diff --git a/drama/helpers/wrappers.py b/drama/helpers/wrappers.py index a88b2aae6..21ec40093 100644 --- a/drama/helpers/wrappers.py +++ b/drama/helpers/wrappers.py @@ -305,55 +305,6 @@ def no_cors(f): # f should return {'api':lambda:some_func(), 'html':lambda:other_func()} -def public(*scopes, no_ban=False): - - def wrapper_maker(f): - - def wrapper(*args, **kwargs): - - if request.path.startswith(('/api/v1','/api/v2')): - - v = kwargs.get('v') - - result = f(*args, **kwargs) - - if isinstance(result, dict): - resp = result['api']() - else: - resp = result - - if not isinstance(resp, RespObj): - resp = make_response(resp) - - resp.headers.add("Cache-Control", "private") - resp.headers.add( - "Access-Control-Allow-Origin", - app.config["SERVER_NAME"]) - return resp - - else: - - result = f(*args, **kwargs) - - if not isinstance(result, dict): - return result - - try: - if request.path.startswith('/inpage/'): - return result['inpage']() - elif request.path.startswith(('/api/vue/','/test/')): - return result['api']() - else: - return result['html']() - except KeyError: - return result - - wrapper.__name__ = f.__name__ - return wrapper - - return wrapper_maker - - def api(*scopes, no_ban=False): def wrapper_maker(f): @@ -363,25 +314,6 @@ def api(*scopes, no_ban=False): if request.path.startswith(('/api/v1','/api/v2')): v = kwargs.get('v') - client = kwargs.get('c') - - if not v or not client: - return jsonify( - {"error": "401 Not Authorized. Invalid or Expired Token"}), 401 - - kwargs.pop('c') - - # validate app associated with token - if client.application.is_banned: - return jsonify({"error": f"403 Forbidden. The application `{client.application.app_name}` is suspended."}), 403 - - # validate correct scopes for request - for scope in scopes: - if not client.__dict__.get(f"scope_{scope}"): - return jsonify({"error": f"401 Not Authorized. Scope `{scope}` is required."}), 403 - - if (request.method == "POST" or no_ban) and client.user.is_suspended: - return jsonify({"error": f"403 Forbidden. The user account is suspended."}), 403 result = f(*args, **kwargs) diff --git a/drama/routes/posts.py b/drama/routes/posts.py index 758d47f1b..075df1625 100644 --- a/drama/routes/posts.py +++ b/drama/routes/posts.py @@ -76,6 +76,7 @@ def submit_get(v): @app.get("/post//") @app.get("/api/v1/post/") @auth_desired +@api("read") def post_base36id(pid, anything=None, v=None): try: pid = int(pid) except Exception as e: pass @@ -239,8 +240,10 @@ def post_base36id(pid, anything=None, v=None): post.tree_comments() - if "api" in request.path: return post.json - else: return post.rendered_page(v=v, sort=sort) + return { + "html":lambda:post.rendered_page(v=v, sort=sort), + "api":lambda:jsonify(post.json) + } @app.post("/edit_post/") @is_not_banned diff --git a/drama/routes/static.py b/drama/routes/static.py index 55143a6c3..2e571b65b 100644 --- a/drama/routes/static.py +++ b/drama/routes/static.py @@ -7,7 +7,7 @@ from drama.helpers.alerts import * @app.route("/api/vue/admins", methods=["GET"]) @app.get("/api/v1/admins") @auth_desired -@public("read") +@api("read") def badmins(v): badmins = g.db.query(User).filter_by(admin_level=6).order_by(User.dramacoins.desc()).all() return { diff --git a/drama/routes/users.py b/drama/routes/users.py index 6a0535c17..62caf9781 100644 --- a/drama/routes/users.py +++ b/drama/routes/users.py @@ -222,7 +222,7 @@ def visitors(v): @app.get("/@") @app.get("/api/v1/user//listing") @auth_desired -@public("read") +@api("read") def u_username(username, v=None): if v and v.is_banned and not v.unban_utc: return render_template("seized.html") @@ -334,7 +334,7 @@ def u_username(username, v=None): @app.get("/@/comments") @app.get("/api/v1/user//comments") @auth_desired -@public("read") +@api("read") def u_username_comments(username, v=None): if v and v.is_banned and not v.unban_utc: return render_template("seized.html") @@ -412,7 +412,7 @@ def u_username_comments(username, v=None): @app.get("/api/v1/user//info") @auth_desired -@public("read") +@api("read") def u_username_info(username, v=None): user=get_user(username, v=v)