 'root-ca.key'
+-----
+$ ls
+root-ca.crt root-ca.key
+$ cat root-ca.*
+-----BEGIN CERTIFICATE-----
+MIICujCCAaICCQCgquJyWnHovTANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNy
+b290X0NBX2Zvcl9maXJlZm94MCAXDTI0MDQyNDE4MTEyNVoYDzI5MjMwOTE5MTgx
+MTI1WjAeMRwwGgYDVQQDDBNyb290X0NBX2Zvcl9maXJlZm94MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VJEJ+DTEUe85ulf92HjDT6Xr4cDyS+uMJq3
+fNJkLOaMhptVtwGxtL4lh1vO8j9IZVLJ611VjXjAF06cjHgDsCMJ5Rf+05tUtxLW
+Z+QWFwNOS1VCDPpqEq0J+KrD9cuxLKK7nD5bPLxoXXmL3GN4v5kWqkMYDn0R66Nd
+IWCF8Wkgw2MLASIiB5tbYb7xJkpfioTfH3xQBlNtAaU1mtWAHZ2W+oyawcylSKFQ
+IymkjJvCjqRubLf+6q4MXpQC57wS7T+qxW1GRwpF6c5Vkx3bF9d9kXpaWDims6rs
+eevsA2mLhtfJ0RN5AU7spyaIGlHvK2NhSXVnBU8nLedX2qHgCQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQAZzYQ9B9Lj2oxFMPQ3Eb1fI7zfFxUH1+YCX3J3oAGFd3em
+LTrIZG0IjSdqvSLrkp3/IxVKCx5uEc40UjLSsN9HNqDmF0vVNNfKS4UiuFVEY7wE
+22y9LkCNxYvdKz7iA1Q3m9dyWUUTSrve7zmnnDdnNBXY1lvjBr6EAgDbY8/xVyIE
+4f5+3icYTjFLsdjlkjc7F3RJAKDfeO4CHl6I82QD21UO/hv4b1t7r7ZUfr1RYWb/
+Tv75ISwfBfuge33H0rOIpORY5g7yZSDE58YiRFGgG8kPsOdY3N9y2T5wVDXRHs01
+eJlWXed7w4P7O9NGpwuwrZmrz3RptyqAIlrAaK0u
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDRUkQn4NMRR7zm
+6V/3YeMNPpevhwPJL64wmrd80mQs5oyGm1W3AbG0viWHW87yP0hlUsnrXVWNeMAX
+TpyMeAOwIwnlF/7Tm1S3EtZn5BYXA05LVUIM+moSrQn4qsP1y7EsorucPls8vGhd
+eYvcY3i/mRaqQxgOfRHro10hYIXxaSDDYwsBIiIHm1thvvEmSl+KhN8ffFAGU20B
+pTWa1YAdnZb6jJrBzKVIoVAjKaSMm8KOpG5st/7qrgxelALnvBLtP6rFbUZHCkXp
+zlWTHdsX132RelpYOKazqux56+wDaYuG18nRE3kBTuynJogaUe8rY2FJdWcFTyct
+51faoeAJAgMBAAECggEBAKSyEthBqDDHfhU9eHmftlNcdWLxW4Q3lNm/UjHPJGzD
+tbvPiqCkn5rzpXmcPfcS3baDbkZXOJJIePOdscVARL6YwxdTSvhaFky5cKNrrgnL
+WxYg7ghiG4W4SskyK19BNpVFMVJdKdJe98rccLQmPAKcxF2QzuPPeoMqFYPGe30W
+aw4i8ZunXxriQ6kdXHG+QhP0JZVIpHwBlxwJ0R3jM2kZgcJk888HGt2AQZ6fHfoC
+HM0cE6fCKebR+NbujNOFc7UXSMUyEXkkvOlk+r/kxGeE4INP1o27utItYNuNpFqD
+iB+uupH/Q2xxSJ4Cke43sMzlrImjFibMvp/WcfBoxdECgYEA6+7RQCC4CQXg9tYY
+N6lkU5qjKfxiXlCj1ZCpX5lW34MbWgDTc2OpCkE5dbc1wSzwblpBdUe3NHVVMTu7
+7yVvvytfH8dEasb5BWgkFdqNyPzoaP9wN6TC1cyuKsbYmbq7NTM9D1Q5dTtsjGfO
+3PBVUlj3RxHTKj6roAO+D2P3J20CgYEA4yAC/eUZ5ANk9YZrIGsoFjPqYMlKXDUO
+uQnnaSnKcL5E68ehvVvKj5epY/EicsGEKgEeIphJgley9x9AsU40UnlI3/bzqIhV
+GRjHPxiV7W9pB+PR4JWhppgohkIz3/QD4RONQNYYot7Jx+/QP9IAO1Br8kP80BEE
+4HrlNuT/LY0CgYEAz/Qm4hQ0wlc5K7gXjnAy6vHhIS/A8Iq5bZNdhtLcXJPt9s3F
+ku5j35MP927t5YAbx9ir25jDpWxKE+QnySlBLsomxRbZehg5BAf/zndeA6rPm0SS
+/6isxs/rL+8mmZGaUtD/39QH9QnUqokRL3JycevSwQS4EIM+uQKzclNVVJ0CgYEA
+zSSKzzxxCCuwsrs4Y02mJXe6yLTG/0XFCIjThX8DpJWWtsfXZKtV6CB6FRUlojT7
+5NyhlWmra5k+wkpuKjeStrNpiTEKnzyUcFibDnhsYsrwOPojBRDhsxFX+Pwu0qca
+Id+BBADcu68y3e3TUPGi1/Apr+aMoHnex8r44X4wpbkCgYEA33ozRucqlq6IaXVJ
+khESj6rv0CIa0dNUYVR+IuXQTj6MuQhY31BgsQOonSS6I5UsdD2z3Bj0MFz0wN1J
+V/rWseLJbFEgZiFyClhZKSe3oom7ehZvbPBYmWAg+kiUBav/823IJ3JQZQ8t1jU/
+Mk0B0PEYP3KTTMwiO7uEnC73l7c=
+-----END PRIVATE KEY-----
+$ openssl req -nodes \
+ -newkey rsa:2048 \
+ -keyout server.key \
+ -out server.csr \
+ -subj '/CN=localhost'
+Generating a 2048 bit RSA private key
+...............+++++
+...........................................+++++
+writing new private key to 'server.key'
+-----
+$ openssl x509 -req
+ -CA root-ca.crt \
+ -CAkey root-ca.key \
+ -in server.csr \
+ -out server.crt \
+ -days 328500 \
+ -CAcreateserial \
+ -extfile <(printf "subjectAltName = DNS:localhost\nauthorityKeyIdentifier = keyid,issuer\nbasicConstraints = CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth")
+Signature ok
+subject=/CN=localhost
+Getting CA Private Key
+$ ls
+root-ca.crt root-ca.key root-ca.srl server.crt server.csr server.key
+```
+
+[self-pki]: https://stackoverflow.com/a/77009337
+
+## Trusting self-signed certificates
+
+Now, the browser obviously doesn't trust this certificate
+– nor should it!
+It doesn't know anything about our local CA,
+so this certificate may as come from a malicious actor.
+If you attempt to load https://localhost:8080
+without performing the steps in this section,
+the browser will give you an error like `NET::ERR_CERT_AUTHORITY_INVALID`.
+
+For development purposes
+we would like to inform the browser
+that this CA is indeed to be trusted.
+The process varies a bit between different combinations of browsers and operating systems.
+Firefox, for example, maintains its own list of CAs.
+[Here][ff-trust] is a guide on how to install our custom CA into Firefox's trust store.
+Chrome, on the other hand, seems to be using the operating system's certificate store,
+so you'll need to modify this instead.
+[Here][guide-win] is a guide on how to do it on Windows
+and [here][guide-osx] is a guide for MacOS.
+
+N.B. Always keep in mind that we are looking to install our CA, that is the file `pki/root-ca.crt`, NOT the servers certificate, found in `pki/server.crt`.
+
+[ff-trust]: https://javorszky.co.uk/2019/11/06/get-firefox-to-trust-your-self-signed-certificates/
+[guide-win]: https://techcommunity.microsoft.com/t5/windows-server-essentials-and/installing-a-self-signed-certificate-as-a-trusted-root-ca-in/ba-p/396105
+[guide-osx]: https://tosbourn.com/getting-os-x-to-trust-self-signed-ssl-certificates/
+
+## Chrome is annoying
+
+For Firefox, the above is enough.
+It nags you a bit but you can force it to pipe down.
+When presented with the warning,
+just click "Advanced" and then "continue".
+
+Not so much for Chrome.
+It still complains about an invalid CN (common name).
+Luckily, there's one final escape hatch:
+type "[thisisunsafe]" anywhere on the error page.
+
+[thisisunsafe]: https://cybercafe.dev/thisisunsafe-bypassing-chrome-security-warnings/
diff --git a/pki/root-ca.crt b/pki/root-ca.crt
new file mode 100644
index 0000000..8de3cef
--- /dev/null
+++ b/pki/root-ca.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICujCCAaICCQCgquJyWnHovTANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNy
+b290X0NBX2Zvcl9maXJlZm94MCAXDTI0MDQyNDE4MTEyNVoYDzI5MjMwOTE5MTgx
+MTI1WjAeMRwwGgYDVQQDDBNyb290X0NBX2Zvcl9maXJlZm94MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VJEJ+DTEUe85ulf92HjDT6Xr4cDyS+uMJq3
+fNJkLOaMhptVtwGxtL4lh1vO8j9IZVLJ611VjXjAF06cjHgDsCMJ5Rf+05tUtxLW
+Z+QWFwNOS1VCDPpqEq0J+KrD9cuxLKK7nD5bPLxoXXmL3GN4v5kWqkMYDn0R66Nd
+IWCF8Wkgw2MLASIiB5tbYb7xJkpfioTfH3xQBlNtAaU1mtWAHZ2W+oyawcylSKFQ
+IymkjJvCjqRubLf+6q4MXpQC57wS7T+qxW1GRwpF6c5Vkx3bF9d9kXpaWDims6rs
+eevsA2mLhtfJ0RN5AU7spyaIGlHvK2NhSXVnBU8nLedX2qHgCQIDAQABMA0GCSqG
+SIb3DQEBCwUAA4IBAQAZzYQ9B9Lj2oxFMPQ3Eb1fI7zfFxUH1+YCX3J3oAGFd3em
+LTrIZG0IjSdqvSLrkp3/IxVKCx5uEc40UjLSsN9HNqDmF0vVNNfKS4UiuFVEY7wE
+22y9LkCNxYvdKz7iA1Q3m9dyWUUTSrve7zmnnDdnNBXY1lvjBr6EAgDbY8/xVyIE
+4f5+3icYTjFLsdjlkjc7F3RJAKDfeO4CHl6I82QD21UO/hv4b1t7r7ZUfr1RYWb/
+Tv75ISwfBfuge33H0rOIpORY5g7yZSDE58YiRFGgG8kPsOdY3N9y2T5wVDXRHs01
+eJlWXed7w4P7O9NGpwuwrZmrz3RptyqAIlrAaK0u
+-----END CERTIFICATE-----
diff --git a/pki/root-ca.key b/pki/root-ca.key
new file mode 100644
index 0000000..4cdbbe3
--- /dev/null
+++ b/pki/root-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDRUkQn4NMRR7zm
+6V/3YeMNPpevhwPJL64wmrd80mQs5oyGm1W3AbG0viWHW87yP0hlUsnrXVWNeMAX
+TpyMeAOwIwnlF/7Tm1S3EtZn5BYXA05LVUIM+moSrQn4qsP1y7EsorucPls8vGhd
+eYvcY3i/mRaqQxgOfRHro10hYIXxaSDDYwsBIiIHm1thvvEmSl+KhN8ffFAGU20B
+pTWa1YAdnZb6jJrBzKVIoVAjKaSMm8KOpG5st/7qrgxelALnvBLtP6rFbUZHCkXp
+zlWTHdsX132RelpYOKazqux56+wDaYuG18nRE3kBTuynJogaUe8rY2FJdWcFTyct
+51faoeAJAgMBAAECggEBAKSyEthBqDDHfhU9eHmftlNcdWLxW4Q3lNm/UjHPJGzD
+tbvPiqCkn5rzpXmcPfcS3baDbkZXOJJIePOdscVARL6YwxdTSvhaFky5cKNrrgnL
+WxYg7ghiG4W4SskyK19BNpVFMVJdKdJe98rccLQmPAKcxF2QzuPPeoMqFYPGe30W
+aw4i8ZunXxriQ6kdXHG+QhP0JZVIpHwBlxwJ0R3jM2kZgcJk888HGt2AQZ6fHfoC
+HM0cE6fCKebR+NbujNOFc7UXSMUyEXkkvOlk+r/kxGeE4INP1o27utItYNuNpFqD
+iB+uupH/Q2xxSJ4Cke43sMzlrImjFibMvp/WcfBoxdECgYEA6+7RQCC4CQXg9tYY
+N6lkU5qjKfxiXlCj1ZCpX5lW34MbWgDTc2OpCkE5dbc1wSzwblpBdUe3NHVVMTu7
+7yVvvytfH8dEasb5BWgkFdqNyPzoaP9wN6TC1cyuKsbYmbq7NTM9D1Q5dTtsjGfO
+3PBVUlj3RxHTKj6roAO+D2P3J20CgYEA4yAC/eUZ5ANk9YZrIGsoFjPqYMlKXDUO
+uQnnaSnKcL5E68ehvVvKj5epY/EicsGEKgEeIphJgley9x9AsU40UnlI3/bzqIhV
+GRjHPxiV7W9pB+PR4JWhppgohkIz3/QD4RONQNYYot7Jx+/QP9IAO1Br8kP80BEE
+4HrlNuT/LY0CgYEAz/Qm4hQ0wlc5K7gXjnAy6vHhIS/A8Iq5bZNdhtLcXJPt9s3F
+ku5j35MP927t5YAbx9ir25jDpWxKE+QnySlBLsomxRbZehg5BAf/zndeA6rPm0SS
+/6isxs/rL+8mmZGaUtD/39QH9QnUqokRL3JycevSwQS4EIM+uQKzclNVVJ0CgYEA
+zSSKzzxxCCuwsrs4Y02mJXe6yLTG/0XFCIjThX8DpJWWtsfXZKtV6CB6FRUlojT7
+5NyhlWmra5k+wkpuKjeStrNpiTEKnzyUcFibDnhsYsrwOPojBRDhsxFX+Pwu0qca
+Id+BBADcu68y3e3TUPGi1/Apr+aMoHnex8r44X4wpbkCgYEA33ozRucqlq6IaXVJ
+khESj6rv0CIa0dNUYVR+IuXQTj6MuQhY31BgsQOonSS6I5UsdD2z3Bj0MFz0wN1J
+V/rWseLJbFEgZiFyClhZKSe3oom7ehZvbPBYmWAg+kiUBav/823IJ3JQZQ8t1jU/
+Mk0B0PEYP3KTTMwiO7uEnC73l7c=
+-----END PRIVATE KEY-----
diff --git a/pki/root-ca.srl b/pki/root-ca.srl
new file mode 100644
index 0000000..fb7e7c4
--- /dev/null
+++ b/pki/root-ca.srl
@@ -0,0 +1 @@
+AD34ED79527821BC
diff --git a/pki/server.crt b/pki/server.crt
new file mode 100644
index 0000000..94b3b7e
--- /dev/null
+++ b/pki/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAh6gAwIBAgIJAK007XlSeCG8MA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV
+BAMME3Jvb3RfQ0FfZm9yX2ZpcmVmb3gwIBcNMjQwNDI0MTgxMzE4WhgPMjkyMzA5
+MTkxODEzMThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANkCWMmAzCp0hZt+DYzaD4K4wmWoHsm4mKZ/uR1eQpc9
+ls43vf+PbsC/lUNXSaQ78l7c1bAybbzxg3db47JE4+DR70k/64RPceo2IVYSQNbe
+tYs3k39yrBObL3feXp/4yR0uxLhSylTFrChG/42KVBUq81AtTXTgSjjEANK4bKRn
+RK9OmeoaUzxcw5kj+NSLme3qD6bTwlZTDCMrkljE1sswD36iFHg7zsRIfNa5NRXv
+ce6G/4iSqAV1rh4DwcOeeCgZ8UIfWrN1Zs5KZcxnSsCy797dTGx7WMuFAJ+Sx8mQ
+CLwbVhaL0fyVoYk+tCzxELbMpc/cIk6k3gJrquMbtIMCAwEAAaN/MH0wFAYDVR0R
+BA0wC4IJbG9jYWxob3N0MDgGA1UdIwQxMC+hIqQgMB4xHDAaBgNVBAMME3Jvb3Rf
+Q0FfZm9yX2ZpcmVmb3iCCQCgquJyWnHovTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAIl2M/pfi
++n9KJyeOXNvazFu/3rt71/tbXNIuj3wNAzn7bLkNiyVrgCt0FWqbweX/gexzK7r4
+5XM0NyMTfLCrQjr845ephZYZVlYJekPQhFmT2/eHPGo8o0p9LBJQJjlKcbxrRrCe
+8w45sGfi9hZXrQ5Afia4+pWv9BGnjQCr+YWloLmk7YmhdL+PDhmZ5CD7SUIAu/y2
+ctsElV0Zh1phVvi6CRQssaCnKxYbLO3/lpyCJrr73YCQU9gOQzM585EFp0+t3CF3
+DUNJapCPD+n19ow0Kq1nICGY8LmnEvc1a7B2/M3kzvwJ0xm1zZreLDkoqo0b3Th8
+BkkplnPb0dCP1A==
+-----END CERTIFICATE-----
diff --git a/pki/server.csr b/pki/server.csr
new file mode 100644
index 0000000..74eecc4
--- /dev/null
+++ b/pki/server.csr
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA2QJYyYDMKnSFm34NjNoPgrjCZageybiYpn+5HV5C
+lz2Wzje9/49uwL+VQ1dJpDvyXtzVsDJtvPGDd1vjskTj4NHvST/rhE9x6jYhVhJA
+1t61izeTf3KsE5svd95en/jJHS7EuFLKVMWsKEb/jYpUFSrzUC1NdOBKOMQA0rhs
+pGdEr06Z6hpTPFzDmSP41IuZ7eoPptPCVlMMIyuSWMTWyzAPfqIUeDvOxEh81rk1
+Fe9x7ob/iJKoBXWuHgPBw554KBnxQh9as3VmzkplzGdKwLLv3t1MbHtYy4UAn5LH
+yZAIvBtWFovR/JWhiT60LPEQtsylz9wiTqTeAmuq4xu0gwIDAQABoAAwDQYJKoZI
+hvcNAQELBQADggEBADC68rYRRw9kLyv5g+Z5a2D3U35KqDr32oV54umMdSC6Nzve
+lQ188FWSEx+kSE40DbkFxzcSo9HNEkomxIdWTgf6fMjLCjfE7r1Gb3QA5sOPKdZF
+JHzvNn5HqBmBDeMndlJ6npPDRqUAZZIb+Up0bpLZO4PGRgl6eQIwI4SHYw3i/jlq
+v4gi/p0BFANJ9j6NMMDbONlI7Cuaa/lxtDgMkxIF906bgdzVYTu77behFuDwEWs4
+U9cYVNmhANxHd9Kb0Sw3AVY8SdydQ6KTqoldgWVpx2Zm7u4i5Lt9QHyeGjhPCUEg
+GqStE6Kc0hE4QDhcLXR2eTApSgFEJ0G2clniAfM=
+-----END CERTIFICATE REQUEST-----
diff --git a/pki/server.key b/pki/server.key
new file mode 100644
index 0000000..e47d186
--- /dev/null
+++ b/pki/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDZAljJgMwqdIWb
+fg2M2g+CuMJlqB7JuJimf7kdXkKXPZbON73/j27Av5VDV0mkO/Je3NWwMm288YN3
+W+OyROPg0e9JP+uET3HqNiFWEkDW3rWLN5N/cqwTmy933l6f+MkdLsS4UspUxawo
+Rv+NilQVKvNQLU104Eo4xADSuGykZ0SvTpnqGlM8XMOZI/jUi5nt6g+m08JWUwwj
+K5JYxNbLMA9+ohR4O87ESHzWuTUV73Huhv+IkqgFda4eA8HDnngoGfFCH1qzdWbO
+SmXMZ0rAsu/e3Uxse1jLhQCfksfJkAi8G1YWi9H8laGJPrQs8RC2zKXP3CJOpN4C
+a6rjG7SDAgMBAAECggEAGmCcpjGPn4F2VAYoY3yF8h+/EVg0FdToSSSxPY6djYCg
++gPwhkXK8obW/852Vw4qUbmKB9a5XAQHNNTogly5TjR2X3Lzj6uQbyWRO8MQOo3r
+hzaEKTOpEuEEDg/rdIpq968dnkIB8fftCyBGI9AylDgaRx6akaBJpUi9yN895WWm
+qpYoU/dFD+qzpSjAN0fFEJotm9300WSZPaH1sD94584nXxPzaFnCWk6oNuLCMk6H
+Mr1bO3gW1OlwTatrmVeRThuiHuNEAs+LtlUVKIVpTttDayOeHShrmfsrAyVENqDP
+sI3oIeXVJ3vWkBUwW8z703LR1GNbaVP59Nc4h3mpYQKBgQD2YkIbt73SpXpsUy3j
+pvG0vOdk30MxMXwp5b5UBUxHYBWYUBZ8y0hIJ/iXH4tCZSdmOHAvXW42TWcebqUF
+Jw/e81AlhHaN01wwePMwzoDnmtvRSlL+jQKnRtN18GqShjMNCbFnzEPapqUMHhlE
++AD6AxNezUUHi55bxmfIMJrwqwKBgQDhepeM+b/mXCVkU0DJyOK0pzurrYxNjKjH
+jyTD4QcESko/OX5WK+rj/1MYHtIhk2Kje9b9pburVv7nYd2SOyVMWI7qD6Cb1R88
+s0hP3uboL0UlccyoeSGkppriunXObfGCHMyA98Fom2Md7/FLcGliVnFQjEocmo2R
+05kE/yy7iQKBgE5w7/0lHYEv/+72+HgvEWrqbX0W+6xwxcgNBfB4E1XyCE4KyW4H
+xkZ6u1FZ0Jtd2xJXS5g41briH793mIAwdIQV0OFw79Gthf9EsqBKTo3uJqfWUuAK
+AttA2FgHJ9bodN5kxJ94T+4P+iIGfyMPFjiCvCsFjUGeuNcdLrN0jg+rAoGAGGZf
+yA2uyormMPkhZbSrc8k1F9rr9+hky1OeMuRDEh/H8ReTqFeQT6PtpgqPyrpcTjy0
+gzZQHLaJVxisFYr4+k4LCSEvzC0/+B2ekaYZbr7OyMKL1x9kmKC+2hI7dV9IZ0Ae
+kUY+U8ec7jxs7DD59n5MPN8xle7Tqxgu0u+aM6ECgYBf5ae0uDcp1rw2raSrjIl/
+ENLp+242T1tQCqJGERcBGUQtqS2zsxHcSy9gLtuO4BgufjVTm7W21VD7t2JJ0V9c
+MauRQbO/Wyr9zW3/bzUO8yB33XSEIq3hhZosuML1Q4nZq4w8zAmS8vdN8cUi3mkn
+R5Sze/KvPQv7Et6JpFvXQw==
+-----END PRIVATE KEY-----
diff --git a/requirements.txt b/requirements.txt
index b9a19df..1544077 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,12 @@
bottle==0.12.25
+certifi==2024.2.2
+charset-normalizer==3.3.2
+gunicorn==21.2.0
+idna==3.7
Jinja2==3.1.3
MarkupSafe==2.1.5
-oauth==1.0.1
+oauthlib==3.2.2
+packaging==24.0
+requests==2.31.0
+requests-oauthlib==2.0.0
+urllib3==2.2.1
diff --git a/views/base.html b/views/base.html
index 4f17b34..9133090 100644
--- a/views/base.html
+++ b/views/base.html
@@ -12,11 +12,10 @@
<svg xmlns="http://www.w3.org/2000/svg" width="187" height="40" fill="none" viewBox="0 0 187 40"><path fill="#3A724F" fill-rule="evenodd" d="M19.87 4.567 22.507 0l7.476 4.317-2.636 4.566c-.463.801.23 1.775 1.138 1.6l5.052-.975 1.635 8.477-5.052.974c-8.172 1.576-14.411-7.184-10.25-14.392Z" clip-rule="evenodd"></path><path fill="#DC8E43" fill-rule="evenodd" d="M15.302 35.433 12.665 40l-7.477-4.316 2.637-4.567c.463-.801-.23-1.775-1.139-1.6l-5.051.974L0 22.015l5.052-.974c8.172-1.576 14.41 7.184 10.25 14.392Z" clip-rule="evenodd"></path><path fill="#14424C" fill-rule="evenodd" d="M15.53 4.567 12.894 0 5.417 4.317l2.637 4.566c.462.801-.23 1.775-1.139 1.6l-5.052-.975L.23 17.985l5.051.974c8.173 1.576 14.412-7.184 10.25-14.392Z" clip-rule="evenodd"></path><path fill="#C85D1B" fill-rule="evenodd" d="M19.65 35.433 22.285 40l7.477-4.316-2.637-4.567c-.462-.801.23-1.775 1.139-1.6l5.051.974 1.635-8.476-5.052-.974c-8.172-1.576-14.41 7.184-10.25 14.392Z" clip-rule="evenodd"></path><path fill="#14424C" d="M163.114 30.153v-8.5c0-1.178.271-2.235.813-3.17.561-.954 1.356-1.702 2.385-2.245 1.029-.542 2.254-.813 3.675-.813a7.23 7.23 0 0 1 1.964.252c.599.15 1.141.365 1.627.645.505.262.935.58 1.291.954h.056a5.5 5.5 0 0 1 1.29-.954 6.772 6.772 0 0 1 1.656-.645 7.541 7.541 0 0 1 1.992-.252c1.421 0 2.646.27 3.675.813 1.028.543 1.823 1.29 2.384 2.245.562.935.842 1.991.842 3.17v8.5h-4.377v-8.36c0-.467-.121-.888-.364-1.262a2.663 2.663 0 0 0-.926-.954 2.508 2.508 0 0 0-1.347-.365c-.505 0-.963.122-1.374.365a2.654 2.654 0 0 0-.926.954 2.4 2.4 0 0 0-.337 1.262v8.36h-4.348v-8.36c0-.467-.122-.888-.365-1.262a2.585 2.585 0 0 0-.954-.954 2.508 2.508 0 0 0-1.347-.365c-.505 0-.963.122-1.374.365a2.654 2.654 0 0 0-.926.954 2.41 2.41 0 0 0-.337 1.262v8.36h-4.348ZM153.603 30.49c-1.477 0-2.759-.28-3.843-.842-1.066-.58-1.889-1.356-2.469-2.328-.58-.991-.87-2.086-.87-3.283v-8.276h4.349v8.164c0 .505.121.973.364 1.403.243.411.571.748.982 1.01.43.243.917.365 1.459.365.524 0 .991-.122 1.403-.365.43-.262.767-.599 1.01-1.01.243-.43.365-.898.365-1.403v-8.164h4.348v8.276c0 1.197-.281 2.292-.842 3.283-.561.972-1.374 1.749-2.44 2.328-1.048.561-2.32.842-3.816.842ZM132.414 30.153v-3.45h6.93c.187 0 .355-.038.505-.113.149-.093.271-.215.364-.364a.93.93 0 0 0 0-.982.9.9 0 0 0-.364-.337.934.934 0 0 0-.505-.14h-2.525c-.936 0-1.787-.15-2.553-.449a4.052 4.052 0 0 1-1.796-1.459c-.43-.673-.645-1.543-.645-2.609 0-.823.196-1.571.589-2.244a4.76 4.76 0 0 1 1.655-1.628 4.568 4.568 0 0 1 2.329-.617h6.929v3.479h-6.256a.97.97 0 0 0-.673.253.841.841 0 0 0-.253.617c0 .262.085.486.253.673a.97.97 0 0 0 .673.253h2.469c1.047 0 1.945.159 2.693.476.767.3 1.356.786 1.768 1.46.43.673.645 1.542.645 2.608 0 .842-.215 1.609-.645 2.3a4.613 4.613 0 0 1-1.684 1.656c-.692.412-1.477.617-2.356.617h-7.547ZM122.94 15.425c1.216 0 2.291.196 3.226.589a6.41 6.41 0 0 1 2.413 1.627 6.993 6.993 0 0 1 1.543 2.469c.355.935.533 1.973.533 3.114 0 1.421-.299 2.684-.898 3.787a6.471 6.471 0 0 1-2.412 2.553c-1.029.617-2.226.926-3.591.926-.58 0-1.132-.075-1.656-.224a5.312 5.312 0 0 1-1.402-.646 3.9 3.9 0 0 1-1.038-1.038h-.085v7.66h-4.348V23.223c0-1.59.318-2.965.954-4.124a6.666 6.666 0 0 1 2.693-2.694c1.16-.654 2.516-.981 4.068-.981Zm0 3.759c-.673 0-1.262.168-1.767.505-.487.318-.861.767-1.123 1.347-.261.56-.392 1.197-.392 1.907 0 .711.131 1.347.392 1.908.262.561.636 1.01 1.123 1.347.505.318 1.094.477 1.767.477.673 0 1.253-.16 1.739-.477a3.297 3.297 0 0 0 1.123-1.347c.28-.561.42-1.197.42-1.908 0-.71-.14-1.346-.42-1.907-.262-.58-.636-1.03-1.123-1.347-.486-.337-1.066-.505-1.739-.505ZM108.617 30.153V15.761h4.377v14.392h-4.377Zm2.188-16.019c-.692 0-1.29-.252-1.795-.757-.505-.505-.758-1.104-.758-1.796s.253-1.29.758-1.795c.505-.524 1.103-.786 1.795-.786s1.291.262 1.796.786c.505.505.757 1.103.757 1.795s-.252 1.29-.757 1.796c-.505.505-1.104.757-1.796.757ZM99.105 30.49c-1.477 0-2.805-.327-3.984-.982a7.462 7.462 0 0 1-2.805-2.693c-.673-1.141-1.01-2.422-1.01-3.844 0-1.44.337-2.721 1.01-3.843a7.462 7.462 0 0 1 2.805-2.693c1.179-.674 2.507-1.01 3.984-1.01 1.478 0 2.796.336 3.956 1.01a7.25 7.25 0 0 1 2.777 2.693c.692 1.122 1.038 2.403 1.038 3.843 0 1.422-.346 2.703-1.038 3.844a7.25 7.25 0 0 1-2.777 2.693c-1.178.655-2.497.982-3.956.982Zm0-3.787c.692 0 1.291-.169 1.796-.505a3.424 3.424 0 0 0 1.178-1.347c.281-.561.421-1.197.421-1.908 0-.692-.14-1.318-.421-1.88a3.423 3.423 0 0 0-1.178-1.346c-.505-.337-1.104-.505-1.796-.505s-1.3.168-1.823.505a3.428 3.428 0 0 0-1.179 1.347 4.144 4.144 0 0 0-.42 1.88c0 .71.14 1.346.42 1.907a3.43 3.43 0 0 0 1.179 1.347c.523.336 1.131.505 1.823.505ZM77.174 35.849v-3.732h7.181c.281 0 .515-.093.702-.28a.83.83 0 0 0 .28-.646v-3.17h-.084a6.59 6.59 0 0 1-1.206 1.094c-.412.3-.88.524-1.403.674a6.023 6.023 0 0 1-1.711.224c-1.272 0-2.413-.3-3.423-.898-.991-.617-1.777-1.468-2.357-2.553-.56-1.084-.841-2.319-.841-3.703 0-1.365.29-2.609.87-3.731.598-1.122 1.468-2.02 2.609-2.693 1.14-.674 2.534-1.01 4.18-1.01 1.571 0 2.927.327 4.068.982a6.624 6.624 0 0 1 2.693 2.72c.636 1.16.954 2.526.954 4.097v8.416c0 1.29-.383 2.31-1.15 3.058-.748.767-1.786 1.15-3.114 1.15h-8.248Zm4.825-9.483c.673 0 1.253-.15 1.74-.449a3.18 3.18 0 0 0 1.121-1.262 3.834 3.834 0 0 0 .393-1.74c0-.673-.13-1.29-.392-1.851-.262-.561-.636-1.001-1.123-1.319-.486-.337-1.066-.505-1.74-.505-.654 0-1.234.159-1.739.477-.486.318-.86.748-1.122 1.29-.261.543-.392 1.15-.392 1.824 0 .655.13 1.253.392 1.796.262.523.636.944 1.123 1.262.504.318 1.084.477 1.739.477ZM65.473 30.49c-1.477 0-2.805-.327-3.983-.982a7.46 7.46 0 0 1-2.806-2.693c-.673-1.141-1.01-2.422-1.01-3.844 0-1.44.337-2.721 1.01-3.843a7.46 7.46 0 0 1 2.806-2.693c1.178-.674 2.506-1.01 3.983-1.01 1.478 0 2.796.336 3.956 1.01a7.252 7.252 0 0 1 2.777 2.693c.692 1.122 1.038 2.403 1.038 3.843 0 1.422-.346 2.703-1.038 3.844a7.252 7.252 0 0 1-2.777 2.693c-1.178.655-2.497.982-3.956.982Zm0-3.787c.692 0 1.29-.169 1.796-.505a3.43 3.43 0 0 0 1.178-1.347c.28-.561.42-1.197.42-1.908 0-.692-.14-1.318-.42-1.88a3.429 3.429 0 0 0-1.178-1.346c-.505-.337-1.104-.505-1.796-.505s-1.3.168-1.823.505a3.428 3.428 0 0 0-1.179 1.347 4.145 4.145 0 0 0-.42 1.88c0 .71.14 1.346.42 1.907a3.43 3.43 0 0 0 1.179 1.347c.523.336 1.131.505 1.823.505ZM51.547 30.153c-1.216 0-2.282-.27-3.198-.813a5.763 5.763 0 0 1-2.132-2.16c-.505-.898-.758-1.89-.758-2.974V10.515h4.713v14.027c0 .45.16.842.477 1.179.318.336.71.505 1.178.505h5.19v3.927h-5.47Z"></path></svg>
</a>
<ul class="navbar__links" role="navigation" aria-label="Main">
- <li><a class="navbar_location" href="/battle">Log in</a></li>
- <li><a class="navbar__location" href="/">Index</a></li>
- <li><a class="navbar__location" href="/about.html">About us</a></li>
+ <li><a class="navbar__location" href="/index.html">About us</a></li>
<li><a class="navbar__location" href="/history.html">History</a></li>
<li><a class="navbar__location" href="/join.html">Join</a></li>
+ <li><a class="navbar__location" href="/battle">Log in</a></li>
</ul>
</header>
<main>{% block content %}{% endblock %}</main>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-08 01:45:53 +0000