remotes/1693045480750635534/spooky-22
Aevann1 2021-07-29 07:17:17 +02:00
parent d0d609cc9c
commit 3c84ea7467
4 changed files with 9 additions and 74 deletions

View File

@ -305,55 +305,6 @@ def no_cors(f):
# f should return {'api':lambda:some_func(), 'html':lambda:other_func()}
def public(*scopes, no_ban=False):
def wrapper_maker(f):
def wrapper(*args, **kwargs):
if request.path.startswith(('/api/v1','/api/v2')):
v = kwargs.get('v')
result = f(*args, **kwargs)
if isinstance(result, dict):
resp = result['api']()
else:
resp = result
if not isinstance(resp, RespObj):
resp = make_response(resp)
resp.headers.add("Cache-Control", "private")
resp.headers.add(
"Access-Control-Allow-Origin",
app.config["SERVER_NAME"])
return resp
else:
result = f(*args, **kwargs)
if not isinstance(result, dict):
return result
try:
if request.path.startswith('/inpage/'):
return result['inpage']()
elif request.path.startswith(('/api/vue/','/test/')):
return result['api']()
else:
return result['html']()
except KeyError:
return result
wrapper.__name__ = f.__name__
return wrapper
return wrapper_maker
def api(*scopes, no_ban=False):
def wrapper_maker(f):
@ -363,25 +314,6 @@ def api(*scopes, no_ban=False):
if request.path.startswith(('/api/v1','/api/v2')):
v = kwargs.get('v')
client = kwargs.get('c')
if not v or not client:
return jsonify(
{"error": "401 Not Authorized. Invalid or Expired Token"}), 401
kwargs.pop('c')
# validate app associated with token
if client.application.is_banned:
return jsonify({"error": f"403 Forbidden. The application `{client.application.app_name}` is suspended."}), 403
# validate correct scopes for request
for scope in scopes:
if not client.__dict__.get(f"scope_{scope}"):
return jsonify({"error": f"401 Not Authorized. Scope `{scope}` is required."}), 403
if (request.method == "POST" or no_ban) and client.user.is_suspended:
return jsonify({"error": f"403 Forbidden. The user account is suspended."}), 403
result = f(*args, **kwargs)

View File

@ -76,6 +76,7 @@ def submit_get(v):
@app.get("/post/<pid>/<anything>")
@app.get("/api/v1/post/<pid>")
@auth_desired
@api("read")
def post_base36id(pid, anything=None, v=None):
try: pid = int(pid)
except Exception as e: pass
@ -239,8 +240,10 @@ def post_base36id(pid, anything=None, v=None):
post.tree_comments()
if "api" in request.path: return post.json
else: return post.rendered_page(v=v, sort=sort)
return {
"html":lambda:post.rendered_page(v=v, sort=sort),
"api":lambda:jsonify(post.json)
}
@app.post("/edit_post/<pid>")
@is_not_banned

View File

@ -7,7 +7,7 @@ from drama.helpers.alerts import *
@app.route("/api/vue/admins", methods=["GET"])
@app.get("/api/v1/admins")
@auth_desired
@public("read")
@api("read")
def badmins(v):
badmins = g.db.query(User).filter_by(admin_level=6).order_by(User.dramacoins.desc()).all()
return {

View File

@ -222,7 +222,7 @@ def visitors(v):
@app.get("/@<username>")
@app.get("/api/v1/user/<username>/listing")
@auth_desired
@public("read")
@api("read")
def u_username(username, v=None):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -334,7 +334,7 @@ def u_username(username, v=None):
@app.get("/@<username>/comments")
@app.get("/api/v1/user/<username>/comments")
@auth_desired
@public("read")
@api("read")
def u_username_comments(username, v=None):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -412,7 +412,7 @@ def u_username_comments(username, v=None):
@app.get("/api/v1/user/<username>/info")
@auth_desired
@public("read")
@api("read")
def u_username_info(username, v=None):
user=get_user(username, v=v)