Bringing in latest from upstream repo (#40)

* Remove py3.7 (pinterest#234) * Remove py3.7 * Restore cache action * Bump cryptography from 39.0.2 to 41.0.1 (pinterest#260) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.2 to 41.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@39.0.2...41.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tox from 3.25.0 to 4.6.0 (pinterest#262) Bumps [tox](https://github.com/tox-dev/tox) from 3.25.0 to 4.6.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@3.25.0...4.6.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 1.7.5 to 2.14.1 (pinterest#263) Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 1.7.5 to 2.14.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v1.7.5...v2.14.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flask from 2.1.2 to 2.3.2 (pinterest#250) Bumps [flask](https://github.com/pallets/flask) from 2.1.2 to 2.3.2. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.1.2...2.3.2) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 7.1.2 to 7.3.1 (pinterest#243) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.2 to 7.3.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.1.2...7.3.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump redis from 4.5.3 to 4.5.5 (pinterest#253) Bump redis from 4.3.3 to 4.5.5 Bumps [redis](https://github.com/redis/redis-py) from 4.3.3 to 4.5.5. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.3.3...v4.5.5) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuru Shao <[email protected]> * Bump coverage from 6.4.1 to 7.2.7 (pinterest#267) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.1 to 7.2.7. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@6.4.1...7.2.7) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest-cov from 3.0.0 to 4.1.0 (pinterest#266) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.1.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v3.0.0...v4.1.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3 to 4 (pinterest#282) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Snyk] Security upgrade cryptography from 41.0.1 to 41.0.4 (pinterest#284) fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629 Co-authored-by: snyk-bot <[email protected]> * Bump tox from 4.6.0 to 4.11.3 (pinterest#287) Bumps [tox](https://github.com/tox-dev/tox) from 4.6.0 to 4.11.3. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.6.0...4.11.3) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump fakeredis from 2.14.1 to 2.20.0 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.14.1 to 2.20.0. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.14.1...v2.20.0) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump redis from 4.5.5 to 5.0.1 Bumps [redis](https://github.com/redis/redis-py) from 4.5.5 to 5.0.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v4.5.5...v5.0.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Install deps from requirements.txt (pinterest#303) * Prepare 1.6.1 release (pinterest#304) * Prepare 1.6.1 release * Update configs * Fix dev requirements * Bump version: 1.6.0 → 1.6.1 (pinterest#305) * Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (pinterest#300) Use urllib.parse for quoting/unquoting plus werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions. * Bump actions/setup-python from 4 to 5 (pinterest#306) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github/codeql-action from 2 to 3 (pinterest#309) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump werkzeug from 2.3.3 to 3.0.1 (pinterest#295) Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.3 to 3.0.1. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.3.3...3.0.1) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flask from 2.3.2 to 3.0.0 (pinterest#294) Bumps [flask](https://github.com/pallets/flask) from 2.3.2 to 3.0.0. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@2.3.2...3.0.0) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pytest from 7.3.1 to 7.4.4 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.3.1 to 7.4.4. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.3.1...7.4.4) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump version: 1.6.1 → 1.6.2 (pinterest#311) * Bump freezegun from 1.2.1 to 1.4.0 Bumps [freezegun](https://github.com/spulec/freezegun) from 1.2.1 to 1.4.0. - [Release notes](https://github.com/spulec/freezegun/releases) - [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG) - [Commits](spulec/freezegun@1.2.1...1.4.0) --- updated-dependencies: - dependency-name: freezegun dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump flake8 from 6.0.0 to 7.0.0 Bumps [flake8](https://github.com/pycqa/flake8) from 6.0.0 to 7.0.0. - [Commits](PyCQA/flake8@6.0.0...7.0.0) --- updated-dependencies: - dependency-name: flake8 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Add health check endpoint (pinterest#329) * Add health check endpoint * Add assertion on status * add i18n to Snappass * Bump fakeredis from 2.20.0 to 2.21.1 Bumps [fakeredis](https://github.com/cunla/fakeredis-py) from 2.20.0 to 2.21.1. - [Release notes](https://github.com/cunla/fakeredis-py/releases) - [Commits](cunla/fakeredis-py@v2.20.0...v2.21.1) --- updated-dependencies: - dependency-name: fakeredis dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * remove import of flask, g * Add empty translations for de and es * Bump cryptography from 41.0.4 to 42.0.3 Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 42.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.4...42.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Add German Translation * Bump pytest from 7.4.4 to 8.0.1 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.0.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.4.4...8.0.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump coverage from 7.2.7 to 7.4.2 Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.7 to 7.4.2. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.2.7...7.4.2) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump tox from 4.11.3 to 4.13.0 Bumps [tox](https://github.com/tox-dev/tox) from 4.11.3 to 4.13.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.11.3...4.13.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * fix missing bracket * restore extra spaces * Add Spanish and fixup NL&DE * TIL flake8 :) * Bump actions/cache from 3 to 4 (pinterest#320) Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jinja2 from 3.1.2 to 3.1.3 (pinterest#336) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add /api endpoint for automated flows (pinterest#316) * add /api endpoint * pass password in request body when using API * flake8 fixed; tests added * flake8 fixed test.py --------- Co-authored-by: Reinoud van Leeuwen <[email protected]> * Bump pytest from 8.0.1 to 8.1.0 Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.0.1 to 8.1.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.0.1...8.1.0) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Yuru Shao <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Devin Lundberg <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Yuping Li <[email protected]> Co-authored-by: vin01 <[email protected]> Co-authored-by: systeembeheerder <[email protected]> Co-authored-by: Reinoud van Leeuwen <[email protected]> Co-authored-by: Reinoud van Leeuwen <[email protected]>
trackabout · Mar 7, 2024 · 8275b69 · 8275b69
1 parent 619e797
commit 8275b69
Show file tree

Hide file tree

Showing 17 changed files with 560 additions and 51 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
       uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       with:
         path: ~/.cache/pip
         key: ${{ runner.os }}-python-${{ matrix.python-version }}-pip-${{ hashFiles('.github/workflows/ci.yml') }}

diff --git a/.gitignore b/.gitignore
@@ -50,3 +50,7 @@ htmlcov/
 # virtualenv
 venv/
 ENV/
+
+# Translation catalogs
+*.mo
+*.pot
diff --git a/README.rst b/README.rst
@@ -96,6 +96,40 @@ need to change this.
 
 ``HOST_OVERRIDE``: (optional) Used to override the base URL if the app is unaware. Useful when running behind reverse proxies like an identity-aware SSO. Example: ``sub.domain.com``
 
+API
+---
+
+SnapPass also has a simple API that can be used to create passwords links. The advantage of using the API is that
+you can create a password and retrieve the link without having to open the web interface. This is useful if you want to
+embed it in a script or use it in a CI/CD pipeline.
+
+To create a password, send a POST request to ``/api/set_password`` like so:
+
+::
+
+    $ curl -X POST -H "Content-Type: application/json"  -d '{"password": "foobar"}' http://localhost:5000/api/set_password/
+
+This will return a JSON response with the password link:
+
+::
+
+    {
+        "link": "http://127.0.0.1:5000/snappassbedf19b161794fd288faec3eba15fa41~hHnILpQ50ZfJc3nurDfHCb_22rBr5gGEya68e_cZOrY%3D",
+        "ttl":1209600
+    }
+
+the default TTL is 2 weeks (1209600 seconds), but you can override it by adding a expiration parameter:
+
+::
+
+    $ curl -X POST -H "Content-Type: application/json"  -d '{"password": "foobar", "ttl": 3600 }' http://localhost:5000/api/set_password/
+
+Notes:
+
+- When using the API, you can specify any ttl, as long as it is lower than the default.
+- The password is passed in the body of the request rather than in the URL. This is to prevent the password from being logged in the server logs.
+- Depending on the environment you are running it, you might want to expose the ``/api`` endpoint to your internal network only, and put the web interface behind authentication.
+
 Docker
 ------
 

diff --git a/babel.cfg b/babel.cfg
@@ -0,0 +1,10 @@
+# Update Translations:
+# (venv) $ pybabel extract -F babel.cfg -o messages.pot .
+# (venv) $ pybabel update -i messages.pot -d snappass/translations
+# (venv) $ pybabel compile -d snappass/translations
+# Add a new language:
+# (venv) $ pybabel extract -F babel.cfg -o messages.pot .
+# (venv) $ pybabel init -i messages.pot -d snappass/translations -l <language_code>
+[python: snappass/**.py]
+[jinja2: snappass/templates/**.html]
+
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -1,9 +1,9 @@
-coverage==7.2.7
-fakeredis==2.20.0
+coverage==7.4.2
+fakeredis==2.21.1
 flake8==7.0.0
 freezegun==1.4.0
-pytest==7.4.4
+pytest==8.1.0
 pytest-cov==4.1.0
-tox==4.11.3
+tox==4.13.0
 bumpversion==0.6.0
 wheel==0.42.0
diff --git a/requirements.txt b/requirements.txt
@@ -1,7 +1,8 @@
-cryptography==42.0.0
+cryptography==42.0.3
 Flask==3.0.0
 itsdangerous==2.1.2
 Jinja2==3.1.3
 MarkupSafe==2.1.1
 redis==5.0.1
 Werkzeug==3.0.1
+flask-babel
diff --git a/snappass/main.py b/snappass/main.py
@@ -10,13 +10,13 @@
 from urllib.parse import quote_plus
 from urllib.parse import unquote_plus
 from distutils.util import strtobool
+from flask_babel import Babel
 
 NO_SSL = bool(strtobool(os.environ.get('NO_SSL', 'False')))
 URL_PREFIX = os.environ.get('URL_PREFIX', None)
 HOST_OVERRIDE = os.environ.get('HOST_OVERRIDE', None)
 TOKEN_SEPARATOR = '~'
 
-
 # Initialize Flask Application
 app = Flask(__name__)
 if os.environ.get('DEBUG'):
@@ -25,9 +25,18 @@
 app.config.update(
     dict(STATIC_URL=os.environ.get('STATIC_URL', 'static')))
 
+
+# Set up Babel
+def get_locale():
+    return request.accept_languages.best_match(['en', 'es', 'de', 'nl'])
+
+
+babel = Babel(app, locale_selector=get_locale)
+
 # Initialize Redis
 if os.environ.get('MOCK_REDIS'):
     from fakeredis import FakeStrictRedis
+
     redis_client = FakeStrictRedis()
 elif os.environ.get('REDIS_URL'):
     redis_client = redis.StrictRedis.from_url(os.environ.get('REDIS_URL'))
@@ -39,7 +48,10 @@
         host=redis_host, port=redis_port, db=redis_db)
 REDIS_PREFIX = os.environ.get('REDIS_PREFIX', 'snappass')
 
-TIME_CONVERSION = {'two weeks': 1209600, 'week': 604800, 'day': 86400, 'hour': 3600}
+TIME_CONVERSION = {'two weeks': 1209600, 'week': 604800, 'day': 86400,
+                   'hour': 3600}
+DEFAULT_API_TTL = 1209600
+MAX_TTL = DEFAULT_API_TTL
 
 
 def check_redis_alive(fn):
@@ -54,6 +66,7 @@ def inner(*args, **kwargs):
                 sys.exit(0)
             else:
                 return abort(500)
+
     return inner
 
 
@@ -154,33 +167,56 @@ def clean_input():
     return TIME_CONVERSION[time_period], request.form['password']
 
 
-@app.route('/', methods=['GET'])
-def index():
-    return render_template('set_password.html')
-
-
-@app.route('/', methods=['POST'])
-def handle_password():
-    ttl, password = clean_input()
-    token = set_password(password, ttl)
-
+def set_base_url(req):
     if NO_SSL:
         if HOST_OVERRIDE:
             base_url = f'http://{HOST_OVERRIDE}/'
         else:
-            base_url = request.url_root
+            base_url = req.url_root
     else:
         if HOST_OVERRIDE:
             base_url = f'https://{HOST_OVERRIDE}/'
         else:
-            base_url = request.url_root.replace("http://", "https://")
+            base_url = req.url_root.replace("http://", "https://")
     if URL_PREFIX:
         base_url = base_url + URL_PREFIX.strip("/") + "/"
-    link = base_url + quote_plus(token)
-    if request.accept_mimetypes.accept_json and not request.accept_mimetypes.accept_html:
+    return base_url
+
+
+@app.route('/', methods=['GET'])
+def index():
+    return render_template('set_password.html')
+
+
+@app.route('/', methods=['POST'])
+def handle_password():
+    password = request.form.get('password')
+    ttl = request.form.get('ttl')
+    if clean_input():
+        ttl = TIME_CONVERSION[ttl.lower()]
+        token = set_password(password, ttl)
+        base_url = set_base_url(request)
+        link = base_url + quote_plus(token)
+        if request.accept_mimetypes.accept_json and not \
+           request.accept_mimetypes.accept_html:
+            return jsonify(link=link, ttl=ttl)
+        else:
+            return render_template('confirm.html', password_link=link)
+    else:
+        abort(500)
+
+
+@app.route('/api/set_password/', methods=['POST'])
+def api_handle_password():
+    password = request.json.get('password')
+    ttl = int(request.json.get('ttl', DEFAULT_API_TTL))
+    if password and isinstance(ttl, int) and ttl <= MAX_TTL:
+        token = set_password(password, ttl)
+        base_url = set_base_url(request)
+        link = base_url + quote_plus(token)
         return jsonify(link=link, ttl=ttl)
     else:
-        return render_template('confirm.html', password_link=link)
+        abort(500)
 
 
 @app.route('/<password_key>', methods=['GET'])

diff --git a/snappass/templates/base.html b/snappass/templates/base.html
@@ -1,8 +1,7 @@
 <!DOCTYPE html>
-<html lang="en">
-
-<head>
-    <title>TrackAbout Snappass - Secret Sharing Service</title>
+<html lang="{{ _('en') }}">
+  <head>
+    <title>{{ _('TrackAbout Snappass - Secret Sharing Service') }}</title>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
@@ -16,10 +15,9 @@
         <div class="container">
             <div class="navbar-header">
                 <div style="margin-top:15px">
-                    <a class="logo"><img src="static/ta-logo.png"></img>
-                    </a>
+                    <a class="logo"><img src="static/ta-logo.png" /></a>
                 </div>
-                <a class="navbar-brand" href="/">Secret Sharing Service</a>
+                <a class="navbar-brand" href="/">{{ _('Share Secret') }}</a>
             </div>
         </div>
     </nav>

diff --git a/snappass/templates/confirm.html b/snappass/templates/confirm.html
@@ -3,15 +3,15 @@
 {% block content %}
 <div class="container">
   <section>
-    <div class="page-header"><h1>Share Secret Link</h1></div>
-    <p>The secret has been temporarily saved. Send the following URL to your intended recipient.</p>
+    <div class="page-header"><h1>{{ _('Share Secret Link') }}</h1></div>
+    <p>{{ _('The secret has been temporarily saved. Send the following URL to your intended recipient.') }}</p>
     <div class="row">
       <div class="col-sm-6 margin-bottom-10">
         <input type="text" class="form-control" id="password-link" value="{{ password_link }}" readonly="readonly">
       </div>
 
       <div class="col-sm-6">
-        <button title="Copy to clipboard" type="button" class="btn btn-primary copy-clipboard-btn"
+        <button title="{{ _('Copy to clipboard') }}" type="button" class="btn btn-primary copy-clipboard-btn"
               id="copy-clipboard-btn" data-clipboard-target="#password-link"
               data-placement='bottom'>
           <i class="fa fa-clipboard"></i>

diff --git a/snappass/templates/expired.html b/snappass/templates/expired.html
@@ -3,9 +3,9 @@
 {% block content %}
 <div class="container">
   <section>
-    <div class="page-header"><h1>Secret not found</h1></div>
-    <p class="lead">The requested URL was not found on the server. This could be because this URL never contained a secret, or because it expired or was revealed earlier.</p>
-    <p class="lead">If this URL was sent to you by someone, make sure to check your spelling or ask the person who sent it to you to send a new secret.</p>
+    <div class="page-header"><h1>{{ _('Secret not found') }}</h1></div>
+    <p class="lead">{{ _('The requested URL was not found on the server. This could be because this URL never contained a secret, or because it expired or was revealed earlier.') }}</p>
+    <p class="lead">{{ _('If this URL was sent to you by someone, make sure to check your spelling or ask the person who sent it to you to send a new secret.') }}</p>
   </section>
 </div>
 {% endblock %}
diff --git a/snappass/templates/password.html b/snappass/templates/password.html
@@ -3,22 +3,22 @@
 {% block content %}
 <div class="container">
   <section>
-    <div class="page-header"><h1>Secret</h1></div>
-    <p>Save the following secret to a secure location.</p>
+    <div class="page-header"><h1>{{ _('Secret') }}</h1></div>
+    <p>{{ _('Save the following secret to a secure location.') }}</p>
     <div class="row">
       <div class="col-sm-6 margin-bottom-10">
         <textarea class="form-control" rows="10" cols="50" id="password-text" name="password-text" readonly="readonly">{{ password }}</textarea>
       </div>
 
       <div class="col-sm-6">
-        <button title="Copy to clipboard" type="button" class="btn btn-primary copy-clipboard-btn"
+        <button title="{{ _('Copy to clipboard') }}" type="button" class="btn btn-primary copy-clipboard-btn"
               id="copy-clipboard-btn" data-clipboard-target="#password-text"
               data-placement='bottom'>
           <i class="fa fa-clipboard"></i>
         </button>
       </div>
     </div>
-    <p>The secret has now been permanently deleted from the system, and the URL will no longer work. Refresh this page to verify.</p>
+    <p>{{ _('The secret has now been permanently deleted from the system, and the URL will no longer work. Refresh this page to verify.') }}</p>
   </section>
 </div>
 {% endblock %}

diff --git a/snappass/templates/preview.html b/snappass/templates/preview.html
@@ -4,12 +4,12 @@
 <div class="container">
   <section>
     <div class="page-header">
-      <h1>Secret</h1>
+      <h1>{{ _('Secret') }}</h1>
     </div>
-    <p class="lead">You can only reveal the secret once!</p>
+    <p class="lead">{{ _('You can only reveal the secret once!') }}</p>
     <div class="row">
       <div class="col-sm-6 margin-bottom-10">
-        <button id="revealSecret" type="button" class="btn-lg btn-primary">Reveal secret</button>
+        <button id="revealSecret" type="button" class="btn-lg btn-primary">{{ _('Reveal secret') }}</button>
       </div>
     </div>
   </section>
@@ -20,4 +20,4 @@ <h1>Secret</h1>
 <script src="{{ config.STATIC_URL }}/clipboardjs/clipboard.min.js"></script>
 <script src="{{ config.STATIC_URL }}/snappass/scripts/clipboard_button.js"></script>
 <script src="{{ config.STATIC_URL }}/snappass/scripts/preview.js"></script>
-{% endblock %}
+{% endblock %}
diff --git a/snappass/templates/set_password.html b/snappass/templates/set_password.html
@@ -3,27 +3,27 @@
 {% block content %}
 <div class="container">
   <section>
-    <div class="page-header"><h1>Set Secret</h1></div>
+    <div class="page-header"><h1>{{ _('Set Secret') }}</h1></div>
     <div class="row">
       <form role="form" id="password_create" method="post" autocomplete="off">
         <div class="col-sm-6 margin-bottom-10">
           <div class="input-group">
             <span class="input-group-addon" id="basic-addon1"><span class="glyphicon glyphicon-lock" aria-hidden="true"></span></span>
-            <textarea rows="10" cols="50" id="password" name="password" autofocus="true" class="form-control" placeholder="This service allows you to share secrets in a secure, ephemeral way. Input a single or multi-line secret, its expiration time, and click Generate URL. Share the one-time use URL with your intended recipient." aria-describedby="basic-addon1" autocomplete="off" required></textarea>
+            <textarea rows="10" cols="50" id="password" name="password" autofocus="true" class="form-control" placeholder="{{ _('SnapPass allows you to share secrets in a secure, ephemeral way. Input a single or multi-line secret, its expiration time, and click Generate URL. Share the one-time use URL with your intended recipient.') }}" aria-describedby="basic-addon1" autocomplete="off" required></textarea>
           </div>
         </div>
 
         <div class="col-sm-2 margin-bottom-10">
           <select class="form-control" name="ttl">
-            <option value="Two Weeks">Two Weeks</option>
-            <option value="Week" selected="selected">Week</option>
-            <option value="Day">Day</option>
-            <option value="Hour">Hour</option>
+            <option value="Two Weeks">{{ _('Two Weeks') }}</option>
+            <option value="Week" selected="selected">{{ _('Week') }}</option>
+            <option value="Day">{{ _('Day') }}</option>
+            <option value="Hour">{{ _('Hour') }}</option>
           </select>
         </div>
 
         <div class="col-sm-4">
-          <button type="submit" class="btn btn-primary" id="submit">Generate URL</button>
+          <button type="submit" class="btn btn-primary" id="submit">{{ _('Generate URL') }}</button>
         </div>
       </form>
     </div>
-Original file line number
+Diff line change
@@ Expand Up / @@ -50,3 +50,7 @@ htmlcov/ @@
     # virtualenv
     venv/
     ENV/
+    # Translation catalogs
+    *.mo
+    *.pot