2021-07-22 19:19:49 +00:00
|
|
|
from drama.helpers.wrappers import *
|
|
|
|
from drama.helpers.alerts import *
|
|
|
|
from drama.helpers.get import *
|
|
|
|
from drama.classes import *
|
2021-07-21 01:12:26 +00:00
|
|
|
from flask import *
|
2021-07-22 19:19:49 +00:00
|
|
|
from drama.__main__ import app
|
2021-07-21 01:12:26 +00:00
|
|
|
|
2021-08-03 16:39:59 +00:00
|
|
|
@app.get("/authorize")
|
2021-07-21 01:12:26 +00:00
|
|
|
@auth_required
|
2021-08-03 16:39:59 +00:00
|
|
|
def authorize_prompt(v):
|
2021-07-21 01:12:26 +00:00
|
|
|
client_id = request.args.get("client_id")
|
2021-07-25 14:23:53 +00:00
|
|
|
application = g.db.query(OauthApp).filter_by(client_id=client_id).first()
|
|
|
|
|
2021-08-03 16:39:59 +00:00
|
|
|
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
|
|
|
|
if application.is_banned: return {"oauth_error": f"Application `{application.app_name}` is suspended."}, 403
|
2021-07-21 01:12:26 +00:00
|
|
|
redirect_uri = request.args.get("redirect_uri")
|
2021-08-03 16:39:59 +00:00
|
|
|
if not redirect_uri: return {"oauth_error": f"`redirect_uri` must be provided."}, 400
|
|
|
|
return render_template("oauth.html", v=v, application=application, redirect_uri=redirect_uri)
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
|
2021-08-03 16:25:38 +00:00
|
|
|
@app.post("/authorize")
|
2021-07-21 01:12:26 +00:00
|
|
|
@auth_required
|
|
|
|
@validate_formkey
|
2021-08-03 16:25:38 +00:00
|
|
|
def oauth(v):
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
client_id = request.form.get("client_id")
|
2021-07-25 14:23:53 +00:00
|
|
|
application = g.db.query(OauthApp).filter_by(client_id=client_id).first()
|
2021-08-03 16:25:38 +00:00
|
|
|
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
|
|
|
|
if application.is_banned: return {"oauth_error": f"Application `{application.app_name}` is suspended."}, 403
|
|
|
|
access_token = secrets.token_urlsafe(128)[:128]
|
2021-07-21 01:12:26 +00:00
|
|
|
new_auth = ClientAuth(
|
2021-08-03 16:25:38 +00:00
|
|
|
oauth_client = application.id,
|
|
|
|
user_id = v.id,
|
|
|
|
access_token=access_token
|
2021-07-21 01:12:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
g.db.add(new_auth)
|
|
|
|
|
2021-08-03 16:25:38 +00:00
|
|
|
return redirect(f"{application.redirect_uri}?token={access_token}")
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.post("/api_keys")
|
2021-07-21 01:12:26 +00:00
|
|
|
@is_not_banned
|
|
|
|
def request_api_keys(v):
|
|
|
|
|
|
|
|
new_app = OauthApp(
|
|
|
|
app_name=request.form.get('name'),
|
|
|
|
redirect_uri=request.form.get('redirect_uri'),
|
|
|
|
author_id=v.id,
|
2021-07-28 10:57:41 +00:00
|
|
|
description=request.form.get("description")[:256]
|
2021-07-21 01:12:26 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
g.db.add(new_app)
|
|
|
|
|
|
|
|
send_admin(1046, f"@{v.username} has requested API keys for `{request.form.get('name')}`. You can approve or deny the request [here](/admin/apps).")
|
|
|
|
|
|
|
|
return redirect('/settings/apps')
|
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.post("/delete_app/<aid>")
|
2021-07-21 01:12:26 +00:00
|
|
|
@is_not_banned
|
|
|
|
@validate_formkey
|
|
|
|
def delete_oauth_app(v, aid):
|
|
|
|
|
|
|
|
aid = int(aid)
|
|
|
|
app = g.db.query(OauthApp).filter_by(id=aid).first()
|
|
|
|
|
|
|
|
for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all():
|
|
|
|
g.db.delete(auth)
|
|
|
|
|
|
|
|
g.db.commit()
|
|
|
|
|
|
|
|
g.db.delete(app)
|
|
|
|
|
|
|
|
return redirect('/apps')
|
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.post("/edit_app/<aid>")
|
2021-07-21 01:12:26 +00:00
|
|
|
@is_not_banned
|
|
|
|
@validate_formkey
|
|
|
|
def edit_oauth_app(v, aid):
|
|
|
|
|
|
|
|
aid = int(aid)
|
|
|
|
app = g.db.query(OauthApp).filter_by(id=aid).first()
|
|
|
|
|
|
|
|
app.redirect_uri = request.form.get('redirect_uri')
|
|
|
|
app.app_name = request.form.get('name')
|
2021-07-28 10:57:41 +00:00
|
|
|
app.description = request.form.get("description")[:256]
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
g.db.add(app)
|
|
|
|
|
|
|
|
return redirect('/settings/apps')
|
|
|
|
|
|
|
|
|
2021-07-31 04:48:47 +00:00
|
|
|
@app.route("/identity")
|
2021-07-21 01:12:26 +00:00
|
|
|
@auth_required
|
|
|
|
def api_v1_identity(v):
|
2021-07-31 05:28:05 +00:00
|
|
|
return v.json
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.post("/admin/app/approve/<aid>")
|
2021-07-21 01:12:26 +00:00
|
|
|
@admin_level_required(3)
|
|
|
|
@validate_formkey
|
|
|
|
def admin_app_approve(v, aid):
|
|
|
|
|
2021-07-30 05:31:38 +00:00
|
|
|
app = g.db.query(OauthApp).filter_by(id=aid).first()
|
2021-07-21 01:12:26 +00:00
|
|
|
|
2021-08-02 07:37:46 +00:00
|
|
|
app.client_id = secrets.token_urlsafe(64)[:64]
|
|
|
|
app.client_secret = secrets.token_urlsafe(128)[:128]
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
g.db.add(app)
|
|
|
|
|
|
|
|
u = get_account(app.author_id, v=v)
|
|
|
|
send_notification(1046, u, f"Your application `{app.app_name}` has been approved.")
|
|
|
|
|
2021-07-31 05:28:05 +00:00
|
|
|
return {"message": f"{app.app_name} approved"}
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.post("/admin/app/revoke/<aid>")
|
2021-07-21 01:12:26 +00:00
|
|
|
@admin_level_required(3)
|
|
|
|
@validate_formkey
|
|
|
|
def admin_app_revoke(v, aid):
|
|
|
|
|
2021-07-30 05:31:38 +00:00
|
|
|
app = g.db.query(OauthApp).filter_by(id=aid).first()
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
app.client_id = None
|
|
|
|
app.client_secret = None
|
|
|
|
|
|
|
|
g.db.add(app)
|
|
|
|
|
|
|
|
u = get_account(app.author_id, v=v)
|
|
|
|
send_notification(1046, u, f"Your application `{app.app_name}` has been revoked.")
|
|
|
|
|
2021-07-31 05:28:05 +00:00
|
|
|
return {"message": f"{app.app_name} revoked"}
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.post("/admin/app/reject/<aid>")
|
2021-07-21 01:12:26 +00:00
|
|
|
@admin_level_required(3)
|
|
|
|
@validate_formkey
|
|
|
|
def admin_app_reject(v, aid):
|
|
|
|
|
2021-07-30 05:31:38 +00:00
|
|
|
app = g.db.query(OauthApp).filter_by(id=aid).first()
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all():
|
|
|
|
g.db.delete(auth)
|
|
|
|
|
|
|
|
g.db.flush()
|
|
|
|
u = get_account(app.author_id, v=v)
|
|
|
|
send_notification(1046, u, f"Your application `{app.app_name}` has been rejected.")
|
|
|
|
|
|
|
|
g.db.delete(app)
|
|
|
|
|
2021-07-31 05:28:05 +00:00
|
|
|
return {"message": f"{app.app_name} rejected"}
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.get("/admin/app/<aid>")
|
2021-07-21 01:12:26 +00:00
|
|
|
@admin_level_required(3)
|
|
|
|
def admin_app_id(v, aid):
|
|
|
|
|
2021-07-30 05:31:38 +00:00
|
|
|
aid=aid
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
oauth = g.db.query(OauthApp).options(
|
|
|
|
joinedload(
|
|
|
|
OauthApp.author)).filter_by(
|
|
|
|
id=aid).first()
|
|
|
|
|
|
|
|
pids=oauth.idlist(page=int(request.args.get("page",1)),
|
|
|
|
)
|
|
|
|
|
|
|
|
next_exists=len(pids)==101
|
2021-08-02 07:37:46 +00:00
|
|
|
pids=pids[:100]
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
posts=get_posts(pids, v=v)
|
|
|
|
|
|
|
|
return render_template("admin/app.html",
|
|
|
|
v=v,
|
|
|
|
app=oauth,
|
|
|
|
listing=posts,
|
|
|
|
next_exists=next_exists
|
|
|
|
)
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.get("/admin/app/<aid>/comments")
|
2021-07-21 01:12:26 +00:00
|
|
|
@admin_level_required(3)
|
|
|
|
def admin_app_id_comments(v, aid):
|
|
|
|
|
2021-07-30 05:31:38 +00:00
|
|
|
aid=aid
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
oauth = g.db.query(OauthApp).options(
|
|
|
|
joinedload(
|
|
|
|
OauthApp.author)).filter_by(
|
|
|
|
id=aid).first()
|
|
|
|
|
|
|
|
cids=oauth.comments_idlist(page=int(request.args.get("page",1)),
|
|
|
|
)
|
|
|
|
|
|
|
|
next_exists=len(cids)==101
|
2021-08-02 07:37:46 +00:00
|
|
|
cids=cids[:100]
|
2021-07-21 01:12:26 +00:00
|
|
|
|
|
|
|
comments=get_comments(cids, v=v)
|
|
|
|
|
|
|
|
|
|
|
|
return render_template("admin/app.html",
|
|
|
|
v=v,
|
|
|
|
app=oauth,
|
|
|
|
comments=comments,
|
|
|
|
next_exists=next_exists,
|
|
|
|
standalone=True
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2021-07-27 22:31:28 +00:00
|
|
|
@app.get("/admin/apps")
|
2021-07-21 01:12:26 +00:00
|
|
|
@admin_level_required(3)
|
|
|
|
def admin_apps_list(v):
|
|
|
|
|
2021-08-03 16:41:52 +00:00
|
|
|
apps = g.db.query(OauthApp).all()
|
2021-07-21 01:12:26 +00:00
|
|
|
|
2021-08-03 16:41:52 +00:00
|
|
|
return render_template("admin/apps.html", v=v, apps=apps)
|