2022-07-29 22:07:08 +00:00
|
|
|
import time
|
2023-06-29 15:56:16 +00:00
|
|
|
import secrets
|
|
|
|
import user_agents
|
2022-11-15 09:19:08 +00:00
|
|
|
from flask import g, request, session
|
|
|
|
|
|
|
|
from files.classes.clients import ClientAuth
|
|
|
|
from files.helpers.alerts import *
|
2022-12-11 23:44:34 +00:00
|
|
|
from files.helpers.config.const import *
|
2022-11-15 09:19:08 +00:00
|
|
|
from files.helpers.get import get_account
|
2022-11-30 18:09:31 +00:00
|
|
|
from files.helpers.logging import log_file
|
2023-06-29 16:14:24 +00:00
|
|
|
from files.helpers.settings import *
|
|
|
|
from files.helpers.cloudflare import *
|
2023-08-02 07:47:49 +00:00
|
|
|
from files.routes.routehelpers import validate_formkey, check_session_id
|
2024-04-19 21:11:48 +00:00
|
|
|
from files.__main__ import app, limiter
|
2022-10-15 07:31:24 +00:00
|
|
|
|
2023-02-26 08:49:09 +00:00
|
|
|
def rpath(n):
|
2023-02-26 01:42:39 +00:00
|
|
|
return request.path
|
|
|
|
|
2023-01-21 04:39:46 +00:00
|
|
|
def get_ID():
|
|
|
|
if request.headers.get("Authorization"):
|
|
|
|
x = request.headers.get("Authorization")
|
|
|
|
elif session.get("lo_user"):
|
|
|
|
x = session.get("lo_user")
|
|
|
|
else:
|
2023-08-15 12:53:52 +00:00
|
|
|
check_session_id()
|
2023-08-15 12:51:39 +00:00
|
|
|
x = f"logged_out-{session['session_id']}"
|
2023-02-22 17:27:33 +00:00
|
|
|
|
2023-01-21 04:39:46 +00:00
|
|
|
return f'{SITE}-{x}'
|
|
|
|
|
2023-06-29 15:56:16 +00:00
|
|
|
def calc_users():
|
|
|
|
g.loggedin_counter = 0
|
|
|
|
g.loggedout_counter = 0
|
|
|
|
g.loggedin_chat = 0
|
|
|
|
v = getattr(g, 'v', None) if g else None
|
2023-07-14 09:20:33 +00:00
|
|
|
if has_request_context and g and g.desires_auth and not g.is_api_or_xhr:
|
|
|
|
loggedin = cache.get(LOGGED_IN_CACHE_KEY) or {}
|
|
|
|
loggedout = cache.get(LOGGED_OUT_CACHE_KEY) or {}
|
2023-09-17 20:58:08 +00:00
|
|
|
g.loggedin_chat = cache.get('loggedin_chat') or 0
|
|
|
|
|
2023-07-14 09:20:33 +00:00
|
|
|
timestamp = int(time.time())
|
2023-06-29 15:56:16 +00:00
|
|
|
|
2023-08-02 07:47:49 +00:00
|
|
|
check_session_id()
|
2023-06-29 15:56:16 +00:00
|
|
|
|
2023-07-14 09:20:33 +00:00
|
|
|
if v:
|
|
|
|
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
|
|
|
loggedin[v.id] = timestamp
|
|
|
|
else:
|
|
|
|
ua = str(user_agents.parse(g.agent))
|
|
|
|
if 'spider' not in ua.lower() and 'bot' not in ua.lower():
|
|
|
|
loggedout[session["session_id"]] = (timestamp, ua)
|
2023-06-29 15:56:16 +00:00
|
|
|
|
2023-07-14 09:20:33 +00:00
|
|
|
loggedin = {k: v for k, v in loggedin.items() if (timestamp - v) < LOGGEDIN_ACTIVE_TIME}
|
|
|
|
loggedout = {k: v for k, v in loggedout.items() if (timestamp - v[0]) < LOGGEDIN_ACTIVE_TIME}
|
2024-02-28 17:16:47 +00:00
|
|
|
cache.set(LOGGED_IN_CACHE_KEY, loggedin, timeout=86400)
|
|
|
|
cache.set(LOGGED_OUT_CACHE_KEY, loggedout, timeout=86400)
|
2023-07-14 09:20:33 +00:00
|
|
|
g.loggedin_counter = len(loggedin)
|
|
|
|
g.loggedout_counter = len(loggedout)
|
2023-06-29 15:56:16 +00:00
|
|
|
|
2024-09-26 09:38:54 +00:00
|
|
|
if SITE != 'watchpeopledie.tv':
|
|
|
|
if g.loggedin_counter + g.loggedout_counter > 2000:
|
|
|
|
if not get_setting('under_attack'):
|
|
|
|
set_setting('under_attack', True)
|
|
|
|
set_security_level('under_attack')
|
|
|
|
else:
|
|
|
|
if get_setting('under_attack'):
|
|
|
|
set_setting('under_attack', False)
|
|
|
|
set_security_level('high')
|
2024-05-16 22:51:07 +00:00
|
|
|
|
2023-07-07 20:46:49 +00:00
|
|
|
return ''
|
2023-06-29 15:56:16 +00:00
|
|
|
|
2022-05-04 23:09:46 +00:00
|
|
|
def get_logged_in_user():
|
2023-03-11 09:56:32 +00:00
|
|
|
if hasattr(g, 'v') and g.v: return g.v
|
2022-11-09 05:35:24 +00:00
|
|
|
g.desires_auth = True
|
2022-05-04 23:09:46 +00:00
|
|
|
v = None
|
|
|
|
token = request.headers.get("Authorization","").strip()
|
|
|
|
if token:
|
2023-03-16 06:27:58 +00:00
|
|
|
client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).one_or_none()
|
2023-01-01 11:36:20 +00:00
|
|
|
if client:
|
2022-05-04 23:09:46 +00:00
|
|
|
v = client.user
|
|
|
|
v.client = client
|
|
|
|
else:
|
|
|
|
lo_user = session.get("lo_user")
|
|
|
|
if lo_user:
|
|
|
|
id = int(lo_user)
|
2023-07-27 19:54:49 +00:00
|
|
|
v = get_account(id, graceful=True)
|
2022-11-28 01:48:53 +00:00
|
|
|
if v:
|
2022-11-28 19:41:08 +00:00
|
|
|
v.client = None
|
2022-05-04 23:09:46 +00:00
|
|
|
nonce = session.get("login_nonce", 0)
|
2022-10-29 01:07:39 +00:00
|
|
|
if nonce < v.login_nonce or v.id != id:
|
2022-11-27 16:59:36 +00:00
|
|
|
session.pop("lo_user")
|
|
|
|
v = None
|
2022-05-04 23:09:46 +00:00
|
|
|
|
2022-11-27 16:59:36 +00:00
|
|
|
if v and request.method != "GET":
|
2022-11-27 01:01:02 +00:00
|
|
|
submitted_key = request.values.get("formkey")
|
2024-05-25 00:36:34 +00:00
|
|
|
if v:
|
|
|
|
g.username = v.username
|
2022-11-28 19:41:08 +00:00
|
|
|
if not validate_formkey(v, submitted_key):
|
|
|
|
v = None
|
2022-11-28 01:48:53 +00:00
|
|
|
else:
|
|
|
|
session.pop("lo_user")
|
|
|
|
|
2024-05-16 21:07:31 +00:00
|
|
|
if request.path not in {'/contact', '/reply', '/socket.io/'} and v and v.is_underage:
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(406)
|
2024-05-16 20:17:52 +00:00
|
|
|
|
2023-09-14 16:15:12 +00:00
|
|
|
if request.method != "GET" and get_setting('read_only_mode') and not (v and v.admin_level >= PERMS['BYPASS_SITE_READ_ONLY_MODE']):
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(403, "Site is in read-only mode right now. It will be back shortly!")
|
2023-03-25 21:35:13 +00:00
|
|
|
|
|
|
|
if get_setting('offline_mode') and not (v and v.admin_level >= PERMS['SITE_OFFLINE_MODE']):
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(403, "Site is in offline mode right now. It will be back shortly!")
|
2022-05-04 23:09:46 +00:00
|
|
|
|
2022-05-26 00:54:05 +00:00
|
|
|
g.v = v
|
2023-08-22 21:46:43 +00:00
|
|
|
if v:
|
2023-10-05 11:47:43 +00:00
|
|
|
g.username = v.username
|
2022-05-25 18:59:24 +00:00
|
|
|
|
2023-08-11 13:22:25 +00:00
|
|
|
if not v and SITE == 'rdrama.net' and request.headers.get("Cf-Ipcountry") == 'EG':
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(403, "rdrama.net is only available to visitors from the United States and Europe!")
|
2023-06-01 13:05:07 +00:00
|
|
|
|
2022-12-27 03:00:15 +00:00
|
|
|
g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))
|
|
|
|
|
2023-09-17 19:16:05 +00:00
|
|
|
g.is_tor = (request.headers.get("cf-ipcountry") == "T1" and not (v and v.truescore >= 1000))
|
2023-09-17 18:49:44 +00:00
|
|
|
|
2024-04-17 15:53:49 +00:00
|
|
|
if v and not IS_MUSICAL_EVENT():
|
2023-10-04 18:58:00 +00:00
|
|
|
session.pop("event_music", None)
|
2023-09-28 23:58:09 +00:00
|
|
|
|
2023-10-05 10:29:23 +00:00
|
|
|
g.show_nsfw = SITE_NAME == 'WPD' or (v and not v.nsfw_warnings) or session.get('nsfw_cookies', 0) >= int(time.time())
|
2023-10-04 13:45:13 +00:00
|
|
|
|
2022-05-04 23:09:46 +00:00
|
|
|
return v
|
|
|
|
|
|
|
|
def auth_desired(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
2022-10-11 13:19:55 +00:00
|
|
|
v = get_logged_in_user()
|
2022-05-04 23:09:46 +00:00
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
2022-08-05 20:40:48 +00:00
|
|
|
def auth_desired_with_logingate(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
2022-10-11 13:19:55 +00:00
|
|
|
v = get_logged_in_user()
|
2023-08-09 21:41:51 +00:00
|
|
|
if not v and get_setting('login_required'):
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(401, "You need to login to perform this action!")
|
2022-05-04 23:09:46 +00:00
|
|
|
|
2024-08-28 12:44:15 +00:00
|
|
|
# if not v and get_setting('under_attack'):
|
|
|
|
# stop(418)
|
2024-08-13 16:20:18 +00:00
|
|
|
|
2022-11-09 05:35:24 +00:00
|
|
|
if request.path.startswith('/logged_out'):
|
2022-09-20 00:51:01 +00:00
|
|
|
redir = request.full_path.replace('/logged_out','')
|
|
|
|
if not redir: redir = '/'
|
|
|
|
return redirect(redir)
|
|
|
|
|
2022-08-05 20:40:48 +00:00
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
def auth_required(f):
|
2022-05-04 23:09:46 +00:00
|
|
|
def wrapper(*args, **kwargs):
|
2022-10-11 13:19:55 +00:00
|
|
|
v = get_logged_in_user()
|
2023-07-24 11:06:42 +00:00
|
|
|
if not v:
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(401, "You need to login to perform this action!")
|
2023-09-14 20:04:30 +00:00
|
|
|
if v.is_permabanned and request.method == "POST" and request.path not in {'/contact','/reply','/logout'} and not request.path.startswith('/delete/'):
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(403, "You can't perform this action while permabanned!")
|
2022-05-04 23:09:46 +00:00
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
def admin_level_required(x):
|
|
|
|
def wrapper_maker(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
2022-10-11 13:19:55 +00:00
|
|
|
v = get_logged_in_user()
|
2023-07-24 11:06:42 +00:00
|
|
|
if not v:
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(401, "You need to login to perform this action!")
|
2023-07-24 11:06:42 +00:00
|
|
|
if v.admin_level < x:
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(403, "Your admin-level is not sufficient enough for this action!")
|
2022-12-27 01:54:19 +00:00
|
|
|
if x and SITE != 'devrama.net' and not IS_LOCALHOST and not v.mfa_secret:
|
2024-08-11 20:11:04 +00:00
|
|
|
stop(403, "You need to enable two-factor authentication to use admin features!")
|
2022-10-11 13:43:57 +00:00
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
2022-05-04 23:09:46 +00:00
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
2022-05-30 01:43:16 +00:00
|
|
|
return wrapper_maker
|
|
|
|
|
2022-10-11 07:17:54 +00:00
|
|
|
def feature_required(x):
|
|
|
|
def wrapper_maker(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
2024-08-11 20:11:04 +00:00
|
|
|
if not FEATURES[x]: stop(404)
|
2022-10-11 13:19:55 +00:00
|
|
|
return make_response(f(*args, **kwargs))
|
2022-10-11 07:17:54 +00:00
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
2022-10-11 07:29:24 +00:00
|
|
|
return wrapper_maker
|