forked from rDrama/rDrama
add g.is_api_or_xhr so we can use it where we want to give API output
* also use v.client for strict API clientsmaster
parent
ab1f9b1351
commit
39aa59a37a
|
@ -35,13 +35,9 @@ def calc_users(v):
|
|||
return ''
|
||||
|
||||
def get_logged_in_user():
|
||||
|
||||
if hasattr(g, 'v'): return g.v
|
||||
|
||||
if not (hasattr(g, 'db') and g.db): g.db = db_session()
|
||||
|
||||
v = None
|
||||
|
||||
token = request.headers.get("Authorization","").strip()
|
||||
if token:
|
||||
client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).one_or_none()
|
||||
|
@ -66,7 +62,7 @@ def get_logged_in_user():
|
|||
if not v.validate_formkey(submitted_key): abort(401)
|
||||
|
||||
v.client = None
|
||||
|
||||
g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))
|
||||
|
||||
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
|
||||
abort(403)
|
||||
|
|
|
@ -56,8 +56,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
|
|||
post = get_post(pid, v=v)
|
||||
|
||||
if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()):
|
||||
if request.headers.get("Authorization"): abort(403, "This content is not suitable for some users and situations.")
|
||||
else: return render_template("errors/nsfw.html", v=v)
|
||||
if v and v.client: abort(403, "This content is not suitable for some users and situations.")
|
||||
else: return render_template("errors/nsfw.html", v=v), 403
|
||||
|
||||
try: context = min(int(request.values.get("context", 0)), 8)
|
||||
except: context = 0
|
||||
|
@ -115,7 +115,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
|
|||
|
||||
post.replies=[top_comment]
|
||||
|
||||
if request.headers.get("Authorization"): return top_comment.json
|
||||
if v and v.client: return top_comment.json
|
||||
else:
|
||||
if post.is_banned and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.author_id == v.id)): template = "submission_banned.html"
|
||||
else: template = "submission.html"
|
||||
|
@ -255,7 +255,7 @@ def comment(v):
|
|||
if parent.author.any_block_exists(v) and v.admin_level < PERMS['POST_COMMENT_MODERATION']:
|
||||
abort(403, "You can't reply to users who have blocked you or users that you have blocked.")
|
||||
|
||||
is_bot = v.id != BBBB_ID and (bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID))
|
||||
is_bot = v.id != BBBB_ID and v.client or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID))
|
||||
|
||||
execute_antispam_comment_check(body, v)
|
||||
|
||||
|
@ -416,7 +416,7 @@ def comment(v):
|
|||
|
||||
g.db.flush()
|
||||
|
||||
if request.headers.get("Authorization"): return c.json
|
||||
if v.client: return c.json
|
||||
return {"comment": render_template("comments.html", v=v, comments=[c])}
|
||||
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@ def error(e):
|
|||
|
||||
if WERKZEUG_ERROR_DESCRIPTIONS.get(e.code, None) == details:
|
||||
details = None
|
||||
# for here and 401, not using g.is_api_or_xhr is intentional since API users won't get invalid token errors otherwise
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"):
|
||||
return {"error": title, "code": e.code, "description": msg, "details": details}, e.code
|
||||
img = ERROR_MARSEYS.get(e.code, 'marseyl')
|
||||
|
|
|
@ -72,7 +72,7 @@ def front_all(v, sub=None, subdomain=None):
|
|||
if v.hidevotedon: posts = [x for x in posts if not hasattr(x, 'voted') or not x.voted]
|
||||
award_timers(v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"data": [x.json for x in posts], "next_exists": next_exists}
|
||||
if v and v.client: return {"data": [x.json for x in posts], "next_exists": next_exists}
|
||||
return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, ccmode=ccmode, sub=sub, home=True, pins=pins)
|
||||
|
||||
|
||||
|
@ -206,7 +206,7 @@ def all_comments(v):
|
|||
|
||||
idlist = idlist[:25]
|
||||
|
||||
if request.headers.get("Authorization"): return {"data": [x.json for x in comments]}
|
||||
if v.client: return {"data": [x.json for x in comments]}
|
||||
return render_template("home_comments.html", v=v, sort=sort, t=t, page=page, comments=comments, standalone=True, next_exists=next_exists)
|
||||
|
||||
|
||||
|
|
|
@ -174,7 +174,7 @@ def on_login(account, redir=None):
|
|||
@app.get("/@me")
|
||||
@auth_required
|
||||
def me(v):
|
||||
if request.headers.get("Authorization"): return v.json
|
||||
if v.client: return v.json
|
||||
else: return redirect(v.url)
|
||||
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ def notifications_modmail(v):
|
|||
|
||||
g.db.commit()
|
||||
|
||||
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
|
||||
if v.client: return {"data":[x.json for x in listing]}
|
||||
|
||||
return render_template("notifications.html",
|
||||
v=v,
|
||||
|
@ -117,7 +117,7 @@ def notifications_messages(v):
|
|||
c.unread = True
|
||||
list_to_perserve_unread_attribute.append(c)
|
||||
|
||||
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
|
||||
if v.client: return {"data":[x.json for x in listing]}
|
||||
|
||||
return render_template("notifications.html",
|
||||
v=v,
|
||||
|
@ -159,7 +159,7 @@ def notifications_posts(v):
|
|||
v.last_viewed_post_notifs = int(time.time())
|
||||
g.db.add(v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
|
||||
if v.client: return {"data":[x.json for x in listing]}
|
||||
|
||||
return render_template("notifications.html",
|
||||
v=v,
|
||||
|
@ -230,7 +230,7 @@ def notifications_reddit(v):
|
|||
|
||||
g.db.commit()
|
||||
|
||||
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
|
||||
if v.client: return {"data":[x.json for x in listing]}
|
||||
|
||||
return render_template("notifications.html",
|
||||
v=v,
|
||||
|
@ -298,7 +298,7 @@ def notifications(v):
|
|||
|
||||
g.db.commit()
|
||||
|
||||
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
|
||||
if v.client: return {"data":[x.json for x in listing]}
|
||||
|
||||
return render_template("notifications.html",
|
||||
v=v,
|
||||
|
|
|
@ -143,7 +143,7 @@ def post_id(pid, anything=None, v=None, sub=None):
|
|||
if not post.can_see(v): abort(403)
|
||||
|
||||
if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"Must be 18+ to view"}, 451
|
||||
if g.is_api_or_xhr: return {"error":"Must be 18+ to view"}, 451
|
||||
return render_template("errors/nsfw.html", v=v)
|
||||
|
||||
if post.new or 'megathread' in post.title.lower(): defaultsortingcomments = 'new'
|
||||
|
@ -216,7 +216,7 @@ def post_id(pid, anything=None, v=None, sub=None):
|
|||
if v and v.poorcel: threshold = 50
|
||||
else: threshold = 100
|
||||
|
||||
if post.comment_count > threshold+25 and not request.headers.get("Authorization") and not request.values.get("all"):
|
||||
if post.comment_count > threshold+25 and not (v and v.client) and not request.values.get("all"):
|
||||
comments2 = []
|
||||
count = 0
|
||||
if post.created_utc > 1638672040:
|
||||
|
@ -254,7 +254,7 @@ def post_id(pid, anything=None, v=None, sub=None):
|
|||
post.views += 1
|
||||
g.db.add(post)
|
||||
|
||||
if request.headers.get("Authorization"):
|
||||
if v and v.client:
|
||||
return post.json
|
||||
|
||||
template = "submission.html"
|
||||
|
@ -708,7 +708,7 @@ def submit_post(v, sub=None):
|
|||
body = sanitize_raw_body(request.values.get("body", ""), True)
|
||||
|
||||
def error(error):
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(400, error)
|
||||
if g.is_api_or_xhr: abort(400, error)
|
||||
|
||||
SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()]
|
||||
return render_template("submit.html", SUBS=SUBS, v=v, error=error, title=title, url=url, body=body), 400
|
||||
|
@ -877,7 +877,7 @@ def submit_post(v, sub=None):
|
|||
|
||||
if embed and len(embed) > 1500: embed = None
|
||||
|
||||
is_bot = v.id != BBBB_ID and bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)
|
||||
is_bot = v.id != BBBB_ID and v.client or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)
|
||||
|
||||
if request.values.get("ghost") and v.coins >= 100:
|
||||
v.charge_account('coins', 100)
|
||||
|
@ -1041,7 +1041,7 @@ def submit_post(v, sub=None):
|
|||
send_wpd_message(post.permalink)
|
||||
|
||||
g.db.commit()
|
||||
if request.headers.get("Authorization"): return post.json
|
||||
if v.client: return post.json
|
||||
else:
|
||||
post.voted = 1
|
||||
if post.new or 'megathread' in post.title.lower(): sort = 'new'
|
||||
|
|
|
@ -71,7 +71,7 @@ def searchposts(v):
|
|||
posts = posts.filter(Submission.ghost == False)
|
||||
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
|
||||
if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
|
||||
if request.headers.get("Authorization"):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
return render_template("search.html",
|
||||
v=v,
|
||||
|
@ -159,7 +159,7 @@ def searchposts(v):
|
|||
|
||||
posts = get_posts(ids, v=v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"total":total, "data":[x.json for x in posts]}
|
||||
if v.client: return {"total":total, "data":[x.json for x in posts]}
|
||||
|
||||
return render_template("search.html",
|
||||
v=v,
|
||||
|
@ -199,7 +199,7 @@ def searchcomments(v):
|
|||
comments = comments.filter(Comment.ghost == False)
|
||||
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
|
||||
if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
|
||||
if request.headers.get("Authorization"):
|
||||
if v.client:
|
||||
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
|
||||
|
||||
return render_template("search_comments.html", v=v, query=query, total=0, page=page, comments=[], sort=sort, t=t, next_exists=False, error=f"@{author.username}'s profile is private; You can't use the 'author' syntax on them.")
|
||||
|
@ -260,7 +260,7 @@ def searchcomments(v):
|
|||
|
||||
comments = get_comments(ids, v=v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"total":total, "data":[x.json for x in comments]}
|
||||
if v.client: return {"total":total, "data":[x.json for x in comments]}
|
||||
return render_template("search_comments.html", v=v, query=query, total=total, page=page, comments=comments, sort=sort, t=t, next_exists=next_exists, standalone=True)
|
||||
|
||||
|
||||
|
@ -294,5 +294,5 @@ def searchusers(v):
|
|||
next_exists=(len(users)>25)
|
||||
users=users[:25]
|
||||
|
||||
if request.headers.get("Authorization"): return {"data": [x.json for x in users]}
|
||||
if v.client: return {"data": [x.json for x in users]}
|
||||
return render_template("search_users.html", v=v, query=query, total=total, page=page, users=users, sort=sort, t=t, next_exists=next_exists)
|
||||
|
|
|
@ -81,7 +81,7 @@ def sidebar(v):
|
|||
@app.get("/stats")
|
||||
@auth_required
|
||||
def participation_stats(v):
|
||||
if request.headers.get("Authorization"): return stats_cached()
|
||||
if v.client: return stats_cached()
|
||||
return render_template("stats.html", v=v, title="Content Statistics", data=stats_cached())
|
||||
|
||||
@cache.memoize(timeout=86400)
|
||||
|
@ -431,7 +431,7 @@ def transfers(v):
|
|||
next_exists = len(comments) > 25
|
||||
comments = comments[:25]
|
||||
|
||||
if request.headers.get("Authorization"):
|
||||
if v.client:
|
||||
return {"data": [x.json for x in comments]}
|
||||
else:
|
||||
return render_template("transfers.html", v=v, page=page, comments=comments, standalone=True, next_exists=next_exists)
|
||||
|
|
|
@ -95,7 +95,7 @@ def unexile(v, sub, uid):
|
|||
)
|
||||
g.db.add(ma)
|
||||
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr"):
|
||||
if g.is_api_or_xhr:
|
||||
return {"message": f"@{u.username} has been unexiled from /h/{sub} successfully!"}
|
||||
|
||||
|
||||
|
|
|
@ -789,14 +789,14 @@ def u_username(username, v=None):
|
|||
|
||||
|
||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
|
||||
if g.is_api_or_xhr or request.path.endswith(".json"):
|
||||
abort(403, "This userpage is private")
|
||||
|
||||
return render_template("userpage_private.html", u=u, v=v)
|
||||
|
||||
|
||||
if v and hasattr(u, 'is_blocking') and u.is_blocking:
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
|
||||
if g.is_api_or_xhr or request.path.endswith(".json"):
|
||||
abort(403, f"You are blocking @{u.username}.")
|
||||
|
||||
return render_template("userpage_blocking.html", u=u, v=v)
|
||||
|
@ -822,7 +822,7 @@ def u_username(username, v=None):
|
|||
listing = get_posts(ids, v=v)
|
||||
|
||||
if u.unban_utc:
|
||||
if request.headers.get("Authorization") or request.path.endswith(".json"):
|
||||
if (v and v.client) or request.path.endswith(".json"):
|
||||
return {"data": [x.json for x in listing]}
|
||||
|
||||
return render_template("userpage.html",
|
||||
|
@ -836,7 +836,7 @@ def u_username(username, v=None):
|
|||
next_exists=next_exists,
|
||||
is_following=is_following)
|
||||
|
||||
if request.headers.get("Authorization") or request.path.endswith(".json"):
|
||||
if (v and v.client) or request.path.endswith(".json"):
|
||||
return {"data": [x.json for x in listing]}
|
||||
|
||||
return render_template("userpage.html",
|
||||
|
@ -869,12 +869,12 @@ def u_username_comments(username, v=None):
|
|||
u = user
|
||||
|
||||
if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
|
||||
if g.is_api_or_xhr or request.path.endswith(".json"):
|
||||
abort(403, "This userpage is private")
|
||||
return render_template("userpage_private.html", u=u, v=v)
|
||||
|
||||
if v and hasattr(u, 'is_blocking') and u.is_blocking:
|
||||
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
|
||||
if g.is_api_or_xhr or request.path.endswith(".json"):
|
||||
abort(403, f"You are blocking @{u.username}.")
|
||||
return render_template("userpage_blocking.html", u=u, v=v)
|
||||
|
||||
|
@ -913,7 +913,7 @@ def u_username_comments(username, v=None):
|
|||
|
||||
listing = get_comments(ids, v=v)
|
||||
|
||||
if request.headers.get("Authorization") or request.path.endswith(".json"):
|
||||
if v.client or request.path.endswith(".json"):
|
||||
return {"data": [c.json for c in listing]}
|
||||
|
||||
return render_template("userpage_comments.html", u=user, v=v, listing=listing, page=page, sort=sort, t=t,next_exists=next_exists, is_following=is_following, standalone=True)
|
||||
|
@ -1063,7 +1063,7 @@ def saved_posts(v, username):
|
|||
|
||||
listing = get_posts(ids, v=v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
|
||||
if v.client: return {"data": [x.json for x in listing]}
|
||||
return render_template("userpage.html",
|
||||
u=v,
|
||||
v=v,
|
||||
|
@ -1087,7 +1087,7 @@ def saved_comments(v, username):
|
|||
|
||||
listing = get_comments(ids, v=v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
|
||||
if v.client: return {"data": [x.json for x in listing]}
|
||||
return render_template("userpage_comments.html",
|
||||
u=v,
|
||||
v=v,
|
||||
|
@ -1110,7 +1110,7 @@ def subscribed_posts(v, username):
|
|||
|
||||
listing = get_posts(ids, v=v)
|
||||
|
||||
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
|
||||
if v.client: return {"data": [x.json for x in listing]}
|
||||
return render_template("userpage.html",
|
||||
u=v,
|
||||
v=v,
|
||||
|
|
|
@ -45,7 +45,7 @@ def vote_info_get(v, link):
|
|||
def vote_post_comment(target_id, new, v, cls, vote_cls):
|
||||
if new == "-1" and DISABLE_DOWNVOTES: abort(403)
|
||||
if new not in ["-1", "0", "1"]: abort(400)
|
||||
if request.headers.get("Authorization") and v.id != BBBB_ID: abort(403)
|
||||
if v.client and v.id != BBBB_ID: abort(403)
|
||||
new = int(new)
|
||||
target = None
|
||||
if cls == Submission:
|
||||
|
|
Loading…
Reference in New Issue