remotes/1693045480750635534/spooky-22
parent
70e00e43fc
commit
397b0ae4d9
|
@ -388,8 +388,7 @@ class User(Base, Stndrd, Age_times):
|
||||||
@property
|
@property
|
||||||
def formkey(self):
|
def formkey(self):
|
||||||
|
|
||||||
if "session_id" not in session:
|
if "session_id" not in session: session["session_id"] = token_hex(16)
|
||||||
session["session_id"] = token_hex(16)
|
|
||||||
|
|
||||||
msg = f"{session['session_id']}+{self.id}+{self.login_nonce}"
|
msg = f"{session['session_id']}+{self.id}+{self.login_nonce}"
|
||||||
|
|
||||||
|
|
|
@ -375,14 +375,11 @@ def validate_formkey(f):
|
||||||
|
|
||||||
if not request.path.startswith("/api/v1"):
|
if not request.path.startswith("/api/v1"):
|
||||||
|
|
||||||
submitted_key = request.values.get("formkey", "none")
|
submitted_key = request.values.get("formkey", None)
|
||||||
|
|
||||||
if not submitted_key:
|
if not submitted_key: abort(401)
|
||||||
|
|
||||||
abort(401)
|
elif not v.validate_formkey(submitted_key): abort(401)
|
||||||
|
|
||||||
elif not v.validate_formkey(submitted_key):
|
|
||||||
abort(401)
|
|
||||||
|
|
||||||
return f(*args, v=v, **kwargs)
|
return f(*args, v=v, **kwargs)
|
||||||
|
|
||||||
|
|
|
@ -275,28 +275,24 @@ def admin_vote_info_get(v):
|
||||||
ups = g.db.query(Vote
|
ups = g.db.query(Vote
|
||||||
).options(joinedload(Vote.user)
|
).options(joinedload(Vote.user)
|
||||||
).filter_by(submission_id=thing.id, vote_type=1
|
).filter_by(submission_id=thing.id, vote_type=1
|
||||||
).order_by(Vote.creation_ip.asc()
|
).all()
|
||||||
).all()
|
|
||||||
|
|
||||||
downs = g.db.query(Vote
|
downs = g.db.query(Vote
|
||||||
).options(joinedload(Vote.user)
|
).options(joinedload(Vote.user)
|
||||||
).filter_by(submission_id=thing.id, vote_type=-1
|
).filter_by(submission_id=thing.id, vote_type=-1
|
||||||
).order_by(Vote.creation_ip.asc()
|
).all()
|
||||||
).all()
|
|
||||||
|
|
||||||
elif isinstance(thing, Comment):
|
elif isinstance(thing, Comment):
|
||||||
|
|
||||||
ups = g.db.query(CommentVote
|
ups = g.db.query(CommentVote
|
||||||
).options(joinedload(CommentVote.user)
|
).options(joinedload(CommentVote.user)
|
||||||
).filter_by(comment_id=thing.id, vote_type=1
|
).filter_by(comment_id=thing.id, vote_type=1
|
||||||
).order_by(CommentVote.creation_ip.asc()
|
).all()
|
||||||
).all()
|
|
||||||
|
|
||||||
downs = g.db.query(CommentVote
|
downs = g.db.query(CommentVote
|
||||||
).options(joinedload(CommentVote.user)
|
).options(joinedload(CommentVote.user)
|
||||||
).filter_by(comment_id=thing.id, vote_type=-1
|
).filter_by(comment_id=thing.id, vote_type=-1
|
||||||
).order_by(CommentVote.creation_ip.asc()
|
).all()
|
||||||
).all()
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
abort(400)
|
abort(400)
|
||||||
|
|
Loading…
Reference in New Issue