MarseyWorld
/
MarseyWorld
10
10
Fork 0
Code Issues 2 Pull Requests Packages Releases Wiki Activity
MarseyWorld/files/helpers/wrappers.py

203 lines
3.8 KiB
Python
Raw Normal View History

sneed
2021-07-21 01:12:26 +00:00
from .get import *
from .alerts import send_notification
create const.py
2021-08-21 11:06:28 +00:00
from files.helpers.const import *
sneed
2021-07-21 01:12:26 +00:00
fdfd
2021-08-03 16:25:38 +00:00
def get_logged_in_user():
sneed
2021-07-21 01:12:26 +00:00
ggffg
2021-07-31 04:32:42 +00:00
if request.headers.get("Authorization"):
token = request.headers.get("Authorization")
fdfd
2021-08-03 17:26:31 +00:00
if not token: return None
fdfd
2021-08-03 17:32:30 +00:00
sfd
2021-09-17 08:29:05 +00:00
client = g.db.query(ClientAuth).options(lazyload('*')).filter(ClientAuth.access_token == token).first()
fdfd
2021-08-03 17:32:30 +00:00
x = (client.user, client) if client else (None, None)
ggffg
2021-07-31 04:32:42 +00:00
gfgf
2021-07-31 04:33:11 +00:00
else:
fdfd
2021-08-03 17:32:30 +00:00
uid = session.get("user_id")
sneed
2021-07-21 01:12:26 +00:00
nonce = session.get("login_nonce", 0)
fdfd
2021-08-03 17:32:30 +00:00
if not uid: x= (None, None)
fd
2021-09-05 22:56:48 +00:00
try:
sfd
2021-09-17 08:29:05 +00:00
if g.db: v = g.db.query(User).options(lazyload('*')).filter_by(id=uid).first()
fd
2021-09-05 22:56:48 +00:00
else: v = None
except: v = None
sneed
2021-07-21 01:12:26 +00:00
if v and v.agendaposter_expires_utc and v.agendaposter_expires_utc < g.timestamp:
v.agendaposter_expires_utc = 0
v.agendaposter = False
fdfd
2021-08-03 17:32:30 +00:00
sneed
2021-07-21 01:12:26 +00:00
g.db.add(v)
fdfd
2021-08-03 17:32:30 +00:00
if v and (nonce < v.login_nonce):
x= (None, None)
else:
x=(v, None)
if x[0]: x[0].client=x[1]
return x[0]
sneed
2021-07-21 01:12:26 +00:00
dffdd
2021-07-31 04:30:25 +00:00
sneed
2021-07-21 01:12:26 +00:00
def check_ban_evade(v):
if not v or not v.ban_evade or v.admin_level > 0:
return
if random.randint(0,30) < v.ban_evade:
dfs
2021-10-02 20:09:23 +00:00
v.ban(reason="permaban evasion")
send_notification(NOTIFICATIONS_ACCOUNT, v, "Your account has been permanently suspended for the following reason:\n\n> permaban evasion")
sneed
2021-07-21 01:12:26 +00:00
sfd
2021-09-17 08:29:05 +00:00
for post in g.db.query(Submission).options(lazyload('*')).filter_by(author_id=v.id).all():
sneed
2021-07-21 01:12:26 +00:00
if post.is_banned:
continue
post.is_banned=True
dfs
2021-10-02 20:09:23 +00:00
post.ban_reason="permaban evasion"
sneed
2021-07-21 01:12:26 +00:00
g.db.add(post)
fd
2021-09-06 15:37:18 +00:00
sneed
2021-07-21 01:12:26 +00:00
ma=ModAction(
kind="ban_post",
create const.py
2021-08-21 11:06:28 +00:00
user_id=AUTOJANNY_ACCOUNT,
sneed
2021-07-21 01:12:26 +00:00
target_submission_id=post.id,
dfs
2021-10-02 20:09:23 +00:00
note="permaban evasion"
sneed
2021-07-21 01:12:26 +00:00
)
g.db.add(ma)
sfd
2021-09-17 08:29:05 +00:00
for comment in g.db.query(Comment).options(lazyload('*')).filter_by(author_id=v.id).all():
sneed
2021-07-21 01:12:26 +00:00
if comment.is_banned:
continue
comment.is_banned=True
dfs
2021-10-02 20:09:23 +00:00
comment.ban_reason="permaban evasion"
sneed
2021-07-21 01:12:26 +00:00
g.db.add(comment)
fd
2021-09-07 02:07:11 +00:00
try:
ma=ModAction(
sneed
2021-07-21 01:12:26 +00:00
kind="ban_comment",
create const.py
2021-08-21 11:06:28 +00:00
user_id=AUTOJANNY_ACCOUNT,
sneed
2021-07-21 01:12:26 +00:00
target_comment_id=comment.id,
note="ban evasion"
)
fd
2021-09-07 02:07:11 +00:00
g.db.add(ma)
except: pass
sneed
2021-07-21 01:12:26 +00:00
else:
v.ban_evade +=1
g.db.add(v)
df
2021-09-17 08:55:55 +00:00
g.db.commit()
sneed
2021-07-21 01:12:26 +00:00
# Wrappers
def auth_desired(f):
def wrapper(*args, **kwargs):
fdfd
2021-08-03 17:28:36 +00:00
v = get_logged_in_user()
sneed
2021-07-21 01:12:26 +00:00
check_ban_evade(v)
resp = make_response(f(*args, v=v, **kwargs))
return resp
wrapper.__name__ = f.__name__
return wrapper
def auth_required(f):
# decorator for any view that requires login (ex. settings)
def wrapper(*args, **kwargs):
fdfd
2021-08-03 17:28:36 +00:00
v = get_logged_in_user()
sneed
2021-07-21 01:12:26 +00:00
if not v:
abort(401)
check_ban_evade(v)
g.v = v
# an ugly hack to make api work
resp = make_response(f(*args, v=v, **kwargs))
return resp
wrapper.__name__ = f.__name__
return wrapper
def is_not_banned(f):
# decorator that enforces lack of ban
def wrapper(*args, **kwargs):
fdfd
2021-08-03 17:28:36 +00:00
v = get_logged_in_user()
sneed
2021-07-21 01:12:26 +00:00
if not v:
abort(401)
check_ban_evade(v)
if v.is_suspended:
abort(403)
g.v = v
resp = make_response(f(*args, v=v, **kwargs))
return resp
wrapper.__name__ = f.__name__
return wrapper
# this wrapper takes args and is a bit more complicated
def admin_level_required(x):
def wrapper_maker(f):
def wrapper(*args, **kwargs):
fdfd
2021-08-03 17:28:36 +00:00
v = get_logged_in_user()
sneed
2021-07-21 01:12:26 +00:00
if not v:
abort(401)
if v.admin_level < x:
abort(403)
g.v = v
response = f(*args, v=v, **kwargs)
if isinstance(response, tuple):
resp = make_response(response[0])
else:
resp = make_response(response)
return resp
wrapper.__name__ = f.__name__
return wrapper
return wrapper_maker
def validate_formkey(f):
"""Always use @auth_required or @admin_level_required above @validate_form"""
def wrapper(*args, v, **kwargs):
gfgffg
2021-07-31 04:48:47 +00:00
if not request.headers.get("Authorization"):
sneed
2021-07-21 01:12:26 +00:00
fd
2021-07-24 14:18:12 +00:00
submitted_key = request.values.get("formkey", None)
sneed
2021-07-21 01:12:26 +00:00
fd
2021-07-24 14:18:12 +00:00
if not submitted_key: abort(401)
sneed
2021-07-21 01:12:26 +00:00
fd
2021-07-24 14:18:12 +00:00
elif not v.validate_formkey(submitted_key): abort(401)
sneed
2021-07-21 01:12:26 +00:00
return f(*args, v=v, **kwargs)
wrapper.__name__ = f.__name__
fd
2021-09-17 11:14:45 +00:00
return wrapper