fdfd

drama/helpers/wrappers.py

@@ -305,55 +305,6 @@ def no_cors(f):
 # f should return {'api':lambda:some_func(), 'html':lambda:other_func()}
 
 
-def public(*scopes, no_ban=False):
-
-	def wrapper_maker(f):
-
-		def wrapper(*args, **kwargs):
-
-			if request.path.startswith(('/api/v1','/api/v2')):
-
-				v = kwargs.get('v')
-
-				result = f(*args, **kwargs)
-
-				if isinstance(result, dict):
-					resp = result['api']()
-				else:
-					resp = result
-
-				if not isinstance(resp, RespObj):
-					resp = make_response(resp)
-
-				resp.headers.add("Cache-Control", "private")
-				resp.headers.add(
-					"Access-Control-Allow-Origin",
-					app.config["SERVER_NAME"])
-				return resp
-
-			else:
-
-				result = f(*args, **kwargs)
-
-				if not isinstance(result, dict):
-					return result
-
-				try:
-					if request.path.startswith('/inpage/'):
-						return result['inpage']()
-					elif request.path.startswith(('/api/vue/','/test/')):
-						return result['api']()
-					else:
-						return result['html']()
-				except KeyError:
-					return result
-
-		wrapper.__name__ = f.__name__
-		return wrapper
-
-	return wrapper_maker
-
-
 def api(*scopes, no_ban=False):
 
 	def wrapper_maker(f):
@@ -363,25 +314,6 @@ def api(*scopes, no_ban=False):
 			if request.path.startswith(('/api/v1','/api/v2')):
 
 				v = kwargs.get('v')
-				client = kwargs.get('c')
-
-				if not v or not client:
-					return jsonify(
-						{"error": "401 Not Authorized. Invalid or Expired Token"}), 401
-
-				kwargs.pop('c')
-
-				# validate app associated with token
-				if client.application.is_banned:
-					return jsonify({"error": f"403 Forbidden. The application `{client.application.app_name}` is suspended."}), 403
-
-				# validate correct scopes for request
-				for scope in scopes:
-					if not client.__dict__.get(f"scope_{scope}"):
-						return jsonify({"error": f"401 Not Authorized. Scope `{scope}` is required."}), 403
-
-				if (request.method == "POST" or no_ban) and client.user.is_suspended:
-					return jsonify({"error": f"403 Forbidden. The user account is suspended."}), 403
 
 				result = f(*args, **kwargs)
 

drama/routes/posts.py

@@ -76,6 +76,7 @@ def submit_get(v):
 @app.get("/post/<pid>/<anything>")
 @app.get("/api/v1/post/<pid>")
 @auth_desired
+@api("read")
 def post_base36id(pid, anything=None, v=None):
 	try: pid = int(pid)
 	except Exception as e: pass
@@ -239,8 +240,10 @@ def post_base36id(pid, anything=None, v=None):
 	
 	post.tree_comments()
 
-	if "api" in request.path: return post.json
-	else: return post.rendered_page(v=v, sort=sort)
+	return {
+		"html":lambda:post.rendered_page(v=v, sort=sort),
+		"api":lambda:jsonify(post.json)
+		}
 
 @app.post("/edit_post/<pid>")
 @is_not_banned

drama/routes/static.py

@@ -7,7 +7,7 @@ from drama.helpers.alerts import *
 @app.route("/api/vue/admins",  methods=["GET"])
 @app.get("/api/v1/admins")
 @auth_desired
-@public("read")
+@api("read")
 def badmins(v):
 	badmins = g.db.query(User).filter_by(admin_level=6).order_by(User.dramacoins.desc()).all()
 	return {

drama/routes/users.py

@@ -222,7 +222,7 @@ def visitors(v):
 @app.get("/@<username>")
 @app.get("/api/v1/user/<username>/listing")
 @auth_desired
-@public("read")
+@api("read")
 def u_username(username, v=None):
 	if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
 
@@ -334,7 +334,7 @@ def u_username(username, v=None):
 @app.get("/@<username>/comments")
 @app.get("/api/v1/user/<username>/comments")
 @auth_desired
-@public("read")
+@api("read")
 def u_username_comments(username, v=None):
 	if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
 
@@ -412,7 +412,7 @@ def u_username_comments(username, v=None):
 
 @app.get("/api/v1/user/<username>/info")
 @auth_desired
-@public("read")
+@api("read")
 def u_username_info(username, v=None):
 
 	user=get_user(username, v=v)