fdfd
parent
d0d609cc9c
commit
3c84ea7467
|
@ -305,55 +305,6 @@ def no_cors(f):
|
||||||
# f should return {'api':lambda:some_func(), 'html':lambda:other_func()}
|
# f should return {'api':lambda:some_func(), 'html':lambda:other_func()}
|
||||||
|
|
||||||
|
|
||||||
def public(*scopes, no_ban=False):
|
|
||||||
|
|
||||||
def wrapper_maker(f):
|
|
||||||
|
|
||||||
def wrapper(*args, **kwargs):
|
|
||||||
|
|
||||||
if request.path.startswith(('/api/v1','/api/v2')):
|
|
||||||
|
|
||||||
v = kwargs.get('v')
|
|
||||||
|
|
||||||
result = f(*args, **kwargs)
|
|
||||||
|
|
||||||
if isinstance(result, dict):
|
|
||||||
resp = result['api']()
|
|
||||||
else:
|
|
||||||
resp = result
|
|
||||||
|
|
||||||
if not isinstance(resp, RespObj):
|
|
||||||
resp = make_response(resp)
|
|
||||||
|
|
||||||
resp.headers.add("Cache-Control", "private")
|
|
||||||
resp.headers.add(
|
|
||||||
"Access-Control-Allow-Origin",
|
|
||||||
app.config["SERVER_NAME"])
|
|
||||||
return resp
|
|
||||||
|
|
||||||
else:
|
|
||||||
|
|
||||||
result = f(*args, **kwargs)
|
|
||||||
|
|
||||||
if not isinstance(result, dict):
|
|
||||||
return result
|
|
||||||
|
|
||||||
try:
|
|
||||||
if request.path.startswith('/inpage/'):
|
|
||||||
return result['inpage']()
|
|
||||||
elif request.path.startswith(('/api/vue/','/test/')):
|
|
||||||
return result['api']()
|
|
||||||
else:
|
|
||||||
return result['html']()
|
|
||||||
except KeyError:
|
|
||||||
return result
|
|
||||||
|
|
||||||
wrapper.__name__ = f.__name__
|
|
||||||
return wrapper
|
|
||||||
|
|
||||||
return wrapper_maker
|
|
||||||
|
|
||||||
|
|
||||||
def api(*scopes, no_ban=False):
|
def api(*scopes, no_ban=False):
|
||||||
|
|
||||||
def wrapper_maker(f):
|
def wrapper_maker(f):
|
||||||
|
@ -363,25 +314,6 @@ def api(*scopes, no_ban=False):
|
||||||
if request.path.startswith(('/api/v1','/api/v2')):
|
if request.path.startswith(('/api/v1','/api/v2')):
|
||||||
|
|
||||||
v = kwargs.get('v')
|
v = kwargs.get('v')
|
||||||
client = kwargs.get('c')
|
|
||||||
|
|
||||||
if not v or not client:
|
|
||||||
return jsonify(
|
|
||||||
{"error": "401 Not Authorized. Invalid or Expired Token"}), 401
|
|
||||||
|
|
||||||
kwargs.pop('c')
|
|
||||||
|
|
||||||
# validate app associated with token
|
|
||||||
if client.application.is_banned:
|
|
||||||
return jsonify({"error": f"403 Forbidden. The application `{client.application.app_name}` is suspended."}), 403
|
|
||||||
|
|
||||||
# validate correct scopes for request
|
|
||||||
for scope in scopes:
|
|
||||||
if not client.__dict__.get(f"scope_{scope}"):
|
|
||||||
return jsonify({"error": f"401 Not Authorized. Scope `{scope}` is required."}), 403
|
|
||||||
|
|
||||||
if (request.method == "POST" or no_ban) and client.user.is_suspended:
|
|
||||||
return jsonify({"error": f"403 Forbidden. The user account is suspended."}), 403
|
|
||||||
|
|
||||||
result = f(*args, **kwargs)
|
result = f(*args, **kwargs)
|
||||||
|
|
||||||
|
|
|
@ -76,6 +76,7 @@ def submit_get(v):
|
||||||
@app.get("/post/<pid>/<anything>")
|
@app.get("/post/<pid>/<anything>")
|
||||||
@app.get("/api/v1/post/<pid>")
|
@app.get("/api/v1/post/<pid>")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
|
@api("read")
|
||||||
def post_base36id(pid, anything=None, v=None):
|
def post_base36id(pid, anything=None, v=None):
|
||||||
try: pid = int(pid)
|
try: pid = int(pid)
|
||||||
except Exception as e: pass
|
except Exception as e: pass
|
||||||
|
@ -239,8 +240,10 @@ def post_base36id(pid, anything=None, v=None):
|
||||||
|
|
||||||
post.tree_comments()
|
post.tree_comments()
|
||||||
|
|
||||||
if "api" in request.path: return post.json
|
return {
|
||||||
else: return post.rendered_page(v=v, sort=sort)
|
"html":lambda:post.rendered_page(v=v, sort=sort),
|
||||||
|
"api":lambda:jsonify(post.json)
|
||||||
|
}
|
||||||
|
|
||||||
@app.post("/edit_post/<pid>")
|
@app.post("/edit_post/<pid>")
|
||||||
@is_not_banned
|
@is_not_banned
|
||||||
|
|
|
@ -7,7 +7,7 @@ from drama.helpers.alerts import *
|
||||||
@app.route("/api/vue/admins", methods=["GET"])
|
@app.route("/api/vue/admins", methods=["GET"])
|
||||||
@app.get("/api/v1/admins")
|
@app.get("/api/v1/admins")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
@public("read")
|
@api("read")
|
||||||
def badmins(v):
|
def badmins(v):
|
||||||
badmins = g.db.query(User).filter_by(admin_level=6).order_by(User.dramacoins.desc()).all()
|
badmins = g.db.query(User).filter_by(admin_level=6).order_by(User.dramacoins.desc()).all()
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -222,7 +222,7 @@ def visitors(v):
|
||||||
@app.get("/@<username>")
|
@app.get("/@<username>")
|
||||||
@app.get("/api/v1/user/<username>/listing")
|
@app.get("/api/v1/user/<username>/listing")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
@public("read")
|
@api("read")
|
||||||
def u_username(username, v=None):
|
def u_username(username, v=None):
|
||||||
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
|
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
|
||||||
|
|
||||||
|
@ -334,7 +334,7 @@ def u_username(username, v=None):
|
||||||
@app.get("/@<username>/comments")
|
@app.get("/@<username>/comments")
|
||||||
@app.get("/api/v1/user/<username>/comments")
|
@app.get("/api/v1/user/<username>/comments")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
@public("read")
|
@api("read")
|
||||||
def u_username_comments(username, v=None):
|
def u_username_comments(username, v=None):
|
||||||
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
|
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
|
||||||
|
|
||||||
|
@ -412,7 +412,7 @@ def u_username_comments(username, v=None):
|
||||||
|
|
||||||
@app.get("/api/v1/user/<username>/info")
|
@app.get("/api/v1/user/<username>/info")
|
||||||
@auth_desired
|
@auth_desired
|
||||||
@public("read")
|
@api("read")
|
||||||
def u_username_info(username, v=None):
|
def u_username_info(username, v=None):
|
||||||
|
|
||||||
user=get_user(username, v=v)
|
user=get_user(username, v=v)
|
||||||
|
|
Loading…
Reference in New Issue