commit 9b65f1fdcfcaaa22719a83be26dbcb5dbe855b0c
author Ed Tanous <ed.tanous@intel.com> Tue Mar 07 15:17:13 2017 -0800
committer Ed Tanous <ed.tanous@intel.com> Tue Mar 07 15:17:13 2017 -0800
tree e4eddadebad9695a04b451be41ca1e458113a421
parent 9992332be956c173199257b55e592ec2d2331e3a

incremental

src/token_authorization_middleware.cpp

diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp
index aeef58c..3a92218 100644
--- a/src/token_authorization_middleware.cpp
+++ b/src/token_authorization_middleware.cpp
@@ -13,10 +13,21 @@
 void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value) { cookies_to_push_to_client.emplace(key, value); }
 
 void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx) {
+  return;
+  
   auto return_unauthorized = [&req, &res]() {
     res.code = 401;
     res.end();
   };
+  if (req.url == "/" || boost::starts_with(req.url, "/static/")){
+    //TODO this is total hackery to allow the login page to work before the user
+    // is authenticated.  Also, it will be quite slow for all pages.
+    // Ideally, this should be done in the url router handler, with tagged routes
+    // for the whitelist entries.
+    return;
+  }
+
+  //TODO this
   if (req.url == "/login") {
   }
   // Check for an authorization header, reject if not present