gerudo
/
rDrama
forked from rDrama/rDrama
1
0
Fork 0
Code Pull Requests Activity

add g.is_api_or_xhr so we can use it where we want to give API output 

* also use v.client for strict API clients
master
justcool393 2022-10-15 02:11:36 -07:00
parent ab1f9b1351
commit 39aa59a37a
12 changed files with 40 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/helpers/wrappers.py
View File

@ -35,13 +35,9 @@ def calc_users(v):
return '' return ''
def get_logged_in_user(): def get_logged_in_user():
if hasattr(g, 'v'): return g.v if hasattr(g, 'v'): return g.v
if not (hasattr(g, 'db') and g.db): g.db = db_session() if not (hasattr(g, 'db') and g.db): g.db = db_session()
v = None v = None
token = request.headers.get("Authorization","").strip() token = request.headers.get("Authorization","").strip()
if token: if token:
client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).one_or_none() client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).one_or_none()
@ -66,7 +62,7 @@ def get_logged_in_user():
if not v.validate_formkey(submitted_key): abort(401) if not v.validate_formkey(submitted_key): abort(401)
v.client = None v.client = None
g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']): if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
abort(403) abort(403)

10
files/routes/comments.py
View File

@ -56,8 +56,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
post = get_post(pid, v=v) post = get_post(pid, v=v)
if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()): if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()):
if request.headers.get("Authorization"): abort(403, "This content is not suitable for some users and situations.") if v and v.client: abort(403, "This content is not suitable for some users and situations.")
else: return render_template("errors/nsfw.html", v=v) else: return render_template("errors/nsfw.html", v=v), 403
try: context = min(int(request.values.get("context", 0)), 8) try: context = min(int(request.values.get("context", 0)), 8)
except: context = 0 except: context = 0
@ -115,7 +115,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
post.replies=[top_comment] post.replies=[top_comment]
if request.headers.get("Authorization"): return top_comment.json if v and v.client: return top_comment.json
else: else:
if post.is_banned and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.author_id == v.id)): template = "submission_banned.html" if post.is_banned and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.author_id == v.id)): template = "submission_banned.html"
else: template = "submission.html" else: template = "submission.html"
@ -255,7 +255,7 @@ def comment(v):
if parent.author.any_block_exists(v) and v.admin_level < PERMS['POST_COMMENT_MODERATION']: if parent.author.any_block_exists(v) and v.admin_level < PERMS['POST_COMMENT_MODERATION']:
abort(403, "You can't reply to users who have blocked you or users that you have blocked.") abort(403, "You can't reply to users who have blocked you or users that you have blocked.")
is_bot = v.id != BBBB_ID and (bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)) is_bot = v.id != BBBB_ID and v.client or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID))
execute_antispam_comment_check(body, v) execute_antispam_comment_check(body, v)
@ -416,7 +416,7 @@ def comment(v):
g.db.flush() g.db.flush()
if request.headers.get("Authorization"): return c.json if v.client: return c.json
return {"comment": render_template("comments.html", v=v, comments=[c])} return {"comment": render_template("comments.html", v=v, comments=[c])}

1
files/routes/errors.py
View File

@ -27,6 +27,7 @@ def error(e):
if WERKZEUG_ERROR_DESCRIPTIONS.get(e.code, None) == details: if WERKZEUG_ERROR_DESCRIPTIONS.get(e.code, None) == details:
details = None details = None
# for here and 401, not using g.is_api_or_xhr is intentional since API users won't get invalid token errors otherwise
if request.headers.get("Authorization") or request.headers.get("xhr"): if request.headers.get("Authorization") or request.headers.get("xhr"):
return {"error": title, "code": e.code, "description": msg, "details": details}, e.code return {"error": title, "code": e.code, "description": msg, "details": details}, e.code
img = ERROR_MARSEYS.get(e.code, 'marseyl') img = ERROR_MARSEYS.get(e.code, 'marseyl')

4
files/routes/front.py
View File

@ -72,7 +72,7 @@ def front_all(v, sub=None, subdomain=None):
if v.hidevotedon: posts = [x for x in posts if not hasattr(x, 'voted') or not x.voted] if v.hidevotedon: posts = [x for x in posts if not hasattr(x, 'voted') or not x.voted]
award_timers(v) award_timers(v)
if request.headers.get("Authorization"): return {"data": [x.json for x in posts], "next_exists": next_exists} if v and v.client: return {"data": [x.json for x in posts], "next_exists": next_exists}
return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, ccmode=ccmode, sub=sub, home=True, pins=pins) return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, ccmode=ccmode, sub=sub, home=True, pins=pins)
@ -206,7 +206,7 @@ def all_comments(v):
idlist = idlist[:25] idlist = idlist[:25]
if request.headers.get("Authorization"): return {"data": [x.json for x in comments]} if v.client: return {"data": [x.json for x in comments]}
return render_template("home_comments.html", v=v, sort=sort, t=t, page=page, comments=comments, standalone=True, next_exists=next_exists) return render_template("home_comments.html", v=v, sort=sort, t=t, page=page, comments=comments, standalone=True, next_exists=next_exists)

2
files/routes/login.py
View File

@ -174,7 +174,7 @@ def on_login(account, redir=None):
@app.get("/@me") @app.get("/@me")
@auth_required @auth_required
def me(v): def me(v):
if request.headers.get("Authorization"): return v.json if v.client: return v.json
else: return redirect(v.url) else: return redirect(v.url)

10
files/routes/notifications.py
View File

@ -47,7 +47,7 @@ def notifications_modmail(v):
g.db.commit() g.db.commit()
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]} if v.client: return {"data":[x.json for x in listing]}
return render_template("notifications.html", return render_template("notifications.html",
v=v, v=v,
@ -117,7 +117,7 @@ def notifications_messages(v):
c.unread = True c.unread = True
list_to_perserve_unread_attribute.append(c) list_to_perserve_unread_attribute.append(c)
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]} if v.client: return {"data":[x.json for x in listing]}
return render_template("notifications.html", return render_template("notifications.html",
v=v, v=v,
@ -159,7 +159,7 @@ def notifications_posts(v):
v.last_viewed_post_notifs = int(time.time()) v.last_viewed_post_notifs = int(time.time())
g.db.add(v) g.db.add(v)
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]} if v.client: return {"data":[x.json for x in listing]}
return render_template("notifications.html", return render_template("notifications.html",
v=v, v=v,
@ -230,7 +230,7 @@ def notifications_reddit(v):
g.db.commit() g.db.commit()
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]} if v.client: return {"data":[x.json for x in listing]}
return render_template("notifications.html", return render_template("notifications.html",
v=v, v=v,
@ -298,7 +298,7 @@ def notifications(v):
g.db.commit() g.db.commit()
if request.headers.get("Authorization"): return {"data":[x.json for x in listing]} if v.client: return {"data":[x.json for x in listing]}
return render_template("notifications.html", return render_template("notifications.html",
v=v, v=v,

12
files/routes/posts.py
View File

@ -143,7 +143,7 @@ def post_id(pid, anything=None, v=None, sub=None):
if not post.can_see(v): abort(403) if not post.can_see(v): abort(403)
if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()): if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"Must be 18+ to view"}, 451 if g.is_api_or_xhr: return {"error":"Must be 18+ to view"}, 451
return render_template("errors/nsfw.html", v=v) return render_template("errors/nsfw.html", v=v)
if post.new or 'megathread' in post.title.lower(): defaultsortingcomments = 'new' if post.new or 'megathread' in post.title.lower(): defaultsortingcomments = 'new'
@ -216,7 +216,7 @@ def post_id(pid, anything=None, v=None, sub=None):
if v and v.poorcel: threshold = 50 if v and v.poorcel: threshold = 50
else: threshold = 100 else: threshold = 100
if post.comment_count > threshold+25 and not request.headers.get("Authorization") and not request.values.get("all"): if post.comment_count > threshold+25 and not (v and v.client) and not request.values.get("all"):
comments2 = [] comments2 = []
count = 0 count = 0
if post.created_utc > 1638672040: if post.created_utc > 1638672040:
@ -254,7 +254,7 @@ def post_id(pid, anything=None, v=None, sub=None):
post.views += 1 post.views += 1
g.db.add(post) g.db.add(post)
if request.headers.get("Authorization"): if v and v.client:
return post.json return post.json
template = "submission.html" template = "submission.html"
@ -708,7 +708,7 @@ def submit_post(v, sub=None):
body = sanitize_raw_body(request.values.get("body", ""), True) body = sanitize_raw_body(request.values.get("body", ""), True)
def error(error): def error(error):
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(400, error) if g.is_api_or_xhr: abort(400, error)
SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()] SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()]
return render_template("submit.html", SUBS=SUBS, v=v, error=error, title=title, url=url, body=body), 400 return render_template("submit.html", SUBS=SUBS, v=v, error=error, title=title, url=url, body=body), 400
@ -877,7 +877,7 @@ def submit_post(v, sub=None):
if embed and len(embed) > 1500: embed = None if embed and len(embed) > 1500: embed = None
is_bot = v.id != BBBB_ID and bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID) is_bot = v.id != BBBB_ID and v.client or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)
if request.values.get("ghost") and v.coins >= 100: if request.values.get("ghost") and v.coins >= 100:
v.charge_account('coins', 100) v.charge_account('coins', 100)
@ -1041,7 +1041,7 @@ def submit_post(v, sub=None):
send_wpd_message(post.permalink) send_wpd_message(post.permalink)
g.db.commit() g.db.commit()
if request.headers.get("Authorization"): return post.json if v.client: return post.json
else: else:
post.voted = 1 post.voted = 1
if post.new or 'megathread' in post.title.lower(): sort = 'new' if post.new or 'megathread' in post.title.lower(): sort = 'new'

10
files/routes/search.py
View File

@ -71,7 +71,7 @@ def searchposts(v):
posts = posts.filter(Submission.ghost == False) posts = posts.filter(Submission.ghost == False)
author = get_user(criteria['author'], v=v, include_shadowbanned=False) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye: if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
if request.headers.get("Authorization"): if v.client:
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them") abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
return render_template("search.html", return render_template("search.html",
v=v, v=v,
@ -159,7 +159,7 @@ def searchposts(v):
posts = get_posts(ids, v=v) posts = get_posts(ids, v=v)
if request.headers.get("Authorization"): return {"total":total, "data":[x.json for x in posts]} if v.client: return {"total":total, "data":[x.json for x in posts]}
return render_template("search.html", return render_template("search.html",
v=v, v=v,
@ -199,7 +199,7 @@ def searchcomments(v):
comments = comments.filter(Comment.ghost == False) comments = comments.filter(Comment.ghost == False)
author = get_user(criteria['author'], v=v, include_shadowbanned=False) author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye: if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
if request.headers.get("Authorization"): if v.client:
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them") abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
return render_template("search_comments.html", v=v, query=query, total=0, page=page, comments=[], sort=sort, t=t, next_exists=False, error=f"@{author.username}'s profile is private; You can't use the 'author' syntax on them.") return render_template("search_comments.html", v=v, query=query, total=0, page=page, comments=[], sort=sort, t=t, next_exists=False, error=f"@{author.username}'s profile is private; You can't use the 'author' syntax on them.")
@ -260,7 +260,7 @@ def searchcomments(v):
comments = get_comments(ids, v=v) comments = get_comments(ids, v=v)
if request.headers.get("Authorization"): return {"total":total, "data":[x.json for x in comments]} if v.client: return {"total":total, "data":[x.json for x in comments]}
return render_template("search_comments.html", v=v, query=query, total=total, page=page, comments=comments, sort=sort, t=t, next_exists=next_exists, standalone=True) return render_template("search_comments.html", v=v, query=query, total=total, page=page, comments=comments, sort=sort, t=t, next_exists=next_exists, standalone=True)
@ -294,5 +294,5 @@ def searchusers(v):
next_exists=(len(users)>25) next_exists=(len(users)>25)
users=users[:25] users=users[:25]
if request.headers.get("Authorization"): return {"data": [x.json for x in users]} if v.client: return {"data": [x.json for x in users]}
return render_template("search_users.html", v=v, query=query, total=total, page=page, users=users, sort=sort, t=t, next_exists=next_exists) return render_template("search_users.html", v=v, query=query, total=total, page=page, users=users, sort=sort, t=t, next_exists=next_exists)

4
files/routes/static.py
View File

@ -81,7 +81,7 @@ def sidebar(v):
@app.get("/stats") @app.get("/stats")
@auth_required @auth_required
def participation_stats(v): def participation_stats(v):
if request.headers.get("Authorization"): return stats_cached() if v.client: return stats_cached()
return render_template("stats.html", v=v, title="Content Statistics", data=stats_cached()) return render_template("stats.html", v=v, title="Content Statistics", data=stats_cached())
@cache.memoize(timeout=86400) @cache.memoize(timeout=86400)
@ -431,7 +431,7 @@ def transfers(v):
next_exists = len(comments) > 25 next_exists = len(comments) > 25
comments = comments[:25] comments = comments[:25]
if request.headers.get("Authorization"): if v.client:
return {"data": [x.json for x in comments]} return {"data": [x.json for x in comments]}
else: else:
return render_template("transfers.html", v=v, page=page, comments=comments, standalone=True, next_exists=next_exists) return render_template("transfers.html", v=v, page=page, comments=comments, standalone=True, next_exists=next_exists)

2
files/routes/subs.py
View File

@ -95,7 +95,7 @@ def unexile(v, sub, uid):
) )
g.db.add(ma) g.db.add(ma)
if request.headers.get("Authorization") or request.headers.get("xhr"): if g.is_api_or_xhr:
return {"message": f"@{u.username} has been unexiled from /h/{sub} successfully!"} return {"message": f"@{u.username} has been unexiled from /h/{sub} successfully!"}

20
files/routes/users.py
View File

@ -789,14 +789,14 @@ def u_username(username, v=None):
if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): if g.is_api_or_xhr or request.path.endswith(".json"):
abort(403, "This userpage is private") abort(403, "This userpage is private")
return render_template("userpage_private.html", u=u, v=v) return render_template("userpage_private.html", u=u, v=v)
if v and hasattr(u, 'is_blocking') and u.is_blocking: if v and hasattr(u, 'is_blocking') and u.is_blocking:
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): if g.is_api_or_xhr or request.path.endswith(".json"):
abort(403, f"You are blocking @{u.username}.") abort(403, f"You are blocking @{u.username}.")
return render_template("userpage_blocking.html", u=u, v=v) return render_template("userpage_blocking.html", u=u, v=v)
@ -822,7 +822,7 @@ def u_username(username, v=None):
listing = get_posts(ids, v=v) listing = get_posts(ids, v=v)
if u.unban_utc: if u.unban_utc:
if request.headers.get("Authorization") or request.path.endswith(".json"): if (v and v.client) or request.path.endswith(".json"):
return {"data": [x.json for x in listing]} return {"data": [x.json for x in listing]}
return render_template("userpage.html", return render_template("userpage.html",
@ -836,7 +836,7 @@ def u_username(username, v=None):
next_exists=next_exists, next_exists=next_exists,
is_following=is_following) is_following=is_following)
if request.headers.get("Authorization") or request.path.endswith(".json"): if (v and v.client) or request.path.endswith(".json"):
return {"data": [x.json for x in listing]} return {"data": [x.json for x in listing]}
return render_template("userpage.html", return render_template("userpage.html",
@ -869,12 +869,12 @@ def u_username_comments(username, v=None):
u = user u = user
if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)): if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): if g.is_api_or_xhr or request.path.endswith(".json"):
abort(403, "This userpage is private") abort(403, "This userpage is private")
return render_template("userpage_private.html", u=u, v=v) return render_template("userpage_private.html", u=u, v=v)
if v and hasattr(u, 'is_blocking') and u.is_blocking: if v and hasattr(u, 'is_blocking') and u.is_blocking:
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"): if g.is_api_or_xhr or request.path.endswith(".json"):
abort(403, f"You are blocking @{u.username}.") abort(403, f"You are blocking @{u.username}.")
return render_template("userpage_blocking.html", u=u, v=v) return render_template("userpage_blocking.html", u=u, v=v)
@ -913,7 +913,7 @@ def u_username_comments(username, v=None):
listing = get_comments(ids, v=v) listing = get_comments(ids, v=v)
if request.headers.get("Authorization") or request.path.endswith(".json"): if v.client or request.path.endswith(".json"):
return {"data": [c.json for c in listing]} return {"data": [c.json for c in listing]}
return render_template("userpage_comments.html", u=user, v=v, listing=listing, page=page, sort=sort, t=t,next_exists=next_exists, is_following=is_following, standalone=True) return render_template("userpage_comments.html", u=user, v=v, listing=listing, page=page, sort=sort, t=t,next_exists=next_exists, is_following=is_following, standalone=True)
@ -1063,7 +1063,7 @@ def saved_posts(v, username):
listing = get_posts(ids, v=v) listing = get_posts(ids, v=v)
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]} if v.client: return {"data": [x.json for x in listing]}
return render_template("userpage.html", return render_template("userpage.html",
u=v, u=v,
v=v, v=v,
@ -1087,7 +1087,7 @@ def saved_comments(v, username):
listing = get_comments(ids, v=v) listing = get_comments(ids, v=v)
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]} if v.client: return {"data": [x.json for x in listing]}
return render_template("userpage_comments.html", return render_template("userpage_comments.html",
u=v, u=v,
v=v, v=v,
@ -1110,7 +1110,7 @@ def subscribed_posts(v, username):
listing = get_posts(ids, v=v) listing = get_posts(ids, v=v)
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]} if v.client: return {"data": [x.json for x in listing]}
return render_template("userpage.html", return render_template("userpage.html",
u=v, u=v,
v=v, v=v,

2
files/routes/votes.py
View File

@ -45,7 +45,7 @@ def vote_info_get(v, link):
def vote_post_comment(target_id, new, v, cls, vote_cls): def vote_post_comment(target_id, new, v, cls, vote_cls):
if new == "-1" and DISABLE_DOWNVOTES: abort(403) if new == "-1" and DISABLE_DOWNVOTES: abort(403)
if new not in ["-1", "0", "1"]: abort(400) if new not in ["-1", "0", "1"]: abort(400)
if request.headers.get("Authorization") and v.id != BBBB_ID: abort(403) if v.client and v.id != BBBB_ID: abort(403)
new = int(new) new = int(new)
target = None target = None
if cls == Submission: if cls == Submission: