add g.is_api_or_xhr so we can use it where we want to give API output

* also use v.client for strict API clients
2022-10-15 02:11:36 -07:00 · 2022-10-15 02:11:36 -07:00 · 39aa59a37a
parent ab1f9b1351
commit 39aa59a37a
12 changed files with 40 additions and 43 deletions
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -35,13 +35,9 @@ def calc_users(v):
 	return ''

 def get_logged_in_user():
-
 	if hasattr(g, 'v'): return g.v
-
 	if not (hasattr(g, 'db') and g.db): g.db = db_session()
-
 	v = None
-
 	token = request.headers.get("Authorization","").strip()
 	if token:
 		client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).one_or_none()
@ -66,7 +62,7 @@ def get_logged_in_user():
 					if not v.validate_formkey(submitted_key): abort(401)

 				v.client = None
-
+	g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))

 	if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
 		abort(403)
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -56,8 +56,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
 	post = get_post(pid, v=v)
 	
 	if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()):
-		if request.headers.get("Authorization"): abort(403, "This content is not suitable for some users and situations.")
-		else: return render_template("errors/nsfw.html", v=v)
+		if v and v.client: abort(403, "This content is not suitable for some users and situations.")
+		else: return render_template("errors/nsfw.html", v=v), 403

 	try: context = min(int(request.values.get("context", 0)), 8)
 	except: context = 0
@ -115,7 +115,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):

 	post.replies=[top_comment]
 			
-	if request.headers.get("Authorization"): return top_comment.json
+	if v and v.client: return top_comment.json
 	else: 
 		if post.is_banned and not (v and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.author_id == v.id)): template = "submission_banned.html"
 		else: template = "submission.html"
@ -255,7 +255,7 @@ def comment(v):
 	if parent.author.any_block_exists(v) and v.admin_level < PERMS['POST_COMMENT_MODERATION']:
 		abort(403, "You can't reply to users who have blocked you or users that you have blocked.")

-	is_bot = v.id != BBBB_ID and (bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID))
+	is_bot = v.id != BBBB_ID and v.client or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID))

 	execute_antispam_comment_check(body, v)

@ -416,7 +416,7 @@ def comment(v):

 	g.db.flush()

-	if request.headers.get("Authorization"): return c.json
+	if v.client: return c.json
 	return {"comment": render_template("comments.html", v=v, comments=[c])}


--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@ -27,6 +27,7 @@ def error(e):

 	if WERKZEUG_ERROR_DESCRIPTIONS.get(e.code, None) == details:
 		details = None
+	# for here and 401, not using g.is_api_or_xhr is intentional since API users won't get invalid token errors otherwise
 	if request.headers.get("Authorization") or request.headers.get("xhr"):
 		return {"error": title, "code": e.code, "description": msg, "details": details}, e.code
 	img = ERROR_MARSEYS.get(e.code, 'marseyl')
--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -72,7 +72,7 @@ def front_all(v, sub=None, subdomain=None):
 		if v.hidevotedon: posts = [x for x in posts if not hasattr(x, 'voted') or not x.voted]
 		award_timers(v)

-	if request.headers.get("Authorization"): return {"data": [x.json for x in posts], "next_exists": next_exists}
+	if v and v.client: return {"data": [x.json for x in posts], "next_exists": next_exists}
 	return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, ccmode=ccmode, sub=sub, home=True, pins=pins)


@ -206,7 +206,7 @@ def all_comments(v):

 	idlist = idlist[:25]

-	if request.headers.get("Authorization"): return {"data": [x.json for x in comments]}
+	if v.client: return {"data": [x.json for x in comments]}
 	return render_template("home_comments.html", v=v, sort=sort, t=t, page=page, comments=comments, standalone=True, next_exists=next_exists)


--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -174,7 +174,7 @@ def on_login(account, redir=None):
@app.get("/@me")
@auth_required
 def me(v):
-	if request.headers.get("Authorization"): return v.json
+	if v.client: return v.json
 	else: return redirect(v.url)


--- a/files/routes/notifications.py
+++ b/files/routes/notifications.py
@ -47,7 +47,7 @@ def notifications_modmail(v):

 	g.db.commit()

-	if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
+	if v.client: return {"data":[x.json for x in listing]}

 	return render_template("notifications.html",
 							v=v,
@ -117,7 +117,7 @@ def notifications_messages(v):
 		c.unread = True
 		list_to_perserve_unread_attribute.append(c)

-	if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
+	if v.client: return {"data":[x.json for x in listing]}

 	return render_template("notifications.html",
 							v=v,
@ -159,7 +159,7 @@ def notifications_posts(v):
 	v.last_viewed_post_notifs = int(time.time())
 	g.db.add(v)

-	if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
+	if v.client: return {"data":[x.json for x in listing]}

 	return render_template("notifications.html",
 							v=v,
@ -230,7 +230,7 @@ def notifications_reddit(v):

 	g.db.commit()

-	if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
+	if v.client: return {"data":[x.json for x in listing]}

 	return render_template("notifications.html",
 							v=v,
@ -298,7 +298,7 @@ def notifications(v):

 	g.db.commit()

-	if request.headers.get("Authorization"): return {"data":[x.json for x in listing]}
+	if v.client: return {"data":[x.json for x in listing]}

 	return render_template("notifications.html",
 							v=v,
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -143,7 +143,7 @@ def post_id(pid, anything=None, v=None, sub=None):
 	if not post.can_see(v): abort(403)

 	if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"Must be 18+ to view"}, 451
+		if g.is_api_or_xhr: return {"error":"Must be 18+ to view"}, 451
 		return render_template("errors/nsfw.html", v=v)

 	if post.new or 'megathread' in post.title.lower(): defaultsortingcomments = 'new'
@ -216,7 +216,7 @@ def post_id(pid, anything=None, v=None, sub=None):
 	if v and v.poorcel: threshold = 50
 	else: threshold = 100

-	if post.comment_count > threshold+25 and not request.headers.get("Authorization") and not request.values.get("all"):
+	if post.comment_count > threshold+25 and not (v and v.client) and not request.values.get("all"):
 		comments2 = []
 		count = 0
 		if post.created_utc > 1638672040:
@ -254,7 +254,7 @@ def post_id(pid, anything=None, v=None, sub=None):
 	post.views += 1
 	g.db.add(post)

-	if request.headers.get("Authorization"):
+	if v and v.client:
 		return post.json

 	template = "submission.html"
@ -708,7 +708,7 @@ def submit_post(v, sub=None):
 	body = sanitize_raw_body(request.values.get("body", ""), True)

 	def error(error):
-		if request.headers.get("Authorization") or request.headers.get("xhr"): abort(400, error)
+		if g.is_api_or_xhr: abort(400, error)
 	
 		SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()]
 		return render_template("submit.html", SUBS=SUBS, v=v, error=error, title=title, url=url, body=body), 400
@ -877,7 +877,7 @@ def submit_post(v, sub=None):
 	
 	if embed and len(embed) > 1500: embed = None

-	is_bot = v.id != BBBB_ID and bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)
+	is_bot = v.id != BBBB_ID and v.client or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID)

 	if request.values.get("ghost") and v.coins >= 100:
 		v.charge_account('coins', 100)
@ -1041,7 +1041,7 @@ def submit_post(v, sub=None):
 		send_wpd_message(post.permalink)

 	g.db.commit()
-	if request.headers.get("Authorization"): return post.json
+	if v.client: return post.json
 	else:
 		post.voted = 1
 		if post.new or 'megathread' in post.title.lower(): sort = 'new'
--- a/files/routes/search.py
+++ b/files/routes/search.py
@ -71,7 +71,7 @@ def searchposts(v):
 		posts = posts.filter(Submission.ghost == False)
 		author = get_user(criteria['author'], v=v, include_shadowbanned=False)
 		if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
-			if request.headers.get("Authorization"):
+			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
 			return render_template("search.html",
 								v=v,
@ -159,7 +159,7 @@ def searchposts(v):

 	posts = get_posts(ids, v=v)

-	if request.headers.get("Authorization"): return {"total":total, "data":[x.json for x in posts]}
+	if v.client: return {"total":total, "data":[x.json for x in posts]}

 	return render_template("search.html",
 						v=v,
@ -199,7 +199,7 @@ def searchcomments(v):
 		comments = comments.filter(Comment.ghost == False)
 		author = get_user(criteria['author'], v=v, include_shadowbanned=False)
 		if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
-			if request.headers.get("Authorization"):
+			if v.client:
 				abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")

 			return render_template("search_comments.html", v=v, query=query, total=0, page=page, comments=[], sort=sort, t=t, next_exists=False, error=f"@{author.username}'s profile is private; You can't use the 'author' syntax on them.")
@ -260,7 +260,7 @@ def searchcomments(v):

 	comments = get_comments(ids, v=v)

-	if request.headers.get("Authorization"): return {"total":total, "data":[x.json for x in comments]}
+	if v.client: return {"total":total, "data":[x.json for x in comments]}
 	return render_template("search_comments.html", v=v, query=query, total=total, page=page, comments=comments, sort=sort, t=t, next_exists=next_exists, standalone=True)


@ -294,5 +294,5 @@ def searchusers(v):
 	next_exists=(len(users)>25)
 	users=users[:25]

-	if request.headers.get("Authorization"): return {"data": [x.json for x in users]}
+	if v.client: return {"data": [x.json for x in users]}
 	return render_template("search_users.html", v=v, query=query, total=total, page=page, users=users, sort=sort, t=t, next_exists=next_exists)
--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -81,7 +81,7 @@ def sidebar(v):
@app.get("/stats")
@auth_required
 def participation_stats(v):
-	if request.headers.get("Authorization"): return stats_cached()
+	if v.client: return stats_cached()
 	return render_template("stats.html", v=v, title="Content Statistics", data=stats_cached())

@cache.memoize(timeout=86400)
@ -431,7 +431,7 @@ def transfers(v):
 	next_exists = len(comments) > 25
 	comments = comments[:25]

-	if request.headers.get("Authorization"):
+	if v.client:
 		return {"data": [x.json for x in comments]}
 	else:
 		return render_template("transfers.html", v=v, page=page, comments=comments, standalone=True, next_exists=next_exists)
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@ -95,7 +95,7 @@ def unexile(v, sub, uid):
 		)
 		g.db.add(ma)
 	
-	if request.headers.get("Authorization") or request.headers.get("xhr"):
+	if g.is_api_or_xhr:
 		return {"message": f"@{u.username} has been unexiled from /h/{sub} successfully!"}

 	
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -789,14 +789,14 @@ def u_username(username, v=None):

 		
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
-		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+		if g.is_api_or_xhr or request.path.endswith(".json"):
 			abort(403, "This userpage is private")

 		return render_template("userpage_private.html", u=u, v=v)

 	
 	if v and hasattr(u, 'is_blocking') and u.is_blocking:
-		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+		if g.is_api_or_xhr or request.path.endswith(".json"):
 			abort(403, f"You are blocking @{u.username}.")

 		return render_template("userpage_blocking.html", u=u, v=v)
@ -822,7 +822,7 @@ def u_username(username, v=None):
 	listing = get_posts(ids, v=v)

 	if u.unban_utc:
-		if request.headers.get("Authorization") or request.path.endswith(".json"):
+		if (v and v.client) or request.path.endswith(".json"):
 			return {"data": [x.json for x in listing]}
 		
 		return render_template("userpage.html",
@ -836,7 +836,7 @@ def u_username(username, v=None):
 												next_exists=next_exists,
 												is_following=is_following)

-	if request.headers.get("Authorization") or request.path.endswith(".json"):
+	if (v and v.client) or request.path.endswith(".json"):
 		return {"data": [x.json for x in listing]}
 	
 	return render_template("userpage.html",
@ -869,12 +869,12 @@ def u_username_comments(username, v=None):
 	u = user

 	if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
-		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+		if g.is_api_or_xhr or request.path.endswith(".json"):
 			abort(403, "This userpage is private")
 		return render_template("userpage_private.html", u=u, v=v)

 	if v and hasattr(u, 'is_blocking') and u.is_blocking:
-		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+		if g.is_api_or_xhr or request.path.endswith(".json"):
 			abort(403, f"You are blocking @{u.username}.")
 		return render_template("userpage_blocking.html", u=u, v=v)

@ -913,7 +913,7 @@ def u_username_comments(username, v=None):

 	listing = get_comments(ids, v=v)

-	if request.headers.get("Authorization") or request.path.endswith(".json"):
+	if v.client or request.path.endswith(".json"):
 		return {"data": [c.json for c in listing]}
 	
 	return render_template("userpage_comments.html", u=user, v=v, listing=listing, page=page, sort=sort, t=t,next_exists=next_exists, is_following=is_following, standalone=True)
@ -1063,7 +1063,7 @@ def saved_posts(v, username):

 	listing = get_posts(ids, v=v)

-	if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
+	if v.client: return {"data": [x.json for x in listing]}
 	return render_template("userpage.html",
 											u=v,
 											v=v,
@ -1087,7 +1087,7 @@ def saved_comments(v, username):

 	listing = get_comments(ids, v=v)

-	if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
+	if v.client: return {"data": [x.json for x in listing]}
 	return render_template("userpage_comments.html",
 											u=v,
 											v=v,
@ -1110,7 +1110,7 @@ def subscribed_posts(v, username):

 	listing = get_posts(ids, v=v)

-	if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
+	if v.client: return {"data": [x.json for x in listing]}
 	return render_template("userpage.html",
 											u=v,
 											v=v,
--- a/files/routes/votes.py
+++ b/files/routes/votes.py
@ -45,7 +45,7 @@ def vote_info_get(v, link):
 def vote_post_comment(target_id, new, v, cls, vote_cls):
 	if new == "-1" and DISABLE_DOWNVOTES: abort(403)
 	if new not in ["-1", "0", "1"]: abort(400)
-	if request.headers.get("Authorization") and v.id != BBBB_ID: abort(403)
+	if v.client and v.id != BBBB_ID: abort(403)
 	new = int(new)
 	target = None
 	if cls == Submission: