2021-10-15 14:08:27 +00:00
from files . helpers . wrappers import *
from files . helpers . alerts import *
from files . helpers . get import *
from files . helpers . const import *
from files . classes import *
from flask import *
from files . __main__ import app , limiter
from sqlalchemy . orm import joinedload
@app.get ( " /authorize " )
@auth_required
def authorize_prompt ( v ) :
client_id = request . values . get ( " client_id " )
2022-01-02 00:06:46 +00:00
application = g . db . query ( OauthApp ) . filter_by ( client_id = client_id ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
if not application : return { " oauth_error " : " Invalid `client_id` " } , 401
2022-01-14 12:04:34 +00:00
return render_template ( " oauth.html " , v = v , application = application )
2021-10-15 14:08:27 +00:00
@app.post ( " /authorize " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2021-10-15 14:08:27 +00:00
@auth_required
def authorize ( v ) :
client_id = request . values . get ( " client_id " )
2022-01-02 00:06:46 +00:00
application = g . db . query ( OauthApp ) . filter_by ( client_id = client_id ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
if not application : return { " oauth_error " : " Invalid `client_id` " } , 401
access_token = secrets . token_urlsafe ( 128 ) [ : 128 ]
2021-10-15 15:59:23 +00:00
new_auth = ClientAuth ( oauth_client = application . id , user_id = v . id , access_token = access_token )
2021-10-15 14:08:27 +00:00
g . db . add ( new_auth )
g . db . commit ( )
return redirect ( f " { application . redirect_uri } ?token= { access_token } " )
@app.post ( " /api_keys " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2022-01-06 16:46:09 +00:00
@is_not_permabanned
2021-10-15 14:08:27 +00:00
def request_api_keys ( v ) :
new_app = OauthApp (
2021-12-01 17:41:33 +00:00
app_name = request . values . get ( ' name ' ) . replace ( ' < ' , ' ' ) ,
2021-10-15 14:08:27 +00:00
redirect_uri = request . values . get ( ' redirect_uri ' ) ,
author_id = v . id ,
description = request . values . get ( " description " ) [ : 256 ]
)
g . db . add ( new_app )
2022-01-14 06:40:30 +00:00
text = f " { v . username } has requested API keys for ` { request . values . get ( ' name ' ) } `. You can approve or deny the request [here](/admin/apps). "
text_html = sanitize ( text , noimages = True )
new_comment = Comment ( author_id = NOTIFICATIONS_ID ,
parent_submission = None ,
level = 1 ,
sentto = 0 ,
body_html = text_html ,
)
g . db . add ( new_comment )
g . db . flush ( )
admins = g . db . query ( User ) . filter ( User . admin_level > 2 ) . all ( )
for admin in admins :
notif = Notification ( comment_id = new_comment . id , user_id = admin . id )
g . db . add ( notif )
2021-10-15 14:08:27 +00:00
g . db . commit ( )
return redirect ( ' /settings/apps ' )
@app.post ( " /delete_app/<aid> " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2021-10-15 14:08:27 +00:00
@auth_required
def delete_oauth_app ( v , aid ) :
aid = int ( aid )
2022-01-02 00:06:46 +00:00
app = g . db . query ( OauthApp ) . filter_by ( id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
2021-10-15 15:59:23 +00:00
if app . author_id != v . id : abort ( 403 )
2021-11-06 15:52:48 +00:00
for auth in g . db . query ( ClientAuth ) . filter_by ( oauth_client = app . id ) . all ( ) :
2021-10-15 14:08:27 +00:00
g . db . delete ( auth )
g . db . delete ( app )
g . db . commit ( )
return redirect ( ' /apps ' )
@app.post ( " /edit_app/<aid> " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2022-01-06 16:46:09 +00:00
@is_not_permabanned
2021-10-15 14:08:27 +00:00
def edit_oauth_app ( v , aid ) :
aid = int ( aid )
2022-01-02 00:06:46 +00:00
app = g . db . query ( OauthApp ) . filter_by ( id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
2021-10-15 15:59:23 +00:00
if app . author_id != v . id : abort ( 403 )
2021-10-15 14:08:27 +00:00
app . redirect_uri = request . values . get ( ' redirect_uri ' )
app . app_name = request . values . get ( ' name ' )
app . description = request . values . get ( " description " ) [ : 256 ]
g . db . add ( app )
g . db . commit ( )
return redirect ( ' /settings/apps ' )
@app.post ( " /admin/app/approve/<aid> " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2021-11-16 04:18:36 +00:00
@admin_level_required ( 2 )
2021-10-15 14:08:27 +00:00
def admin_app_approve ( v , aid ) :
2022-01-02 00:06:46 +00:00
app = g . db . query ( OauthApp ) . filter_by ( id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
user = app . author
app . client_id = secrets . token_urlsafe ( 64 ) [ : 64 ]
g . db . add ( app )
access_token = secrets . token_urlsafe ( 128 ) [ : 128 ]
new_auth = ClientAuth (
oauth_client = app . id ,
user_id = user . id ,
access_token = access_token
)
g . db . add ( new_auth )
2021-12-20 20:03:59 +00:00
send_repeatable_notification ( user . id , f " Your application ` { app . app_name } ` has been approved. Here ' s your access token: ` { access_token } ` \n Please check the guide [here](/api) if you don ' t know what to do next. " )
2021-10-15 14:08:27 +00:00
2021-10-25 18:08:03 +00:00
ma = ModAction (
kind = " approve_app " ,
user_id = v . id ,
target_user_id = user . id ,
)
g . db . add ( ma )
2021-10-15 14:08:27 +00:00
g . db . commit ( )
2022-01-07 21:03:14 +00:00
return { " message " : " Application approved " }
2021-10-15 14:08:27 +00:00
@app.post ( " /admin/app/revoke/<aid> " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2021-11-16 04:18:36 +00:00
@admin_level_required ( 2 )
2021-10-15 14:08:27 +00:00
def admin_app_revoke ( v , aid ) :
2022-01-02 00:06:46 +00:00
app = g . db . query ( OauthApp ) . filter_by ( id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
if app . id :
2021-11-06 15:52:48 +00:00
for auth in g . db . query ( ClientAuth ) . filter_by ( oauth_client = app . id ) . all ( ) : g . db . delete ( auth )
2021-10-15 14:08:27 +00:00
2021-12-20 20:03:59 +00:00
send_repeatable_notification ( app . author . id , f " Your application ` { app . app_name } ` has been revoked. " )
2021-10-15 14:08:27 +00:00
g . db . delete ( app )
2021-10-25 18:08:03 +00:00
ma = ModAction (
kind = " revoke_app " ,
user_id = v . id ,
target_user_id = app . author . id ,
)
g . db . add ( ma )
2021-10-15 14:08:27 +00:00
g . db . commit ( )
2022-01-07 21:03:14 +00:00
return { " message " : " App revoked " }
2021-10-15 14:08:27 +00:00
@app.post ( " /admin/app/reject/<aid> " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2021-11-16 04:18:36 +00:00
@admin_level_required ( 2 )
2021-10-15 14:08:27 +00:00
def admin_app_reject ( v , aid ) :
2022-01-02 00:06:46 +00:00
app = g . db . query ( OauthApp ) . filter_by ( id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
2021-11-06 15:52:48 +00:00
for auth in g . db . query ( ClientAuth ) . filter_by ( oauth_client = app . id ) . all ( ) : g . db . delete ( auth )
2021-10-15 14:08:27 +00:00
2021-12-20 20:03:59 +00:00
send_repeatable_notification ( app . author . id , f " Your application ` { app . app_name } ` has been rejected. " )
2021-10-15 14:08:27 +00:00
g . db . delete ( app )
2021-10-25 18:08:03 +00:00
ma = ModAction (
kind = " reject_app " ,
user_id = v . id ,
target_user_id = app . author . id ,
)
g . db . add ( ma )
2021-10-15 14:08:27 +00:00
g . db . commit ( )
2022-01-07 21:03:14 +00:00
return { " message " : " App rejected " }
2021-10-15 14:08:27 +00:00
@app.get ( " /admin/app/<aid> " )
2021-11-16 04:18:36 +00:00
@admin_level_required ( 2 )
2021-10-15 14:08:27 +00:00
def admin_app_id ( v , aid ) :
aid = aid
oauth = g . db . query ( OauthApp ) . options (
joinedload (
OauthApp . author ) ) . filter_by (
2022-01-02 00:06:46 +00:00
id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
pids = oauth . idlist ( page = int ( request . values . get ( " page " , 1 ) ) ,
)
next_exists = len ( pids ) == 101
pids = pids [ : 100 ]
posts = get_posts ( pids , v = v )
2022-01-14 12:04:34 +00:00
return render_template ( " admin/app.html " ,
2021-10-15 14:08:27 +00:00
v = v ,
app = oauth ,
listing = posts ,
next_exists = next_exists
)
@app.get ( " /admin/app/<aid>/comments " )
2021-11-16 04:18:36 +00:00
@admin_level_required ( 2 )
2021-10-15 14:08:27 +00:00
def admin_app_id_comments ( v , aid ) :
aid = aid
oauth = g . db . query ( OauthApp ) . options (
joinedload (
OauthApp . author ) ) . filter_by (
2022-01-02 00:06:46 +00:00
id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
cids = oauth . comments_idlist ( page = int ( request . values . get ( " page " , 1 ) ) ,
)
next_exists = len ( cids ) == 101
cids = cids [ : 100 ]
comments = get_comments ( cids , v = v )
2022-01-14 12:04:34 +00:00
return render_template ( " admin/app.html " ,
2021-10-15 14:08:27 +00:00
v = v ,
app = oauth ,
comments = comments ,
next_exists = next_exists ,
standalone = True
)
@app.get ( " /admin/apps " )
2021-11-16 04:18:36 +00:00
@admin_level_required ( 2 )
2021-10-15 14:08:27 +00:00
def admin_apps_list ( v ) :
2021-12-30 05:52:26 +00:00
apps = g . db . query ( OauthApp ) . order_by ( OauthApp . id . desc ( ) ) . all ( )
2021-10-15 14:08:27 +00:00
2022-01-14 12:04:34 +00:00
return render_template ( " admin/apps.html " , v = v , apps = apps )
2021-10-15 14:08:27 +00:00
@app.post ( " /oauth/reroll/<aid> " )
2022-01-15 06:31:17 +00:00
@limiter.limit ( " 1/second;30/minute;200/hour;1000/day " )
2021-10-15 14:08:27 +00:00
@auth_required
def reroll_oauth_tokens ( aid , v ) :
aid = aid
2022-01-02 00:06:46 +00:00
a = g . db . query ( OauthApp ) . filter_by ( id = aid ) . one_or_none ( )
2021-10-15 14:08:27 +00:00
if a . author_id != v . id : abort ( 403 )
a . client_id = secrets . token_urlsafe ( 64 ) [ : 64 ]
g . db . add ( a )
g . db . commit ( )
return { " message " : " Client ID Rerolled " , " id " : a . client_id }