From 45a7c91fbef2e9c2c0c6821edb06bae75077b50c Mon Sep 17 00:00:00 2001 From: Linnnus Date: Wed, 24 Apr 2024 20:50:26 +0200 Subject: Add self-signed certificates --- README.md | 3 + app.py | 6 +- notes/certificates.md | 191 ++++++++++++++++++++++++++++++++++++++++++++++++++ pki/root-ca.crt | 17 +++++ pki/root-ca.key | 28 ++++++++ pki/root-ca.srl | 1 + pki/server.crt | 20 ++++++ pki/server.csr | 15 ++++ pki/server.key | 28 ++++++++ 9 files changed, 306 insertions(+), 3 deletions(-) create mode 100644 notes/certificates.md create mode 100644 pki/root-ca.crt create mode 100644 pki/root-ca.key create mode 100644 pki/root-ca.srl create mode 100644 pki/server.crt create mode 100644 pki/server.csr create mode 100644 pki/server.key diff --git a/README.md b/README.md index d133a1a..04533dd 100644 --- a/README.md +++ b/README.md @@ -14,5 +14,8 @@ containing styles specific to that view. Global styles are thus contained in `static/styles/base.css` since that template forms the base for all other views. +`pki/` contains a certificate chain necessary for HTTPS support during development. +See [`notes/certificates.md`](./notes/certificates.md) for more information. + `static/` is for files that never change. All HTTP requests that begin with `/images/` or `/styles/` will be resolved relative to their corresponding subfolder in `static/`. diff --git a/app.py b/app.py index 7621b28..a731604 100644 --- a/app.py +++ b/app.py @@ -6,8 +6,7 @@ import secrets CLIENT_ID = "x" # DOTENV ligger paa discorden, repoet er publkic saa det CLIENT_SECRET = "x" # DOTENV PAHAHAH -REDIRECT_URI = "http://localhost:8080/callback" -# REDIRECT_URI = "https://google.com" +REDIRECT_URI = "https://localhost:8080/callback" AUTH_BASE_URL = 'https://oauth.battle.net/authorize' TOKEN_URL = "https://oauth.battle.net/token" @@ -45,4 +44,5 @@ def server_static(type, filename): return static_file(filename, root=f"./static/{type}/") debug(True) -run(app, host='localhost', port=8080, reloader=True) \ No newline at end of file +run(app, host='localhost', port=8080, reloader=True, + server="gunicorn", keyfile="./pki/server.key", certfile="./pki/server.crt") diff --git a/notes/certificates.md b/notes/certificates.md new file mode 100644 index 0000000..c495534 --- /dev/null +++ b/notes/certificates.md @@ -0,0 +1,191 @@ +# Certificates + +It is necessary to generate self-signed certificates for development. +If that didn't make sense, read on! + +## What are certificates and certificate authorities? + +[Public key certificates][certificate] are used in cryptography to prove the authenticity of a public key. +More specifically, +they are used in TLS/HTTPS communication to prevent [man in the middle attacks][mitm]. +When the browser wants to send an encrypted request to `blind-guild.org`, +it receives the server's public key as part of the opening handshake. +Here, certificates come into play! + +The certificate is basically a file that says +"the public key of `blind-guild.org` is BLAHBLAHBLAH." +It is signed by a certificate authority. +That authority is in turn certified by another certificate authority, +which is *also* certified by another CA... +all the way up the CA chain! +At the end of the chain, there are a few "root certificate authorities". +They are managed usually managed by a component of the operating system. + +[certificate]: https://en.wikipedia.org/wiki/Public_key_certificate +[ca]: https://en.wikipedia.org/wiki/Certificate_authority +[mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack + +## Why do we care about HTTPS + +Normally, we only care about HTTPS for production builds +– we let the reverse proxy handle yucky stuff like that! +We can do that because we don't care about (our own) security when developing +and because `localhost` is considered a [secure context][sec-ctx], +meaning we still have access to all the sweet features +that are normally limited to pages served over HTTPS. + +Unfortunately for us, +battle.net's API requires a HTTPS callback URI and does *not* make any exceptions for `localhost`. +See [the documentation][ssl-req] for more details. +**So we must generate SSL certificates anyways.** + +[sec-ctx]: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts +[ssl-req]: https://develop.battle.net/documentation/guides/using-oauth#:~:text=to%20begin%20working.-,Redirect%20URL,-Developers%20registering%20an + +## Creating self-signed certificates + +For development can get by with self-signed certificates. +Normally, +you have to pay a certificate authority for the privilege of +them signing your certificate signing request. +For development (and a school project), +this is a bit too much work. +Instead, +we'll set up our own local certificate authority and use *that* to sign our development server's certificate. + +To generate the stuff in `pki/`, +I largely followed the procedure layed out in [this SO answer][self-pki]. +I did, however, change days of validity from 365 to 328500 (900 years). +That way, +I can just check this stuff in to version control, +and hopefully no-one else will have to bother with generating them. +For reference, +here is a transcript of my terminal session: + +```sh +$ openssl req -x509 -nodes \ + -newkey RSA:2048 \ + -keyout root-ca.key \ + -days 328500 \ + -out root-ca.crt \ + -subj '/CN=root_CA_for_firefox' +Generating a 2048 bit RSA private key +.....................................+++++ +....................................................................................................................................................................+++++ +writing new private key to 'root-ca.key' +----- +$ ls +root-ca.crt root-ca.key +$ cat root-ca.* +-----BEGIN CERTIFICATE----- +MIICujCCAaICCQCgquJyWnHovTANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNy +b290X0NBX2Zvcl9maXJlZm94MCAXDTI0MDQyNDE4MTEyNVoYDzI5MjMwOTE5MTgx +MTI1WjAeMRwwGgYDVQQDDBNyb290X0NBX2Zvcl9maXJlZm94MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VJEJ+DTEUe85ulf92HjDT6Xr4cDyS+uMJq3 +fNJkLOaMhptVtwGxtL4lh1vO8j9IZVLJ611VjXjAF06cjHgDsCMJ5Rf+05tUtxLW +Z+QWFwNOS1VCDPpqEq0J+KrD9cuxLKK7nD5bPLxoXXmL3GN4v5kWqkMYDn0R66Nd +IWCF8Wkgw2MLASIiB5tbYb7xJkpfioTfH3xQBlNtAaU1mtWAHZ2W+oyawcylSKFQ +IymkjJvCjqRubLf+6q4MXpQC57wS7T+qxW1GRwpF6c5Vkx3bF9d9kXpaWDims6rs +eevsA2mLhtfJ0RN5AU7spyaIGlHvK2NhSXVnBU8nLedX2qHgCQIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQAZzYQ9B9Lj2oxFMPQ3Eb1fI7zfFxUH1+YCX3J3oAGFd3em +LTrIZG0IjSdqvSLrkp3/IxVKCx5uEc40UjLSsN9HNqDmF0vVNNfKS4UiuFVEY7wE +22y9LkCNxYvdKz7iA1Q3m9dyWUUTSrve7zmnnDdnNBXY1lvjBr6EAgDbY8/xVyIE +4f5+3icYTjFLsdjlkjc7F3RJAKDfeO4CHl6I82QD21UO/hv4b1t7r7ZUfr1RYWb/ +Tv75ISwfBfuge33H0rOIpORY5g7yZSDE58YiRFGgG8kPsOdY3N9y2T5wVDXRHs01 +eJlWXed7w4P7O9NGpwuwrZmrz3RptyqAIlrAaK0u +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDRUkQn4NMRR7zm +6V/3YeMNPpevhwPJL64wmrd80mQs5oyGm1W3AbG0viWHW87yP0hlUsnrXVWNeMAX +TpyMeAOwIwnlF/7Tm1S3EtZn5BYXA05LVUIM+moSrQn4qsP1y7EsorucPls8vGhd +eYvcY3i/mRaqQxgOfRHro10hYIXxaSDDYwsBIiIHm1thvvEmSl+KhN8ffFAGU20B +pTWa1YAdnZb6jJrBzKVIoVAjKaSMm8KOpG5st/7qrgxelALnvBLtP6rFbUZHCkXp +zlWTHdsX132RelpYOKazqux56+wDaYuG18nRE3kBTuynJogaUe8rY2FJdWcFTyct +51faoeAJAgMBAAECggEBAKSyEthBqDDHfhU9eHmftlNcdWLxW4Q3lNm/UjHPJGzD +tbvPiqCkn5rzpXmcPfcS3baDbkZXOJJIePOdscVARL6YwxdTSvhaFky5cKNrrgnL +WxYg7ghiG4W4SskyK19BNpVFMVJdKdJe98rccLQmPAKcxF2QzuPPeoMqFYPGe30W +aw4i8ZunXxriQ6kdXHG+QhP0JZVIpHwBlxwJ0R3jM2kZgcJk888HGt2AQZ6fHfoC +HM0cE6fCKebR+NbujNOFc7UXSMUyEXkkvOlk+r/kxGeE4INP1o27utItYNuNpFqD +iB+uupH/Q2xxSJ4Cke43sMzlrImjFibMvp/WcfBoxdECgYEA6+7RQCC4CQXg9tYY +N6lkU5qjKfxiXlCj1ZCpX5lW34MbWgDTc2OpCkE5dbc1wSzwblpBdUe3NHVVMTu7 +7yVvvytfH8dEasb5BWgkFdqNyPzoaP9wN6TC1cyuKsbYmbq7NTM9D1Q5dTtsjGfO +3PBVUlj3RxHTKj6roAO+D2P3J20CgYEA4yAC/eUZ5ANk9YZrIGsoFjPqYMlKXDUO +uQnnaSnKcL5E68ehvVvKj5epY/EicsGEKgEeIphJgley9x9AsU40UnlI3/bzqIhV +GRjHPxiV7W9pB+PR4JWhppgohkIz3/QD4RONQNYYot7Jx+/QP9IAO1Br8kP80BEE +4HrlNuT/LY0CgYEAz/Qm4hQ0wlc5K7gXjnAy6vHhIS/A8Iq5bZNdhtLcXJPt9s3F +ku5j35MP927t5YAbx9ir25jDpWxKE+QnySlBLsomxRbZehg5BAf/zndeA6rPm0SS +/6isxs/rL+8mmZGaUtD/39QH9QnUqokRL3JycevSwQS4EIM+uQKzclNVVJ0CgYEA +zSSKzzxxCCuwsrs4Y02mJXe6yLTG/0XFCIjThX8DpJWWtsfXZKtV6CB6FRUlojT7 +5NyhlWmra5k+wkpuKjeStrNpiTEKnzyUcFibDnhsYsrwOPojBRDhsxFX+Pwu0qca +Id+BBADcu68y3e3TUPGi1/Apr+aMoHnex8r44X4wpbkCgYEA33ozRucqlq6IaXVJ +khESj6rv0CIa0dNUYVR+IuXQTj6MuQhY31BgsQOonSS6I5UsdD2z3Bj0MFz0wN1J +V/rWseLJbFEgZiFyClhZKSe3oom7ehZvbPBYmWAg+kiUBav/823IJ3JQZQ8t1jU/ +Mk0B0PEYP3KTTMwiO7uEnC73l7c= +-----END PRIVATE KEY----- +$ openssl req -nodes \ + -newkey rsa:2048 \ + -keyout server.key \ + -out server.csr \ + -subj '/CN=localhost' +Generating a 2048 bit RSA private key +...............+++++ +...........................................+++++ +writing new private key to 'server.key' +----- +$ openssl x509 -req + -CA root-ca.crt \ + -CAkey root-ca.key \ + -in server.csr \ + -out server.crt \ + -days 328500 \ + -CAcreateserial \ + -extfile <(printf "subjectAltName = DNS:localhost\nauthorityKeyIdentifier = keyid,issuer\nbasicConstraints = CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth") +Signature ok +subject=/CN=localhost +Getting CA Private Key +$ ls +root-ca.crt root-ca.key root-ca.srl server.crt server.csr server.key +``` + +[self-pki]: https://stackoverflow.com/a/77009337 + +## Trusting self-signed certificates + +Now, the browser obviously doesn't trust this certificate +– nor should it! +It doesn't know anything about our local CA, +so this certificate may as come from a malicious actor. +If you attempt to load https://localhost:8080 +without performing the steps in this section, +the browser will give you an error like `NET::ERR_CERT_AUTHORITY_INVALID`. + +For development purposes +we would like to inform the browser +that this CA is indeed to be trusted. +The process varies a bit between different combinations of browsers and operating systems. +Firefox, for example, maintains its own list of CAs. +[Here][ff-trust] is a guide on how to install our custom CA into Firefox's trust store. +Chrome, on the other hand, seems to be using the operating system's certificate store, +so you'll need to modify this instead. +[Here][guide-win] is a guide on how to do it on Windows +and [here][guide-osx] is a guide for MacOS. + +N.B. Always keep in mind that we are looking to install our CA, that is the file `pki/root-ca.crt`, NOT the servers certificate, found in `pki/server.crt`. + +[ff-trust]: https://javorszky.co.uk/2019/11/06/get-firefox-to-trust-your-self-signed-certificates/ +[guide-win]: https://techcommunity.microsoft.com/t5/windows-server-essentials-and/installing-a-self-signed-certificate-as-a-trusted-root-ca-in/ba-p/396105 +[guide-osx]: https://tosbourn.com/getting-os-x-to-trust-self-signed-ssl-certificates/ + +## Chrome is annoying + +For Firefox, the above is enough. +It nags you a bit but you can force it to pipe down. +When presented with the warning, +just click "Advanced" and then "continue". + +Not so much for Chrome. +It still complains about an invalid CN (common name). +Luckily, there's one final escape hatch: +type "[thisisunsafe]" anywhere on the error page. + +[thisisunsafe]: https://cybercafe.dev/thisisunsafe-bypassing-chrome-security-warnings/ diff --git a/pki/root-ca.crt b/pki/root-ca.crt new file mode 100644 index 0000000..8de3cef --- /dev/null +++ b/pki/root-ca.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICujCCAaICCQCgquJyWnHovTANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNy +b290X0NBX2Zvcl9maXJlZm94MCAXDTI0MDQyNDE4MTEyNVoYDzI5MjMwOTE5MTgx +MTI1WjAeMRwwGgYDVQQDDBNyb290X0NBX2Zvcl9maXJlZm94MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VJEJ+DTEUe85ulf92HjDT6Xr4cDyS+uMJq3 +fNJkLOaMhptVtwGxtL4lh1vO8j9IZVLJ611VjXjAF06cjHgDsCMJ5Rf+05tUtxLW +Z+QWFwNOS1VCDPpqEq0J+KrD9cuxLKK7nD5bPLxoXXmL3GN4v5kWqkMYDn0R66Nd +IWCF8Wkgw2MLASIiB5tbYb7xJkpfioTfH3xQBlNtAaU1mtWAHZ2W+oyawcylSKFQ +IymkjJvCjqRubLf+6q4MXpQC57wS7T+qxW1GRwpF6c5Vkx3bF9d9kXpaWDims6rs +eevsA2mLhtfJ0RN5AU7spyaIGlHvK2NhSXVnBU8nLedX2qHgCQIDAQABMA0GCSqG +SIb3DQEBCwUAA4IBAQAZzYQ9B9Lj2oxFMPQ3Eb1fI7zfFxUH1+YCX3J3oAGFd3em +LTrIZG0IjSdqvSLrkp3/IxVKCx5uEc40UjLSsN9HNqDmF0vVNNfKS4UiuFVEY7wE +22y9LkCNxYvdKz7iA1Q3m9dyWUUTSrve7zmnnDdnNBXY1lvjBr6EAgDbY8/xVyIE +4f5+3icYTjFLsdjlkjc7F3RJAKDfeO4CHl6I82QD21UO/hv4b1t7r7ZUfr1RYWb/ +Tv75ISwfBfuge33H0rOIpORY5g7yZSDE58YiRFGgG8kPsOdY3N9y2T5wVDXRHs01 +eJlWXed7w4P7O9NGpwuwrZmrz3RptyqAIlrAaK0u +-----END CERTIFICATE----- diff --git a/pki/root-ca.key b/pki/root-ca.key new file mode 100644 index 0000000..4cdbbe3 --- /dev/null +++ b/pki/root-ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDRUkQn4NMRR7zm +6V/3YeMNPpevhwPJL64wmrd80mQs5oyGm1W3AbG0viWHW87yP0hlUsnrXVWNeMAX +TpyMeAOwIwnlF/7Tm1S3EtZn5BYXA05LVUIM+moSrQn4qsP1y7EsorucPls8vGhd +eYvcY3i/mRaqQxgOfRHro10hYIXxaSDDYwsBIiIHm1thvvEmSl+KhN8ffFAGU20B +pTWa1YAdnZb6jJrBzKVIoVAjKaSMm8KOpG5st/7qrgxelALnvBLtP6rFbUZHCkXp +zlWTHdsX132RelpYOKazqux56+wDaYuG18nRE3kBTuynJogaUe8rY2FJdWcFTyct +51faoeAJAgMBAAECggEBAKSyEthBqDDHfhU9eHmftlNcdWLxW4Q3lNm/UjHPJGzD +tbvPiqCkn5rzpXmcPfcS3baDbkZXOJJIePOdscVARL6YwxdTSvhaFky5cKNrrgnL +WxYg7ghiG4W4SskyK19BNpVFMVJdKdJe98rccLQmPAKcxF2QzuPPeoMqFYPGe30W +aw4i8ZunXxriQ6kdXHG+QhP0JZVIpHwBlxwJ0R3jM2kZgcJk888HGt2AQZ6fHfoC +HM0cE6fCKebR+NbujNOFc7UXSMUyEXkkvOlk+r/kxGeE4INP1o27utItYNuNpFqD +iB+uupH/Q2xxSJ4Cke43sMzlrImjFibMvp/WcfBoxdECgYEA6+7RQCC4CQXg9tYY +N6lkU5qjKfxiXlCj1ZCpX5lW34MbWgDTc2OpCkE5dbc1wSzwblpBdUe3NHVVMTu7 +7yVvvytfH8dEasb5BWgkFdqNyPzoaP9wN6TC1cyuKsbYmbq7NTM9D1Q5dTtsjGfO +3PBVUlj3RxHTKj6roAO+D2P3J20CgYEA4yAC/eUZ5ANk9YZrIGsoFjPqYMlKXDUO +uQnnaSnKcL5E68ehvVvKj5epY/EicsGEKgEeIphJgley9x9AsU40UnlI3/bzqIhV +GRjHPxiV7W9pB+PR4JWhppgohkIz3/QD4RONQNYYot7Jx+/QP9IAO1Br8kP80BEE +4HrlNuT/LY0CgYEAz/Qm4hQ0wlc5K7gXjnAy6vHhIS/A8Iq5bZNdhtLcXJPt9s3F +ku5j35MP927t5YAbx9ir25jDpWxKE+QnySlBLsomxRbZehg5BAf/zndeA6rPm0SS +/6isxs/rL+8mmZGaUtD/39QH9QnUqokRL3JycevSwQS4EIM+uQKzclNVVJ0CgYEA +zSSKzzxxCCuwsrs4Y02mJXe6yLTG/0XFCIjThX8DpJWWtsfXZKtV6CB6FRUlojT7 +5NyhlWmra5k+wkpuKjeStrNpiTEKnzyUcFibDnhsYsrwOPojBRDhsxFX+Pwu0qca +Id+BBADcu68y3e3TUPGi1/Apr+aMoHnex8r44X4wpbkCgYEA33ozRucqlq6IaXVJ +khESj6rv0CIa0dNUYVR+IuXQTj6MuQhY31BgsQOonSS6I5UsdD2z3Bj0MFz0wN1J +V/rWseLJbFEgZiFyClhZKSe3oom7ehZvbPBYmWAg+kiUBav/823IJ3JQZQ8t1jU/ +Mk0B0PEYP3KTTMwiO7uEnC73l7c= +-----END PRIVATE KEY----- diff --git a/pki/root-ca.srl b/pki/root-ca.srl new file mode 100644 index 0000000..fb7e7c4 --- /dev/null +++ b/pki/root-ca.srl @@ -0,0 +1 @@ +AD34ED79527821BC diff --git a/pki/server.crt b/pki/server.crt new file mode 100644 index 0000000..94b3b7e --- /dev/null +++ b/pki/server.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNjCCAh6gAwIBAgIJAK007XlSeCG8MA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNV +BAMME3Jvb3RfQ0FfZm9yX2ZpcmVmb3gwIBcNMjQwNDI0MTgxMzE4WhgPMjkyMzA5 +MTkxODEzMThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANkCWMmAzCp0hZt+DYzaD4K4wmWoHsm4mKZ/uR1eQpc9 +ls43vf+PbsC/lUNXSaQ78l7c1bAybbzxg3db47JE4+DR70k/64RPceo2IVYSQNbe +tYs3k39yrBObL3feXp/4yR0uxLhSylTFrChG/42KVBUq81AtTXTgSjjEANK4bKRn +RK9OmeoaUzxcw5kj+NSLme3qD6bTwlZTDCMrkljE1sswD36iFHg7zsRIfNa5NRXv +ce6G/4iSqAV1rh4DwcOeeCgZ8UIfWrN1Zs5KZcxnSsCy797dTGx7WMuFAJ+Sx8mQ +CLwbVhaL0fyVoYk+tCzxELbMpc/cIk6k3gJrquMbtIMCAwEAAaN/MH0wFAYDVR0R +BA0wC4IJbG9jYWxob3N0MDgGA1UdIwQxMC+hIqQgMB4xHDAaBgNVBAMME3Jvb3Rf +Q0FfZm9yX2ZpcmVmb3iCCQCgquJyWnHovTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF +oDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAIl2M/pfi ++n9KJyeOXNvazFu/3rt71/tbXNIuj3wNAzn7bLkNiyVrgCt0FWqbweX/gexzK7r4 +5XM0NyMTfLCrQjr845ephZYZVlYJekPQhFmT2/eHPGo8o0p9LBJQJjlKcbxrRrCe +8w45sGfi9hZXrQ5Afia4+pWv9BGnjQCr+YWloLmk7YmhdL+PDhmZ5CD7SUIAu/y2 +ctsElV0Zh1phVvi6CRQssaCnKxYbLO3/lpyCJrr73YCQU9gOQzM585EFp0+t3CF3 +DUNJapCPD+n19ow0Kq1nICGY8LmnEvc1a7B2/M3kzvwJ0xm1zZreLDkoqo0b3Th8 +BkkplnPb0dCP1A== +-----END CERTIFICATE----- diff --git a/pki/server.csr b/pki/server.csr new file mode 100644 index 0000000..74eecc4 --- /dev/null +++ b/pki/server.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA2QJYyYDMKnSFm34NjNoPgrjCZageybiYpn+5HV5C +lz2Wzje9/49uwL+VQ1dJpDvyXtzVsDJtvPGDd1vjskTj4NHvST/rhE9x6jYhVhJA +1t61izeTf3KsE5svd95en/jJHS7EuFLKVMWsKEb/jYpUFSrzUC1NdOBKOMQA0rhs +pGdEr06Z6hpTPFzDmSP41IuZ7eoPptPCVlMMIyuSWMTWyzAPfqIUeDvOxEh81rk1 +Fe9x7ob/iJKoBXWuHgPBw554KBnxQh9as3VmzkplzGdKwLLv3t1MbHtYy4UAn5LH +yZAIvBtWFovR/JWhiT60LPEQtsylz9wiTqTeAmuq4xu0gwIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBADC68rYRRw9kLyv5g+Z5a2D3U35KqDr32oV54umMdSC6Nzve +lQ188FWSEx+kSE40DbkFxzcSo9HNEkomxIdWTgf6fMjLCjfE7r1Gb3QA5sOPKdZF +JHzvNn5HqBmBDeMndlJ6npPDRqUAZZIb+Up0bpLZO4PGRgl6eQIwI4SHYw3i/jlq +v4gi/p0BFANJ9j6NMMDbONlI7Cuaa/lxtDgMkxIF906bgdzVYTu77behFuDwEWs4 +U9cYVNmhANxHd9Kb0Sw3AVY8SdydQ6KTqoldgWVpx2Zm7u4i5Lt9QHyeGjhPCUEg +GqStE6Kc0hE4QDhcLXR2eTApSgFEJ0G2clniAfM= +-----END CERTIFICATE REQUEST----- diff --git a/pki/server.key b/pki/server.key new file mode 100644 index 0000000..e47d186 --- /dev/null +++ b/pki/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDZAljJgMwqdIWb +fg2M2g+CuMJlqB7JuJimf7kdXkKXPZbON73/j27Av5VDV0mkO/Je3NWwMm288YN3 +W+OyROPg0e9JP+uET3HqNiFWEkDW3rWLN5N/cqwTmy933l6f+MkdLsS4UspUxawo +Rv+NilQVKvNQLU104Eo4xADSuGykZ0SvTpnqGlM8XMOZI/jUi5nt6g+m08JWUwwj +K5JYxNbLMA9+ohR4O87ESHzWuTUV73Huhv+IkqgFda4eA8HDnngoGfFCH1qzdWbO +SmXMZ0rAsu/e3Uxse1jLhQCfksfJkAi8G1YWi9H8laGJPrQs8RC2zKXP3CJOpN4C +a6rjG7SDAgMBAAECggEAGmCcpjGPn4F2VAYoY3yF8h+/EVg0FdToSSSxPY6djYCg ++gPwhkXK8obW/852Vw4qUbmKB9a5XAQHNNTogly5TjR2X3Lzj6uQbyWRO8MQOo3r +hzaEKTOpEuEEDg/rdIpq968dnkIB8fftCyBGI9AylDgaRx6akaBJpUi9yN895WWm +qpYoU/dFD+qzpSjAN0fFEJotm9300WSZPaH1sD94584nXxPzaFnCWk6oNuLCMk6H +Mr1bO3gW1OlwTatrmVeRThuiHuNEAs+LtlUVKIVpTttDayOeHShrmfsrAyVENqDP +sI3oIeXVJ3vWkBUwW8z703LR1GNbaVP59Nc4h3mpYQKBgQD2YkIbt73SpXpsUy3j +pvG0vOdk30MxMXwp5b5UBUxHYBWYUBZ8y0hIJ/iXH4tCZSdmOHAvXW42TWcebqUF +Jw/e81AlhHaN01wwePMwzoDnmtvRSlL+jQKnRtN18GqShjMNCbFnzEPapqUMHhlE ++AD6AxNezUUHi55bxmfIMJrwqwKBgQDhepeM+b/mXCVkU0DJyOK0pzurrYxNjKjH +jyTD4QcESko/OX5WK+rj/1MYHtIhk2Kje9b9pburVv7nYd2SOyVMWI7qD6Cb1R88 +s0hP3uboL0UlccyoeSGkppriunXObfGCHMyA98Fom2Md7/FLcGliVnFQjEocmo2R +05kE/yy7iQKBgE5w7/0lHYEv/+72+HgvEWrqbX0W+6xwxcgNBfB4E1XyCE4KyW4H +xkZ6u1FZ0Jtd2xJXS5g41briH793mIAwdIQV0OFw79Gthf9EsqBKTo3uJqfWUuAK +AttA2FgHJ9bodN5kxJ94T+4P+iIGfyMPFjiCvCsFjUGeuNcdLrN0jg+rAoGAGGZf +yA2uyormMPkhZbSrc8k1F9rr9+hky1OeMuRDEh/H8ReTqFeQT6PtpgqPyrpcTjy0 +gzZQHLaJVxisFYr4+k4LCSEvzC0/+B2ekaYZbr7OyMKL1x9kmKC+2hI7dV9IZ0Ae +kUY+U8ec7jxs7DD59n5MPN8xle7Tqxgu0u+aM6ECgYBf5ae0uDcp1rw2raSrjIl/ +ENLp+242T1tQCqJGERcBGUQtqS2zsxHcSy9gLtuO4BgufjVTm7W21VD7t2JJ0V9c +MauRQbO/Wyr9zW3/bzUO8yB33XSEIq3hhZosuML1Q4nZq4w8zAmS8vdN8cUi3mkn +R5Sze/KvPQv7Et6JpFvXQw== +-----END PRIVATE KEY----- -- cgit v1.2.3 From bf8d6254c4b9c41408d47125e773b4aeecb2647a Mon Sep 17 00:00:00 2001 From: Linnnus Date: Wed, 24 Apr 2024 20:50:56 +0200 Subject: Clean up navbar --- views/base.html | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/views/base.html b/views/base.html index 4f17b34..9133090 100644 --- a/views/base.html +++ b/views/base.html @@ -12,11 +12,10 @@
{% block content %}{% endblock %}
-- cgit v1.2.3 From 61ad52abf7b1a7ecede5cf59bfad847216e91cc5 Mon Sep 17 00:00:00 2001 From: Linnnus Date: Thu, 25 Apr 2024 09:51:21 +0200 Subject: fix: Add missing rependencies The changes introduced in 45a7c91fbef2e9c2c0c6821edb06bae75077b50c rely on using gunicorn instead of the default wsgi server. This patch makes sure that package is added to the list of requrements. --- requirements.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b9a19df..1544077 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,12 @@ bottle==0.12.25 +certifi==2024.2.2 +charset-normalizer==3.3.2 +gunicorn==21.2.0 +idna==3.7 Jinja2==3.1.3 MarkupSafe==2.1.5 -oauth==1.0.1 +oauthlib==3.2.2 +packaging==24.0 +requests==2.31.0 +requests-oauthlib==2.0.0 +urllib3==2.2.1 -- cgit v1.2.3