2022-05-04 23:09:46 +00:00
|
|
|
from .get import *
|
|
|
|
from .alerts import *
|
|
|
|
from files.helpers.const import *
|
2022-06-24 13:19:53 +00:00
|
|
|
from files.helpers.get import *
|
2022-05-31 03:01:18 +00:00
|
|
|
from files.__main__ import db_session, limiter
|
2022-05-04 23:09:46 +00:00
|
|
|
from random import randint
|
2022-07-13 23:28:40 +00:00
|
|
|
import functools
|
2022-05-26 20:31:08 +00:00
|
|
|
import user_agents
|
2022-07-29 22:07:08 +00:00
|
|
|
import time
|
2022-05-04 23:09:46 +00:00
|
|
|
|
|
|
|
def get_logged_in_user():
|
2022-05-24 20:19:18 +00:00
|
|
|
|
2022-05-26 00:54:05 +00:00
|
|
|
if hasattr(g, 'v'): return g.v
|
|
|
|
|
2022-05-04 23:09:46 +00:00
|
|
|
if not (hasattr(g, 'db') and g.db): g.db = db_session()
|
|
|
|
|
|
|
|
v = None
|
|
|
|
|
|
|
|
token = request.headers.get("Authorization","").strip()
|
|
|
|
if token:
|
|
|
|
client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).one_or_none()
|
|
|
|
if client:
|
|
|
|
v = client.user
|
|
|
|
v.client = client
|
|
|
|
else:
|
|
|
|
lo_user = session.get("lo_user")
|
|
|
|
if lo_user:
|
|
|
|
id = int(lo_user)
|
2022-06-24 13:19:53 +00:00
|
|
|
v = get_account(id)
|
2022-05-04 23:09:46 +00:00
|
|
|
if v:
|
|
|
|
nonce = session.get("login_nonce", 0)
|
|
|
|
if nonce < v.login_nonce or v.id != id: abort(401)
|
|
|
|
|
|
|
|
if request.method != "GET":
|
|
|
|
submitted_key = request.values.get("formkey")
|
|
|
|
if not submitted_key: abort(401)
|
|
|
|
if not v.validate_formkey(submitted_key): abort(401)
|
|
|
|
|
|
|
|
v.client = None
|
|
|
|
|
|
|
|
|
|
|
|
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level):
|
|
|
|
abort(403)
|
|
|
|
|
2022-05-25 18:59:24 +00:00
|
|
|
|
|
|
|
if not session.get("session_id"):
|
|
|
|
session.permanent = True
|
|
|
|
session["session_id"] = secrets.token_hex(49)
|
2022-05-25 20:16:26 +00:00
|
|
|
|
|
|
|
loggedin = cache.get(f'{SITE}_loggedin') or {}
|
|
|
|
loggedout = cache.get(f'{SITE}_loggedout') or {}
|
2022-05-25 18:59:24 +00:00
|
|
|
g.loggedin_counter = 0
|
|
|
|
g.loggedout_counter = 0
|
|
|
|
|
2022-05-25 20:16:26 +00:00
|
|
|
timestamp = int(time.time())
|
|
|
|
if v:
|
|
|
|
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
|
|
|
loggedin[v.id] = timestamp
|
2022-06-20 20:25:03 +00:00
|
|
|
# Check against last_active + ACTIVE_TIME to reduce frequency of
|
|
|
|
# UPDATEs in exchange for a ±ACTIVE_TIME margin of error.
|
|
|
|
if (v.last_active + LOGGEDIN_ACTIVE_TIME) < timestamp:
|
|
|
|
v.last_active = timestamp
|
|
|
|
g.db.add(v)
|
2022-05-25 20:16:26 +00:00
|
|
|
else:
|
2022-05-26 20:53:24 +00:00
|
|
|
ua = str(user_agents.parse(g.agent))
|
2022-07-11 18:43:44 +00:00
|
|
|
if 'spider' not in ua.lower() and 'bot' not in ua.lower():
|
2022-05-26 20:49:36 +00:00
|
|
|
loggedout[session["session_id"]] = (timestamp, ua)
|
2022-05-25 20:16:26 +00:00
|
|
|
|
2022-06-20 20:25:03 +00:00
|
|
|
g.loggedin_counter = len([x for x in loggedin.values() if timestamp-x < LOGGEDIN_ACTIVE_TIME])
|
2022-05-25 20:16:26 +00:00
|
|
|
cache.set(f'{SITE}_loggedin', loggedin)
|
2022-05-26 20:31:08 +00:00
|
|
|
|
2022-06-20 20:25:03 +00:00
|
|
|
g.loggedout_counter = len([x for x in loggedout.values() if timestamp-x[0] < LOGGEDIN_ACTIVE_TIME])
|
2022-05-25 20:16:26 +00:00
|
|
|
cache.set(f'{SITE}_loggedout', loggedout)
|
2022-05-25 18:59:24 +00:00
|
|
|
|
2022-05-26 00:54:05 +00:00
|
|
|
g.v = v
|
2022-05-25 18:59:24 +00:00
|
|
|
|
2022-06-27 03:46:32 +00:00
|
|
|
if v: v.poor = session.get('poor')
|
|
|
|
|
2022-08-01 00:41:12 +00:00
|
|
|
if AEVANN_ID and request.headers.get("Cf-Ipcountry") == 'EG' and not (v and v.id == AEVANN_ID):
|
2022-07-30 13:41:00 +00:00
|
|
|
with open(f"/eg", "r+", encoding="utf-8") as f:
|
2022-07-29 22:07:08 +00:00
|
|
|
ip = request.headers.get('CF-Connecting-IP')
|
2022-07-29 23:23:33 +00:00
|
|
|
if f'{v}, {ip}' not in f.read():
|
|
|
|
t = str(time.strftime("%d/%B/%Y %H:%M:%S UTC", time.gmtime(time.time())))
|
2022-07-30 13:41:00 +00:00
|
|
|
f.write(f'{f.read()}{v}, {ip}, {t}\n')
|
2022-05-04 23:09:46 +00:00
|
|
|
return v
|
|
|
|
|
|
|
|
def check_ban_evade(v):
|
|
|
|
if v and not v.patron and v.admin_level < 2 and v.ban_evade and not v.unban_utc:
|
|
|
|
v.shadowbanned = "AutoJanny"
|
|
|
|
g.db.add(v)
|
|
|
|
|
|
|
|
def auth_desired(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
v = get_logged_in_user()
|
|
|
|
|
|
|
|
check_ban_evade(v)
|
|
|
|
|
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
2022-08-05 20:40:48 +00:00
|
|
|
def auth_desired_with_logingate(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
v = get_logged_in_user()
|
|
|
|
if app.config['SETTINGS']['login_required'] and not v: abort(401)
|
2022-05-04 23:09:46 +00:00
|
|
|
|
2022-08-05 20:40:48 +00:00
|
|
|
check_ban_evade(v)
|
2022-05-04 23:09:46 +00:00
|
|
|
|
2022-08-05 20:40:48 +00:00
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
def auth_required(f):
|
2022-05-04 23:09:46 +00:00
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
v = get_logged_in_user()
|
|
|
|
if not v: abort(401)
|
|
|
|
|
|
|
|
check_ban_evade(v)
|
|
|
|
|
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
2022-07-13 23:28:40 +00:00
|
|
|
def auth_trusted_server(func):
|
|
|
|
@functools.wraps(func)
|
|
|
|
def inner(*args, **kwargs):
|
|
|
|
if not TRUSTED_SERVER_PSK: abort(401)
|
|
|
|
|
|
|
|
auth = request.headers.get("Authorization", None)
|
|
|
|
if not auth: abort(401)
|
|
|
|
|
|
|
|
auth_words = auth.split(' ')
|
|
|
|
if len(auth_words) != 2 or auth_words[0] != 'TrustedServer':
|
|
|
|
abort(401)
|
|
|
|
|
|
|
|
if not auth_words[1] == TRUSTED_SERVER_PSK:
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
return make_response(func(*args, **kwargs))
|
|
|
|
return inner
|
2022-05-04 23:09:46 +00:00
|
|
|
|
|
|
|
def is_not_permabanned(f):
|
|
|
|
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
|
|
|
|
v = get_logged_in_user()
|
|
|
|
|
|
|
|
if not v: abort(401)
|
|
|
|
|
|
|
|
check_ban_evade(v)
|
|
|
|
|
|
|
|
if v.is_banned and v.unban_utc == 0:
|
|
|
|
return {"error": "Interal server error"}, 500
|
|
|
|
|
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
|
|
|
def admin_level_required(x):
|
|
|
|
|
|
|
|
def wrapper_maker(f):
|
|
|
|
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
|
|
|
|
v = get_logged_in_user()
|
|
|
|
|
|
|
|
if not v: abort(401)
|
|
|
|
|
|
|
|
if v.admin_level < x: abort(403)
|
|
|
|
|
|
|
|
return make_response(f(*args, v=v, **kwargs))
|
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
|
|
|
return wrapper
|
|
|
|
|
2022-05-30 01:43:16 +00:00
|
|
|
return wrapper_maker
|
|
|
|
|
|
|
|
def lottery_required(f):
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
v = get_logged_in_user()
|
|
|
|
|
|
|
|
if not LOTTERY_ENABLED: abort(404)
|
2022-05-30 09:32:45 +00:00
|
|
|
if v and not v.can_gamble: abort(403)
|
2022-05-30 01:43:16 +00:00
|
|
|
|
|
|
|
return make_response(f(v=v))
|
|
|
|
|
|
|
|
wrapper.__name__ = f.__name__
|
2022-07-13 23:28:40 +00:00
|
|
|
return wrapper
|